6, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendto$isdn(r3, &(0x7f0000000240)={0x5, 0x9, "ffe6361adb03d191a4be6a6a267e332182c1bacfc2a5332722a9f07abfd541c705d2f3dd4766aacc18569ad0ca353247f559293adf583ff0d0104f27e3c648f3ce1b93f4b19fe67c89013a26324a1a9cff48fb6cfd07f935b1d5534f5a71ab00425f9938545f9b846e1edab0add85a376b45694a93094937429aecb753139a61e929d21dd5965309e560b2d6d567dea8943ff3610ca51b5c5eaff91096199a8e5fee48d24bcd3700716661d67a6657ce82654ed03008673517611274e0821ac7adbad7bd7c6b965bac7ab52c8f938a27db0799152fd3f54541e88c"}, 0xe3, 0x80, &(0x7f0000000340)={0x22, 0x7f, 0x4, 0x3, 0x9}, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockopt$inet_dccp_buf(r5, 0x21, 0x80, &(0x7f0000000380)=""/13, &(0x7f00000003c0)=0xd) r6 = socket$inet(0x10, 0x2, 0x0) sendmsg(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="24000000190007041dfffd946f6105000af80200fe0200000002080008001e000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000080), &(0x7f0000000140)=0x4) ptrace$getregset(0x4205, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1201.264098][T14355] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=3, oom_score_adj=1000 09:00:57 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:00:57 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xffffff8c, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1201.377713][T14355] CPU: 0 PID: 14355 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1201.386486][T14355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1201.396548][T14355] Call Trace: [ 1201.399850][T14355] dump_stack+0x11d/0x187 [ 1201.404193][T14355] dump_header+0xa7/0x399 [ 1201.408573][T14355] oom_kill_process.cold+0x10/0x15 [ 1201.413704][T14355] out_of_memory+0x21d/0xa30 [ 1201.418314][T14355] ? __rcu_read_unlock+0x66/0x2f0 [ 1201.423387][T14355] mem_cgroup_out_of_memory+0x12b/0x150 [ 1201.428959][T14355] try_charge+0xb60/0xbe0 [ 1201.433308][T14355] ? __this_cpu_preempt_check+0x3c/0x130 [ 1201.438958][T14355] mem_cgroup_charge_skmem+0xd2/0x190 [ 1201.444340][T14355] __sk_mem_raise_allocated+0x466/0xa10 [ 1201.449892][T14355] ? skb_page_frag_refill+0x196/0x250 [ 1201.455265][T14355] __sk_mem_schedule+0x7a/0xd0 [ 1201.460048][T14355] tcp_sendmsg_locked+0x133f/0x20f0 [ 1201.465313][T14355] ? aa_label_sk_perm.part.0+0x270/0x290 [ 1201.471191][T14355] tcp_sendmsg+0x35/0x50 [ 1201.475435][T14355] inet_sendmsg+0x69/0x90 [ 1201.479833][T14355] ? inet_send_prepare+0x1f0/0x1f0 [ 1201.484956][T14355] sock_sendmsg+0x98/0xc0 [ 1201.489294][T14355] __sys_sendto+0x1e2/0x2c0 [ 1201.493818][T14355] ? _copy_to_user+0x7d/0xb0 [ 1201.498504][T14355] __x64_sys_sendto+0x7e/0xa0 [ 1201.503306][T14355] do_syscall_64+0xc7/0x390 [ 1201.507835][T14355] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1201.513781][T14355] RIP: 0033:0x45c479 [ 1201.517688][T14355] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1201.537300][T14355] RSP: 002b:00007f0678b1cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1201.545824][T14355] RAX: ffffffffffffffda RBX: 00007f0678b1d6d4 RCX: 000000000045c479 [ 1201.553819][T14355] RDX: fffffffffffffeb4 RSI: 0000000020000200 RDI: 0000000000000003 [ 1201.561793][T14355] RBP: 000000000076bf20 R08: 0000000020db4ff0 R09: 0000000000000010 [ 1201.569774][T14355] R10: 0000000020008011 R11: 0000000000000246 R12: 00000000ffffffff 09:00:57 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) [ 1201.577752][T14355] R13: 0000000000000a03 R14: 00000000004cc7a4 R15: 000000000076bf2c [ 1201.622346][T14371] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1201.687284][T14355] memory: usage 307192kB, limit 307200kB, failcnt 7897 [ 1201.694440][T14355] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1201.705581][T14355] Memory cgroup stats for /syz2: [ 1201.705758][T14355] anon 224661504 [ 1201.705758][T14355] file 0 [ 1201.705758][T14355] kernel_stack 10469376 [ 1201.705758][T14355] slab 13897728 [ 1201.705758][T14355] sock 1576960 [ 1201.705758][T14355] shmem 110592 [ 1201.705758][T14355] file_mapped 135168 [ 1201.705758][T14355] file_dirty 0 [ 1201.705758][T14355] file_writeback 0 [ 1201.705758][T14355] anon_thp 165675008 [ 1201.705758][T14355] inactive_anon 0 [ 1201.705758][T14355] active_anon 224665600 [ 1201.705758][T14355] inactive_file 139264 [ 1201.705758][T14355] active_file 12288 [ 1201.705758][T14355] unevictable 0 [ 1201.705758][T14355] slab_reclaimable 1216512 [ 1201.705758][T14355] slab_unreclaimable 12681216 [ 1201.705758][T14355] pgfault 92763 [ 1201.705758][T14355] pgmajfault 0 [ 1201.705758][T14355] workingset_refault 330 [ 1201.705758][T14355] workingset_activate 198 [ 1201.705758][T14355] workingset_nodereclaim 0 [ 1201.705758][T14355] pgrefill 4978 [ 1201.705758][T14355] pgscan 11989 [ 1201.705758][T14355] pgsteal 6325 [ 1201.805090][T14355] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=14352,uid=0 [ 1201.833333][T14355] Memory cgroup out of memory: Killed process 14352 (syz-executor.2) total-vm:74836kB, anon-rss:4208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 1201.877979][ T1078] oom_reaper: reaped process 14352 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 1201.896080][T14357] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 09:00:58 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) [ 1202.012748][T14357] CPU: 1 PID: 14357 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1202.021478][T14357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1202.031560][T14357] Call Trace: [ 1202.034864][T14357] dump_stack+0x11d/0x187 [ 1202.039209][T14357] dump_header+0xa7/0x399 [ 1202.043555][T14357] oom_kill_process.cold+0x10/0x15 [ 1202.048677][T14357] out_of_memory+0x21d/0xa30 [ 1202.053330][T14357] mem_cgroup_out_of_memory+0x12b/0x150 [ 1202.058895][T14357] try_charge+0xb60/0xbe0 [ 1202.063228][T14357] ? hrtimer_active+0x70/0x1b0 [ 1202.068011][T14357] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1202.073485][T14357] __memcg_kmem_charge+0xcd/0x1b0 [ 1202.078520][T14357] __alloc_pages_nodemask+0x268/0x310 [ 1202.083906][T14357] alloc_pages_current+0xca/0x170 [ 1202.088993][T14357] pte_alloc_one+0x14/0x50 [ 1202.093416][T14357] __do_fault+0x120/0x1e0 [ 1202.097757][T14357] __handle_mm_fault+0x1d2d/0x2cf0 [ 1202.102913][T14357] handle_mm_fault+0x21c/0x540 [ 1202.107694][T14357] do_page_fault+0x4a4/0xa52 [ 1202.112295][T14357] ? do_syscall_64+0x27f/0x390 [ 1202.117101][T14357] page_fault+0x34/0x40 [ 1202.121257][T14357] RIP: 0033:0x4436c1 [ 1202.125166][T14357] Code: 8d 15 43 05 0b 00 8b 0c 8a 8b 04 82 29 c8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 fa 20 48 89 f8 73 77 f6 c2 01 74 0b 0f b6 0e <88> 0f 48 ff c6 48 ff c7 f6 c2 02 74 12 0f b7 0e 66 89 0f 48 83 c6 [ 1202.144850][T14357] RSP: 002b:00007ffd30768988 EFLAGS: 00010202 [ 1202.150982][T14357] RAX: 0000000020000080 RBX: 000000000076c920 RCX: 0000000000000063 09:00:58 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") sendfile(r2, r1, 0x0, 0x100000001) [ 1202.158955][T14357] RDX: 0000000000000013 RSI: 0000000000770208 RDI: 0000000020000080 [ 1202.166927][T14357] RBP: 00000000007701e8 R08: 00ffffffffffffff R09: 00ffffffffffffff [ 1202.174902][T14357] R10: 00007ffd30768a60 R11: 0000000000000246 R12: 000000000076bfc0 [ 1202.183004][T14357] R13: 00000000007701f0 R14: 00000000001255e0 R15: 000000000076bfcc [ 1202.267943][T14357] memory: usage 307180kB, limit 307200kB, failcnt 1277 [ 1202.283140][T14357] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1202.306771][T14357] Memory cgroup stats for /syz5: [ 1202.307974][T14357] anon 277147648 [ 1202.307974][T14357] file 0 [ 1202.307974][T14357] kernel_stack 4608000 [ 1202.307974][T14357] slab 6856704 [ 1202.307974][T14357] sock 0 [ 1202.307974][T14357] shmem 0 [ 1202.307974][T14357] file_mapped 135168 [ 1202.307974][T14357] file_dirty 0 [ 1202.307974][T14357] file_writeback 135168 [ 1202.307974][T14357] anon_thp 253755392 [ 1202.307974][T14357] inactive_anon 0 [ 1202.307974][T14357] active_anon 277159936 [ 1202.307974][T14357] inactive_file 94208 [ 1202.307974][T14357] active_file 4096 [ 1202.307974][T14357] unevictable 0 [ 1202.307974][T14357] slab_reclaimable 946176 [ 1202.307974][T14357] slab_unreclaimable 5910528 [ 1202.307974][T14357] pgfault 130581 [ 1202.307974][T14357] pgmajfault 0 [ 1202.307974][T14357] workingset_refault 264 [ 1202.307974][T14357] workingset_activate 99 [ 1202.307974][T14357] workingset_nodereclaim 0 [ 1202.307974][T14357] pgrefill 1376 [ 1202.307974][T14357] pgscan 3867 [ 1202.307974][T14357] pgsteal 570 [ 1202.427865][T14357] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10965,uid=0 09:00:58 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xffffff97, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:00:58 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1202.575551][T14357] Memory cgroup out of memory: Killed process 10965 (syz-executor.5) total-vm:74836kB, anon-rss:4260kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 09:00:58 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) [ 1202.707505][ T26] audit: type=1804 audit(1583053258.854:193): pid=14384 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir680359602/syzkaller.jEoO51/1233/cgroup.controllers" dev="sda1" ino=18497 res=1 [ 1202.735756][T14380] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=3, oom_score_adj=1000 [ 1202.746858][ T1078] oom_reaper: reaped process 10965 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 1202.801398][T14380] CPU: 0 PID: 14380 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1202.810120][T14380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1202.820177][T14380] Call Trace: [ 1202.823547][T14380] dump_stack+0x11d/0x187 [ 1202.827925][T14380] dump_header+0xa7/0x399 [ 1202.832272][T14380] oom_kill_process.cold+0x10/0x15 [ 1202.837449][T14380] out_of_memory+0x21d/0xa30 [ 1202.842051][T14380] ? __rcu_read_unlock+0x66/0x2f0 [ 1202.847157][T14380] mem_cgroup_out_of_memory+0x12b/0x150 [ 1202.852726][T14380] try_charge+0xb60/0xbe0 [ 1202.857131][T14380] ? __this_cpu_preempt_check+0x3c/0x130 [ 1202.862784][T14380] mem_cgroup_charge_skmem+0xd2/0x190 [ 1202.868172][T14380] __sk_mem_raise_allocated+0x466/0xa10 [ 1202.873759][T14380] ? skb_page_frag_refill+0x196/0x250 [ 1202.879194][T14380] __sk_mem_schedule+0x7a/0xd0 [ 1202.884030][T14380] tcp_sendmsg_locked+0x133f/0x20f0 [ 1202.889322][T14380] ? aa_label_sk_perm.part.0+0x270/0x290 [ 1202.894985][T14380] tcp_sendmsg+0x35/0x50 [ 1202.899254][T14380] inet_sendmsg+0x69/0x90 [ 1202.903588][T14380] ? inet_send_prepare+0x1f0/0x1f0 [ 1202.908709][T14380] sock_sendmsg+0x98/0xc0 [ 1202.913048][T14380] __sys_sendto+0x1e2/0x2c0 [ 1202.917774][T14380] ? _copy_to_user+0x7d/0xb0 [ 1202.922386][T14380] __x64_sys_sendto+0x7e/0xa0 [ 1202.927103][T14380] do_syscall_64+0xc7/0x390 [ 1202.931630][T14380] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1202.931782][ T26] audit: type=1804 audit(1583053259.084:194): pid=14359 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir360798672/syzkaller.4O2XCn/1851/cgroup.controllers" dev="sda1" ino=18499 res=1 [ 1202.937524][T14380] RIP: 0033:0x45c479 [ 1202.937674][T14380] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1202.987051][T14380] RSP: 002b:00007f0678b1cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c 09:00:59 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") sendfile(r2, r1, 0x0, 0x100000001) [ 1202.995521][T14380] RAX: ffffffffffffffda RBX: 00007f0678b1d6d4 RCX: 000000000045c479 [ 1203.003516][T14380] RDX: fffffffffffffeb4 RSI: 0000000020000200 RDI: 0000000000000003 [ 1203.011501][T14380] RBP: 000000000076bf20 R08: 0000000020db4ff0 R09: 0000000000000010 [ 1203.019477][T14380] R10: 0000000020008011 R11: 0000000000000246 R12: 00000000ffffffff [ 1203.027545][T14380] R13: 0000000000000a03 R14: 00000000004cc7a4 R15: 000000000076bf2c 09:00:59 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl(r3, 0x0, &(0x7f00000001c0)="080db5055e0bcfe847a071") sendfile(r2, r1, 0x0, 0x100000001) 09:00:59 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:00:59 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xfffffff6, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1203.680506][ T26] audit: type=1804 audit(1583053259.834:195): pid=14408 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir360798672/syzkaller.4O2XCn/1852/cgroup.controllers" dev="sda1" ino=18499 res=1 [ 1203.768800][T14380] memory: usage 307200kB, limit 307200kB, failcnt 7921 [ 1203.792072][T14380] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1203.849249][T14380] Memory cgroup stats for /syz2: [ 1203.849487][T14380] anon 224661504 [ 1203.849487][T14380] file 0 [ 1203.849487][T14380] kernel_stack 10469376 [ 1203.849487][T14380] slab 13897728 [ 1203.849487][T14380] sock 1642496 [ 1203.849487][T14380] shmem 110592 [ 1203.849487][T14380] file_mapped 135168 [ 1203.849487][T14380] file_dirty 0 [ 1203.849487][T14380] file_writeback 0 [ 1203.849487][T14380] anon_thp 165675008 [ 1203.849487][T14380] inactive_anon 0 [ 1203.849487][T14380] active_anon 224665600 09:01:00 executing program 3: write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) [ 1203.849487][T14380] inactive_file 139264 [ 1203.849487][T14380] active_file 12288 [ 1203.849487][T14380] unevictable 0 [ 1203.849487][T14380] slab_reclaimable 1216512 [ 1203.849487][T14380] slab_unreclaimable 12681216 [ 1203.849487][T14380] pgfault 92829 [ 1203.849487][T14380] pgmajfault 0 [ 1203.849487][T14380] workingset_refault 330 [ 1203.849487][T14380] workingset_activate 198 [ 1203.849487][T14380] workingset_nodereclaim 0 [ 1203.849487][T14380] pgrefill 5011 [ 1203.849487][T14380] pgscan 12022 [ 1203.849487][T14380] pgsteal 6325 09:01:00 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") sendfile(r2, r1, 0x0, 0x100000001) [ 1203.965871][ T26] audit: type=1804 audit(1583053260.114:196): pid=14403 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir680359602/syzkaller.jEoO51/1234/cgroup.controllers" dev="sda1" ino=18475 res=1 [ 1203.991520][T14380] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=14379,uid=0 [ 1204.037007][T14380] Memory cgroup out of memory: Killed process 14379 (syz-executor.2) total-vm:74836kB, anon-rss:4208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 1204.132869][ T1078] oom_reaper: reaped process 14379 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 09:01:00 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) 09:01:00 executing program 3: write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) 09:01:00 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0xb00000000065808, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") sendfile(r2, r1, 0x0, 0x100000001) 09:01:00 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") sendfile(r2, r1, 0x0, 0x100000001) 09:01:00 executing program 3: write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) 09:01:00 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) 09:01:00 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:00 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") sendfile(r2, r1, 0x0, 0x100000001) 09:01:01 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:01 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xfffffffd, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1204.924970][ T26] audit: type=1804 audit(1583053261.074:197): pid=14441 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir680359602/syzkaller.jEoO51/1235/cgroup.controllers" dev="sda1" ino=17791 res=1 09:01:01 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r7, 0x84, 0x65, &(0x7f0000000180)=[@in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e21, 0x0, @remote, 0xffffffff}], 0x3c) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$DRM_IOCTL_AGP_BIND(r5, 0x40106436, &(0x7f00000000c0)={0x0, 0x8000}) r8 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r8, 0x1, &(0x7f0000f00f88)) msgsnd(r8, &(0x7f0000000000)=ANY=[], 0x0, 0x0) msgctl$IPC_SET(r8, 0x1, &(0x7f0000000040)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) msgctl$MSG_STAT(r8, 0xb, &(0x7f0000000140)=""/52) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:01 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:01 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) 09:01:01 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) [ 1205.530313][T14480] QAT: Invalid ioctl 09:01:01 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) 09:01:01 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) [ 1205.912530][ T26] audit: type=1800 audit(1583053262.064:198): pid=14462 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="cgroup.controllers" dev="sda1" ino=18482 res=0 09:01:02 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") sendfile(r2, r1, 0x0, 0x100000001) 09:01:02 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:02 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:02 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) 09:01:02 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xfffffffe, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:02 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r7, 0x84, 0x65, &(0x7f0000000180)=[@in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e21, 0x0, @remote, 0xffffffff}], 0x3c) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$DRM_IOCTL_AGP_BIND(r5, 0x40106436, &(0x7f00000000c0)={0x0, 0x8000}) r8 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r8, 0x1, &(0x7f0000f00f88)) msgsnd(r8, &(0x7f0000000000)=ANY=[], 0x0, 0x0) msgctl$IPC_SET(r8, 0x1, &(0x7f0000000040)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) msgctl$MSG_STAT(r8, 0xb, &(0x7f0000000140)=""/52) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:02 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) [ 1206.344297][ T7788] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1206.408716][ T7788] CPU: 0 PID: 7788 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1206.417341][ T7788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1206.427400][ T7788] Call Trace: [ 1206.430742][ T7788] dump_stack+0x11d/0x187 [ 1206.435087][ T7788] dump_header+0xa7/0x399 [ 1206.439507][ T7788] oom_kill_process.cold+0x10/0x15 [ 1206.444630][ T7788] out_of_memory+0x21d/0xa30 [ 1206.449254][ T7788] mem_cgroup_out_of_memory+0x12b/0x150 [ 1206.454825][ T7788] try_charge+0xb60/0xbe0 [ 1206.459187][ T7788] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1206.464662][ T7788] __memcg_kmem_charge+0xcd/0x1b0 [ 1206.469707][ T7788] __alloc_pages_nodemask+0x268/0x310 [ 1206.475120][ T7788] alloc_pages_current+0xca/0x170 [ 1206.480193][ T7788] pte_alloc_one+0x14/0x50 [ 1206.484687][ T7788] __pte_alloc+0x27/0x210 [ 1206.489038][ T7788] copy_page_range+0x1391/0x1a40 [ 1206.494028][ T7788] dup_mm+0x72e/0xb90 [ 1206.498044][ T7788] copy_process+0x39ad/0x3b10 [ 1206.502771][ T7788] ? _raw_spin_unlock+0x38/0x60 [ 1206.507657][ T7788] _do_fork+0xf7/0x790 [ 1206.511834][ T7788] ? __read_once_size+0x45/0xd0 [ 1206.516762][ T7788] ? ktime_get_ts64+0x286/0x2c0 [ 1206.521631][ T7788] __x64_sys_clone+0x12e/0x170 [ 1206.526443][ T7788] do_syscall_64+0xc7/0x390 [ 1206.530967][ T7788] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1206.536862][ T7788] RIP: 0033:0x45aa4a [ 1206.540766][ T7788] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1206.560408][ T7788] RSP: 002b:00007ffca9301c20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1206.568828][ T7788] RAX: ffffffffffffffda RBX: 00007ffca9301c20 RCX: 000000000045aa4a [ 1206.576800][ T7788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1206.584777][ T7788] RBP: 00007ffca9301c60 R08: 0000000000000001 R09: 00000000015e7940 [ 1206.592752][ T7788] R10: 00000000015e7c10 R11: 0000000000000246 R12: 0000000000000001 [ 1206.600721][ T7788] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffca9301cb0 09:01:02 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) 09:01:02 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:03 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) [ 1207.067520][ T7788] memory: usage 307200kB, limit 307200kB, failcnt 5916 [ 1207.078883][ T7788] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1207.113035][ T7788] Memory cgroup stats for /syz0: [ 1207.113241][ T7788] anon 227631104 [ 1207.113241][ T7788] file 176128 [ 1207.113241][ T7788] kernel_stack 11169792 [ 1207.113241][ T7788] slab 14848000 [ 1207.113241][ T7788] sock 0 [ 1207.113241][ T7788] shmem 114688 [ 1207.113241][ T7788] file_mapped 135168 [ 1207.113241][ T7788] file_dirty 135168 [ 1207.113241][ T7788] file_writeback 0 [ 1207.113241][ T7788] anon_thp 171966464 [ 1207.113241][ T7788] inactive_anon 0 [ 1207.113241][ T7788] active_anon 227631104 09:01:03 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) [ 1207.113241][ T7788] inactive_file 0 [ 1207.113241][ T7788] active_file 151552 [ 1207.113241][ T7788] unevictable 0 [ 1207.113241][ T7788] slab_reclaimable 1486848 [ 1207.113241][ T7788] slab_unreclaimable 13361152 [ 1207.113241][ T7788] pgfault 86064 [ 1207.113241][ T7788] pgmajfault 0 [ 1207.113241][ T7788] workingset_refault 1617 [ 1207.113241][ T7788] workingset_activate 297 [ 1207.113241][ T7788] workingset_nodereclaim 0 [ 1207.113241][ T7788] pgrefill 4859 [ 1207.113241][ T7788] pgscan 11324 [ 1207.113241][ T7788] pgsteal 3287 [ 1207.273244][ T26] audit: type=1800 audit(1583053263.424:199): pid=14511 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="cgroup.controllers" dev="sda1" ino=18502 res=0 [ 1207.280887][ T7788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14479,uid=0 09:01:03 executing program 2: sendto$inet(0xffffffffffffffff, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:03 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) 09:01:03 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:03 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x1000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1207.460874][ T7788] Memory cgroup out of memory: Killed process 14479 (syz-executor.0) total-vm:74836kB, anon-rss:2212kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 09:01:03 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) [ 1207.551369][ T1078] oom_reaper: reaped process 14479 (syz-executor.0), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB 09:01:03 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) [ 1207.722103][T14557] QAT: Invalid ioctl 09:01:04 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r7, 0x84, 0x65, &(0x7f0000000180)=[@in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e21, 0x0, @remote, 0xffffffff}], 0x3c) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$DRM_IOCTL_AGP_BIND(r5, 0x40106436, &(0x7f00000000c0)={0x0, 0x8000}) r8 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r8, 0x1, &(0x7f0000f00f88)) msgsnd(r8, &(0x7f0000000000)=ANY=[], 0x0, 0x0) msgctl$IPC_SET(r8, 0x1, &(0x7f0000000040)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) msgctl$MSG_STAT(r8, 0xb, &(0x7f0000000140)=""/52) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:04 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:04 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) 09:01:04 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:04 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:04 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x2000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:04 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) [ 1208.699864][T14585] QAT: Invalid ioctl 09:01:04 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:04 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) 09:01:05 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:05 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:05 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r7, 0x84, 0x65, &(0x7f0000000180)=[@in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e21, 0x0, @remote, 0xffffffff}], 0x3c) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$DRM_IOCTL_AGP_BIND(r5, 0x40106436, &(0x7f00000000c0)={0x0, 0x8000}) r8 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r8, 0x1, &(0x7f0000f00f88)) msgsnd(r8, &(0x7f0000000000)=ANY=[], 0x0, 0x0) msgctl$IPC_SET(r8, 0x1, &(0x7f0000000040)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:05 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) 09:01:05 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:05 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1209.614703][T14618] QAT: Invalid ioctl 09:01:05 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, r0, 0x0) 09:01:05 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) 09:01:06 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xd6787a96f0, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:06 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:06 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) 09:01:06 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:06 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r7, 0x84, 0x65, &(0x7f0000000180)=[@in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e21, 0x0, @remote, 0xffffffff}], 0x3c) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$DRM_IOCTL_AGP_BIND(r5, 0x40106436, &(0x7f00000000c0)={0x0, 0x8000}) r8 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r8, 0x1, &(0x7f0000f00f88)) msgsnd(r8, &(0x7f0000000000)=ANY=[], 0x0, 0x0) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:06 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) 09:01:06 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) [ 1210.512562][T14655] QAT: Invalid ioctl 09:01:06 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) 09:01:06 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:06 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:06 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, r0, 0x0) 09:01:06 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) 09:01:07 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xedc000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:07 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:07 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) 09:01:07 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r7, 0x84, 0x65, &(0x7f0000000180)=[@in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e21, 0x0, @remote, 0xffffffff}], 0x3c) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$DRM_IOCTL_AGP_BIND(r5, 0x40106436, &(0x7f00000000c0)={0x0, 0x8000}) r8 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r8, 0x1, &(0x7f0000f00f88)) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:07 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) [ 1211.433923][T14696] QAT: Invalid ioctl 09:01:07 executing program 5: socket$inet_tcp(0x2, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:07 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:08 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:08 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:08 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, r0, 0x0) 09:01:08 executing program 5: socket$inet_tcp(0x2, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:08 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r7, 0x84, 0x65, &(0x7f0000000180)=[@in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e21, 0x0, @remote, 0xffffffff}], 0x3c) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$DRM_IOCTL_AGP_BIND(r5, 0x40106436, &(0x7f00000000c0)={0x0, 0x8000}) msgget$private(0x0, 0x0) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:08 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x1000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:08 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:08 executing program 5: socket$inet_tcp(0x2, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) [ 1212.429014][T14734] QAT: Invalid ioctl 09:01:08 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:08 executing program 5: sendto$inet(0xffffffffffffffff, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:09 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:09 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:09 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) 09:01:09 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r7, 0x84, 0x65, &(0x7f0000000180)=[@in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e21, 0x0, @remote, 0xffffffff}], 0x3c) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$DRM_IOCTL_AGP_BIND(r5, 0x40106436, &(0x7f00000000c0)={0x0, 0x8000}) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:09 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:09 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1213.462205][T14773] QAT: Invalid ioctl 09:01:09 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x4000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:09 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:09 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x10, r0, 0x0) 09:01:10 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:10 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) 09:01:10 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r7, 0x84, 0x65, &(0x7f0000000180)=[@in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e21, 0x0, @remote, 0xffffffff}], 0x3c) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:10 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) [ 1214.457876][T14805] QAT: Invalid ioctl 09:01:10 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:10 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x100000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:11 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:11 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x10, r0, 0x0) 09:01:11 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r4, 0x0, r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r6, 0x84, 0x65, &(0x7f0000000180)=[@in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e21, 0x0, @remote, 0xffffffff}], 0x3c) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:11 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1215.201378][ T7788] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 09:01:11 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) [ 1215.281107][ T7788] CPU: 1 PID: 7788 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1215.289735][ T7788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1215.299784][ T7788] Call Trace: [ 1215.303084][ T7788] dump_stack+0x11d/0x187 [ 1215.307468][ T7788] dump_header+0xa7/0x399 [ 1215.311841][ T7788] oom_kill_process.cold+0x10/0x15 [ 1215.316956][ T7788] out_of_memory+0x21d/0xa30 [ 1215.321562][ T7788] mem_cgroup_out_of_memory+0x12b/0x150 [ 1215.327172][ T7788] try_charge+0xb60/0xbe0 [ 1215.331557][ T7788] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1215.337059][ T7788] __memcg_kmem_charge+0xcd/0x1b0 [ 1215.342207][ T7788] __alloc_pages_nodemask+0x268/0x310 [ 1215.347660][ T7788] alloc_pages_current+0xca/0x170 [ 1215.352700][ T7788] pte_alloc_one+0x14/0x50 [ 1215.357122][ T7788] __pte_alloc+0x27/0x210 [ 1215.361461][ T7788] copy_page_range+0x1391/0x1a40 [ 1215.366440][ T7788] dup_mm+0x72e/0xb90 [ 1215.370458][ T7788] copy_process+0x39ad/0x3b10 [ 1215.375140][ T7788] ? _raw_spin_unlock+0x38/0x60 [ 1215.380031][ T7788] _do_fork+0xf7/0x790 [ 1215.384106][ T7788] ? __read_once_size+0x45/0xd0 [ 1215.388969][ T7788] ? ktime_get_ts64+0x286/0x2c0 [ 1215.393863][ T7788] __x64_sys_clone+0x12e/0x170 [ 1215.398718][ T7788] do_syscall_64+0xc7/0x390 [ 1215.403303][ T7788] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1215.409225][ T7788] RIP: 0033:0x45aa4a [ 1215.413130][ T7788] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1215.432741][ T7788] RSP: 002b:00007ffca9301c20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1215.441186][ T7788] RAX: ffffffffffffffda RBX: 00007ffca9301c20 RCX: 000000000045aa4a [ 1215.449191][ T7788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1215.457218][ T7788] RBP: 00007ffca9301c60 R08: 0000000000000001 R09: 00000000015e7940 [ 1215.465188][ T7788] R10: 00000000015e7c10 R11: 0000000000000246 R12: 0000000000000001 [ 1215.473227][ T7788] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffca9301cb0 09:01:11 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) [ 1215.527573][ T7788] memory: usage 307196kB, limit 307200kB, failcnt 5980 [ 1215.535253][ T7788] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1215.542942][ T7788] Memory cgroup stats for /syz0: [ 1215.543114][ T7788] anon 226488320 [ 1215.543114][ T7788] file 40960 [ 1215.543114][ T7788] kernel_stack 11280384 [ 1215.543114][ T7788] slab 14848000 [ 1215.543114][ T7788] sock 0 [ 1215.543114][ T7788] shmem 114688 [ 1215.543114][ T7788] file_mapped 135168 [ 1215.543114][ T7788] file_dirty 135168 [ 1215.543114][ T7788] file_writeback 0 [ 1215.543114][ T7788] anon_thp 169869312 [ 1215.543114][ T7788] inactive_anon 0 [ 1215.543114][ T7788] active_anon 226488320 [ 1215.543114][ T7788] inactive_file 0 [ 1215.543114][ T7788] active_file 16384 [ 1215.543114][ T7788] unevictable 0 [ 1215.543114][ T7788] slab_reclaimable 1486848 [ 1215.543114][ T7788] slab_unreclaimable 13361152 [ 1215.543114][ T7788] pgfault 86790 [ 1215.543114][ T7788] pgmajfault 0 [ 1215.543114][ T7788] workingset_refault 1617 [ 1215.543114][ T7788] workingset_activate 297 [ 1215.543114][ T7788] workingset_nodereclaim 0 09:01:11 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) [ 1215.543114][ T7788] pgrefill 4925 [ 1215.543114][ T7788] pgscan 11357 [ 1215.543114][ T7788] pgsteal 3287 09:01:11 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x200000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1215.778783][ T7788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14363,uid=0 [ 1215.818868][ T7788] Memory cgroup out of memory: Killed process 14363 (syz-executor.0) total-vm:74836kB, anon-rss:2208kB, file-rss:35808kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1215.927388][ T1078] oom_reaper: reaped process 14363 (syz-executor.0), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB [ 1216.104109][T14845] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1216.146773][T14845] CPU: 0 PID: 14845 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1216.155473][T14845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1216.165525][T14845] Call Trace: [ 1216.168831][T14845] dump_stack+0x11d/0x187 [ 1216.173202][T14845] dump_header+0xa7/0x399 [ 1216.177540][T14845] oom_kill_process.cold+0x10/0x15 [ 1216.182704][T14845] out_of_memory+0x21d/0xa30 [ 1216.187317][T14845] mem_cgroup_out_of_memory+0x12b/0x150 [ 1216.192879][T14845] try_charge+0xb60/0xbe0 [ 1216.197223][T14845] ? __rcu_read_unlock+0x66/0x2f0 [ 1216.202263][T14845] mem_cgroup_try_charge+0xd7/0x260 [ 1216.207480][T14845] mem_cgroup_try_charge_delay+0x36/0x70 [ 1216.213123][T14845] __handle_mm_fault+0x18f1/0x2cf0 [ 1216.218262][T14845] handle_mm_fault+0x21c/0x540 [ 1216.223034][T14845] do_page_fault+0x4a4/0xa52 [ 1216.227639][T14845] ? do_syscall_64+0x27f/0x390 [ 1216.232422][T14845] page_fault+0x34/0x40 [ 1216.236598][T14845] RIP: 0033:0x413c6f [ 1216.240510][T14845] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 1216.260151][T14845] RSP: 002b:00007ffca93019d0 EFLAGS: 00010206 [ 1216.266218][T14845] RAX: 00007f663362b000 RBX: 0000000000020000 RCX: 000000000045c4ca [ 1216.274237][T14845] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1216.282209][T14845] RBP: 00007ffca9301ab0 R08: ffffffffffffffff R09: 0000000000000000 09:01:12 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x10, r0, 0x0) 09:01:12 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) [ 1216.290177][T14845] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffca9301ba0 [ 1216.298149][T14845] R13: 00007f663364b700 R14: 0000000000000000 R15: 000000000076bf2c 09:01:12 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1216.450929][T14845] memory: usage 307056kB, limit 307200kB, failcnt 5992 [ 1216.457818][T14845] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 09:01:12 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) [ 1216.545601][T14845] Memory cgroup stats for /syz0: [ 1216.545742][T14845] anon 226508800 [ 1216.545742][T14845] file 40960 [ 1216.545742][T14845] kernel_stack 11280384 [ 1216.545742][T14845] slab 14848000 [ 1216.545742][T14845] sock 0 [ 1216.545742][T14845] shmem 114688 [ 1216.545742][T14845] file_mapped 135168 [ 1216.545742][T14845] file_dirty 135168 [ 1216.545742][T14845] file_writeback 0 [ 1216.545742][T14845] anon_thp 169869312 [ 1216.545742][T14845] inactive_anon 0 [ 1216.545742][T14845] active_anon 226508800 09:01:12 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) [ 1216.545742][T14845] inactive_file 0 [ 1216.545742][T14845] active_file 16384 [ 1216.545742][T14845] unevictable 0 [ 1216.545742][T14845] slab_reclaimable 1486848 [ 1216.545742][T14845] slab_unreclaimable 13361152 [ 1216.545742][T14845] pgfault 86856 [ 1216.545742][T14845] pgmajfault 0 [ 1216.545742][T14845] workingset_refault 1617 [ 1216.545742][T14845] workingset_activate 297 [ 1216.545742][T14845] workingset_nodereclaim 0 [ 1216.545742][T14845] pgrefill 4958 [ 1216.545742][T14845] pgscan 11357 [ 1216.545742][T14845] pgsteal 3287 09:01:12 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1217.003227][T14845] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=20871,uid=0 [ 1217.068262][T14845] Memory cgroup out of memory: Killed process 20871 (syz-executor.0) total-vm:74968kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1217.123964][ T1078] oom_reaper: reaped process 20871 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 1217.199872][T14877] QAT: Invalid ioctl 09:01:13 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r4, 0x0, r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r6, 0x84, 0x65, &(0x7f0000000180)=[@in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e21, 0x0, @remote, 0xffffffff}], 0x3c) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:13 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x300000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:13 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:13 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) [ 1217.546774][T14887] QAT: Invalid ioctl 09:01:13 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:13 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:13 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:14 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:14 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r4, 0x0, r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:14 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) [ 1218.376974][ T7788] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 09:01:14 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1218.432619][ T7788] CPU: 1 PID: 7788 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1218.441268][ T7788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1218.451327][ T7788] Call Trace: [ 1218.454646][ T7788] dump_stack+0x11d/0x187 [ 1218.458996][ T7788] dump_header+0xa7/0x399 [ 1218.463346][ T7788] oom_kill_process.cold+0x10/0x15 [ 1218.468466][ T7788] out_of_memory+0x21d/0xa30 [ 1218.473076][ T7788] mem_cgroup_out_of_memory+0x12b/0x150 [ 1218.478706][ T7788] try_charge+0xb60/0xbe0 [ 1218.483068][ T7788] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1218.488546][ T7788] __memcg_kmem_charge+0xcd/0x1b0 [ 1218.493592][ T7788] __alloc_pages_nodemask+0x268/0x310 [ 1218.498982][ T7788] alloc_pages_current+0xca/0x170 [ 1218.504022][ T7788] pte_alloc_one+0x14/0x50 [ 1218.508477][ T7788] __pte_alloc+0x27/0x210 [ 1218.512917][ T7788] copy_page_range+0x1391/0x1a40 [ 1218.517922][ T7788] dup_mm+0x72e/0xb90 [ 1218.521963][ T7788] copy_process+0x39ad/0x3b10 [ 1218.526669][ T7788] ? _raw_spin_unlock+0x38/0x60 [ 1218.531552][ T7788] _do_fork+0xf7/0x790 [ 1218.535637][ T7788] ? __read_once_size+0x45/0xd0 [ 1218.540652][ T7788] ? ktime_get_ts64+0x286/0x2c0 [ 1218.545603][ T7788] __x64_sys_clone+0x12e/0x170 [ 1218.550450][ T7788] do_syscall_64+0xc7/0x390 [ 1218.555111][ T7788] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1218.561018][ T7788] RIP: 0033:0x45aa4a 09:01:14 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x400000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1218.564945][ T7788] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1218.584562][ T7788] RSP: 002b:00007ffca9301c20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1218.593130][ T7788] RAX: ffffffffffffffda RBX: 00007ffca9301c20 RCX: 000000000045aa4a [ 1218.601106][ T7788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1218.609085][ T7788] RBP: 00007ffca9301c60 R08: 0000000000000001 R09: 00000000015e7940 [ 1218.617117][ T7788] R10: 00000000015e7c10 R11: 0000000000000246 R12: 0000000000000001 [ 1218.625102][ T7788] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffca9301cb0 09:01:14 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) 09:01:14 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:14 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:15 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1218.979726][ T7788] memory: usage 307200kB, limit 307200kB, failcnt 6035 [ 1218.986634][ T7788] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1219.014685][ T7788] Memory cgroup stats for /syz0: [ 1219.014869][ T7788] anon 226484224 [ 1219.014869][ T7788] file 40960 [ 1219.014869][ T7788] kernel_stack 11280384 [ 1219.014869][ T7788] slab 14848000 [ 1219.014869][ T7788] sock 0 [ 1219.014869][ T7788] shmem 114688 [ 1219.014869][ T7788] file_mapped 135168 [ 1219.014869][ T7788] file_dirty 0 [ 1219.014869][ T7788] file_writeback 0 [ 1219.014869][ T7788] anon_thp 169869312 [ 1219.014869][ T7788] inactive_anon 0 [ 1219.014869][ T7788] active_anon 226484224 [ 1219.014869][ T7788] inactive_file 0 [ 1219.014869][ T7788] active_file 16384 [ 1219.014869][ T7788] unevictable 0 [ 1219.014869][ T7788] slab_reclaimable 1486848 [ 1219.014869][ T7788] slab_unreclaimable 13361152 [ 1219.014869][ T7788] pgfault 86955 [ 1219.014869][ T7788] pgmajfault 0 [ 1219.014869][ T7788] workingset_refault 1617 [ 1219.014869][ T7788] workingset_activate 297 [ 1219.014869][ T7788] workingset_nodereclaim 0 [ 1219.014869][ T7788] pgrefill 4991 [ 1219.014869][ T7788] pgscan 11390 [ 1219.014869][ T7788] pgsteal 3321 09:01:15 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 09:01:15 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:15 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1219.350429][ T7788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14885,uid=0 [ 1219.438553][ T7788] Memory cgroup out of memory: Killed process 14885 (syz-executor.0) total-vm:74836kB, anon-rss:2208kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:01:15 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) [ 1219.762798][T14957] QAT: Invalid ioctl 09:01:16 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r4, 0x0, r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r5, 0x0, r5) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:16 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:16 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x500000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:16 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) 09:01:16 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) 09:01:16 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1220.543747][ T7788] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1220.628689][ T7788] CPU: 0 PID: 7788 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1220.637317][ T7788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1220.647375][ T7788] Call Trace: [ 1220.650719][ T7788] dump_stack+0x11d/0x187 [ 1220.655107][ T7788] dump_header+0xa7/0x399 [ 1220.659450][ T7788] oom_kill_process.cold+0x10/0x15 [ 1220.664627][ T7788] out_of_memory+0x21d/0xa30 [ 1220.669236][ T7788] mem_cgroup_out_of_memory+0x12b/0x150 [ 1220.674832][ T7788] try_charge+0xb60/0xbe0 [ 1220.679207][ T7788] ? __this_cpu_preempt_check+0x3c/0x130 [ 1220.684858][ T7788] ? __perf_event_task_sched_in+0x150/0x3a0 [ 1220.690809][ T7788] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1220.696330][ T7788] __memcg_kmem_charge+0xcd/0x1b0 [ 1220.701418][ T7788] __alloc_pages_nodemask+0x268/0x310 [ 1220.706865][ T7788] alloc_pages_current+0xca/0x170 [ 1220.711896][ T7788] pte_alloc_one+0x14/0x50 [ 1220.716321][ T7788] __pte_alloc+0x27/0x210 [ 1220.720665][ T7788] copy_page_range+0x1391/0x1a40 [ 1220.725643][ T7788] dup_mm+0x72e/0xb90 [ 1220.729819][ T7788] copy_process+0x39ad/0x3b10 [ 1220.734505][ T7788] ? _raw_spin_unlock+0x38/0x60 [ 1220.739455][ T7788] _do_fork+0xf7/0x790 [ 1220.743547][ T7788] ? __read_once_size+0x45/0xd0 [ 1220.748411][ T7788] ? ktime_get_ts64+0x286/0x2c0 [ 1220.753289][ T7788] __x64_sys_clone+0x12e/0x170 [ 1220.758132][ T7788] do_syscall_64+0xc7/0x390 [ 1220.762656][ T7788] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1220.768570][ T7788] RIP: 0033:0x45aa4a [ 1220.772471][ T7788] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1220.792078][ T7788] RSP: 002b:00007ffca9301c20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1220.800493][ T7788] RAX: ffffffffffffffda RBX: 00007ffca9301c20 RCX: 000000000045aa4a [ 1220.808464][ T7788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1220.816437][ T7788] RBP: 00007ffca9301c60 R08: 0000000000000001 R09: 00000000015e7940 [ 1220.824406][ T7788] R10: 00000000015e7c10 R11: 0000000000000246 R12: 0000000000000001 [ 1220.832382][ T7788] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffca9301cb0 09:01:17 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:17 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x10, r0, 0x0) 09:01:17 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) 09:01:17 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) [ 1221.423416][ T7788] memory: usage 307200kB, limit 307200kB, failcnt 6076 [ 1221.468647][ T7788] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1221.475534][ T7788] Memory cgroup stats for /syz0: [ 1221.475758][ T7788] anon 226533376 [ 1221.475758][ T7788] file 40960 [ 1221.475758][ T7788] kernel_stack 11280384 [ 1221.475758][ T7788] slab 14848000 [ 1221.475758][ T7788] sock 0 [ 1221.475758][ T7788] shmem 114688 [ 1221.475758][ T7788] file_mapped 135168 [ 1221.475758][ T7788] file_dirty 0 [ 1221.475758][ T7788] file_writeback 0 [ 1221.475758][ T7788] anon_thp 169869312 [ 1221.475758][ T7788] inactive_anon 0 [ 1221.475758][ T7788] active_anon 226533376 [ 1221.475758][ T7788] inactive_file 0 [ 1221.475758][ T7788] active_file 16384 [ 1221.475758][ T7788] unevictable 0 [ 1221.475758][ T7788] slab_reclaimable 1486848 [ 1221.475758][ T7788] slab_unreclaimable 13361152 [ 1221.475758][ T7788] pgfault 87054 [ 1221.475758][ T7788] pgmajfault 0 [ 1221.475758][ T7788] workingset_refault 1617 [ 1221.475758][ T7788] workingset_activate 297 [ 1221.475758][ T7788] workingset_nodereclaim 0 [ 1221.475758][ T7788] pgrefill 4991 [ 1221.475758][ T7788] pgscan 11456 09:01:17 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1221.475758][ T7788] pgsteal 3321 09:01:17 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x600000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1221.597202][ T7788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14954,uid=0 [ 1221.613416][ T7788] Memory cgroup out of memory: Killed process 14954 (syz-executor.0) total-vm:74836kB, anon-rss:2208kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1221.634678][ T1078] oom_reaper: reaped process 14954 (syz-executor.0), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 1221.634939][T14985] syz-executor.5 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 1221.744067][T14985] CPU: 1 PID: 14985 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1221.752839][T14985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1221.762891][T14985] Call Trace: [ 1221.766247][T14985] dump_stack+0x11d/0x187 [ 1221.770606][T14985] dump_header+0xa7/0x399 [ 1221.774965][T14985] oom_kill_process.cold+0x10/0x15 [ 1221.777901][T15004] QAT: Invalid ioctl [ 1221.780089][T14985] out_of_memory+0x21d/0xa30 [ 1221.780110][T14985] ? __rcu_read_unlock+0x66/0x2f0 [ 1221.780138][T14985] mem_cgroup_out_of_memory+0x12b/0x150 [ 1221.780268][T14985] try_charge+0xb60/0xbe0 [ 1221.803632][T14985] ? __rcu_read_unlock+0x66/0x2f0 [ 1221.808700][T14985] mem_cgroup_try_charge+0xd7/0x260 [ 1221.813918][T14985] __add_to_page_cache_locked+0x16c/0x770 [ 1221.819681][T14985] ? __alloc_pages_nodemask+0x15e/0x310 [ 1221.825240][T14985] ? __read_once_size.constprop.0+0x20/0x20 [ 1221.831155][T14985] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1221.837097][T14985] add_to_page_cache_lru+0xc7/0x260 [ 1221.842391][T14985] pagecache_get_page+0x2b0/0x700 [ 1221.847458][T14985] ? radix_tree_load_root+0xb3/0xf0 [ 1221.852688][T14985] grab_cache_page_write_begin+0x56/0x80 [ 1221.858582][T14985] ext4_da_write_begin+0x1b4/0x860 [ 1221.863751][T14985] generic_perform_write+0x13a/0x320 [ 1221.869277][T14985] ext4_buffered_write_iter+0x14e/0x280 [ 1221.874854][T14985] ext4_file_write_iter+0xf4/0xd30 [ 1221.879993][T14985] new_sync_write+0x303/0x400 [ 1221.884718][T14985] __vfs_write+0x9e/0xb0 [ 1221.888979][T14985] vfs_write+0x189/0x380 [ 1221.893236][T14985] ksys_write+0xc5/0x1a0 [ 1221.897492][T14985] __x64_sys_write+0x49/0x60 [ 1221.902093][T14985] do_syscall_64+0xc7/0x390 [ 1221.906615][T14985] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1221.912523][T14985] RIP: 0033:0x45c479 [ 1221.916428][T14985] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1221.936064][T14985] RSP: 002b:00007f30b4712c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1221.944577][T14985] RAX: ffffffffffffffda RBX: 00007f30b47136d4 RCX: 000000000045c479 [ 1221.952557][T14985] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003 [ 1221.960560][T14985] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1221.968619][T14985] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1221.976728][T14985] R13: 0000000000000cdc R14: 00000000004cec0d R15: 000000000076bf2c 09:01:18 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r4, 0x0, r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r5, 0x0, r5) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:18 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) 09:01:18 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x0, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1222.643832][T15018] QAT: Invalid ioctl [ 1222.665833][T14985] memory: usage 307168kB, limit 307200kB, failcnt 3010 [ 1222.682144][T14985] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1222.691767][T14985] Memory cgroup stats for /syz5: [ 1222.691980][T14985] anon 277168128 [ 1222.691980][T14985] file 221184 [ 1222.691980][T14985] kernel_stack 4608000 [ 1222.691980][T14985] slab 6856704 [ 1222.691980][T14985] sock 0 [ 1222.691980][T14985] shmem 0 [ 1222.691980][T14985] file_mapped 135168 [ 1222.691980][T14985] file_dirty 0 [ 1222.691980][T14985] file_writeback 135168 [ 1222.691980][T14985] anon_thp 253755392 [ 1222.691980][T14985] inactive_anon 0 [ 1222.691980][T14985] active_anon 277094400 [ 1222.691980][T14985] inactive_file 151552 [ 1222.691980][T14985] active_file 94208 [ 1222.691980][T14985] unevictable 0 [ 1222.691980][T14985] slab_reclaimable 946176 [ 1222.691980][T14985] slab_unreclaimable 5910528 [ 1222.691980][T14985] pgfault 134442 [ 1222.691980][T14985] pgmajfault 0 09:01:18 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x700000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:18 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) [ 1222.691980][T14985] workingset_refault 1221 [ 1222.691980][T14985] workingset_activate 198 [ 1222.691980][T14985] workingset_nodereclaim 0 [ 1222.691980][T14985] pgrefill 2839 [ 1222.691980][T14985] pgscan 8433 [ 1222.691980][T14985] pgsteal 3178 09:01:18 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1222.815826][T14985] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=14984,uid=0 [ 1222.890118][T14985] Memory cgroup out of memory: Killed process 14985 (syz-executor.5) total-vm:74836kB, anon-rss:4260kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 09:01:19 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x0, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1222.957607][ T1078] oom_reaper: reaped process 14985 (syz-executor.5), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 09:01:19 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x10, r0, 0x0) 09:01:19 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) 09:01:19 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x0, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:19 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:19 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r4, 0x0, r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r5, 0x0, r5) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:19 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) 09:01:19 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0x0, 0x20008011, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1223.557045][T15056] QAT: Invalid ioctl 09:01:19 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:20 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x800000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:20 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x10, r0, 0x0) 09:01:20 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:20 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:20 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r4, 0x0, r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1224.518419][T15088] QAT: Invalid ioctl 09:01:20 executing program 3: ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:20 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0x0, 0x20008011, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:20 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:21 executing program 3: ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:21 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xa00000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:21 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) 09:01:21 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:21 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r4, 0x0, r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:21 executing program 3: ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1225.445333][T15126] QAT: Invalid ioctl 09:01:21 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:21 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0x0, 0x20008011, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:21 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:22 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:22 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r4, 0x0, r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:22 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x1000000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:22 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) 09:01:22 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1226.391183][T15153] QAT: Invalid ioctl 09:01:22 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:22 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:23 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:23 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) 09:01:23 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:23 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r4, 0x0, r4) r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:23 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:23 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) [ 1227.353980][T15187] QAT: Invalid ioctl 09:01:23 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x1403000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:23 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x10, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") sendfile(r2, r1, 0x0, 0x100000001) 09:01:23 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:24 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:24 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:24 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r4, 0x0, r4) r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1228.329467][T15218] QAT: Invalid ioctl 09:01:24 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, r0, 0x0) 09:01:24 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x1f00000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:24 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = socket$netlink(0x10, 0x3, 0x0) r2 = syz_open_dev$audion(&(0x7f0000000500)='/dev/audio#\x00', 0x8000, 0x58000) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000540)={0x2, [0x0, 0x0]}, &(0x7f0000000580)=0xc) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r2, 0x84, 0x19, &(0x7f00000005c0)={r3, 0x7}, 0x8) rt_sigqueueinfo(r0, 0x27, &(0x7f0000000400)={0x11, 0x0, 0x5}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd0001000000000023cd3741ce8074c5fe8524c0306554362ddd4c0617b1ed0cd8cb892ef805ab93a186423f124b7c6a03d724f7ead1ef33adfdbe08b8c5236b93b9797b4409f6e3", @ANYRES32=0x0, @ANYBLOB="00000079abd1932a"], 0x48}}, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ADD(r1, &(0x7f00000004c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000480)={&(0x7f00000001c0)={0x230, r4, 0x412, 0x70bd29, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x14, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_LINK={0x70, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6fb8dbad}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x54e053c3}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_NODE={0x14, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1ff}, @TIPC_NLA_NODE_ADDR={0x8}]}, @TIPC_NLA_SOCK={0x38, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1f}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xe64}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xffff}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}]}, @TIPC_NLA_NET={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8001}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x40}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x20}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x20}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x5}]}, @TIPC_NLA_SOCK={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}]}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}]}, @TIPC_NLA_NET={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9c}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}, @TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xfffffffb}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x41ffd3ed}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3ff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7e3}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xaa}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x800}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}]}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9b89}]}, @TIPC_NLA_SOCK={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0xb8e5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}]}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8a38}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x20}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7d10}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xbd000002}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x230}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x200, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f00000000c0)) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4205, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1228.697055][ T26] audit: type=1804 audit(1583053284.844:200): pid=15204 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir163903272/syzkaller.xpgwHu/1271/cgroup.controllers" dev="sda1" ino=18493 res=1 09:01:24 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl(r2, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001) 09:01:25 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x10, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") sendfile(r2, r1, 0x0, 0x100000001) 09:01:25 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r4, 0x0, r4) r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1229.096946][ T7788] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1229.168746][ T7788] CPU: 0 PID: 7788 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1229.177367][ T7788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1229.187427][ T7788] Call Trace: [ 1229.190742][ T7788] dump_stack+0x11d/0x187 [ 1229.195080][ T7788] dump_header+0xa7/0x399 [ 1229.199423][ T7788] oom_kill_process.cold+0x10/0x15 [ 1229.204548][ T7788] out_of_memory+0x21d/0xa30 [ 1229.209168][ T7788] ? __rcu_read_unlock+0x66/0x2f0 [ 1229.214242][ T7788] mem_cgroup_out_of_memory+0x12b/0x150 [ 1229.219806][ T7788] try_charge+0xb60/0xbe0 [ 1229.224257][ T7788] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1229.229728][ T7788] __memcg_kmem_charge+0xcd/0x1b0 [ 1229.234836][ T7788] __alloc_pages_nodemask+0x268/0x310 [ 1229.240227][ T7788] alloc_pages_current+0xca/0x170 [ 1229.245260][ T7788] __pmd_alloc+0x48/0x2b0 [ 1229.249621][ T7788] copy_page_range+0x14df/0x1a40 [ 1229.254580][ T7788] ? vma_gap_callbacks_rotate+0x11a/0x180 [ 1229.260447][ T7788] ? __rb_insert_augmented+0x11b/0x360 [ 1229.265925][ T7788] ? __vma_link_rb+0x3ed/0x440 [ 1229.270793][ T7788] dup_mm+0x72e/0xb90 [ 1229.274819][ T7788] copy_process+0x39ad/0x3b10 [ 1229.279503][ T7788] ? _raw_spin_unlock+0x38/0x60 [ 1229.284384][ T7788] _do_fork+0xf7/0x790 [ 1229.288458][ T7788] ? __read_once_size+0x45/0xd0 [ 1229.293391][ T7788] ? ktime_get_ts64+0x286/0x2c0 [ 1229.298255][ T7788] __x64_sys_clone+0x12e/0x170 [ 1229.303110][ T7788] do_syscall_64+0xc7/0x390 [ 1229.307627][ T7788] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1229.313521][ T7788] RIP: 0033:0x45aa4a [ 1229.317483][ T7788] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1229.337187][ T7788] RSP: 002b:00007ffca9301c20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1229.345704][ T7788] RAX: ffffffffffffffda RBX: 00007ffca9301c20 RCX: 000000000045aa4a [ 1229.353671][ T7788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1229.361674][ T7788] RBP: 00007ffca9301c60 R08: 0000000000000001 R09: 00000000015e7940 09:01:25 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, r0, 0x0) 09:01:25 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x0, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1229.369650][ T7788] R10: 00000000015e7c10 R11: 0000000000000246 R12: 0000000000000001 [ 1229.377622][ T7788] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffca9301cb0 09:01:25 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl(r2, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001) [ 1229.548656][ T7788] memory: usage 307200kB, limit 307200kB, failcnt 6126 [ 1229.555544][ T7788] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1229.601626][ T7788] Memory cgroup stats for /syz0: [ 1229.601819][ T7788] anon 225230848 [ 1229.601819][ T7788] file 40960 [ 1229.601819][ T7788] kernel_stack 11390976 [ 1229.601819][ T7788] slab 14983168 [ 1229.601819][ T7788] sock 0 [ 1229.601819][ T7788] shmem 114688 [ 1229.601819][ T7788] file_mapped 135168 [ 1229.601819][ T7788] file_dirty 0 [ 1229.601819][ T7788] file_writeback 0 [ 1229.601819][ T7788] anon_thp 167772160 [ 1229.601819][ T7788] inactive_anon 0 [ 1229.601819][ T7788] active_anon 225230848 [ 1229.601819][ T7788] inactive_file 0 09:01:25 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x2000000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1229.601819][ T7788] active_file 16384 [ 1229.601819][ T7788] unevictable 0 [ 1229.601819][ T7788] slab_reclaimable 1486848 [ 1229.601819][ T7788] slab_unreclaimable 13496320 [ 1229.601819][ T7788] pgfault 87714 [ 1229.601819][ T7788] pgmajfault 0 [ 1229.601819][ T7788] workingset_refault 1617 [ 1229.601819][ T7788] workingset_activate 297 [ 1229.601819][ T7788] workingset_nodereclaim 0 [ 1229.601819][ T7788] pgrefill 5059 [ 1229.601819][ T7788] pgscan 11489 [ 1229.601819][ T7788] pgsteal 3321 [ 1229.719077][ T7788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14876,uid=0 09:01:26 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl(r2, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") sendfile(r1, 0xffffffffffffffff, 0x0, 0x100000001) [ 1229.970392][ T7788] Memory cgroup out of memory: Killed process 14876 (syz-executor.0) total-vm:74836kB, anon-rss:2208kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1230.032327][ T26] audit: type=1804 audit(1583053286.184:201): pid=15242 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir163903272/syzkaller.xpgwHu/1272/cgroup.controllers" dev="sda1" ino=18511 res=1 09:01:26 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") sendfile(r2, r1, 0x0, 0x100000001) [ 1230.300885][T15267] QAT: Invalid ioctl 09:01:26 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, r0, 0x0) 09:01:26 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") sendfile(r2, r1, 0x0, 0x100000001) 09:01:26 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1230.623180][ T26] audit: type=1804 audit(1583053286.774:202): pid=15270 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir163903272/syzkaller.xpgwHu/1273/cgroup.controllers" dev="sda1" ino=18514 res=1 [ 1230.773144][ T26] audit: type=1804 audit(1583053286.924:203): pid=15276 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir360798672/syzkaller.4O2XCn/1900/cgroup.controllers" dev="sda1" ino=18478 res=1 09:01:27 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x2010000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:27 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendfile(r2, r1, 0x0, 0x100000001) 09:01:27 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:27 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendfile(r2, r1, 0x0, 0x100000001) [ 1231.171063][ T7788] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1231.255397][ T7788] CPU: 1 PID: 7788 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1231.264023][ T7788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1231.274094][ T7788] Call Trace: [ 1231.277398][ T7788] dump_stack+0x11d/0x187 [ 1231.281736][ T7788] dump_header+0xa7/0x399 [ 1231.286079][ T7788] oom_kill_process.cold+0x10/0x15 [ 1231.291204][ T7788] out_of_memory+0x21d/0xa30 [ 1231.295858][ T7788] ? __rcu_read_unlock+0x66/0x2f0 [ 1231.300904][ T7788] mem_cgroup_out_of_memory+0x12b/0x150 [ 1231.306465][ T7788] try_charge+0xb60/0xbe0 [ 1231.310819][ T7788] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1231.316324][ T7788] __memcg_kmem_charge+0xcd/0x1b0 [ 1231.321384][ T7788] __alloc_pages_nodemask+0x268/0x310 [ 1231.326848][ T7788] alloc_pages_current+0xca/0x170 [ 1231.331935][ T7788] __pmd_alloc+0x48/0x2b0 [ 1231.336307][ T7788] copy_page_range+0x14df/0x1a40 [ 1231.341292][ T7788] ? vma_gap_callbacks_rotate+0x11a/0x180 [ 1231.347025][ T7788] ? __rb_insert_augmented+0x11b/0x360 [ 1231.352589][ T7788] ? __vma_link_rb+0x3ed/0x440 [ 1231.357366][ T7788] dup_mm+0x72e/0xb90 [ 1231.361391][ T7788] copy_process+0x39ad/0x3b10 [ 1231.366079][ T7788] ? _raw_spin_unlock+0x38/0x60 [ 1231.370961][ T7788] _do_fork+0xf7/0x790 [ 1231.375061][ T7788] ? __read_once_size+0x45/0xd0 [ 1231.379952][ T7788] ? ktime_get_ts64+0x286/0x2c0 [ 1231.384873][ T7788] __x64_sys_clone+0x12e/0x170 [ 1231.389687][ T7788] do_syscall_64+0xc7/0x390 [ 1231.394205][ T7788] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1231.400104][ T7788] RIP: 0033:0x45aa4a [ 1231.404052][ T7788] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1231.423795][ T7788] RSP: 002b:00007ffca9301c20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1231.432209][ T7788] RAX: ffffffffffffffda RBX: 00007ffca9301c20 RCX: 000000000045aa4a [ 1231.440181][ T7788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1231.448189][ T7788] RBP: 00007ffca9301c60 R08: 0000000000000001 R09: 00000000015e7940 [ 1231.456160][ T7788] R10: 00000000015e7c10 R11: 0000000000000246 R12: 0000000000000001 [ 1231.464142][ T7788] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffca9301cb0 [ 1231.472821][ T26] audit: type=1804 audit(1583053287.404:204): pid=15296 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir163903272/syzkaller.xpgwHu/1274/cgroup.controllers" dev="sda1" ino=18477 res=1 [ 1231.509565][ T7788] memory: usage 307200kB, limit 307200kB, failcnt 6149 [ 1231.536943][ T7788] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 09:01:27 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) [ 1231.554803][ T7788] Memory cgroup stats for /syz0: [ 1231.555884][ T7788] anon 225267712 [ 1231.555884][ T7788] file 40960 [ 1231.555884][ T7788] kernel_stack 11390976 [ 1231.555884][ T7788] slab 14983168 [ 1231.555884][ T7788] sock 0 [ 1231.555884][ T7788] shmem 114688 [ 1231.555884][ T7788] file_mapped 135168 [ 1231.555884][ T7788] file_dirty 0 [ 1231.555884][ T7788] file_writeback 0 [ 1231.555884][ T7788] anon_thp 167772160 [ 1231.555884][ T7788] inactive_anon 0 [ 1231.555884][ T7788] active_anon 225267712 [ 1231.555884][ T7788] inactive_file 0 [ 1231.555884][ T7788] active_file 16384 09:01:27 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendfile(r2, r1, 0x0, 0x100000001) [ 1231.555884][ T7788] unevictable 0 [ 1231.555884][ T7788] slab_reclaimable 1486848 [ 1231.555884][ T7788] slab_unreclaimable 13496320 [ 1231.555884][ T7788] pgfault 87780 [ 1231.555884][ T7788] pgmajfault 0 [ 1231.555884][ T7788] workingset_refault 1617 [ 1231.555884][ T7788] workingset_activate 297 [ 1231.555884][ T7788] workingset_nodereclaim 0 [ 1231.555884][ T7788] pgrefill 5059 [ 1231.555884][ T7788] pgscan 11489 [ 1231.555884][ T7788] pgsteal 3321 09:01:27 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendfile(r2, r1, 0x0, 0x100000001) 09:01:28 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1231.954722][ T26] audit: type=1804 audit(1583053288.104:205): pid=15313 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir360798672/syzkaller.4O2XCn/1902/cgroup.controllers" dev="sda1" ino=18499 res=1 09:01:28 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x2803000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1232.058690][ T7788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15266,uid=0 [ 1232.088301][ T7788] Memory cgroup out of memory: Killed process 15266 (syz-executor.0) total-vm:74836kB, anon-rss:2208kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1232.170383][ T26] audit: type=1804 audit(1583053288.324:206): pid=15312 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir163903272/syzkaller.xpgwHu/1275/cgroup.controllers" dev="sda1" ino=18545 res=1 09:01:28 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendfile(r2, r1, 0x0, 0x100000001) [ 1232.482712][T15328] QAT: Invalid ioctl 09:01:28 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") sendfile(r2, r1, 0x0, 0x100000001) 09:01:28 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) [ 1232.582326][T15325] syz-executor.0 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=1000 [ 1232.622880][T15325] CPU: 1 PID: 15325 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1232.631581][T15325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1232.641744][T15325] Call Trace: [ 1232.645054][T15325] dump_stack+0x11d/0x187 [ 1232.649460][T15325] dump_header+0xa7/0x399 [ 1232.653801][T15325] oom_kill_process.cold+0x10/0x15 [ 1232.658936][T15325] out_of_memory+0x21d/0xa30 [ 1232.663589][T15325] ? __rcu_read_unlock+0x66/0x2f0 [ 1232.668633][T15325] mem_cgroup_out_of_memory+0x12b/0x150 [ 1232.674234][T15325] try_charge+0xb60/0xbe0 [ 1232.678573][T15325] ? try_charge+0x1b0/0xbe0 [ 1232.683098][T15325] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1232.688563][T15325] cache_grow_begin+0x39f/0x590 [ 1232.693437][T15325] ? __cpuset_node_allowed+0xf6/0x200 [ 1232.698833][T15325] fallback_alloc+0x167/0x1f0 [ 1232.703540][T15325] kmem_cache_alloc_node+0xb4/0x680 [ 1232.708768][T15325] ? __read_once_size+0xb7/0x100 [ 1232.713719][T15325] copy_process+0x388/0x3b10 [ 1232.718310][T15325] ? kvm_clock_read+0x14/0x30 [ 1232.723099][T15325] ? kvm_sched_clock_read+0x5/0x10 [ 1232.728216][T15325] ? sched_clock+0xf/0x20 [ 1232.732544][T15325] ? sched_clock_cpu+0x10/0xd0 [ 1232.737312][T15325] ? record_times+0x10/0x80 [ 1232.741892][T15325] ? psi_task_change+0x1a4/0x2c0 [ 1232.746858][T15325] _do_fork+0xf7/0x790 [ 1232.750941][T15325] ? __rcu_read_unlock+0x66/0x2f0 [ 1232.755980][T15325] ? blkcg_maybe_throttle_current+0x249/0x5a0 [ 1232.762068][T15325] __x64_sys_clone+0x12e/0x170 [ 1232.766946][T15325] do_syscall_64+0xc7/0x390 [ 1232.771548][T15325] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1232.777444][T15325] RIP: 0033:0x45ee49 [ 1232.781364][T15325] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1232.801026][T15325] RSP: 002b:00007ffca9301988 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1232.809466][T15325] RAX: ffffffffffffffda RBX: 00007f6633609700 RCX: 000000000045ee49 [ 1232.817462][T15325] RDX: 00007f66336099d0 RSI: 00007f6633608db0 RDI: 00000000003d0f00 [ 1232.825437][T15325] RBP: 00007ffca9301ba0 R08: 00007f6633609700 R09: 00007f6633609700 [ 1232.833428][T15325] R10: 00007f66336099d0 R11: 0000000000000202 R12: 0000000000000000 [ 1232.841402][T15325] R13: 00007ffca9301a3f R14: 00007f66336099c0 R15: 000000000076c06c [ 1232.932684][T15325] memory: usage 307200kB, limit 307200kB, failcnt 6192 [ 1232.939989][ T26] audit: type=1804 audit(1583053289.084:207): pid=15334 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir163903272/syzkaller.xpgwHu/1276/cgroup.controllers" dev="sda1" ino=18491 res=1 [ 1232.942024][T15325] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 09:01:29 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1232.993260][T15325] Memory cgroup stats for /syz0: [ 1232.993440][T15325] anon 225267712 [ 1232.993440][T15325] file 40960 [ 1232.993440][T15325] kernel_stack 11390976 [ 1232.993440][T15325] slab 14983168 [ 1232.993440][T15325] sock 0 [ 1232.993440][T15325] shmem 114688 [ 1232.993440][T15325] file_mapped 135168 [ 1232.993440][T15325] file_dirty 0 [ 1232.993440][T15325] file_writeback 0 [ 1232.993440][T15325] anon_thp 167772160 [ 1232.993440][T15325] inactive_anon 0 [ 1232.993440][T15325] active_anon 225267712 [ 1232.993440][T15325] inactive_file 0 [ 1232.993440][T15325] active_file 16384 [ 1232.993440][T15325] unevictable 0 [ 1232.993440][T15325] slab_reclaimable 1486848 [ 1232.993440][T15325] slab_unreclaimable 13496320 [ 1232.993440][T15325] pgfault 87846 [ 1232.993440][T15325] pgmajfault 0 [ 1232.993440][T15325] workingset_refault 1617 [ 1232.993440][T15325] workingset_activate 297 [ 1232.993440][T15325] workingset_nodereclaim 0 [ 1232.993440][T15325] pgrefill 5059 [ 1232.993440][T15325] pgscan 11489 [ 1232.993440][T15325] pgsteal 3321 [ 1233.038499][ T26] audit: type=1804 audit(1583053289.134:208): pid=15339 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir360798672/syzkaller.4O2XCn/1903/cgroup.controllers" dev="sda1" ino=18499 res=1 [ 1233.158832][T15325] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=20725,uid=0 [ 1233.202408][T15325] Memory cgroup out of memory: Killed process 20725 (syz-executor.0) total-vm:74968kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1233.288971][ T1078] oom_reaper: reaped process 20725 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 09:01:29 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) 09:01:29 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:29 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x3400000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:29 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) 09:01:29 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, &(0x7f0000001240)={0x0, 0x0}) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x3, 0x0, 0x248000009, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r3, &(0x7f0000000940), 0x12) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) write$cgroup_type(r3, &(0x7f0000000140)='threaded\x00', 0xffffff1f) ptrace$getregset(0x4205, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1233.667948][T15363] QAT: Invalid ioctl 09:01:30 executing program 3: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, &(0x7f0000001240)={0x0, 0x0}) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x3, 0x0, 0x248000009, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_int(r3, &(0x7f0000000940), 0x12) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x4030582a, &(0x7f0000000040)) write$cgroup_type(r3, &(0x7f0000000140)='threaded\x00', 0xffffff1f) ptrace$getregset(0x4205, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:30 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:30 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:30 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x3f00000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1234.462750][ T7788] syz-executor.0 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 1234.505395][ T7788] CPU: 1 PID: 7788 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1234.514051][ T7788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1234.524107][ T7788] Call Trace: [ 1234.527409][ T7788] dump_stack+0x11d/0x187 [ 1234.531744][ T7788] dump_header+0xa7/0x399 [ 1234.536111][ T7788] oom_kill_process.cold+0x10/0x15 [ 1234.541232][ T7788] out_of_memory+0x21d/0xa30 [ 1234.545832][ T7788] ? __rcu_read_unlock+0x66/0x2f0 09:01:30 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6(0xa, 0x6, 0x0) close(r4) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x83, &(0x7f0000000240)={r6, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r7 = socket$inet6(0xa, 0x6, 0x0) close(r7) r8 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r7, 0x84, 0x83, &(0x7f0000000240)={r9, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r10 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r10, 0x84, 0x71, &(0x7f0000000380)={r9, 0x7}, &(0x7f0000000140)=0x4e) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000180)={r11, 0x7}, 0x8) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) r12 = socket$inet(0x10, 0x2, 0x0) sendmsg(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="24000000190007041dfffd946f6105000af80200fe0200000002080008001e000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r12, 0x84, 0x16, &(0x7f0000000200)={0x2, [0x800, 0xffff]}, 0x8) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) openat$uinput(0xffffffffffffff9c, &(0x7f0000000340)='/dev/uinput\x00', 0x802, 0x0) [ 1234.550948][ T7788] mem_cgroup_out_of_memory+0x12b/0x150 [ 1234.556517][ T7788] try_charge+0xb60/0xbe0 [ 1234.560925][ T7788] ? try_charge+0x1b0/0xbe0 [ 1234.565446][ T7788] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1234.570991][ T7788] cache_grow_begin+0x39f/0x590 [ 1234.575851][ T7788] ? __cpuset_node_allowed+0xf6/0x200 [ 1234.581239][ T7788] fallback_alloc+0x167/0x1f0 [ 1234.585931][ T7788] kmem_cache_alloc+0x16d/0x5e0 [ 1234.590818][ T7788] ? alloc_pages_current+0xd7/0x170 [ 1234.596020][ T7788] ? inc_zone_page_state+0x54/0xd0 [ 1234.601153][ T7788] ? preempt_count_add+0x63/0x90 09:01:30 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x20000000, 0x0, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1234.606103][ T7788] vm_area_dup+0x4f/0x160 [ 1234.610574][ T7788] ? __read_once_size+0x2f/0xd0 [ 1234.615437][ T7788] ? _raw_spin_unlock+0x38/0x60 [ 1234.620305][ T7788] ? copy_page_range+0x1210/0x1a40 [ 1234.625609][ T7788] dup_mm+0x332/0xb90 [ 1234.629726][ T7788] copy_process+0x39ad/0x3b10 [ 1234.634423][ T7788] ? _raw_spin_unlock+0x38/0x60 [ 1234.639375][ T7788] _do_fork+0xf7/0x790 [ 1234.643495][ T7788] ? __read_once_size+0x45/0xd0 [ 1234.648379][ T7788] ? ktime_get_ts64+0x286/0x2c0 [ 1234.653245][ T7788] __x64_sys_clone+0x12e/0x170 [ 1234.658037][ T7788] do_syscall_64+0xc7/0x390 [ 1234.662623][ T7788] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1234.668516][ T7788] RIP: 0033:0x45aa4a [ 1234.672416][ T7788] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1234.692087][ T7788] RSP: 002b:00007ffca9301c20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1234.700551][ T7788] RAX: ffffffffffffffda RBX: 00007ffca9301c20 RCX: 000000000045aa4a [ 1234.708575][ T7788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1234.716581][ T7788] RBP: 00007ffca9301c60 R08: 0000000000000001 R09: 00000000015e7940 [ 1234.724534][ T7788] R10: 00000000015e7c10 R11: 0000000000000246 R12: 0000000000000001 [ 1234.732487][ T7788] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffca9301cb0 [ 1234.750088][ T7788] memory: usage 307200kB, limit 307200kB, failcnt 6237 [ 1234.757047][ T7788] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1234.766893][ T7788] Memory cgroup stats for /syz0: [ 1234.767076][ T7788] anon 225390592 [ 1234.767076][ T7788] file 40960 [ 1234.767076][ T7788] kernel_stack 11354112 [ 1234.767076][ T7788] slab 15118336 [ 1234.767076][ T7788] sock 0 [ 1234.767076][ T7788] shmem 114688 [ 1234.767076][ T7788] file_mapped 135168 [ 1234.767076][ T7788] file_dirty 0 [ 1234.767076][ T7788] file_writeback 0 [ 1234.767076][ T7788] anon_thp 167772160 [ 1234.767076][ T7788] inactive_anon 0 [ 1234.767076][ T7788] active_anon 225390592 [ 1234.767076][ T7788] inactive_file 0 [ 1234.767076][ T7788] active_file 16384 [ 1234.767076][ T7788] unevictable 0 [ 1234.767076][ T7788] slab_reclaimable 1486848 [ 1234.767076][ T7788] slab_unreclaimable 13631488 [ 1234.767076][ T7788] pgfault 87945 [ 1234.767076][ T7788] pgmajfault 0 [ 1234.767076][ T7788] workingset_refault 1617 [ 1234.767076][ T7788] workingset_activate 297 [ 1234.767076][ T7788] workingset_nodereclaim 0 [ 1234.767076][ T7788] pgrefill 5059 [ 1234.767076][ T7788] pgscan 11522 [ 1234.767076][ T7788] pgsteal 3321 [ 1234.862090][ T7788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15327,uid=0 [ 1234.877725][ T7788] Memory cgroup out of memory: Killed process 15327 (syz-executor.0) total-vm:74968kB, anon-rss:2216kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1234.898321][ T1078] oom_reaper: reaped process 15327 (syz-executor.0), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1234.955846][T15393] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1234.971032][T15393] CPU: 0 PID: 15393 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1234.979749][T15393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1234.989917][T15393] Call Trace: [ 1234.993254][T15393] dump_stack+0x11d/0x187 [ 1234.997672][T15393] dump_header+0xa7/0x399 [ 1235.002018][T15393] oom_kill_process.cold+0x10/0x15 [ 1235.007138][T15393] out_of_memory+0x21d/0xa30 [ 1235.011781][T15393] ? __rcu_read_unlock+0x66/0x2f0 [ 1235.016816][T15393] mem_cgroup_out_of_memory+0x12b/0x150 [ 1235.022404][T15393] try_charge+0xb60/0xbe0 [ 1235.026772][T15393] ? map_vm_area+0x83/0xa0 [ 1235.031224][T15393] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1235.036801][T15393] __memcg_kmem_charge+0xcd/0x1b0 [ 1235.041852][T15393] copy_process+0x12bc/0x3b10 [ 1235.042060][T15402] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1235.046637][T15393] ? __read_once_size+0x2f/0xd0 [ 1235.046677][T15393] ? __lru_cache_add+0x146/0x1c0 [ 1235.072315][T15393] _do_fork+0xf7/0x790 [ 1235.076405][T15393] __x64_sys_clone+0x12e/0x170 [ 1235.081188][T15393] do_syscall_64+0xc7/0x390 [ 1235.085763][T15393] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1235.091781][T15393] RIP: 0033:0x45ee49 [ 1235.095729][T15393] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1235.115339][T15393] RSP: 002b:00007ffca9301988 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1235.123766][T15393] RAX: ffffffffffffffda RBX: 00007f663364b700 RCX: 000000000045ee49 [ 1235.131739][T15393] RDX: 00007f663364b9d0 RSI: 00007f663364adb0 RDI: 00000000003d0f00 [ 1235.139713][T15393] RBP: 00007ffca9301ba0 R08: 00007f663364b700 R09: 00007f663364b700 [ 1235.147702][T15393] R10: 00007f663364b9d0 R11: 0000000000000202 R12: 0000000000000000 09:01:31 executing program 3: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x200, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f00000000c0)) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4205, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) ioctl$PPPIOCATTCHAN(0xffffffffffffffff, 0x40047438, &(0x7f0000000200)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) flock(r1, 0x8) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SIOCX25SCALLUSERDATA(r2, 0x89e5, &(0x7f0000000140)={0x48, "4a6d00ab5d50532a24b9e0b0bc7fba401308b15f3ecd0a1afe2c09bc35640a9fe4b2f0f7d77dee60e74be772d672ce8254799966bd174731b401b6276801cc17c6d4ec2c0ca899b5f1d711abd92b685d566d07ea1058f081feb092203a45d068324299d4daa815c504532b4c7e7cefc5b1dd11aca7a66ecabeb18726f90f1ca7"}) [ 1235.155721][T15393] R13: 00007ffca9301a3f R14: 00007f663364b9c0 R15: 000000000076bf2c [ 1235.171945][T15393] memory: usage 307200kB, limit 307200kB, failcnt 6246 09:01:31 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1235.272661][T15393] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1235.304783][T15393] Memory cgroup stats for /syz0: [ 1235.305028][T15393] anon 225382400 [ 1235.305028][T15393] file 40960 [ 1235.305028][T15393] kernel_stack 11354112 [ 1235.305028][T15393] slab 15118336 [ 1235.305028][T15393] sock 0 [ 1235.305028][T15393] shmem 114688 [ 1235.305028][T15393] file_mapped 135168 [ 1235.305028][T15393] file_dirty 0 [ 1235.305028][T15393] file_writeback 0 [ 1235.305028][T15393] anon_thp 167772160 [ 1235.305028][T15393] inactive_anon 0 [ 1235.305028][T15393] active_anon 225382400 [ 1235.305028][T15393] inactive_file 0 [ 1235.305028][T15393] active_file 16384 [ 1235.305028][T15393] unevictable 0 [ 1235.305028][T15393] slab_reclaimable 1486848 [ 1235.305028][T15393] slab_unreclaimable 13631488 [ 1235.305028][T15393] pgfault 87978 [ 1235.305028][T15393] pgmajfault 0 [ 1235.305028][T15393] workingset_refault 1617 [ 1235.305028][T15393] workingset_activate 297 [ 1235.305028][T15393] workingset_nodereclaim 0 [ 1235.305028][T15393] pgrefill 5059 [ 1235.305028][T15393] pgscan 11522 [ 1235.305028][T15393] pgsteal 3321 [ 1235.403425][T15409] ptrace attach of "/root/syz-executor.3"[15407] was attempted by "/root/syz-executor.3"[15409] 09:01:31 executing program 3: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x200, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f00000000c0)) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4205, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) ioctl$PPPIOCATTCHAN(0xffffffffffffffff, 0x40047438, &(0x7f0000000200)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) flock(r1, 0x8) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SIOCX25SCALLUSERDATA(r2, 0x89e5, &(0x7f0000000140)={0x48, "4a6d00ab5d50532a24b9e0b0bc7fba401308b15f3ecd0a1afe2c09bc35640a9fe4b2f0f7d77dee60e74be772d672ce8254799966bd174731b401b6276801cc17c6d4ec2c0ca899b5f1d711abd92b685d566d07ea1058f081feb092203a45d068324299d4daa815c504532b4c7e7cefc5b1dd11aca7a66ecabeb18726f90f1ca7"}) 09:01:31 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) socket(0x0, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1235.542108][T15393] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15362,uid=0 [ 1235.559454][T15393] Memory cgroup out of memory: Killed process 15362 (syz-executor.0) total-vm:74836kB, anon-rss:2208kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1235.646453][T15419] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1235.712535][T15419] CPU: 1 PID: 15419 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1235.721244][T15419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1235.731298][T15419] Call Trace: [ 1235.734602][T15419] dump_stack+0x11d/0x187 [ 1235.738952][T15419] dump_header+0xa7/0x399 [ 1235.743321][T15419] oom_kill_process.cold+0x10/0x15 [ 1235.748473][T15419] out_of_memory+0x21d/0xa30 [ 1235.753176][T15419] mem_cgroup_out_of_memory+0x12b/0x150 09:01:31 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6(0xa, 0x6, 0x0) close(r4) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x83, &(0x7f0000000240)={r6, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r7 = socket$inet6(0xa, 0x6, 0x0) close(r7) r8 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r7, 0x84, 0x83, &(0x7f0000000240)={r9, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r10 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r10, 0x84, 0x71, &(0x7f0000000380)={r9, 0x7}, &(0x7f0000000140)=0x4e) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000180)={r11, 0x7}, 0x8) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) r12 = socket$inet(0x10, 0x2, 0x0) sendmsg(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="24000000190007041dfffd946f6105000af80200fe0200000002080008001e000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r12, 0x84, 0x16, &(0x7f0000000200)={0x2, [0x800, 0xffff]}, 0x8) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) openat$uinput(0xffffffffffffff9c, &(0x7f0000000340)='/dev/uinput\x00', 0x802, 0x0) [ 1235.758841][T15419] try_charge+0xb60/0xbe0 [ 1235.763190][T15419] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1235.769103][T15419] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1235.774684][T15419] __memcg_kmem_charge+0xcd/0x1b0 [ 1235.779820][T15419] __alloc_pages_nodemask+0x268/0x310 [ 1235.785324][T15419] alloc_pages_current+0xca/0x170 [ 1235.790379][T15419] pte_alloc_one+0x14/0x50 [ 1235.794806][T15419] __handle_mm_fault+0x2ae5/0x2cf0 [ 1235.799947][T15419] handle_mm_fault+0x21c/0x540 [ 1235.804801][T15419] do_page_fault+0x4a4/0xa52 [ 1235.809454][T15419] ? syscall_return_slowpath+0x1c6/0x240 [ 1235.815176][T15419] page_fault+0x34/0x40 [ 1235.819328][T15419] RIP: 0033:0x45aa4a [ 1235.823229][T15419] Code: Bad RIP value. [ 1235.827302][T15419] RSP: 002b:00007ffedb7bbb00 EFLAGS: 00010246 [ 1235.833480][T15419] RAX: 0000000000000000 RBX: 00007ffedb7bbb00 RCX: 000000000045aa4a [ 1235.841456][T15419] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1235.849433][T15419] RBP: 00007ffedb7bbb40 R08: 0000000000000001 R09: 0000000001df5940 [ 1235.857416][T15419] R10: 0000000001df5c10 R11: 0000000000000246 R12: 0000000000000001 [ 1235.865388][T15419] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffedb7bbb90 [ 1235.885569][T15433] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1235.888493][T15432] QAT: Invalid ioctl 09:01:32 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x4000000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1235.951972][T15419] memory: usage 307200kB, limit 307200kB, failcnt 9126 [ 1235.965645][T15419] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1235.974239][T15419] Memory cgroup stats for /syz3: [ 1235.974701][T15419] anon 250380288 [ 1235.974701][T15419] file 36864 [ 1235.974701][T15419] kernel_stack 6819840 [ 1235.974701][T15419] slab 9236480 [ 1235.974701][T15419] sock 4096 [ 1235.974701][T15419] shmem 0 [ 1235.974701][T15419] file_mapped 135168 [ 1235.974701][T15419] file_dirty 0 [ 1235.974701][T15419] file_writeback 135168 [ 1235.974701][T15419] anon_thp 207618048 [ 1235.974701][T15419] inactive_anon 0 [ 1235.974701][T15419] active_anon 250380288 [ 1235.974701][T15419] inactive_file 65536 [ 1235.974701][T15419] active_file 86016 [ 1235.974701][T15419] unevictable 0 [ 1235.974701][T15419] slab_reclaimable 811008 [ 1235.974701][T15419] slab_unreclaimable 8425472 [ 1235.974701][T15419] pgfault 125433 [ 1235.974701][T15419] pgmajfault 33 09:01:32 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1235.974701][T15419] workingset_refault 3531 [ 1235.974701][T15419] workingset_activate 1221 [ 1235.974701][T15419] workingset_nodereclaim 0 [ 1235.974701][T15419] pgrefill 6711 [ 1235.974701][T15419] pgscan 32194 [ 1235.974701][T15419] pgsteal 22294 [ 1236.079759][T15419] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=15379,uid=0 [ 1236.140858][T15419] Memory cgroup out of memory: Killed process 15379 (syz-executor.3) total-vm:75100kB, anon-rss:2232kB, file-rss:35916kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 09:01:32 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1236.316785][T15446] QAT: Invalid ioctl [ 1236.328319][ T7806] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1236.344234][ T7806] CPU: 1 PID: 7806 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1236.352901][ T7806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1236.362956][ T7806] Call Trace: [ 1236.366261][ T7806] dump_stack+0x11d/0x187 [ 1236.370736][ T7806] dump_header+0xa7/0x399 [ 1236.375086][ T7806] oom_kill_process.cold+0x10/0x15 [ 1236.380214][ T7806] out_of_memory+0x21d/0xa30 [ 1236.384820][ T7806] mem_cgroup_out_of_memory+0x12b/0x150 [ 1236.390458][ T7806] try_charge+0x7ed/0xbe0 [ 1236.394813][ T7806] ? __rcu_read_unlock+0x66/0x2f0 [ 1236.399858][ T7806] mem_cgroup_try_charge+0xd7/0x260 [ 1236.405377][ T7806] mem_cgroup_try_charge_delay+0x36/0x70 [ 1236.411133][ T7806] wp_page_copy+0x31a/0xf20 [ 1236.415664][ T7806] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1236.421634][ T7806] ? __read_once_size+0x2f/0xd0 [ 1236.426495][ T7806] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1236.432531][ T7806] do_wp_page+0x185/0xcc0 [ 1236.436869][ T7806] ? psi_task_change+0x1a4/0x2c0 [ 1236.441833][ T7806] __handle_mm_fault+0x1c5e/0x2cf0 [ 1236.446974][ T7806] handle_mm_fault+0x21c/0x540 [ 1236.451778][ T7806] do_page_fault+0x4a4/0xa52 [ 1236.456490][ T7806] ? prepare_exit_to_usermode+0x165/0x1c0 [ 1236.462228][ T7806] page_fault+0x34/0x40 [ 1236.466524][ T7806] RIP: 0033:0x410071 [ 1236.470426][ T7806] Code: 3d 23 80 35 00 00 0f 85 d8 08 00 00 e8 18 a9 04 00 85 c0 89 c5 0f 88 39 06 00 00 0f 84 ba 05 00 00 89 c6 bf 28 20 4c 00 31 c0 2a 1e ff ff c7 44 24 30 00 00 00 00 e8 fd 25 ff ff 49 89 c6 48 [ 1236.490038][ T7806] RSP: 002b:00007ffedb7bbb50 EFLAGS: 00010246 [ 1236.496174][ T7806] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045aa4a [ 1236.504289][ T7806] RDX: 0000000000000000 RSI: 00000000000013d6 RDI: 00000000004c2028 09:01:32 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) socket(0x0, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1236.512269][ T7806] RBP: 00000000000013d6 R08: 0000000000000001 R09: 0000000001df5940 [ 1236.520251][ T7806] R10: 0000000001df5c10 R11: 0000000000000246 R12: 0000000000000000 [ 1236.528344][ T7806] R13: 00007ffedb7bbb80 R14: 0000000000000000 R15: 00007ffedb7bbb90 [ 1236.544922][ T7806] memory: usage 305152kB, limit 307200kB, failcnt 9127 [ 1236.569194][ T7806] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1236.587859][ T7806] Memory cgroup stats for /syz3: [ 1236.588040][ T7806] anon 248229888 [ 1236.588040][ T7806] file 36864 [ 1236.588040][ T7806] kernel_stack 6819840 [ 1236.588040][ T7806] slab 9236480 [ 1236.588040][ T7806] sock 4096 [ 1236.588040][ T7806] shmem 0 [ 1236.588040][ T7806] file_mapped 135168 [ 1236.588040][ T7806] file_dirty 0 09:01:32 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6(0xa, 0x6, 0x0) close(r4) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x83, &(0x7f0000000240)={r6, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r7 = socket$inet6(0xa, 0x6, 0x0) close(r7) r8 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r7, 0x84, 0x83, &(0x7f0000000240)={r9, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r10 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r10, 0x84, 0x71, &(0x7f0000000380)={r9, 0x7}, &(0x7f0000000140)=0x4e) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000180)={r11, 0x7}, 0x8) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) r12 = socket$inet(0x10, 0x2, 0x0) sendmsg(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="24000000190007041dfffd946f6105000af80200fe0200000002080008001e000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r12, 0x84, 0x16, &(0x7f0000000200)={0x2, [0x800, 0xffff]}, 0x8) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) openat$uinput(0xffffffffffffff9c, &(0x7f0000000340)='/dev/uinput\x00', 0x802, 0x0) [ 1236.588040][ T7806] file_writeback 135168 [ 1236.588040][ T7806] anon_thp 205520896 [ 1236.588040][ T7806] inactive_anon 0 [ 1236.588040][ T7806] active_anon 248229888 [ 1236.588040][ T7806] inactive_file 65536 [ 1236.588040][ T7806] active_file 86016 [ 1236.588040][ T7806] unevictable 0 [ 1236.588040][ T7806] slab_reclaimable 811008 [ 1236.588040][ T7806] slab_unreclaimable 8425472 [ 1236.588040][ T7806] pgfault 125499 [ 1236.588040][ T7806] pgmajfault 33 [ 1236.588040][ T7806] workingset_refault 3531 [ 1236.588040][ T7806] workingset_activate 1221 [ 1236.588040][ T7806] workingset_nodereclaim 0 [ 1236.588040][ T7806] pgrefill 6711 [ 1236.588040][ T7806] pgscan 32194 [ 1236.588040][ T7806] pgsteal 22294 [ 1236.758384][T15460] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1236.767791][ T7806] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=14162,uid=0 09:01:33 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x4000080000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1236.797726][ T7806] Memory cgroup out of memory: Killed process 14162 (syz-executor.3) total-vm:74972kB, anon-rss:2224kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 1236.825789][ T1078] oom_reaper: reaped process 14162 (syz-executor.3), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB 09:01:33 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x1840, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1237.085000][ T7788] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1237.100936][ T7788] CPU: 0 PID: 7788 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1237.109584][ T7788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1237.119639][ T7788] Call Trace: [ 1237.122967][ T7788] dump_stack+0x11d/0x187 [ 1237.127312][ T7788] dump_header+0xa7/0x399 [ 1237.131724][ T7788] oom_kill_process.cold+0x10/0x15 [ 1237.136848][ T7788] out_of_memory+0x21d/0xa30 [ 1237.141468][ T7788] ? __rcu_read_unlock+0x66/0x2f0 [ 1237.146512][ T7788] mem_cgroup_out_of_memory+0x12b/0x150 [ 1237.152079][ T7788] try_charge+0xb60/0xbe0 [ 1237.156432][ T7788] ? __this_cpu_preempt_check+0x3c/0x130 [ 1237.162084][ T7788] ? __perf_event_task_sched_in+0x150/0x3a0 [ 1237.168128][ T7788] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1237.173642][ T7788] __memcg_kmem_charge+0xcd/0x1b0 [ 1237.178685][ T7788] __alloc_pages_nodemask+0x268/0x310 [ 1237.184100][ T7788] alloc_pages_current+0xca/0x170 [ 1237.189140][ T7788] pte_alloc_one+0x14/0x50 [ 1237.193565][ T7788] __pte_alloc+0x27/0x210 [ 1237.197933][ T7788] copy_page_range+0x1391/0x1a40 [ 1237.202918][ T7788] dup_mm+0x72e/0xb90 [ 1237.207083][ T7788] copy_process+0x39ad/0x3b10 [ 1237.211770][ T7788] ? _raw_spin_unlock+0x38/0x60 [ 1237.216699][ T7788] _do_fork+0xf7/0x790 [ 1237.220849][ T7788] ? __read_once_size+0x45/0xd0 [ 1237.225716][ T7788] ? ktime_get_ts64+0x286/0x2c0 [ 1237.230589][ T7788] __x64_sys_clone+0x12e/0x170 [ 1237.235378][ T7788] do_syscall_64+0xc7/0x390 [ 1237.239899][ T7788] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1237.245886][ T7788] RIP: 0033:0x45aa4a [ 1237.249798][ T7788] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1237.269423][ T7788] RSP: 002b:00007ffca9301c20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1237.277846][ T7788] RAX: ffffffffffffffda RBX: 00007ffca9301c20 RCX: 000000000045aa4a 09:01:33 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:33 executing program 3 (fault-call:3 fault-nth:0): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1237.285855][ T7788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1237.293837][ T7788] RBP: 00007ffca9301c60 R08: 0000000000000001 R09: 00000000015e7940 [ 1237.301838][ T7788] R10: 00000000015e7c10 R11: 0000000000000246 R12: 0000000000000001 [ 1237.309842][ T7788] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffca9301cb0 [ 1237.358741][ T7788] memory: usage 307200kB, limit 307200kB, failcnt 6292 [ 1237.370136][ T7788] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1237.415076][ T7788] Memory cgroup stats for /syz0: [ 1237.415255][ T7788] anon 225374208 [ 1237.415255][ T7788] file 40960 [ 1237.415255][ T7788] kernel_stack 11317248 [ 1237.415255][ T7788] slab 15118336 [ 1237.415255][ T7788] sock 0 [ 1237.415255][ T7788] shmem 114688 [ 1237.415255][ T7788] file_mapped 135168 [ 1237.415255][ T7788] file_dirty 0 [ 1237.415255][ T7788] file_writeback 0 [ 1237.415255][ T7788] anon_thp 167772160 [ 1237.415255][ T7788] inactive_anon 0 [ 1237.415255][ T7788] active_anon 225374208 [ 1237.415255][ T7788] inactive_file 0 [ 1237.415255][ T7788] active_file 16384 [ 1237.415255][ T7788] unevictable 0 [ 1237.415255][ T7788] slab_reclaimable 1486848 [ 1237.415255][ T7788] slab_unreclaimable 13631488 [ 1237.415255][ T7788] pgfault 88077 [ 1237.415255][ T7788] pgmajfault 0 [ 1237.415255][ T7788] workingset_refault 1617 [ 1237.415255][ T7788] workingset_activate 297 [ 1237.415255][ T7788] workingset_nodereclaim 0 [ 1237.415255][ T7788] pgrefill 5092 [ 1237.415255][ T7788] pgscan 11522 [ 1237.415255][ T7788] pgsteal 3321 [ 1237.470892][T15475] FAULT_INJECTION: forcing a failure. 09:01:33 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6(0xa, 0x6, 0x0) close(r4) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x83, &(0x7f0000000240)={r6, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r7 = socket$inet6(0xa, 0x6, 0x0) close(r7) r8 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r7, 0x84, 0x83, &(0x7f0000000240)={r9, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r10 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r10, 0x84, 0x71, &(0x7f0000000380)={r9, 0x7}, &(0x7f0000000140)=0x4e) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000180)={r11, 0x7}, 0x8) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) r12 = socket$inet(0x10, 0x2, 0x0) sendmsg(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="24000000190007041dfffd946f6105000af80200fe0200000002080008001e000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r12, 0x84, 0x16, &(0x7f0000000200)={0x2, [0x800, 0xffff]}, 0x8) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1237.470892][T15475] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1237.568660][ T7788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15425,uid=0 [ 1237.592034][ T7788] Memory cgroup out of memory: Killed process 15425 (syz-executor.0) total-vm:74968kB, anon-rss:2216kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:01:33 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) socket(0x0, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1237.619096][T15475] CPU: 1 PID: 15475 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1237.627797][T15475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1237.637870][T15475] Call Trace: [ 1237.641203][T15475] dump_stack+0x11d/0x187 [ 1237.645812][T15475] should_fail.cold+0x5/0xf [ 1237.650350][T15475] __alloc_pages_nodemask+0xcf/0x310 [ 1237.655681][T15475] alloc_pages_current+0xca/0x170 [ 1237.660754][T15475] __page_cache_alloc+0x17f/0x1a0 [ 1237.665897][T15475] pagecache_get_page+0x251/0x700 [ 1237.670941][T15475] grab_cache_page_write_begin+0x56/0x80 [ 1237.676583][T15475] ext4_da_write_begin+0x1b4/0x860 [ 1237.681744][T15475] generic_perform_write+0x13a/0x320 [ 1237.687089][T15475] ext4_buffered_write_iter+0x14e/0x280 [ 1237.692676][T15475] ext4_file_write_iter+0xf4/0xd30 [ 1237.698024][T15475] ? proc_cwd_link+0x160/0x160 [ 1237.702862][T15475] ? _kstrtoull+0xfc/0x130 [ 1237.707296][T15475] new_sync_write+0x303/0x400 [ 1237.712049][T15475] __vfs_write+0x9e/0xb0 [ 1237.716305][T15475] vfs_write+0x189/0x380 [ 1237.720655][T15475] ksys_write+0xc5/0x1a0 [ 1237.724900][T15475] __x64_sys_write+0x49/0x60 [ 1237.729515][T15475] do_syscall_64+0xc7/0x390 [ 1237.734039][T15475] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1237.739932][T15475] RIP: 0033:0x45c479 [ 1237.743861][T15475] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1237.763473][T15475] RSP: 002b:00007f0d46288c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1237.771890][T15475] RAX: ffffffffffffffda RBX: 00007f0d462896d4 RCX: 000000000045c479 [ 1237.779861][T15475] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003 [ 1237.787838][T15475] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1237.795811][T15475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1237.803857][T15475] R13: 0000000000000cdc R14: 00000000004cec0d R15: 0000000000000000 09:01:34 executing program 3 (fault-call:3 fault-nth:1): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1237.938981][T15493] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. 09:01:34 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x4402000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1238.100453][T15499] FAULT_INJECTION: forcing a failure. [ 1238.100453][T15499] name failslab, interval 1, probability 0, space 0, times 0 [ 1238.132441][T15499] CPU: 0 PID: 15499 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1238.141333][T15499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1238.151392][T15499] Call Trace: [ 1238.154743][T15499] dump_stack+0x11d/0x187 [ 1238.159097][T15499] should_fail.cold+0x5/0xf [ 1238.163620][T15499] __should_failslab+0x82/0xb0 [ 1238.168568][T15499] should_failslab+0x5/0xf [ 1238.172992][T15499] __kmalloc+0x54/0x640 [ 1238.177157][T15499] ? ext4_find_extent+0x52a/0x5e0 [ 1238.182211][T15499] ? __find_get_block+0x243/0x740 [ 1238.187245][T15499] ? tomoyo_supervisor+0x170/0xc90 [ 1238.192463][T15499] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1238.198387][T15499] ext4_find_extent+0x52a/0x5e0 [ 1238.203306][T15499] ext4_ext_map_blocks+0xcd/0x20f0 [ 1238.208457][T15499] ? percpu_counter_add_batch+0x10f/0x140 [ 1238.214190][T15499] ? _raw_read_unlock+0x21/0x40 [ 1238.219049][T15499] ? ext4_es_lookup_extent+0x231/0x570 [ 1238.224591][T15499] ext4_da_get_block_prep+0x758/0xa50 [ 1238.229967][T15499] ? __read_once_size+0x7c/0x100 [ 1238.234955][T15499] ? create_empty_buffers+0x215/0x3e0 [ 1238.240341][T15499] ext4_block_write_begin+0x336/0xbd0 [ 1238.245753][T15499] ? ext4_bmap+0x230/0x230 [ 1238.250186][T15499] ? __read_once_size+0x2f/0xd0 [ 1238.255051][T15499] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1238.261023][T15499] ext4_da_write_begin+0x220/0x860 [ 1238.266281][T15499] generic_perform_write+0x13a/0x320 [ 1238.271590][T15499] ext4_buffered_write_iter+0x14e/0x280 [ 1238.277147][T15499] ext4_file_write_iter+0xf4/0xd30 [ 1238.282270][T15499] ? proc_cwd_link+0x160/0x160 [ 1238.287041][T15499] ? _kstrtoull+0xfc/0x130 [ 1238.291470][T15499] new_sync_write+0x303/0x400 [ 1238.296187][T15499] __vfs_write+0x9e/0xb0 [ 1238.300512][T15499] vfs_write+0x189/0x380 [ 1238.304767][T15499] ksys_write+0xc5/0x1a0 [ 1238.309082][T15499] __x64_sys_write+0x49/0x60 [ 1238.313692][T15499] do_syscall_64+0xc7/0x390 [ 1238.318234][T15499] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1238.324126][T15499] RIP: 0033:0x45c479 [ 1238.328161][T15499] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:01:34 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1238.347862][T15499] RSP: 002b:00007f0d46288c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1238.356295][T15499] RAX: ffffffffffffffda RBX: 00007f0d462896d4 RCX: 000000000045c479 [ 1238.364291][T15499] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003 [ 1238.372369][T15499] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1238.380340][T15499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1238.388367][T15499] R13: 0000000000000cdc R14: 00000000004cec0d R15: 0000000000000001 09:01:34 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, 0x0, 0x0, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:34 executing program 3 (fault-call:3 fault-nth:2): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:34 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6(0xa, 0x6, 0x0) close(r4) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x83, &(0x7f0000000240)={r6, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r7 = socket$inet6(0xa, 0x6, 0x0) close(r7) r8 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r7, 0x84, 0x83, &(0x7f0000000240)={r9, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r10 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r10, 0x84, 0x71, &(0x7f0000000380)={r9, 0x7}, &(0x7f0000000140)=0x4e) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000180)={r11, 0x7}, 0x8) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) r12 = socket$inet(0x10, 0x2, 0x0) sendmsg(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="24000000190007041dfffd946f6105000af80200fe0200000002080008001e000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:34 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1238.794690][T15523] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1238.834546][T15522] FAULT_INJECTION: forcing a failure. [ 1238.834546][T15522] name failslab, interval 1, probability 0, space 0, times 0 [ 1238.847318][T15522] CPU: 0 PID: 15522 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1238.855995][T15522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1238.866054][T15522] Call Trace: [ 1238.869361][T15522] dump_stack+0x11d/0x187 [ 1238.873791][T15522] should_fail.cold+0x5/0xf [ 1238.878319][T15522] __should_failslab+0x82/0xb0 [ 1238.883101][T15522] should_failslab+0x5/0xf [ 1238.887555][T15522] kmem_cache_alloc+0x23/0x5e0 [ 1238.892517][T15522] __es_insert_extent+0x1ee/0x870 [ 1238.897551][T15522] ? __es_tree_search.isra.0+0x144/0x170 [ 1238.903205][T15522] ext4_es_insert_extent+0x1c0/0x5d0 [ 1238.908507][T15522] ? _raw_read_unlock+0x21/0x40 [ 1238.913411][T15522] ext4_ext_put_gap_in_cache+0xb2/0xf0 [ 1238.918948][T15522] ext4_ext_map_blocks+0x1071/0x20f0 [ 1238.924250][T15522] ? percpu_counter_add_batch+0x10f/0x140 [ 1238.929985][T15522] ? _raw_read_unlock+0x21/0x40 [ 1238.934841][T15522] ? ext4_es_lookup_extent+0x231/0x570 [ 1238.940409][T15522] ext4_da_get_block_prep+0x758/0xa50 [ 1238.945788][T15522] ? __read_once_size+0x7c/0x100 [ 1238.950830][T15522] ? create_empty_buffers+0x215/0x3e0 [ 1238.956306][T15522] ext4_block_write_begin+0x336/0xbd0 [ 1238.961738][T15522] ? ext4_bmap+0x230/0x230 [ 1238.966166][T15522] ? __read_once_size+0x2f/0xd0 [ 1238.971035][T15522] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1238.976949][T15522] ext4_da_write_begin+0x220/0x860 [ 1238.982101][T15522] generic_perform_write+0x13a/0x320 [ 1238.987451][T15522] ext4_buffered_write_iter+0x14e/0x280 [ 1238.993031][T15522] ext4_file_write_iter+0xf4/0xd30 [ 1238.998201][T15522] ? proc_cwd_link+0x160/0x160 [ 1239.002971][T15522] ? _kstrtoull+0xfc/0x130 [ 1239.007428][T15522] new_sync_write+0x303/0x400 [ 1239.012132][T15522] __vfs_write+0x9e/0xb0 [ 1239.016388][T15522] vfs_write+0x189/0x380 [ 1239.020646][T15522] ksys_write+0xc5/0x1a0 [ 1239.024923][T15522] __x64_sys_write+0x49/0x60 [ 1239.029540][T15522] do_syscall_64+0xc7/0x390 [ 1239.034134][T15522] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1239.040136][T15522] RIP: 0033:0x45c479 [ 1239.044041][T15522] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1239.063823][T15522] RSP: 002b:00007f0d46288c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1239.072237][T15522] RAX: ffffffffffffffda RBX: 00007f0d462896d4 RCX: 000000000045c479 [ 1239.080216][T15522] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003 [ 1239.088256][T15522] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1239.096322][T15522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1239.104297][T15522] R13: 0000000000000cdc R14: 00000000004cec0d R15: 0000000000000002 [ 1239.155492][ T7788] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1239.194694][ T7788] CPU: 0 PID: 7788 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1239.203311][ T7788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1239.213624][ T7788] Call Trace: [ 1239.216959][ T7788] dump_stack+0x11d/0x187 [ 1239.221308][ T7788] dump_header+0xa7/0x399 [ 1239.225647][ T7788] oom_kill_process.cold+0x10/0x15 [ 1239.230856][ T7788] out_of_memory+0x21d/0xa30 [ 1239.235454][ T7788] ? __rcu_read_unlock+0x66/0x2f0 [ 1239.240498][ T7788] mem_cgroup_out_of_memory+0x12b/0x150 [ 1239.246118][ T7788] try_charge+0xb60/0xbe0 [ 1239.250488][ T7788] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1239.256035][ T7788] __memcg_kmem_charge+0xcd/0x1b0 [ 1239.261100][ T7788] __alloc_pages_nodemask+0x268/0x310 [ 1239.266497][ T7788] alloc_pages_current+0xca/0x170 [ 1239.271601][ T7788] pte_alloc_one+0x14/0x50 [ 1239.276029][ T7788] __pte_alloc+0x27/0x210 [ 1239.280479][ T7788] copy_page_range+0x1391/0x1a40 [ 1239.285554][ T7788] dup_mm+0x72e/0xb90 [ 1239.289665][ T7788] copy_process+0x39ad/0x3b10 [ 1239.294389][ T7788] ? _raw_spin_unlock+0x38/0x60 [ 1239.299340][ T7788] _do_fork+0xf7/0x790 [ 1239.303480][ T7788] ? __read_once_size+0x45/0xd0 [ 1239.308378][ T7788] ? ktime_get_ts64+0x286/0x2c0 [ 1239.313254][ T7788] __x64_sys_clone+0x12e/0x170 [ 1239.318041][ T7788] do_syscall_64+0xc7/0x390 [ 1239.322559][ T7788] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1239.328456][ T7788] RIP: 0033:0x45aa4a [ 1239.332359][ T7788] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 09:01:35 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1239.351970][ T7788] RSP: 002b:00007ffca9301c20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1239.360420][ T7788] RAX: ffffffffffffffda RBX: 00007ffca9301c20 RCX: 000000000045aa4a [ 1239.368401][ T7788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1239.376410][ T7788] RBP: 00007ffca9301c60 R08: 0000000000000001 R09: 00000000015e7940 [ 1239.384385][ T7788] R10: 00000000015e7c10 R11: 0000000000000246 R12: 0000000000000001 [ 1239.392449][ T7788] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffca9301cb0 09:01:35 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x4800000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1239.451528][ T7788] memory: usage 307200kB, limit 307200kB, failcnt 6340 [ 1239.471542][ T7788] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1239.494653][ T7788] Memory cgroup stats for /syz0: [ 1239.494861][ T7788] anon 225357824 [ 1239.494861][ T7788] file 40960 [ 1239.494861][ T7788] kernel_stack 11354112 [ 1239.494861][ T7788] slab 15118336 [ 1239.494861][ T7788] sock 0 [ 1239.494861][ T7788] shmem 114688 [ 1239.494861][ T7788] file_mapped 135168 [ 1239.494861][ T7788] file_dirty 0 [ 1239.494861][ T7788] file_writeback 0 [ 1239.494861][ T7788] anon_thp 167772160 [ 1239.494861][ T7788] inactive_anon 0 [ 1239.494861][ T7788] active_anon 225357824 [ 1239.494861][ T7788] inactive_file 0 [ 1239.494861][ T7788] active_file 16384 [ 1239.494861][ T7788] unevictable 0 09:01:35 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, 0x0, 0x0, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:35 executing program 3 (fault-call:3 fault-nth:3): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:35 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6(0xa, 0x6, 0x0) close(r4) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x83, &(0x7f0000000240)={r6, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r7 = socket$inet6(0xa, 0x6, 0x0) close(r7) r8 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r7, 0x84, 0x83, &(0x7f0000000240)={r9, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r10 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r10, 0x84, 0x71, &(0x7f0000000380)={r9, 0x7}, &(0x7f0000000140)=0x4e) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000180)={r11, 0x7}, 0x8) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socket$inet(0x10, 0x2, 0x0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1239.494861][ T7788] slab_reclaimable 1486848 [ 1239.494861][ T7788] slab_unreclaimable 13631488 [ 1239.494861][ T7788] pgfault 88176 [ 1239.494861][ T7788] pgmajfault 0 [ 1239.494861][ T7788] workingset_refault 1617 [ 1239.494861][ T7788] workingset_activate 297 [ 1239.494861][ T7788] workingset_nodereclaim 0 [ 1239.494861][ T7788] pgrefill 5125 [ 1239.494861][ T7788] pgscan 11522 [ 1239.494861][ T7788] pgsteal 3321 [ 1239.706304][T15539] FAULT_INJECTION: forcing a failure. [ 1239.706304][T15539] name failslab, interval 1, probability 0, space 0, times 0 [ 1239.719074][T15539] CPU: 1 PID: 15539 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1239.727752][T15539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1239.737906][T15539] Call Trace: [ 1239.741224][T15539] dump_stack+0x11d/0x187 [ 1239.745585][T15539] should_fail.cold+0x5/0xf [ 1239.750165][T15539] __should_failslab+0x82/0xb0 [ 1239.755010][T15539] should_failslab+0x5/0xf [ 1239.759424][T15539] kmem_cache_alloc+0x23/0x5e0 [ 1239.764209][T15539] ? ext4_es_can_be_merged+0xef/0x1b0 [ 1239.769622][T15539] __es_insert_extent+0x1ee/0x870 [ 1239.774698][T15539] ext4_es_insert_delayed_block+0x11d/0x290 [ 1239.780721][T15539] ? _raw_spin_unlock+0x38/0x60 [ 1239.785602][T15539] ext4_da_get_block_prep+0x4fc/0xa50 [ 1239.790976][T15539] ? create_empty_buffers+0x215/0x3e0 [ 1239.796405][T15539] ext4_block_write_begin+0x336/0xbd0 [ 1239.801780][T15539] ? ext4_bmap+0x230/0x230 [ 1239.806287][T15539] ? __read_once_size+0x2f/0xd0 [ 1239.811228][T15539] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1239.817204][T15539] ext4_da_write_begin+0x220/0x860 [ 1239.822367][T15539] generic_perform_write+0x13a/0x320 [ 1239.827671][T15539] ext4_buffered_write_iter+0x14e/0x280 [ 1239.833225][T15539] ext4_file_write_iter+0xf4/0xd30 [ 1239.838346][T15539] ? proc_cwd_link+0x160/0x160 [ 1239.843114][T15539] ? _kstrtoull+0xfc/0x130 [ 1239.847543][T15539] new_sync_write+0x303/0x400 [ 1239.852275][T15539] __vfs_write+0x9e/0xb0 [ 1239.856528][T15539] vfs_write+0x189/0x380 [ 1239.860776][T15539] ksys_write+0xc5/0x1a0 [ 1239.865022][T15539] __x64_sys_write+0x49/0x60 [ 1239.869632][T15539] do_syscall_64+0xc7/0x390 [ 1239.874148][T15539] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1239.880107][T15539] RIP: 0033:0x45c479 [ 1239.884087][T15539] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1239.903708][T15539] RSP: 002b:00007f0d46288c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1239.912148][T15539] RAX: ffffffffffffffda RBX: 00007f0d462896d4 RCX: 000000000045c479 [ 1239.920142][T15539] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003 [ 1239.928110][T15539] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1239.936073][T15539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1239.944038][T15539] R13: 0000000000000cdc R14: 00000000004cec0d R15: 0000000000000003 [ 1240.018664][ T7788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15496,uid=0 [ 1240.041420][ T7788] Memory cgroup out of memory: Killed process 15496 (syz-executor.0) total-vm:74836kB, anon-rss:2208kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:01:36 executing program 3 (fault-call:3 fault-nth:4): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1240.273578][T15559] FAULT_INJECTION: forcing a failure. [ 1240.273578][T15559] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1240.288391][T15559] CPU: 1 PID: 15559 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1240.297115][T15559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1240.307170][T15559] Call Trace: [ 1240.310480][T15559] dump_stack+0x11d/0x187 [ 1240.314822][T15559] should_fail.cold+0x5/0xf [ 1240.319356][T15559] __alloc_pages_nodemask+0xcf/0x310 [ 1240.324665][T15559] alloc_pages_current+0xca/0x170 [ 1240.329704][T15559] __page_cache_alloc+0x17f/0x1a0 [ 1240.334737][T15559] pagecache_get_page+0x251/0x700 [ 1240.339774][T15559] ? radix_tree_load_root+0xb3/0xf0 [ 1240.344984][T15559] grab_cache_page_write_begin+0x56/0x80 [ 1240.350621][T15559] ext4_da_write_begin+0x1b4/0x860 [ 1240.355814][T15559] generic_perform_write+0x13a/0x320 [ 1240.361117][T15559] ext4_buffered_write_iter+0x14e/0x280 [ 1240.366768][T15559] ext4_file_write_iter+0xf4/0xd30 [ 1240.371888][T15559] ? proc_cwd_link+0x160/0x160 [ 1240.376653][T15559] ? _kstrtoull+0xfc/0x130 [ 1240.381084][T15559] new_sync_write+0x303/0x400 [ 1240.385781][T15559] __vfs_write+0x9e/0xb0 [ 1240.390034][T15559] vfs_write+0x189/0x380 [ 1240.394351][T15559] ksys_write+0xc5/0x1a0 [ 1240.398611][T15559] __x64_sys_write+0x49/0x60 [ 1240.403318][T15559] do_syscall_64+0xc7/0x390 [ 1240.407862][T15559] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1240.413754][T15559] RIP: 0033:0x45c479 [ 1240.417653][T15559] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1240.437263][T15559] RSP: 002b:00007f0d46288c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1240.445675][T15559] RAX: ffffffffffffffda RBX: 00007f0d462896d4 RCX: 000000000045c479 [ 1240.453651][T15559] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003 [ 1240.461622][T15559] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 09:01:36 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1240.469616][T15559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1240.477584][T15559] R13: 0000000000000cdc R14: 00000000004cec0d R15: 0000000000000004 09:01:36 executing program 3 (fault-call:3 fault-nth:5): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:36 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x4a00000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1240.782196][T15572] FAULT_INJECTION: forcing a failure. [ 1240.782196][T15572] name failslab, interval 1, probability 0, space 0, times 0 [ 1240.794836][T15572] CPU: 0 PID: 15572 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1240.803514][T15572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1240.813572][T15572] Call Trace: [ 1240.817001][T15572] dump_stack+0x11d/0x187 [ 1240.821379][T15572] should_fail.cold+0x5/0xf [ 1240.826019][T15572] __should_failslab+0x82/0xb0 [ 1240.830796][T15572] should_failslab+0x5/0xf [ 1240.835216][T15572] kmem_cache_alloc+0x23/0x5e0 [ 1240.840030][T15572] ? __getblk_gfp+0x63/0x560 [ 1240.844620][T15572] ? should_fail+0x7c/0x2fd [ 1240.849165][T15572] xas_alloc+0x206/0x240 [ 1240.853442][T15572] xas_create+0x1c1/0x950 [ 1240.857825][T15572] ? __rcu_read_unlock+0x66/0x2f0 [ 1240.862851][T15572] xas_store+0x9c/0xd10 [ 1240.867042][T15572] ? xas_start+0xfb/0x220 [ 1240.871378][T15572] __add_to_page_cache_locked+0x23c/0x770 [ 1240.877188][T15572] ? __read_once_size.constprop.0+0x20/0x20 [ 1240.883161][T15572] add_to_page_cache_lru+0xc7/0x260 [ 1240.888417][T15572] pagecache_get_page+0x2b0/0x700 [ 1240.893509][T15572] ? radix_tree_load_root+0xb3/0xf0 [ 1240.898755][T15572] grab_cache_page_write_begin+0x56/0x80 [ 1240.904411][T15572] ext4_da_write_begin+0x1b4/0x860 [ 1240.909539][T15572] generic_perform_write+0x13a/0x320 [ 1240.914839][T15572] ext4_buffered_write_iter+0x14e/0x280 [ 1240.920398][T15572] ext4_file_write_iter+0xf4/0xd30 [ 1240.925514][T15572] ? proc_cwd_link+0x160/0x160 [ 1240.930271][T15572] ? _kstrtoull+0xfc/0x130 [ 1240.934737][T15572] new_sync_write+0x303/0x400 [ 1240.939433][T15572] __vfs_write+0x9e/0xb0 [ 1240.943690][T15572] vfs_write+0x189/0x380 [ 1240.948070][T15572] ksys_write+0xc5/0x1a0 [ 1240.952318][T15572] __x64_sys_write+0x49/0x60 [ 1240.956910][T15572] do_syscall_64+0xc7/0x390 [ 1240.961424][T15572] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1240.967311][T15572] RIP: 0033:0x45c479 [ 1240.971206][T15572] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1240.990849][T15572] RSP: 002b:00007f0d46288c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1240.999259][T15572] RAX: ffffffffffffffda RBX: 00007f0d462896d4 RCX: 000000000045c479 [ 1241.007230][T15572] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003 [ 1241.015226][T15572] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1241.023202][T15572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 09:01:37 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:37 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6(0xa, 0x6, 0x0) close(r4) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x83, &(0x7f0000000240)={r6, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r7 = socket$inet6(0xa, 0x6, 0x0) close(r7) r8 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r7, 0x84, 0x83, &(0x7f0000000240)={r9, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r10 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r10, 0x84, 0x71, &(0x7f0000000380)={r9, 0x7}, &(0x7f0000000140)=0x4e) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000180)={r11, 0x7}, 0x8) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1241.031178][T15572] R13: 0000000000000cdc R14: 00000000004cec0d R15: 0000000000000005 09:01:37 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, 0x0, 0x0, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:37 executing program 3 (fault-call:3 fault-nth:6): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:37 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1241.481569][ T7803] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1241.500573][T15596] FAULT_INJECTION: forcing a failure. [ 1241.500573][T15596] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1241.514206][ T7803] CPU: 0 PID: 7803 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1241.522799][ T7803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1241.532850][ T7803] Call Trace: [ 1241.536213][ T7803] dump_stack+0x11d/0x187 [ 1241.540551][ T7803] dump_header+0xa7/0x399 [ 1241.544905][ T7803] oom_kill_process.cold+0x10/0x15 [ 1241.550056][ T7803] out_of_memory+0x21d/0xa30 [ 1241.554666][ T7803] ? __rcu_read_unlock+0x66/0x2f0 [ 1241.559767][ T7803] mem_cgroup_out_of_memory+0x12b/0x150 [ 1241.565326][ T7803] try_charge+0xb60/0xbe0 [ 1241.569673][ T7803] ? __this_cpu_preempt_check+0x3c/0x130 [ 1241.575398][ T7803] ? __perf_event_task_sched_in+0x150/0x3a0 [ 1241.581335][ T7803] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1241.586847][ T7803] __memcg_kmem_charge+0xcd/0x1b0 [ 1241.591885][ T7803] __alloc_pages_nodemask+0x268/0x310 [ 1241.597289][ T7803] alloc_pages_current+0xca/0x170 [ 1241.602349][ T7803] pte_alloc_one+0x14/0x50 [ 1241.606887][ T7803] __pte_alloc+0x27/0x210 [ 1241.611230][ T7803] copy_page_range+0x1391/0x1a40 [ 1241.616243][ T7803] dup_mm+0x72e/0xb90 [ 1241.620376][ T7803] copy_process+0x39ad/0x3b10 [ 1241.625066][ T7803] ? _raw_spin_unlock+0x38/0x60 [ 1241.629948][ T7803] _do_fork+0xf7/0x790 [ 1241.634087][ T7803] ? __read_once_size+0x45/0xd0 [ 1241.638954][ T7803] ? ktime_get_ts64+0x286/0x2c0 [ 1241.643834][ T7803] __x64_sys_clone+0x12e/0x170 [ 1241.648700][ T7803] do_syscall_64+0xc7/0x390 [ 1241.653300][ T7803] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1241.659283][ T7803] RIP: 0033:0x45aa4a [ 1241.663193][ T7803] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1241.686289][ T7803] RSP: 002b:00007fff23ee36c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1241.694713][ T7803] RAX: ffffffffffffffda RBX: 00007fff23ee36c0 RCX: 000000000045aa4a [ 1241.702739][ T7803] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1241.710782][ T7803] RBP: 00007fff23ee3700 R08: 0000000000000001 R09: 0000000000fd8940 [ 1241.718767][ T7803] R10: 0000000000fd8c10 R11: 0000000000000246 R12: 0000000000000001 [ 1241.726744][ T7803] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff23ee3750 [ 1241.742036][T15596] CPU: 0 PID: 15596 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1241.750725][T15596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1241.760781][T15596] Call Trace: [ 1241.764086][T15596] dump_stack+0x11d/0x187 [ 1241.768437][T15596] should_fail.cold+0x5/0xf [ 1241.773029][T15596] __alloc_pages_nodemask+0xcf/0x310 [ 1241.778331][T15596] alloc_pages_current+0xca/0x170 [ 1241.785733][T15596] __page_cache_alloc+0x17f/0x1a0 [ 1241.790761][T15596] pagecache_get_page+0x251/0x700 [ 1241.795794][T15596] ? radix_tree_load_root+0xb3/0xf0 [ 1241.798648][ T7803] memory: usage 307200kB, limit 307200kB, failcnt 10615 [ 1241.801042][T15596] grab_cache_page_write_begin+0x56/0x80 [ 1241.801131][T15596] ext4_da_write_begin+0x1b4/0x860 [ 1241.808552][ T7803] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1241.813760][T15596] generic_perform_write+0x13a/0x320 [ 1241.813842][T15596] ext4_buffered_write_iter+0x14e/0x280 [ 1241.834189][ T7803] Memory cgroup stats for /syz2: [ 1241.834319][ T7803] anon 225181696 [ 1241.834319][ T7803] file 0 [ 1241.834319][ T7803] kernel_stack 10579968 [ 1241.834319][ T7803] slab 14032896 [ 1241.834319][ T7803] sock 0 [ 1241.834319][ T7803] shmem 110592 [ 1241.834319][ T7803] file_mapped 135168 [ 1241.834319][ T7803] file_dirty 0 [ 1241.834319][ T7803] file_writeback 0 [ 1241.834319][ T7803] anon_thp 165675008 [ 1241.834319][ T7803] inactive_anon 0 [ 1241.834319][ T7803] active_anon 225185792 [ 1241.834319][ T7803] inactive_file 61440 [ 1241.834319][ T7803] active_file 147456 [ 1241.834319][ T7803] unevictable 0 [ 1241.834319][ T7803] slab_reclaimable 1216512 [ 1241.834319][ T7803] slab_unreclaimable 12816384 [ 1241.834319][ T7803] pgfault 97911 [ 1241.834319][ T7803] pgmajfault 0 [ 1241.834319][ T7803] workingset_refault 660 [ 1241.834319][ T7803] workingset_activate 198 [ 1241.834319][ T7803] workingset_nodereclaim 0 [ 1241.834319][ T7803] pgrefill 5044 [ 1241.834319][ T7803] pgscan 19163 [ 1241.834319][ T7803] pgsteal 13270 [ 1241.836569][T15596] ext4_file_write_iter+0xf4/0xd30 [ 1241.836596][T15596] ? proc_cwd_link+0x160/0x160 [ 1241.857435][ T7803] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15448,uid=0 [ 1241.931109][T15596] ? _kstrtoull+0xfc/0x130 [ 1241.931134][T15596] new_sync_write+0x303/0x400 [ 1241.931221][T15596] __vfs_write+0x9e/0xb0 [ 1241.931240][T15596] vfs_write+0x189/0x380 [ 1241.931260][T15596] ksys_write+0xc5/0x1a0 [ 1241.931280][T15596] __x64_sys_write+0x49/0x60 [ 1241.931363][T15596] do_syscall_64+0xc7/0x390 [ 1241.931394][T15596] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1241.993424][T15596] RIP: 0033:0x45c479 [ 1241.997330][T15596] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1242.016944][T15596] RSP: 002b:00007f0d46288c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1242.025374][T15596] RAX: ffffffffffffffda RBX: 00007f0d462896d4 RCX: 000000000045c479 09:01:38 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6(0xa, 0x6, 0x0) close(r4) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x83, &(0x7f0000000240)={r6, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r7 = socket$inet6(0xa, 0x6, 0x0) close(r7) r8 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r7, 0x84, 0x83, &(0x7f0000000240)={r9, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r10 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r10, 0x84, 0x71, &(0x7f0000000380)={r9, 0x7}, &(0x7f0000000140)=0x4e) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000180)={r11, 0x7}, 0x8) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:38 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1242.033352][T15596] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003 [ 1242.041329][T15596] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1242.045486][ T7803] Memory cgroup out of memory: Killed process 15448 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35788kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1242.049321][T15596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1242.049331][T15596] R13: 0000000000000cdc R14: 00000000004cec0d R15: 0000000000000006 09:01:38 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:38 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x4b00000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1242.312996][T15600] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1242.341700][T15600] CPU: 0 PID: 15600 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1242.350438][T15600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1242.360516][T15600] Call Trace: [ 1242.363821][T15600] dump_stack+0x11d/0x187 [ 1242.368171][T15600] dump_header+0xa7/0x399 [ 1242.372518][T15600] oom_kill_process.cold+0x10/0x15 [ 1242.377646][T15600] out_of_memory+0x21d/0xa30 [ 1242.382267][T15600] ? __rcu_read_unlock+0x66/0x2f0 [ 1242.387316][T15600] mem_cgroup_out_of_memory+0x12b/0x150 [ 1242.392932][T15600] try_charge+0xb60/0xbe0 [ 1242.397294][T15600] ? free_one_page+0x1d0/0x4e0 [ 1242.402075][T15600] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1242.407589][T15600] __memcg_kmem_charge+0xcd/0x1b0 [ 1242.412683][T15600] __alloc_pages_nodemask+0x268/0x310 [ 1242.418116][T15600] alloc_pages_current+0xca/0x170 [ 1242.423149][T15600] pte_alloc_one+0x14/0x50 [ 1242.427724][T15600] __pte_alloc+0x27/0x210 [ 1242.432070][T15600] __handle_mm_fault+0x1f63/0x2cf0 [ 1242.437221][T15600] handle_mm_fault+0x21c/0x540 [ 1242.442015][T15600] do_page_fault+0x4a4/0xa52 [ 1242.446688][T15600] ? prepare_exit_to_usermode+0x165/0x1c0 [ 1242.452423][T15600] page_fault+0x34/0x40 [ 1242.456619][T15600] RIP: 0033:0x4436d1 [ 1242.460588][T15600] Code: 2e 0f 1f 84 00 00 00 00 00 48 83 fa 20 48 89 f8 73 77 f6 c2 01 74 0b 0f b6 0e 88 0f 48 ff c6 48 ff c7 f6 c2 02 74 12 0f b7 0e <66> 89 0f 48 83 c6 02 48 83 c7 02 0f 1f 40 00 f6 c2 04 74 0c 8b 0e [ 1242.480224][T15600] RSP: 002b:00007ffd30768988 EFLAGS: 00010202 [ 1242.486300][T15600] RAX: 0000000020000080 RBX: 000000000076c920 RCX: 000000000000642f [ 1242.494272][T15600] RDX: 000000000000000a RSI: 00000000007700c8 RDI: 0000000020000080 [ 1242.502273][T15600] RBP: 00000000007700a8 R08: 00ffffffffffffff R09: 00ffffffffffffff 09:01:38 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:38 executing program 3 (fault-call:3 fault-nth:7): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1242.510251][T15600] R10: 00007ffd30768a60 R11: 0000000000000246 R12: 000000000076bf20 [ 1242.518312][T15600] R13: 00000000007700b0 R14: 000000000012f46a R15: 000000000076bf2c [ 1242.595997][T15626] FAULT_INJECTION: forcing a failure. [ 1242.595997][T15626] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1242.609687][T15626] CPU: 0 PID: 15626 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1242.618366][T15626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1242.628433][T15626] Call Trace: [ 1242.631774][T15626] dump_stack+0x11d/0x187 [ 1242.636135][T15626] should_fail.cold+0x5/0xf [ 1242.640662][T15626] __alloc_pages_nodemask+0xcf/0x310 [ 1242.645968][T15626] alloc_pages_current+0xca/0x170 [ 1242.651100][T15626] __page_cache_alloc+0x17f/0x1a0 [ 1242.656132][T15626] pagecache_get_page+0x251/0x700 [ 1242.661167][T15626] ? radix_tree_load_root+0xb3/0xf0 [ 1242.666411][T15626] grab_cache_page_write_begin+0x56/0x80 [ 1242.672122][T15626] ext4_da_write_begin+0x1b4/0x860 [ 1242.677312][T15626] generic_perform_write+0x13a/0x320 [ 1242.682637][T15626] ext4_buffered_write_iter+0x14e/0x280 [ 1242.688222][T15626] ext4_file_write_iter+0xf4/0xd30 [ 1242.693349][T15626] ? proc_cwd_link+0x160/0x160 [ 1242.698118][T15626] ? _kstrtoull+0xfc/0x130 [ 1242.702548][T15626] new_sync_write+0x303/0x400 [ 1242.707251][T15626] __vfs_write+0x9e/0xb0 [ 1242.711606][T15626] vfs_write+0x189/0x380 [ 1242.715877][T15626] ksys_write+0xc5/0x1a0 [ 1242.720133][T15626] __x64_sys_write+0x49/0x60 [ 1242.724750][T15626] do_syscall_64+0xc7/0x390 [ 1242.729271][T15626] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1242.735167][T15626] RIP: 0033:0x45c479 [ 1242.739141][T15626] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1242.758758][T15626] RSP: 002b:00007f0d46288c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1242.767199][T15626] RAX: ffffffffffffffda RBX: 00007f0d462896d4 RCX: 000000000045c479 [ 1242.775205][T15626] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003 [ 1242.783192][T15626] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1242.791166][T15626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1242.799142][T15626] R13: 0000000000000cdc R14: 00000000004cec0d R15: 0000000000000007 [ 1242.823810][T15600] memory: usage 307200kB, limit 307200kB, failcnt 5017 [ 1242.844727][T15600] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1242.873245][T15600] Memory cgroup stats for /syz5: [ 1242.873378][T15600] anon 275836928 [ 1242.873378][T15600] file 180224 [ 1242.873378][T15600] kernel_stack 4755456 [ 1242.873378][T15600] slab 6856704 [ 1242.873378][T15600] sock 0 [ 1242.873378][T15600] shmem 0 [ 1242.873378][T15600] file_mapped 135168 [ 1242.873378][T15600] file_dirty 0 [ 1242.873378][T15600] file_writeback 0 [ 1242.873378][T15600] anon_thp 251658240 [ 1242.873378][T15600] inactive_anon 0 [ 1242.873378][T15600] active_anon 275849216 [ 1242.873378][T15600] inactive_file 0 09:01:39 executing program 3 (fault-call:3 fault-nth:8): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:39 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1242.873378][T15600] active_file 90112 [ 1242.873378][T15600] unevictable 0 [ 1242.873378][T15600] slab_reclaimable 946176 [ 1242.873378][T15600] slab_unreclaimable 5910528 [ 1242.873378][T15600] pgfault 136620 [ 1242.873378][T15600] pgmajfault 0 [ 1242.873378][T15600] workingset_refault 1254 [ 1242.873378][T15600] workingset_activate 198 [ 1242.873378][T15600] workingset_nodereclaim 0 [ 1242.873378][T15600] pgrefill 3641 [ 1242.873378][T15600] pgscan 14749 [ 1242.873378][T15600] pgsteal 8100 [ 1242.998737][T15600] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=14307,uid=0 [ 1243.052430][T15629] FAULT_INJECTION: forcing a failure. [ 1243.052430][T15629] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1243.075563][T15600] Memory cgroup out of memory: Killed process 14307 (syz-executor.5) total-vm:74968kB, anon-rss:2228kB, file-rss:35892kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 1243.100312][T15629] CPU: 0 PID: 15629 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1243.109079][T15629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1243.119139][T15629] Call Trace: [ 1243.122460][T15629] dump_stack+0x11d/0x187 [ 1243.126804][T15629] should_fail.cold+0x5/0xf [ 1243.131403][T15629] __alloc_pages_nodemask+0xcf/0x310 [ 1243.136709][T15629] alloc_pages_current+0xca/0x170 [ 1243.141811][T15629] __page_cache_alloc+0x17f/0x1a0 [ 1243.146894][T15629] pagecache_get_page+0x251/0x700 [ 1243.151966][T15629] ? radix_tree_load_root+0xb3/0xf0 [ 1243.157235][T15629] grab_cache_page_write_begin+0x56/0x80 [ 1243.162876][T15629] ext4_da_write_begin+0x1b4/0x860 [ 1243.168025][T15629] generic_perform_write+0x13a/0x320 [ 1243.173403][T15629] ext4_buffered_write_iter+0x14e/0x280 [ 1243.178967][T15629] ext4_file_write_iter+0xf4/0xd30 [ 1243.184179][T15629] new_sync_write+0x303/0x400 [ 1243.188874][T15629] __vfs_write+0x9e/0xb0 [ 1243.193131][T15629] vfs_write+0x189/0x380 [ 1243.197381][T15629] ksys_write+0xc5/0x1a0 [ 1243.201646][T15629] __x64_sys_write+0x49/0x60 [ 1243.206293][T15629] do_syscall_64+0xc7/0x390 [ 1243.210819][T15629] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1243.216712][T15629] RIP: 0033:0x45c479 [ 1243.220621][T15629] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1243.240310][T15629] RSP: 002b:00007f0d46288c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1243.248812][T15629] RAX: ffffffffffffffda RBX: 00007f0d462896d4 RCX: 000000000045c479 [ 1243.256792][T15629] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003 [ 1243.264789][T15629] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1243.272769][T15629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1243.280746][T15629] R13: 0000000000000cdc R14: 00000000004cec0d R15: 0000000000000008 09:01:39 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:39 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x4c00000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1243.369039][ T7803] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1243.393608][ T7803] CPU: 1 PID: 7803 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1243.402231][ T7803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1243.412322][ T7803] Call Trace: 09:01:39 executing program 3 (fault-call:3 fault-nth:9): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1243.415623][ T7803] dump_stack+0x11d/0x187 [ 1243.420056][ T7803] dump_header+0xa7/0x399 [ 1243.424420][ T7803] oom_kill_process.cold+0x10/0x15 [ 1243.429576][ T7803] out_of_memory+0x21d/0xa30 [ 1243.434193][ T7803] mem_cgroup_out_of_memory+0x12b/0x150 [ 1243.439755][ T7803] try_charge+0xb60/0xbe0 [ 1243.444159][ T7803] ? __this_cpu_preempt_check+0x3c/0x130 [ 1243.449808][ T7803] ? __perf_event_task_sched_in+0x150/0x3a0 [ 1243.455705][ T7803] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1243.461316][ T7803] __memcg_kmem_charge+0xcd/0x1b0 [ 1243.466411][ T7803] __alloc_pages_nodemask+0x268/0x310 [ 1243.471804][ T7803] alloc_pages_current+0xca/0x170 [ 1243.476840][ T7803] pte_alloc_one+0x14/0x50 [ 1243.481261][ T7803] __pte_alloc+0x27/0x210 [ 1243.485670][ T7803] copy_page_range+0x1391/0x1a40 [ 1243.490649][ T7803] dup_mm+0x72e/0xb90 [ 1243.494706][ T7803] copy_process+0x39ad/0x3b10 [ 1243.499391][ T7803] ? _raw_spin_unlock+0x38/0x60 [ 1243.504274][ T7803] _do_fork+0xf7/0x790 [ 1243.508352][ T7803] ? __read_once_size+0x45/0xd0 [ 1243.513221][ T7803] ? ktime_get_ts64+0x286/0x2c0 09:01:39 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6(0xa, 0x6, 0x0) close(r4) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x83, &(0x7f0000000240)={r6, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r7 = socket$inet6(0xa, 0x6, 0x0) close(r7) r8 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r7, 0x84, 0x83, &(0x7f0000000240)={r9, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r10 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r10, 0x84, 0x71, &(0x7f0000000380)={r9, 0x7}, &(0x7f0000000140)=0x4e) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000180)={r11, 0x7}, 0x8) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1243.518089][ T7803] __x64_sys_clone+0x12e/0x170 [ 1243.522925][ T7803] do_syscall_64+0xc7/0x390 [ 1243.527440][ T7803] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1243.533331][ T7803] RIP: 0033:0x45aa4a [ 1243.537235][ T7803] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1243.556841][ T7803] RSP: 002b:00007fff23ee36c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1243.565262][ T7803] RAX: ffffffffffffffda RBX: 00007fff23ee36c0 RCX: 000000000045aa4a [ 1243.571445][T15643] FAULT_INJECTION: forcing a failure. [ 1243.571445][T15643] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1243.573317][ T7803] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1243.594481][ T7803] RBP: 00007fff23ee3700 R08: 0000000000000001 R09: 0000000000fd8940 [ 1243.602452][ T7803] R10: 0000000000fd8c10 R11: 0000000000000246 R12: 0000000000000001 [ 1243.610480][ T7803] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff23ee3750 [ 1243.620821][T15643] CPU: 1 PID: 15643 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1243.629604][T15643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1243.639680][T15643] Call Trace: [ 1243.642982][T15643] dump_stack+0x11d/0x187 [ 1243.647331][T15643] should_fail.cold+0x5/0xf [ 1243.651893][T15643] __alloc_pages_nodemask+0xcf/0x310 [ 1243.657269][T15643] alloc_pages_current+0xca/0x170 [ 1243.662352][T15643] __page_cache_alloc+0x17f/0x1a0 [ 1243.667379][T15643] pagecache_get_page+0x251/0x700 [ 1243.672424][T15643] ? radix_tree_load_root+0xb3/0xf0 [ 1243.677640][T15643] grab_cache_page_write_begin+0x56/0x80 [ 1243.683275][T15643] ext4_da_write_begin+0x1b4/0x860 [ 1243.688403][T15643] generic_perform_write+0x13a/0x320 [ 1243.693873][T15643] ext4_buffered_write_iter+0x14e/0x280 [ 1243.699440][T15643] ext4_file_write_iter+0xf4/0xd30 [ 1243.704592][T15643] ? proc_cwd_link+0x160/0x160 [ 1243.709358][T15643] ? _kstrtoull+0xfc/0x130 [ 1243.713781][T15643] new_sync_write+0x303/0x400 [ 1243.718474][T15643] __vfs_write+0x9e/0xb0 [ 1243.722746][T15643] vfs_write+0x189/0x380 [ 1243.726997][T15643] ksys_write+0xc5/0x1a0 [ 1243.731245][T15643] __x64_sys_write+0x49/0x60 [ 1243.735840][T15643] do_syscall_64+0xc7/0x390 [ 1243.740355][T15643] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1243.746246][T15643] RIP: 0033:0x45c479 [ 1243.750148][T15643] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1243.769761][T15643] RSP: 002b:00007f0d46288c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1243.778185][T15643] RAX: ffffffffffffffda RBX: 00007f0d462896d4 RCX: 000000000045c479 [ 1243.786170][T15643] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003 [ 1243.794173][T15643] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1243.802173][T15643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1243.810151][T15643] R13: 0000000000000cdc R14: 00000000004cec0d R15: 0000000000000009 [ 1243.820369][ T7803] memory: usage 307200kB, limit 307200kB, failcnt 10654 [ 1243.827361][ T7803] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1243.883356][ T7803] Memory cgroup stats for /syz2: [ 1243.883562][ T7803] anon 225181696 [ 1243.883562][ T7803] file 0 [ 1243.883562][ T7803] kernel_stack 10579968 [ 1243.883562][ T7803] slab 14032896 [ 1243.883562][ T7803] sock 0 [ 1243.883562][ T7803] shmem 110592 [ 1243.883562][ T7803] file_mapped 135168 [ 1243.883562][ T7803] file_dirty 0 [ 1243.883562][ T7803] file_writeback 0 [ 1243.883562][ T7803] anon_thp 165675008 [ 1243.883562][ T7803] inactive_anon 0 [ 1243.883562][ T7803] active_anon 225185792 [ 1243.883562][ T7803] inactive_file 61440 09:01:40 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() ptrace(0x10, r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:40 executing program 3 (fault-call:3 fault-nth:10): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1243.883562][ T7803] active_file 147456 [ 1243.883562][ T7803] unevictable 0 [ 1243.883562][ T7803] slab_reclaimable 1216512 [ 1243.883562][ T7803] slab_unreclaimable 12816384 [ 1243.883562][ T7803] pgfault 97977 [ 1243.883562][ T7803] pgmajfault 0 [ 1243.883562][ T7803] workingset_refault 660 [ 1243.883562][ T7803] workingset_activate 198 [ 1243.883562][ T7803] workingset_nodereclaim 0 [ 1243.883562][ T7803] pgrefill 5044 [ 1243.883562][ T7803] pgscan 19197 [ 1243.883562][ T7803] pgsteal 13270 [ 1244.034900][ T7803] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15414,uid=0 [ 1244.064883][ T7803] Memory cgroup out of memory: Killed process 15414 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35788kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:01:40 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() ptrace(0x10, r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:40 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1244.195872][T15663] FAULT_INJECTION: forcing a failure. [ 1244.195872][T15663] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1244.288803][ T7803] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1244.336031][ T7803] CPU: 0 PID: 7803 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1244.344668][ T7803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1244.354835][ T7803] Call Trace: [ 1244.358210][ T7803] dump_stack+0x11d/0x187 [ 1244.362556][ T7803] dump_header+0xa7/0x399 [ 1244.366898][ T7803] oom_kill_process.cold+0x10/0x15 [ 1244.372044][ T7803] out_of_memory+0x21d/0xa30 [ 1244.376661][ T7803] ? __rcu_read_unlock+0x66/0x2f0 [ 1244.381715][ T7803] mem_cgroup_out_of_memory+0x12b/0x150 [ 1244.387272][ T7803] try_charge+0xb60/0xbe0 [ 1244.391699][ T7803] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1244.397237][ T7803] __memcg_kmem_charge+0xcd/0x1b0 [ 1244.402292][ T7803] __alloc_pages_nodemask+0x268/0x310 [ 1244.407678][ T7803] alloc_pages_current+0xca/0x170 [ 1244.412710][ T7803] pte_alloc_one+0x14/0x50 [ 1244.417253][ T7803] __pte_alloc+0x27/0x210 [ 1244.421654][ T7803] copy_page_range+0x1391/0x1a40 [ 1244.426710][ T7803] dup_mm+0x72e/0xb90 [ 1244.430719][ T7803] copy_process+0x39ad/0x3b10 [ 1244.435594][ T7803] ? _raw_spin_unlock+0x38/0x60 [ 1244.440468][ T7803] _do_fork+0xf7/0x790 [ 1244.444539][ T7803] ? __read_once_size+0x45/0xd0 [ 1244.449396][ T7803] ? ktime_get_ts64+0x286/0x2c0 [ 1244.454299][ T7803] __x64_sys_clone+0x12e/0x170 [ 1244.459088][ T7803] do_syscall_64+0xc7/0x390 [ 1244.463628][ T7803] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1244.469519][ T7803] RIP: 0033:0x45aa4a [ 1244.473419][ T7803] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1244.493336][ T7803] RSP: 002b:00007fff23ee36c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1244.501807][ T7803] RAX: ffffffffffffffda RBX: 00007fff23ee36c0 RCX: 000000000045aa4a [ 1244.509782][ T7803] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1244.520713][ T7803] RBP: 00007fff23ee3700 R08: 0000000000000001 R09: 0000000000fd8940 [ 1244.528729][ T7803] R10: 0000000000fd8c10 R11: 0000000000000246 R12: 0000000000000001 09:01:40 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6(0xa, 0x6, 0x0) close(r4) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x83, &(0x7f0000000240)={r6, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r7 = socket$inet6(0xa, 0x6, 0x0) close(r7) r8 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r7, 0x84, 0x83, &(0x7f0000000240)={r9, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r10 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r10, 0x84, 0x71, &(0x7f0000000380)={r9, 0x7}, &(0x7f0000000140)=0x4e) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000180)={r11, 0x7}, 0x8) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:40 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = getpid() ptrace(0x10, r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1244.536703][ T7803] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff23ee3750 [ 1244.618694][T15663] CPU: 0 PID: 15663 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1244.627411][T15663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1244.637539][T15663] Call Trace: [ 1244.640958][T15663] dump_stack+0x11d/0x187 [ 1244.645300][T15663] should_fail.cold+0x5/0xf [ 1244.648663][ T7803] memory: usage 307200kB, limit 307200kB, failcnt 10673 [ 1244.649818][T15663] __alloc_pages_nodemask+0xcf/0x310 [ 1244.649929][T15663] alloc_pages_current+0xca/0x170 [ 1244.656827][ T7803] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1244.662076][T15663] __page_cache_alloc+0x17f/0x1a0 [ 1244.662095][T15663] pagecache_get_page+0x251/0x700 [ 1244.662114][T15663] ? radix_tree_load_root+0xb3/0xf0 [ 1244.662135][T15663] grab_cache_page_write_begin+0x56/0x80 [ 1244.662162][T15663] ext4_da_write_begin+0x1b4/0x860 [ 1244.699959][T15663] generic_perform_write+0x13a/0x320 [ 1244.704142][ T7803] Memory cgroup stats for /syz2: [ 1244.704335][ T7803] anon 225280000 [ 1244.704335][ T7803] file 0 [ 1244.704335][ T7803] kernel_stack 10579968 [ 1244.704335][ T7803] slab 14032896 [ 1244.704335][ T7803] sock 0 [ 1244.704335][ T7803] shmem 110592 [ 1244.704335][ T7803] file_mapped 135168 [ 1244.704335][ T7803] file_dirty 0 [ 1244.704335][ T7803] file_writeback 0 [ 1244.704335][ T7803] anon_thp 165675008 [ 1244.704335][ T7803] inactive_anon 0 [ 1244.704335][ T7803] active_anon 225284096 [ 1244.704335][ T7803] inactive_file 61440 [ 1244.704335][ T7803] active_file 147456 [ 1244.704335][ T7803] unevictable 0 [ 1244.704335][ T7803] slab_reclaimable 1216512 [ 1244.704335][ T7803] slab_unreclaimable 12816384 [ 1244.704335][ T7803] pgfault 98043 [ 1244.704335][ T7803] pgmajfault 0 [ 1244.704335][ T7803] workingset_refault 660 [ 1244.704335][ T7803] workingset_activate 198 [ 1244.704335][ T7803] workingset_nodereclaim 0 [ 1244.704335][ T7803] pgrefill 5077 [ 1244.704335][ T7803] pgscan 19197 [ 1244.704335][ T7803] pgsteal 13270 [ 1244.705267][T15663] ext4_buffered_write_iter+0x14e/0x280 [ 1244.705290][T15663] ext4_file_write_iter+0xf4/0xd30 [ 1244.705315][T15663] ? proc_cwd_link+0x160/0x160 [ 1244.705391][T15663] ? _kstrtoull+0xfc/0x130 [ 1244.731276][ T7803] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17666,uid=0 [ 1244.800964][T15663] new_sync_write+0x303/0x400 [ 1244.801013][T15663] __vfs_write+0x9e/0xb0 [ 1244.801033][T15663] vfs_write+0x189/0x380 [ 1244.801064][T15663] ksys_write+0xc5/0x1a0 [ 1244.801092][T15663] __x64_sys_write+0x49/0x60 [ 1244.858249][T15663] do_syscall_64+0xc7/0x390 [ 1244.862796][T15663] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1244.868707][T15663] RIP: 0033:0x45c479 [ 1244.872610][T15663] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1244.892238][T15663] RSP: 002b:00007f0d46288c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1244.900653][T15663] RAX: ffffffffffffffda RBX: 00007f0d462896d4 RCX: 000000000045c479 [ 1244.908661][T15663] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003 09:01:41 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:41 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000000)) ptrace(0x10, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$getregset(0x4204, 0x0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:41 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x6800000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1244.916631][T15663] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1244.924601][T15663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1244.932570][T15663] R13: 0000000000000cdc R14: 00000000004cec0d R15: 000000000000000a 09:01:41 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000000)) ptrace(0x10, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$getregset(0x4204, 0x0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:41 executing program 3 (fault-call:3 fault-nth:11): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1245.078215][ T7803] Memory cgroup out of memory: Killed process 17666 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1245.194129][T15699] FAULT_INJECTION: forcing a failure. [ 1245.194129][T15699] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1245.218106][ T7788] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1245.223223][T15699] CPU: 1 PID: 15699 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1245.238674][T15699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1245.248864][T15699] Call Trace: [ 1245.252247][T15699] dump_stack+0x11d/0x187 [ 1245.256663][T15699] should_fail.cold+0x5/0xf [ 1245.261189][T15699] __alloc_pages_nodemask+0xcf/0x310 [ 1245.266705][T15699] alloc_pages_current+0xca/0x170 [ 1245.271745][T15699] __page_cache_alloc+0x17f/0x1a0 [ 1245.276846][T15699] pagecache_get_page+0x251/0x700 [ 1245.281885][T15699] ? radix_tree_load_root+0xb3/0xf0 [ 1245.287111][T15699] grab_cache_page_write_begin+0x56/0x80 [ 1245.292843][T15699] ext4_da_write_begin+0x1b4/0x860 [ 1245.298025][T15699] generic_perform_write+0x13a/0x320 [ 1245.303414][T15699] ext4_buffered_write_iter+0x14e/0x280 [ 1245.308969][T15699] ext4_file_write_iter+0xf4/0xd30 [ 1245.314095][T15699] ? proc_cwd_link+0x160/0x160 [ 1245.318856][T15699] ? _kstrtoull+0xfc/0x130 [ 1245.323285][T15699] new_sync_write+0x303/0x400 [ 1245.327979][T15699] __vfs_write+0x9e/0xb0 [ 1245.332228][T15699] vfs_write+0x189/0x380 [ 1245.336596][T15699] ksys_write+0xc5/0x1a0 [ 1245.340914][T15699] __x64_sys_write+0x49/0x60 [ 1245.345552][T15699] do_syscall_64+0xc7/0x390 [ 1245.350072][T15699] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1245.355969][T15699] RIP: 0033:0x45c479 [ 1245.359910][T15699] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1245.379523][T15699] RSP: 002b:00007f0d46288c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1245.387971][T15699] RAX: ffffffffffffffda RBX: 00007f0d462896d4 RCX: 000000000045c479 [ 1245.395958][T15699] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003 [ 1245.403946][T15699] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1245.411931][T15699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1245.419906][T15699] R13: 0000000000000cdc R14: 00000000004cec0d R15: 000000000000000b [ 1245.430226][ T7788] CPU: 0 PID: 7788 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1245.438831][ T7788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1245.448955][ T7788] Call Trace: [ 1245.452262][ T7788] dump_stack+0x11d/0x187 [ 1245.456616][ T7788] dump_header+0xa7/0x399 [ 1245.460960][ T7788] oom_kill_process.cold+0x10/0x15 [ 1245.466089][ T7788] out_of_memory+0x21d/0xa30 [ 1245.470704][ T7788] mem_cgroup_out_of_memory+0x12b/0x150 [ 1245.476300][ T7788] try_charge+0xb60/0xbe0 [ 1245.480711][ T7788] ? __this_cpu_preempt_check+0x3c/0x130 [ 1245.486448][ T7788] ? __perf_event_task_sched_in+0x150/0x3a0 [ 1245.492384][ T7788] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1245.497878][ T7788] __memcg_kmem_charge+0xcd/0x1b0 [ 1245.502922][ T7788] __alloc_pages_nodemask+0x268/0x310 [ 1245.508314][ T7788] alloc_pages_current+0xca/0x170 [ 1245.513358][ T7788] pte_alloc_one+0x14/0x50 [ 1245.517803][ T7788] __pte_alloc+0x27/0x210 [ 1245.522155][ T7788] copy_page_range+0x1391/0x1a40 [ 1245.527236][ T7788] dup_mm+0x72e/0xb90 [ 1245.531250][ T7788] copy_process+0x39ad/0x3b10 [ 1245.536010][ T7788] ? _raw_spin_unlock+0x38/0x60 [ 1245.540889][ T7788] _do_fork+0xf7/0x790 [ 1245.545038][ T7788] ? __read_once_size+0x45/0xd0 [ 1245.549896][ T7788] ? ktime_get_ts64+0x286/0x2c0 [ 1245.554764][ T7788] __x64_sys_clone+0x12e/0x170 [ 1245.559571][ T7788] do_syscall_64+0xc7/0x390 [ 1245.564090][ T7788] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1245.570009][ T7788] RIP: 0033:0x45aa4a [ 1245.573910][ T7788] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 09:01:41 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6(0xa, 0x6, 0x0) close(r4) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x83, &(0x7f0000000240)={r6, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r7 = socket$inet6(0xa, 0x6, 0x0) close(r7) r8 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r7, 0x84, 0x83, &(0x7f0000000240)={r9, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r10 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r10, 0x84, 0x71, &(0x7f0000000380)={r9, 0x7}, &(0x7f0000000140)=0x4e) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000180)={r11, 0x7}, 0x8) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1245.593522][ T7788] RSP: 002b:00007ffca9301c20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1245.602043][ T7788] RAX: ffffffffffffffda RBX: 00007ffca9301c20 RCX: 000000000045aa4a [ 1245.610019][ T7788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1245.618015][ T7788] RBP: 00007ffca9301c60 R08: 0000000000000001 R09: 00000000015e7940 [ 1245.625997][ T7788] R10: 00000000015e7c10 R11: 0000000000000246 R12: 0000000000000001 [ 1245.633972][ T7788] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffca9301cb0 09:01:41 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r1) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1245.691042][ T7788] memory: usage 307200kB, limit 307200kB, failcnt 6380 [ 1245.697947][ T7788] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1245.724274][ T7788] Memory cgroup stats for /syz0: [ 1245.724462][ T7788] anon 224055296 [ 1245.724462][ T7788] file 40960 [ 1245.724462][ T7788] kernel_stack 11464704 09:01:41 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6(0xa, 0x6, 0x0) close(r4) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x83, &(0x7f0000000240)={r6, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r7 = socket$inet6(0xa, 0x6, 0x0) close(r7) r8 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r7, 0x84, 0x83, &(0x7f0000000240)={r9, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r10 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r10, 0x84, 0x71, &(0x7f0000000380)={r9, 0x7}, &(0x7f0000000140)=0x4e) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000180)={r11, 0x7}, 0x8) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1245.724462][ T7788] slab 15118336 [ 1245.724462][ T7788] sock 0 [ 1245.724462][ T7788] shmem 114688 [ 1245.724462][ T7788] file_mapped 135168 [ 1245.724462][ T7788] file_dirty 135168 [ 1245.724462][ T7788] file_writeback 0 [ 1245.724462][ T7788] anon_thp 165675008 [ 1245.724462][ T7788] inactive_anon 0 [ 1245.724462][ T7788] active_anon 224055296 [ 1245.724462][ T7788] inactive_file 0 [ 1245.724462][ T7788] active_file 16384 [ 1245.724462][ T7788] unevictable 0 [ 1245.724462][ T7788] slab_reclaimable 1486848 [ 1245.724462][ T7788] slab_unreclaimable 13631488 [ 1245.724462][ T7788] pgfault 88737 [ 1245.724462][ T7788] pgmajfault 0 [ 1245.724462][ T7788] workingset_refault 1617 [ 1245.724462][ T7788] workingset_activate 297 [ 1245.724462][ T7788] workingset_nodereclaim 0 [ 1245.724462][ T7788] pgrefill 5191 [ 1245.724462][ T7788] pgscan 11621 [ 1245.724462][ T7788] pgsteal 3321 09:01:42 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6(0xa, 0x6, 0x0) close(r4) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x83, &(0x7f0000000240)={r6, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r7 = socket$inet6(0xa, 0x6, 0x0) close(r7) r8 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r7, 0x84, 0x83, &(0x7f0000000240)={r9, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r10 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r10, 0x84, 0x71, &(0x7f0000000380)={r9, 0x7}, &(0x7f0000000140)=0x4e) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000180)={r11, 0x7}, 0x8) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:42 executing program 3 (fault-call:3 fault-nth:12): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:42 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) r2 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:42 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x6, 0x0) close(r3) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x83, &(0x7f0000000240)={r5, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r6 = socket$inet6(0xa, 0x6, 0x0) close(r6) r7 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r6, 0x84, 0x83, &(0x7f0000000240)={r8, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r9 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r9, 0x84, 0x71, &(0x7f0000000380)={r8, 0x7}, &(0x7f0000000140)=0x4e) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:42 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x6c00000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1246.011796][T15723] FAULT_INJECTION: forcing a failure. [ 1246.011796][T15723] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1246.065754][ T7788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15443,uid=0 [ 1246.113328][T15723] CPU: 1 PID: 15723 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1246.122052][T15723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1246.131292][ T7788] Memory cgroup out of memory: Killed process 15443 (syz-executor.0) total-vm:74836kB, anon-rss:2208kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1246.132109][T15723] Call Trace: [ 1246.132179][T15723] dump_stack+0x11d/0x187 [ 1246.157217][T15723] should_fail.cold+0x5/0xf [ 1246.161742][T15723] __alloc_pages_nodemask+0xcf/0x310 [ 1246.167047][T15723] alloc_pages_current+0xca/0x170 [ 1246.172104][T15723] __page_cache_alloc+0x17f/0x1a0 [ 1246.177140][T15723] pagecache_get_page+0x251/0x700 [ 1246.182200][T15723] ? radix_tree_load_root+0xb3/0xf0 [ 1246.184976][ T7803] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1246.187490][T15723] grab_cache_page_write_begin+0x56/0x80 [ 1246.205007][T15723] ext4_da_write_begin+0x1b4/0x860 09:01:42 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000000)) ptrace(0x10, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$getregset(0x4204, 0x0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1246.210188][T15723] generic_perform_write+0x13a/0x320 [ 1246.215617][T15723] ext4_buffered_write_iter+0x14e/0x280 [ 1246.221187][T15723] ext4_file_write_iter+0xf4/0xd30 [ 1246.226546][T15723] ? proc_cwd_link+0x160/0x160 [ 1246.231392][T15723] ? _kstrtoull+0xfc/0x130 [ 1246.235864][T15723] new_sync_write+0x303/0x400 [ 1246.240631][T15723] __vfs_write+0x9e/0xb0 [ 1246.244948][T15723] vfs_write+0x189/0x380 [ 1246.249282][T15723] ksys_write+0xc5/0x1a0 [ 1246.253598][T15723] __x64_sys_write+0x49/0x60 [ 1246.258211][T15723] do_syscall_64+0xc7/0x390 [ 1246.262868][T15723] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1246.268770][T15723] RIP: 0033:0x45c479 [ 1246.272744][T15723] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1246.292507][T15723] RSP: 002b:00007f0d46288c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1246.301141][T15723] RAX: ffffffffffffffda RBX: 00007f0d462896d4 RCX: 000000000045c479 [ 1246.309128][T15723] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003 [ 1246.317114][T15723] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1246.325214][T15723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1246.333337][T15723] R13: 0000000000000cdc R14: 00000000004cec0d R15: 000000000000000c [ 1246.341666][ T7803] CPU: 0 PID: 7803 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1246.350399][ T7803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1246.360520][ T7803] Call Trace: [ 1246.363955][ T7803] dump_stack+0x11d/0x187 [ 1246.368330][ T7803] dump_header+0xa7/0x399 [ 1246.372702][ T7803] oom_kill_process.cold+0x10/0x15 [ 1246.377934][ T7803] out_of_memory+0x21d/0xa30 [ 1246.382556][ T7803] mem_cgroup_out_of_memory+0x12b/0x150 [ 1246.388219][ T7803] try_charge+0xb60/0xbe0 [ 1246.392659][ T7803] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1246.398351][ T7803] __memcg_kmem_charge+0xcd/0x1b0 [ 1246.403416][ T7803] __alloc_pages_nodemask+0x268/0x310 [ 1246.408946][ T7803] alloc_pages_current+0xca/0x170 [ 1246.414033][ T7803] pte_alloc_one+0x14/0x50 [ 1246.418465][ T7803] __pte_alloc+0x27/0x210 [ 1246.422941][ T7803] copy_page_range+0x1391/0x1a40 [ 1246.428025][ T7803] dup_mm+0x72e/0xb90 [ 1246.432046][ T7803] copy_process+0x39ad/0x3b10 [ 1246.437003][ T7803] ? _raw_spin_unlock+0x38/0x60 [ 1246.441907][ T7803] _do_fork+0xf7/0x790 [ 1246.445994][ T7803] ? __read_once_size+0x45/0xd0 [ 1246.451021][ T7803] ? ktime_get_ts64+0x286/0x2c0 [ 1246.456080][ T7803] __x64_sys_clone+0x12e/0x170 [ 1246.460879][ T7803] do_syscall_64+0xc7/0x390 [ 1246.465415][ T7803] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1246.471422][ T7803] RIP: 0033:0x45aa4a [ 1246.475534][ T7803] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1246.495420][ T7803] RSP: 002b:00007fff23ee36c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1246.504519][ T7803] RAX: ffffffffffffffda RBX: 00007fff23ee36c0 RCX: 000000000045aa4a [ 1246.512514][ T7803] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1246.520670][ T7803] RBP: 00007fff23ee3700 R08: 0000000000000001 R09: 0000000000fd8940 [ 1246.528789][ T7803] R10: 0000000000fd8c10 R11: 0000000000000246 R12: 0000000000000001 [ 1246.537194][ T7803] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff23ee3750 [ 1246.601102][ T7803] memory: usage 307200kB, limit 307200kB, failcnt 10712 [ 1246.624203][ T7803] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1246.641087][ T7803] Memory cgroup stats for /syz2: [ 1246.641303][ T7803] anon 225275904 [ 1246.641303][ T7803] file 0 [ 1246.641303][ T7803] kernel_stack 10579968 [ 1246.641303][ T7803] slab 14032896 [ 1246.641303][ T7803] sock 0 [ 1246.641303][ T7803] shmem 110592 [ 1246.641303][ T7803] file_mapped 135168 [ 1246.641303][ T7803] file_dirty 0 [ 1246.641303][ T7803] file_writeback 0 [ 1246.641303][ T7803] anon_thp 165675008 [ 1246.641303][ T7803] inactive_anon 0 [ 1246.641303][ T7803] active_anon 225280000 [ 1246.641303][ T7803] inactive_file 0 [ 1246.641303][ T7803] active_file 147456 [ 1246.641303][ T7803] unevictable 0 [ 1246.641303][ T7803] slab_reclaimable 1216512 [ 1246.641303][ T7803] slab_unreclaimable 12816384 [ 1246.641303][ T7803] pgfault 98109 [ 1246.641303][ T7803] pgmajfault 0 [ 1246.641303][ T7803] workingset_refault 660 [ 1246.641303][ T7803] workingset_activate 198 [ 1246.641303][ T7803] workingset_nodereclaim 0 [ 1246.641303][ T7803] pgrefill 5077 [ 1246.641303][ T7803] pgscan 19263 [ 1246.641303][ T7803] pgsteal 13270 09:01:43 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) r2 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1246.891436][ T7803] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17613,uid=0 [ 1246.908375][ T7803] Memory cgroup out of memory: Killed process 17613 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1246.935891][ T1078] oom_reaper: reaped process 17613 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 1246.937175][ T7788] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1246.982712][ T7788] CPU: 0 PID: 7788 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1246.992162][ T7788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1247.002758][ T7788] Call Trace: [ 1247.006263][ T7788] dump_stack+0x11d/0x187 [ 1247.010760][ T7788] dump_header+0xa7/0x399 [ 1247.015473][ T7788] oom_kill_process.cold+0x10/0x15 [ 1247.020711][ T7788] out_of_memory+0x21d/0xa30 [ 1247.025431][ T7788] mem_cgroup_out_of_memory+0x12b/0x150 [ 1247.031327][ T7788] try_charge+0xb60/0xbe0 [ 1247.035893][ T7788] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1247.041702][ T7788] __memcg_kmem_charge+0xcd/0x1b0 [ 1247.046763][ T7788] __alloc_pages_nodemask+0x268/0x310 [ 1247.052453][ T7788] alloc_pages_current+0xca/0x170 [ 1247.058324][ T7788] pte_alloc_one+0x14/0x50 [ 1247.062780][ T7788] __pte_alloc+0x27/0x210 [ 1247.067261][ T7788] copy_page_range+0x1391/0x1a40 [ 1247.072543][ T7788] dup_mm+0x72e/0xb90 [ 1247.076813][ T7788] copy_process+0x39ad/0x3b10 [ 1247.081784][ T7788] ? _raw_spin_unlock+0x38/0x60 [ 1247.087285][ T7788] _do_fork+0xf7/0x790 [ 1247.091473][ T7788] ? __read_once_size+0x45/0xd0 [ 1247.097241][ T7788] ? ktime_get_ts64+0x286/0x2c0 [ 1247.102221][ T7788] __x64_sys_clone+0x12e/0x170 [ 1247.107046][ T7788] do_syscall_64+0xc7/0x390 [ 1247.111889][ T7788] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1247.117817][ T7788] RIP: 0033:0x45aa4a [ 1247.121976][ T7788] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1247.141868][ T7788] RSP: 002b:00007ffca9301c20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1247.151053][ T7788] RAX: ffffffffffffffda RBX: 00007ffca9301c20 RCX: 000000000045aa4a [ 1247.159740][ T7788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1247.168054][ T7788] RBP: 00007ffca9301c60 R08: 0000000000000001 R09: 00000000015e7940 09:01:43 executing program 3 (fault-call:3 fault-nth:13): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:43 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x6, 0x0) close(r3) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x83, &(0x7f0000000240)={r5, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r6 = socket$inet6(0xa, 0x6, 0x0) close(r6) r7 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r6, 0x84, 0x83, &(0x7f0000000240)={r8, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1247.176218][ T7788] R10: 00000000015e7c10 R11: 0000000000000246 R12: 0000000000000001 [ 1247.184367][ T7788] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffca9301cb0 [ 1247.284762][T15763] FAULT_INJECTION: forcing a failure. [ 1247.284762][T15763] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1247.363709][T15763] CPU: 0 PID: 15763 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1247.372610][T15763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1247.382681][T15763] Call Trace: [ 1247.386012][T15763] dump_stack+0x11d/0x187 [ 1247.390450][T15763] should_fail.cold+0x5/0xf [ 1247.395330][T15763] __alloc_pages_nodemask+0xcf/0x310 [ 1247.401031][T15763] alloc_pages_current+0xca/0x170 [ 1247.406361][T15763] __page_cache_alloc+0x17f/0x1a0 [ 1247.411416][T15763] pagecache_get_page+0x251/0x700 [ 1247.413682][ T7788] memory: usage 307196kB, limit 307200kB, failcnt 6409 [ 1247.416464][T15763] ? radix_tree_load_root+0xb3/0xf0 [ 1247.416486][T15763] grab_cache_page_write_begin+0x56/0x80 [ 1247.416505][T15763] ext4_da_write_begin+0x1b4/0x860 [ 1247.416535][T15763] generic_perform_write+0x13a/0x320 [ 1247.428018][ T7788] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1247.428711][T15763] ext4_buffered_write_iter+0x14e/0x280 [ 1247.428733][T15763] ext4_file_write_iter+0xf4/0xd30 [ 1247.428813][T15763] ? proc_cwd_link+0x160/0x160 [ 1247.436011][ T7788] Memory cgroup stats for /syz0: [ 1247.436628][ T7788] anon 224079872 [ 1247.436628][ T7788] file 40960 [ 1247.436628][ T7788] kernel_stack 11464704 [ 1247.436628][ T7788] slab 15118336 [ 1247.436628][ T7788] sock 0 [ 1247.436628][ T7788] shmem 114688 [ 1247.436628][ T7788] file_mapped 135168 [ 1247.436628][ T7788] file_dirty 135168 [ 1247.436628][ T7788] file_writeback 0 [ 1247.436628][ T7788] anon_thp 165675008 [ 1247.436628][ T7788] inactive_anon 0 [ 1247.436628][ T7788] active_anon 224079872 [ 1247.436628][ T7788] inactive_file 0 [ 1247.436628][ T7788] active_file 16384 [ 1247.436628][ T7788] unevictable 0 [ 1247.436628][ T7788] slab_reclaimable 1486848 [ 1247.436628][ T7788] slab_unreclaimable 13631488 [ 1247.436628][ T7788] pgfault 88803 [ 1247.436628][ T7788] pgmajfault 0 [ 1247.436628][ T7788] workingset_refault 1617 [ 1247.436628][ T7788] workingset_activate 297 [ 1247.436628][ T7788] workingset_nodereclaim 0 [ 1247.436628][ T7788] pgrefill 5224 [ 1247.436628][ T7788] pgscan 11621 [ 1247.436628][ T7788] pgsteal 3321 [ 1247.439556][T15763] ? _kstrtoull+0xfc/0x130 [ 1247.439583][T15763] new_sync_write+0x303/0x400 [ 1247.439614][T15763] __vfs_write+0x9e/0xb0 [ 1247.439635][T15763] vfs_write+0x189/0x380 [ 1247.439675][T15763] ksys_write+0xc5/0x1a0 [ 1247.449431][ T7788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=20670,uid=0 [ 1247.451970][T15763] __x64_sys_write+0x49/0x60 [ 1247.451994][T15763] do_syscall_64+0xc7/0x390 [ 1247.452082][T15763] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1247.463501][ T7788] Memory cgroup out of memory: Killed process 20670 (syz-executor.0) total-vm:74968kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1247.468276][T15763] RIP: 0033:0x45c479 [ 1247.468339][T15763] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1247.468396][T15763] RSP: 002b:00007f0d46288c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1247.483304][ T1078] oom_reaper: reaped process 20670 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 1247.565364][T15763] RAX: ffffffffffffffda RBX: 00007f0d462896d4 RCX: 000000000045c479 [ 1247.565375][T15763] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003 [ 1247.565383][T15763] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 09:01:43 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x7400000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1247.565391][T15763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1247.565400][T15763] R13: 0000000000000cdc R14: 00000000004cec0d R15: 000000000000000d 09:01:44 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r1) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:44 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:44 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) r2 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:44 executing program 3 (fault-call:3 fault-nth:14): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:44 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:44 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x6, 0x0) close(r3) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x83, &(0x7f0000000240)={r5, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r6 = socket$inet6(0xa, 0x6, 0x0) close(r6) r7 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r6, 0x84, 0x83, &(0x7f0000000240)={r8, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1248.472935][T15806] FAULT_INJECTION: forcing a failure. [ 1248.472935][T15806] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1248.511584][T15807] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1248.527762][T15806] CPU: 1 PID: 15806 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1248.536895][T15806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1248.547213][T15806] Call Trace: [ 1248.550623][T15806] dump_stack+0x11d/0x187 [ 1248.555080][T15806] should_fail.cold+0x5/0xf [ 1248.559790][T15806] __alloc_pages_nodemask+0xcf/0x310 [ 1248.565457][T15806] alloc_pages_current+0xca/0x170 [ 1248.570625][T15806] __page_cache_alloc+0x17f/0x1a0 09:01:44 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8, 0x0}, &(0x7f0000004600)=0x20) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000004640)={r1, @in6={{0xa, 0xc0, 0x1, @empty, 0x1}}, 0x3, 0x4}, &(0x7f0000004700)=0x90) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$getregset(0x4204, r2, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1248.575935][T15806] pagecache_get_page+0x251/0x700 [ 1248.581420][T15806] ? radix_tree_load_root+0xb3/0xf0 [ 1248.586661][T15806] grab_cache_page_write_begin+0x56/0x80 [ 1248.592325][T15806] ext4_da_write_begin+0x1b4/0x860 [ 1248.597722][T15806] generic_perform_write+0x13a/0x320 [ 1248.603236][T15806] ext4_buffered_write_iter+0x14e/0x280 [ 1248.609221][T15806] ext4_file_write_iter+0xf4/0xd30 [ 1248.614958][T15806] ? proc_cwd_link+0x160/0x160 [ 1248.619881][T15806] ? _kstrtoull+0xfc/0x130 [ 1248.624431][T15806] new_sync_write+0x303/0x400 [ 1248.629443][T15806] __vfs_write+0x9e/0xb0 [ 1248.633973][T15806] vfs_write+0x189/0x380 [ 1248.638377][T15806] ksys_write+0xc5/0x1a0 [ 1248.642768][T15806] __x64_sys_write+0x49/0x60 [ 1248.647678][T15806] do_syscall_64+0xc7/0x390 [ 1248.652365][T15806] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1248.658377][T15806] RIP: 0033:0x45c479 [ 1248.662300][T15806] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1248.683320][T15806] RSP: 002b:00007f0d46288c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1248.691942][T15806] RAX: ffffffffffffffda RBX: 00007f0d462896d4 RCX: 000000000045c479 [ 1248.700141][T15806] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003 [ 1248.708365][T15806] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1248.716887][T15806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1248.725096][T15806] R13: 0000000000000cdc R14: 00000000004cec0d R15: 000000000000000e [ 1248.733681][T15807] CPU: 0 PID: 15807 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1248.742839][T15807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1248.753015][T15807] Call Trace: [ 1248.756686][T15807] dump_stack+0x11d/0x187 [ 1248.761037][T15807] dump_header+0xa7/0x399 [ 1248.765487][T15807] oom_kill_process.cold+0x10/0x15 [ 1248.770775][T15807] out_of_memory+0x21d/0xa30 [ 1248.775652][T15807] ? __rcu_read_unlock+0x66/0x2f0 [ 1248.780871][T15807] mem_cgroup_out_of_memory+0x12b/0x150 [ 1248.786575][T15807] try_charge+0xb60/0xbe0 [ 1248.791176][T15807] ? map_vm_area+0x83/0xa0 [ 1248.795723][T15807] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1248.801562][T15807] __memcg_kmem_charge+0xcd/0x1b0 [ 1248.806752][T15807] copy_process+0x12bc/0x3b10 [ 1248.811570][T15807] _do_fork+0xf7/0x790 [ 1248.815787][T15807] ? __read_once_size+0x45/0xd0 [ 1248.820965][T15807] ? ktime_get_ts64+0x286/0x2c0 [ 1248.826053][T15807] __x64_sys_clone+0x12e/0x170 [ 1248.830991][T15807] do_syscall_64+0xc7/0x390 [ 1248.835559][T15807] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1248.841915][T15807] RIP: 0033:0x45c479 [ 1248.845911][T15807] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1248.866134][T15807] RSP: 002b:00007f30b4712c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 09:01:45 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r1) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1248.874964][T15807] RAX: ffffffffffffffda RBX: 00007f30b47136d4 RCX: 000000000045c479 [ 1248.883107][T15807] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 00000000000041fc [ 1248.891833][T15807] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1248.899848][T15807] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1248.908177][T15807] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 1248.967054][T15807] memory: usage 307200kB, limit 307200kB, failcnt 5071 [ 1248.975848][T15807] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1248.984453][T15807] Memory cgroup stats for /syz5: [ 1248.985454][T15807] anon 274575360 [ 1248.985454][T15807] file 180224 [ 1248.985454][T15807] kernel_stack 4866048 [ 1248.985454][T15807] slab 6991872 [ 1248.985454][T15807] sock 0 [ 1248.985454][T15807] shmem 0 [ 1248.985454][T15807] file_mapped 135168 [ 1248.985454][T15807] file_dirty 0 [ 1248.985454][T15807] file_writeback 0 [ 1248.985454][T15807] anon_thp 249561088 [ 1248.985454][T15807] inactive_anon 0 [ 1248.985454][T15807] active_anon 274587648 [ 1248.985454][T15807] inactive_file 0 [ 1248.985454][T15807] active_file 90112 [ 1248.985454][T15807] unevictable 0 [ 1248.985454][T15807] slab_reclaimable 946176 [ 1248.985454][T15807] slab_unreclaimable 6045696 [ 1248.985454][T15807] pgfault 137181 [ 1248.985454][T15807] pgmajfault 0 [ 1248.985454][T15807] workingset_refault 1254 [ 1248.985454][T15807] workingset_activate 198 09:01:45 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x7a00000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1248.985454][T15807] workingset_nodereclaim 0 [ 1248.985454][T15807] pgrefill 3674 [ 1248.985454][T15807] pgscan 14782 [ 1248.985454][T15807] pgsteal 8100 [ 1249.088840][T15807] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15369,uid=0 09:01:45 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) r2 = socket(0x10, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:45 executing program 0: syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000045c0)={0x1, 0x5, 0x8601, 0x7fff, 0xfff, 0x3, 0x6, 0x8}, &(0x7f0000004600)=0x20) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1249.105617][T15807] Memory cgroup out of memory: Killed process 15369 (syz-executor.5) total-vm:75100kB, anon-rss:2228kB, file-rss:35884kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1249.219548][T15799] syz-executor.5 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=1000 [ 1249.271549][T15799] CPU: 1 PID: 15799 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1249.280750][T15799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1249.291086][T15799] Call Trace: [ 1249.294628][T15799] dump_stack+0x11d/0x187 [ 1249.298989][T15799] dump_header+0xa7/0x399 [ 1249.304484][T15799] oom_kill_process.cold+0x10/0x15 [ 1249.309722][T15799] out_of_memory+0x21d/0xa30 [ 1249.314391][T15799] ? __rcu_read_unlock+0x66/0x2f0 09:01:45 executing program 3 (fault-call:3 fault-nth:15): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1249.319442][T15799] mem_cgroup_out_of_memory+0x12b/0x150 [ 1249.325559][T15799] try_charge+0x7ed/0xbe0 [ 1249.330092][T15799] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1249.335835][T15799] cache_grow_begin+0x39f/0x590 [ 1249.340717][T15799] ? __cpuset_node_allowed+0xf6/0x200 [ 1249.346717][T15799] fallback_alloc+0x167/0x1f0 [ 1249.351547][T15799] kmem_cache_alloc+0x16d/0x5e0 [ 1249.356463][T15799] ? __vm_enough_memory+0xe1/0x210 [ 1249.361892][T15799] vm_area_alloc+0x46/0xf0 [ 1249.366327][T15799] ? mmap_region+0x2eb/0xdd0 [ 1249.371054][T15799] mmap_region+0x65d/0xdd0 [ 1249.375493][T15799] ? get_unmapped_area+0x1ff/0x2a0 [ 1249.380630][T15799] do_mmap+0x717/0xc20 [ 1249.384754][T15799] ? security_mmap_file+0x178/0x190 [ 1249.389985][T15799] vm_mmap_pgoff+0x12f/0x190 [ 1249.394604][T15799] ksys_mmap_pgoff+0x96/0x420 [ 1249.399373][T15799] ? debug_smp_processor_id+0x3f/0x129 [ 1249.404888][T15799] do_syscall_64+0xc7/0x390 [ 1249.409490][T15799] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1249.415490][T15799] RIP: 0033:0x45c4ca [ 1249.419460][T15799] Code: 89 f5 41 54 49 89 fc 55 53 74 35 49 63 e8 48 63 da 4d 89 f9 49 89 e8 4d 63 d6 48 89 da 4c 89 ee 4c 89 e7 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 4e 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 00 [ 1249.432697][T15838] FAULT_INJECTION: forcing a failure. [ 1249.432697][T15838] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1249.439659][T15799] RSP: 002b:00007ffd30768868 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1249.439677][T15799] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045c4ca [ 1249.439686][T15799] RDX: 0000000000000003 RSI: 0000000000021000 RDI: 0000000000000000 [ 1249.439696][T15799] RBP: ffffffffffffffff R08: ffffffffffffffff R09: 0000000000000000 [ 1249.439705][T15799] R10: 0000000000020022 R11: 0000000000000246 R12: 0000000000000000 [ 1249.439714][T15799] R13: 0000000000021000 R14: 0000000000020022 R15: 0000000000000000 [ 1249.512218][T15799] memory: usage 304876kB, limit 307200kB, failcnt 5071 [ 1249.520602][T15799] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1249.528790][T15799] Memory cgroup stats for /syz5: [ 1249.528946][T15799] anon 272461824 [ 1249.528946][T15799] file 180224 [ 1249.528946][T15799] kernel_stack 4866048 [ 1249.528946][T15799] slab 6991872 [ 1249.528946][T15799] sock 0 [ 1249.528946][T15799] shmem 0 [ 1249.528946][T15799] file_mapped 135168 [ 1249.528946][T15799] file_dirty 0 [ 1249.528946][T15799] file_writeback 0 [ 1249.528946][T15799] anon_thp 247463936 [ 1249.528946][T15799] inactive_anon 0 [ 1249.528946][T15799] active_anon 272474112 [ 1249.528946][T15799] inactive_file 0 [ 1249.528946][T15799] active_file 90112 [ 1249.528946][T15799] unevictable 0 [ 1249.528946][T15799] slab_reclaimable 946176 [ 1249.528946][T15799] slab_unreclaimable 6045696 [ 1249.528946][T15799] pgfault 137181 [ 1249.528946][T15799] pgmajfault 0 [ 1249.528946][T15799] workingset_refault 1254 [ 1249.528946][T15799] workingset_activate 198 [ 1249.528946][T15799] workingset_nodereclaim 0 [ 1249.528946][T15799] pgrefill 3674 [ 1249.528946][T15799] pgscan 14782 [ 1249.528946][T15799] pgsteal 8100 [ 1249.669458][T15838] CPU: 0 PID: 15838 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1249.678731][T15838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1249.688926][T15838] Call Trace: [ 1249.692244][T15838] dump_stack+0x11d/0x187 [ 1249.696724][T15838] should_fail.cold+0x5/0xf [ 1249.701365][T15838] __alloc_pages_nodemask+0xcf/0x310 [ 1249.706695][T15838] alloc_pages_current+0xca/0x170 [ 1249.711875][T15838] __page_cache_alloc+0x17f/0x1a0 [ 1249.717123][T15838] pagecache_get_page+0x251/0x700 [ 1249.722430][T15838] ? radix_tree_load_root+0xb3/0xf0 [ 1249.727661][T15838] grab_cache_page_write_begin+0x56/0x80 [ 1249.734767][T15838] ext4_da_write_begin+0x1b4/0x860 [ 1249.739931][T15838] generic_perform_write+0x13a/0x320 [ 1249.745255][T15838] ext4_buffered_write_iter+0x14e/0x280 [ 1249.750915][T15838] ext4_file_write_iter+0xf4/0xd30 [ 1249.756635][T15838] ? proc_cwd_link+0x160/0x160 [ 1249.761422][T15838] ? _kstrtoull+0xfc/0x130 [ 1249.765867][T15838] new_sync_write+0x303/0x400 [ 1249.770579][T15838] __vfs_write+0x9e/0xb0 [ 1249.775030][T15838] vfs_write+0x189/0x380 [ 1249.779358][T15838] ksys_write+0xc5/0x1a0 [ 1249.783677][T15838] __x64_sys_write+0x49/0x60 [ 1249.788286][T15838] do_syscall_64+0xc7/0x390 [ 1249.792875][T15838] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1249.798784][T15838] RIP: 0033:0x45c479 [ 1249.802697][T15838] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1249.822436][T15838] RSP: 002b:00007f0d46288c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1249.830873][T15838] RAX: ffffffffffffffda RBX: 00007f0d462896d4 RCX: 000000000045c479 [ 1249.838981][T15838] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003 [ 1249.846972][T15838] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1249.855136][T15838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 09:01:46 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1249.863260][T15838] R13: 0000000000000cdc R14: 00000000004cec0d R15: 000000000000000f [ 1249.885773][T15799] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=24590,uid=0 09:01:46 executing program 0: syz_open_dev$vcsu(&(0x7f0000004580)='/dev/vcsu#\x00', 0x80, 0x100) clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1249.954296][T15799] Memory cgroup out of memory: Killed process 24590 (syz-executor.5) total-vm:74836kB, anon-rss:2212kB, file-rss:35796kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1250.080294][ T1078] oom_reaper: reaped process 24590 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 09:01:46 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x8096980000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:46 executing program 3 (fault-call:3 fault-nth:16): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1250.121238][T15829] ptrace attach of "/root/syz-executor.5"[15799] was attempted by "/root/syz-executor.5"[15829] 09:01:46 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x6, 0x0) close(r3) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x83, &(0x7f0000000240)={r5, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r6 = socket$inet6(0xa, 0x6, 0x0) close(r6) r7 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r6, 0x84, 0x83, &(0x7f0000000240)={r8, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:46 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) r2 = socket(0x10, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1250.504399][T15874] FAULT_INJECTION: forcing a failure. [ 1250.504399][T15874] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1250.521441][T15874] CPU: 1 PID: 15874 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1250.530343][T15874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1250.540502][T15874] Call Trace: [ 1250.543819][T15874] dump_stack+0x11d/0x187 [ 1250.548210][T15874] should_fail.cold+0x5/0xf [ 1250.552743][T15874] __alloc_pages_nodemask+0xcf/0x310 [ 1250.558057][T15874] alloc_pages_current+0xca/0x170 [ 1250.563245][T15874] __page_cache_alloc+0x17f/0x1a0 [ 1250.568310][T15874] pagecache_get_page+0x251/0x700 [ 1250.573544][T15874] ? radix_tree_load_root+0xb3/0xf0 [ 1250.578874][T15874] grab_cache_page_write_begin+0x56/0x80 [ 1250.584528][T15874] ext4_da_write_begin+0x1b4/0x860 [ 1250.590076][T15874] generic_perform_write+0x13a/0x320 [ 1250.595398][T15874] ext4_buffered_write_iter+0x14e/0x280 [ 1250.600963][T15874] ext4_file_write_iter+0xf4/0xd30 [ 1250.606325][T15874] ? proc_cwd_link+0x160/0x160 [ 1250.611213][T15874] ? _kstrtoull+0xfc/0x130 [ 1250.615646][T15874] new_sync_write+0x303/0x400 [ 1250.620348][T15874] __vfs_write+0x9e/0xb0 [ 1250.624609][T15874] vfs_write+0x189/0x380 [ 1250.628998][T15874] ksys_write+0xc5/0x1a0 [ 1250.633261][T15874] __x64_sys_write+0x49/0x60 [ 1250.637963][T15874] do_syscall_64+0xc7/0x390 [ 1250.642588][T15874] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1250.648494][T15874] RIP: 0033:0x45c479 [ 1250.652402][T15874] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1250.672030][T15874] RSP: 002b:00007f0d46288c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1250.680542][T15874] RAX: ffffffffffffffda RBX: 00007f0d462896d4 RCX: 000000000045c479 [ 1250.688752][T15874] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003 [ 1250.696817][T15874] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 09:01:46 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1250.704884][T15874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1250.713006][T15874] R13: 0000000000000cdc R14: 00000000004cec0d R15: 0000000000000010 09:01:47 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:47 executing program 3 (fault-call:3 fault-nth:17): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:47 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x6, 0x0) close(r3) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x83, &(0x7f0000000240)={r5, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r6 = socket$inet6(0xa, 0x6, 0x0) close(r6) r7 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r6, 0x84, 0x83, &(0x7f0000000240)={r8, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:47 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x8cffffff00000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1251.227404][T15894] FAULT_INJECTION: forcing a failure. [ 1251.227404][T15894] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1251.288235][T15894] CPU: 0 PID: 15894 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1251.297223][T15894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1251.307497][T15894] Call Trace: [ 1251.310825][T15894] dump_stack+0x11d/0x187 [ 1251.315292][T15894] should_fail.cold+0x5/0xf [ 1251.319825][T15894] __alloc_pages_nodemask+0xcf/0x310 [ 1251.325186][T15894] alloc_pages_current+0xca/0x170 [ 1251.330243][T15894] __page_cache_alloc+0x17f/0x1a0 [ 1251.335299][T15894] pagecache_get_page+0x251/0x700 [ 1251.339472][T15903] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1251.340343][T15894] ? radix_tree_load_root+0xb3/0xf0 [ 1251.340369][T15894] grab_cache_page_write_begin+0x56/0x80 [ 1251.364007][T15894] ext4_da_write_begin+0x1b4/0x860 [ 1251.369374][T15894] generic_perform_write+0x13a/0x320 [ 1251.374812][T15894] ext4_buffered_write_iter+0x14e/0x280 [ 1251.380493][T15894] ext4_file_write_iter+0xf4/0xd30 [ 1251.385777][T15894] new_sync_write+0x303/0x400 [ 1251.390487][T15894] __vfs_write+0x9e/0xb0 [ 1251.394749][T15894] vfs_write+0x189/0x380 [ 1251.399011][T15894] ksys_write+0xc5/0x1a0 [ 1251.403302][T15894] __x64_sys_write+0x49/0x60 [ 1251.408008][T15894] do_syscall_64+0xc7/0x390 [ 1251.412730][T15894] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1251.418634][T15894] RIP: 0033:0x45c479 [ 1251.422573][T15894] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1251.442277][T15894] RSP: 002b:00007f0d46288c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1251.450861][T15894] RAX: ffffffffffffffda RBX: 00007f0d462896d4 RCX: 000000000045c479 [ 1251.458847][T15894] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003 [ 1251.467220][T15894] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1251.475233][T15894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1251.483333][T15894] R13: 0000000000000cdc R14: 00000000004cec0d R15: 0000000000000011 [ 1251.495640][T15903] CPU: 0 PID: 15903 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1251.504359][T15903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1251.514523][T15903] Call Trace: [ 1251.518383][T15903] dump_stack+0x11d/0x187 [ 1251.522963][T15903] dump_header+0xa7/0x399 [ 1251.527410][T15903] oom_kill_process.cold+0x10/0x15 [ 1251.532801][T15903] out_of_memory+0x21d/0xa30 [ 1251.537412][T15903] ? __rcu_read_unlock+0x66/0x2f0 [ 1251.542501][T15903] mem_cgroup_out_of_memory+0x12b/0x150 [ 1251.548208][T15903] try_charge+0xb60/0xbe0 [ 1251.552663][T15903] ? map_vm_area+0x83/0xa0 [ 1251.557184][T15903] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1251.562681][T15903] __memcg_kmem_charge+0xcd/0x1b0 [ 1251.567885][T15903] copy_process+0x12bc/0x3b10 [ 1251.572910][T15903] _do_fork+0xf7/0x790 [ 1251.576992][T15903] ? __read_once_size+0x45/0xd0 [ 1251.582096][T15903] ? ktime_get_ts64+0x286/0x2c0 [ 1251.587016][T15903] __x64_sys_clone+0x12e/0x170 [ 1251.591832][T15903] do_syscall_64+0xc7/0x390 [ 1251.596365][T15903] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1251.602488][T15903] RIP: 0033:0x45c479 [ 1251.606403][T15903] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1251.626107][T15903] RSP: 002b:00007f30b4712c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 09:01:47 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:47 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) r2 = socket(0x10, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1251.634533][T15903] RAX: ffffffffffffffda RBX: 00007f30b47136d4 RCX: 000000000045c479 [ 1251.642567][T15903] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 00000000000041fc [ 1251.650565][T15903] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1251.658611][T15903] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1251.666687][T15903] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c 09:01:47 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1251.843799][T15903] memory: usage 307200kB, limit 307200kB, failcnt 5117 [ 1251.858309][T15903] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1251.866601][T15903] Memory cgroup stats for /syz5: [ 1251.866933][T15903] anon 274583552 [ 1251.866933][T15903] file 180224 [ 1251.866933][T15903] kernel_stack 4829184 [ 1251.866933][T15903] slab 6991872 [ 1251.866933][T15903] sock 0 [ 1251.866933][T15903] shmem 0 [ 1251.866933][T15903] file_mapped 135168 [ 1251.866933][T15903] file_dirty 0 [ 1251.866933][T15903] file_writeback 0 [ 1251.866933][T15903] anon_thp 249561088 [ 1251.866933][T15903] inactive_anon 0 [ 1251.866933][T15903] active_anon 274595840 [ 1251.866933][T15903] inactive_file 0 [ 1251.866933][T15903] active_file 90112 [ 1251.866933][T15903] unevictable 0 [ 1251.866933][T15903] slab_reclaimable 946176 [ 1251.866933][T15903] slab_unreclaimable 6045696 [ 1251.866933][T15903] pgfault 137313 [ 1251.866933][T15903] pgmajfault 0 [ 1251.866933][T15903] workingset_refault 1254 09:01:48 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1251.866933][T15903] workingset_activate 198 [ 1251.866933][T15903] workingset_nodereclaim 0 [ 1251.866933][T15903] pgrefill 3707 [ 1251.866933][T15903] pgscan 14815 [ 1251.866933][T15903] pgsteal 8100 [ 1252.001804][T15903] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10035,uid=0 [ 1252.031345][T15903] Memory cgroup out of memory: Killed process 10035 (syz-executor.5) total-vm:74968kB, anon-rss:2220kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:01:48 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x6, 0x0) close(r3) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x83, &(0x7f0000000240)={r5, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r6 = socket$inet6(0xa, 0x6, 0x0) close(r6) r7 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1252.125297][ T1078] oom_reaper: reaped process 10035 (syz-executor.5), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 1252.162953][T15927] ptrace attach of "/root/syz-executor.5"[15898] was attempted by "/root/syz-executor.5"[15927] 09:01:48 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:48 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x9603000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:48 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1252.480967][ T7813] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 09:01:48 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1252.568797][ T7813] CPU: 0 PID: 7813 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1252.577447][ T7813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1252.587501][ T7813] Call Trace: [ 1252.590815][ T7813] dump_stack+0x11d/0x187 [ 1252.595163][ T7813] dump_header+0xa7/0x399 [ 1252.599504][ T7813] oom_kill_process.cold+0x10/0x15 [ 1252.604629][ T7813] out_of_memory+0x21d/0xa30 [ 1252.609240][ T7813] ? __rcu_read_unlock+0x66/0x2f0 [ 1252.614360][ T7813] mem_cgroup_out_of_memory+0x12b/0x150 [ 1252.619955][ T7813] try_charge+0xb60/0xbe0 [ 1252.624338][ T7813] ? __this_cpu_preempt_check+0x3c/0x130 [ 1252.629985][ T7813] ? __perf_event_task_sched_in+0x150/0x3a0 [ 1252.635893][ T7813] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1252.641362][ T7813] __memcg_kmem_charge+0xcd/0x1b0 [ 1252.646481][ T7813] __alloc_pages_nodemask+0x268/0x310 [ 1252.651871][ T7813] alloc_pages_current+0xca/0x170 [ 1252.656910][ T7813] pte_alloc_one+0x14/0x50 [ 1252.661338][ T7813] __pte_alloc+0x27/0x210 [ 1252.665685][ T7813] copy_page_range+0x1391/0x1a40 [ 1252.670706][ T7813] dup_mm+0x72e/0xb90 [ 1252.674714][ T7813] copy_process+0x39ad/0x3b10 [ 1252.679541][ T7813] ? _raw_spin_unlock+0x38/0x60 [ 1252.684423][ T7813] _do_fork+0xf7/0x790 [ 1252.688499][ T7813] ? __read_once_size+0x45/0xd0 [ 1252.693389][ T7813] ? ktime_get_ts64+0x286/0x2c0 [ 1252.698257][ T7813] __x64_sys_clone+0x12e/0x170 [ 1252.703094][ T7813] do_syscall_64+0xc7/0x390 [ 1252.707614][ T7813] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1252.713532][ T7813] RIP: 0033:0x45aa4a [ 1252.717432][ T7813] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1252.737249][ T7813] RSP: 002b:00007ffd30768af0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1252.745677][ T7813] RAX: ffffffffffffffda RBX: 00007ffd30768af0 RCX: 000000000045aa4a [ 1252.753756][ T7813] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1252.761774][ T7813] RBP: 00007ffd30768b30 R08: 0000000000000001 R09: 00000000015a8940 [ 1252.769746][ T7813] R10: 00000000015a8c10 R11: 0000000000000246 R12: 0000000000000001 [ 1252.777723][ T7813] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffd30768b80 09:01:49 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x2000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1252.848907][ T7813] memory: usage 307056kB, limit 307200kB, failcnt 5154 [ 1252.856099][ T7813] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1252.863599][ T7813] Memory cgroup stats for /syz5: [ 1252.863798][ T7813] anon 274558976 [ 1252.863798][ T7813] file 180224 [ 1252.863798][ T7813] kernel_stack 4829184 [ 1252.863798][ T7813] slab 7131136 [ 1252.863798][ T7813] sock 0 [ 1252.863798][ T7813] shmem 0 [ 1252.863798][ T7813] file_mapped 135168 [ 1252.863798][ T7813] file_dirty 0 [ 1252.863798][ T7813] file_writeback 0 [ 1252.863798][ T7813] anon_thp 249561088 [ 1252.863798][ T7813] inactive_anon 0 [ 1252.863798][ T7813] active_anon 274571264 [ 1252.863798][ T7813] inactive_file 0 [ 1252.863798][ T7813] active_file 90112 [ 1252.863798][ T7813] unevictable 0 [ 1252.863798][ T7813] slab_reclaimable 946176 [ 1252.863798][ T7813] slab_unreclaimable 6184960 [ 1252.863798][ T7813] pgfault 137379 [ 1252.863798][ T7813] pgmajfault 0 [ 1252.863798][ T7813] workingset_refault 1254 [ 1252.863798][ T7813] workingset_activate 198 [ 1252.863798][ T7813] workingset_nodereclaim 0 [ 1252.863798][ T7813] pgrefill 3707 [ 1252.863798][ T7813] pgscan 14815 [ 1252.863798][ T7813] pgsteal 8100 09:01:49 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(0x0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:49 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1252.989899][ T7813] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15927,uid=0 [ 1253.006457][ T7813] Memory cgroup out of memory: Killed process 15927 (syz-executor.5) total-vm:74836kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:01:49 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(0x0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:49 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x3000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:49 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(0x0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:49 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x4000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1253.502645][ T7788] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1253.544515][ T7788] CPU: 0 PID: 7788 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1253.553153][ T7788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1253.563245][ T7788] Call Trace: [ 1253.566578][ T7788] dump_stack+0x11d/0x187 [ 1253.571011][ T7788] dump_header+0xa7/0x399 [ 1253.575373][ T7788] oom_kill_process.cold+0x10/0x15 [ 1253.580511][ T7788] out_of_memory+0x21d/0xa30 [ 1253.585128][ T7788] ? __rcu_read_unlock+0x66/0x2f0 [ 1253.590179][ T7788] mem_cgroup_out_of_memory+0x12b/0x150 [ 1253.595745][ T7788] try_charge+0xb60/0xbe0 [ 1253.600138][ T7788] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1253.605674][ T7788] __memcg_kmem_charge+0xcd/0x1b0 [ 1253.610721][ T7788] __alloc_pages_nodemask+0x268/0x310 [ 1253.616110][ T7788] alloc_pages_current+0xca/0x170 [ 1253.621194][ T7788] __pmd_alloc+0x48/0x2b0 [ 1253.625553][ T7788] copy_page_range+0x14df/0x1a40 [ 1253.630533][ T7788] ? __rcu_read_unlock+0x66/0x2f0 [ 1253.635678][ T7788] ? anon_vma_interval_tree_insert+0x1bd/0x240 [ 1253.641879][ T7788] ? __rb_rotate_set_parents+0x96/0xe0 [ 1253.647357][ T7788] ? vma_interval_tree_augment_rotate+0xd8/0xf0 [ 1253.653628][ T7788] ? __rb_insert_augmented+0x11b/0x360 [ 1253.659107][ T7788] ? __vma_link_rb+0x3ed/0x440 [ 1253.663885][ T7788] dup_mm+0x72e/0xb90 [ 1253.667895][ T7788] copy_process+0x39ad/0x3b10 [ 1253.672588][ T7788] ? _raw_spin_unlock+0x38/0x60 [ 1253.677477][ T7788] _do_fork+0xf7/0x790 [ 1253.681552][ T7788] ? __read_once_size+0x45/0xd0 [ 1253.686424][ T7788] ? ktime_get_ts64+0x286/0x2c0 [ 1253.691286][ T7788] __x64_sys_clone+0x12e/0x170 [ 1253.696071][ T7788] do_syscall_64+0xc7/0x390 [ 1253.700605][ T7788] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1253.706495][ T7788] RIP: 0033:0x45aa4a [ 1253.710403][ T7788] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1253.730055][ T7788] RSP: 002b:00007ffca9301c20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1253.738473][ T7788] RAX: ffffffffffffffda RBX: 00007ffca9301c20 RCX: 000000000045aa4a [ 1253.746445][ T7788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1253.754424][ T7788] RBP: 00007ffca9301c60 R08: 0000000000000001 R09: 00000000015e7940 [ 1253.762399][ T7788] R10: 00000000015e7c10 R11: 0000000000000246 R12: 0000000000000001 [ 1253.770380][ T7788] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffca9301cb0 [ 1253.806681][ T7788] memory: usage 307200kB, limit 307200kB, failcnt 6484 [ 1253.814013][ T7788] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1253.821539][ T7788] Memory cgroup stats for /syz0: [ 1253.821672][ T7788] anon 222728192 [ 1253.821672][ T7788] file 40960 [ 1253.821672][ T7788] kernel_stack 11575296 [ 1253.821672][ T7788] slab 15253504 [ 1253.821672][ T7788] sock 0 [ 1253.821672][ T7788] shmem 114688 [ 1253.821672][ T7788] file_mapped 135168 [ 1253.821672][ T7788] file_dirty 135168 [ 1253.821672][ T7788] file_writeback 0 [ 1253.821672][ T7788] anon_thp 163577856 [ 1253.821672][ T7788] inactive_anon 0 [ 1253.821672][ T7788] active_anon 222728192 [ 1253.821672][ T7788] inactive_file 0 [ 1253.821672][ T7788] active_file 16384 [ 1253.821672][ T7788] unevictable 0 [ 1253.821672][ T7788] slab_reclaimable 1486848 [ 1253.821672][ T7788] slab_unreclaimable 13766656 [ 1253.821672][ T7788] pgfault 89661 [ 1253.821672][ T7788] pgmajfault 0 [ 1253.821672][ T7788] workingset_refault 1617 [ 1253.821672][ T7788] workingset_activate 330 [ 1253.821672][ T7788] workingset_nodereclaim 0 09:01:50 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x6, 0x0) close(r3) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x83, &(0x7f0000000240)={r5, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r6 = socket$inet6(0xa, 0x6, 0x0) close(r6) r7 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:50 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x97ffffff00000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:50 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x5000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:50 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1253.821672][ T7788] pgrefill 5323 [ 1253.821672][ T7788] pgscan 11720 [ 1253.821672][ T7788] pgsteal 3354 [ 1253.931033][ T7788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=20434,uid=0 09:01:50 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:50 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x6000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1254.166700][ T7788] Memory cgroup out of memory: Killed process 20434 (syz-executor.0) total-vm:74968kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1254.225735][T15998] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1254.263898][T15998] CPU: 0 PID: 15998 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 09:01:50 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, 0x0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1254.272638][T15998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1254.282695][T15998] Call Trace: [ 1254.286006][T15998] dump_stack+0x11d/0x187 [ 1254.290352][T15998] dump_header+0xa7/0x399 [ 1254.294693][T15998] oom_kill_process.cold+0x10/0x15 [ 1254.299818][T15998] out_of_memory+0x21d/0xa30 [ 1254.304436][T15998] mem_cgroup_out_of_memory+0x12b/0x150 [ 1254.310006][T15998] try_charge+0xb60/0xbe0 [ 1254.314356][T15998] ? __rcu_read_unlock+0x66/0x2f0 [ 1254.319475][T15998] mem_cgroup_try_charge+0xd7/0x260 [ 1254.324697][T15998] mem_cgroup_try_charge_delay+0x36/0x70 [ 1254.330345][T15998] wp_page_copy+0x31a/0xf20 [ 1254.334861][T15998] ? __delayacct_freepages_end+0x7d/0x90 [ 1254.340504][T15998] ? kvm_clock_read+0x14/0x30 [ 1254.345188][T15998] ? kvm_sched_clock_read+0x5/0x10 [ 1254.350331][T15998] do_wp_page+0x185/0xcc0 [ 1254.354662][T15998] ? psi_task_change+0x1a4/0x2c0 [ 1254.359723][T15998] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1254.365657][T15998] __handle_mm_fault+0x1c5e/0x2cf0 [ 1254.370811][T15998] handle_mm_fault+0x21c/0x540 [ 1254.375597][T15998] do_page_fault+0x4a4/0xa52 [ 1254.380210][T15998] ? prepare_exit_to_usermode+0x165/0x1c0 [ 1254.385946][T15998] page_fault+0x34/0x40 [ 1254.390100][T15998] RIP: 0033:0x4114c8 [ 1254.394006][T15998] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 78 1d 4c 00 31 c0 e8 e3 09 ff ff 31 ff e8 2c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 11 87 00 [ 1254.413634][T15998] RSP: 002b:00007ffd307688c0 EFLAGS: 00010246 09:01:50 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1254.419704][T15998] RAX: 00000000d4741ceb RBX: 00000000d6c5b280 RCX: 0000001b2ce20000 [ 1254.427682][T15998] RDX: 0000000000000000 RSI: 0000000000001ceb RDI: ffffffffd4741ceb [ 1254.435654][T15998] RBP: 0000000000000003 R08: 00000000d4741ceb R09: 00000000d4741cef [ 1254.443647][T15998] R10: 00007ffd30768a60 R11: 0000000000000246 R12: 000000000076bfa8 [ 1254.451643][T15998] R13: 0000000080000000 R14: 00007f30b6714008 R15: 0000000000000003 [ 1254.487072][T15998] memory: usage 307200kB, limit 307200kB, failcnt 5165 [ 1254.504939][T15998] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 09:01:50 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, 0x0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1254.551320][T15998] Memory cgroup stats for /syz5: [ 1254.551469][T15998] anon 274554880 [ 1254.551469][T15998] file 180224 [ 1254.551469][T15998] kernel_stack 4829184 [ 1254.551469][T15998] slab 7131136 [ 1254.551469][T15998] sock 0 [ 1254.551469][T15998] shmem 0 [ 1254.551469][T15998] file_mapped 135168 [ 1254.551469][T15998] file_dirty 0 [ 1254.551469][T15998] file_writeback 0 [ 1254.551469][T15998] anon_thp 249561088 [ 1254.551469][T15998] inactive_anon 0 [ 1254.551469][T15998] active_anon 274567168 [ 1254.551469][T15998] inactive_file 0 [ 1254.551469][T15998] active_file 90112 [ 1254.551469][T15998] unevictable 0 [ 1254.551469][T15998] slab_reclaimable 946176 [ 1254.551469][T15998] slab_unreclaimable 6184960 [ 1254.551469][T15998] pgfault 137478 [ 1254.551469][T15998] pgmajfault 0 [ 1254.551469][T15998] workingset_refault 1254 [ 1254.551469][T15998] workingset_activate 198 [ 1254.551469][T15998] workingset_nodereclaim 0 [ 1254.551469][T15998] pgrefill 3707 [ 1254.551469][T15998] pgscan 14848 [ 1254.551469][T15998] pgsteal 8100 09:01:50 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, 0x0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:50 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x9000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:51 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x9800000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1254.924574][T15998] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=8940,uid=0 [ 1254.943896][T15998] Memory cgroup out of memory: Killed process 8940 (syz-executor.5) total-vm:74968kB, anon-rss:2220kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1254.989822][T15995] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1255.068958][T15995] CPU: 0 PID: 15995 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1255.077676][T15995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1255.087736][T15995] Call Trace: [ 1255.091039][T15995] dump_stack+0x11d/0x187 [ 1255.095378][T15995] dump_header+0xa7/0x399 [ 1255.099724][T15995] oom_kill_process.cold+0x10/0x15 [ 1255.104910][T15995] out_of_memory+0x21d/0xa30 [ 1255.109700][T15995] mem_cgroup_out_of_memory+0x12b/0x150 [ 1255.115275][T15995] try_charge+0xb60/0xbe0 [ 1255.119715][T15995] ? __rcu_read_unlock+0x66/0x2f0 [ 1255.124825][T15995] mem_cgroup_try_charge+0xd7/0x260 [ 1255.130081][T15995] mem_cgroup_try_charge_delay+0x36/0x70 [ 1255.135730][T15995] wp_page_copy+0x31a/0xf20 [ 1255.140322][T15995] ? __delayacct_freepages_end+0x7d/0x90 [ 1255.145993][T15995] ? kvm_clock_read+0x14/0x30 [ 1255.150682][T15995] ? kvm_sched_clock_read+0x5/0x10 [ 1255.155838][T15995] do_wp_page+0x185/0xcc0 [ 1255.160182][T15995] ? psi_task_change+0x1a4/0x2c0 [ 1255.165129][T15995] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1255.171035][T15995] __handle_mm_fault+0x1c5e/0x2cf0 [ 1255.176172][T15995] handle_mm_fault+0x21c/0x540 [ 1255.180958][T15995] do_page_fault+0x4a4/0xa52 [ 1255.185567][T15995] ? prepare_exit_to_usermode+0x165/0x1c0 [ 1255.191307][T15995] page_fault+0x34/0x40 [ 1255.195468][T15995] RIP: 0033:0x4114c8 [ 1255.199377][T15995] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 78 1d 4c 00 31 c0 e8 e3 09 ff ff 31 ff e8 2c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 11 87 00 [ 1255.219153][T15995] RSP: 002b:00007fff23ee3490 EFLAGS: 00010246 [ 1255.225220][T15995] RAX: 00000000ee27a728 RBX: 00000000295f4034 RCX: 0000001b34320000 [ 1255.233193][T15995] RDX: 0000000000000000 RSI: 0000000000000728 RDI: ffffffffee27a728 [ 1255.241177][T15995] RBP: 000000000000000b R08: 00000000ee27a728 R09: 00000000ee27a72c [ 1255.249255][T15995] R10: 00007fff23ee3630 R11: 0000000000000246 R12: 000000000076bfa8 [ 1255.257237][T15995] R13: 0000000080000000 R14: 00007f067ab1e008 R15: 000000000000000b [ 1255.282729][T15995] memory: usage 307192kB, limit 307200kB, failcnt 10749 [ 1255.291488][T15995] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1255.299117][T15995] Memory cgroup stats for /syz2: [ 1255.299291][T15995] anon 224055296 [ 1255.299291][T15995] file 0 [ 1255.299291][T15995] kernel_stack 10727424 [ 1255.299291][T15995] slab 14032896 [ 1255.299291][T15995] sock 0 [ 1255.299291][T15995] shmem 110592 [ 1255.299291][T15995] file_mapped 135168 [ 1255.299291][T15995] file_dirty 0 [ 1255.299291][T15995] file_writeback 0 [ 1255.299291][T15995] anon_thp 163577856 [ 1255.299291][T15995] inactive_anon 0 [ 1255.299291][T15995] active_anon 224059392 [ 1255.299291][T15995] inactive_file 0 [ 1255.299291][T15995] active_file 147456 [ 1255.299291][T15995] unevictable 0 [ 1255.299291][T15995] slab_reclaimable 1216512 [ 1255.299291][T15995] slab_unreclaimable 12816384 [ 1255.299291][T15995] pgfault 98670 [ 1255.299291][T15995] pgmajfault 0 [ 1255.299291][T15995] workingset_refault 660 [ 1255.299291][T15995] workingset_activate 198 09:01:51 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x6, 0x0) close(r3) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x83, &(0x7f0000000240)={r5, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r6 = socket$inet6(0xa, 0x6, 0x0) close(r6) socket$inet(0x2, 0x80001, 0x84) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:51 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x0, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:51 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0xa000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1255.299291][T15995] workingset_nodereclaim 0 [ 1255.299291][T15995] pgrefill 5110 [ 1255.299291][T15995] pgscan 19331 [ 1255.299291][T15995] pgsteal 13270 [ 1255.395870][T15995] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17557,uid=0 [ 1255.434622][T15995] Memory cgroup out of memory: Killed process 17557 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:01:51 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:51 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:51 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x0, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:51 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0xb000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:51 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x0, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:52 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0xc000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:52 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, 0x0) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1255.996180][T16082] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1256.043956][T16082] CPU: 0 PID: 16082 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1256.052680][T16082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1256.062735][T16082] Call Trace: [ 1256.066037][T16082] dump_stack+0x11d/0x187 [ 1256.070443][T16082] dump_header+0xa7/0x399 [ 1256.074786][T16082] oom_kill_process.cold+0x10/0x15 [ 1256.079907][T16082] out_of_memory+0x21d/0xa30 [ 1256.084509][T16082] ? __rcu_read_unlock+0x66/0x2f0 [ 1256.089554][T16082] mem_cgroup_out_of_memory+0x12b/0x150 [ 1256.095120][T16082] try_charge+0xb60/0xbe0 [ 1256.099589][T16082] ? __rcu_read_unlock+0x66/0x2f0 [ 1256.104809][T16082] mem_cgroup_try_charge+0xd7/0x260 [ 1256.110143][T16082] mem_cgroup_try_charge_delay+0x36/0x70 [ 1256.115875][T16082] wp_page_copy+0x31a/0xf20 [ 1256.120444][T16082] ? __delayacct_freepages_end+0x7d/0x90 [ 1256.126089][T16082] ? kvm_clock_read+0x14/0x30 [ 1256.130820][T16082] ? kvm_sched_clock_read+0x5/0x10 [ 1256.136016][T16082] do_wp_page+0x185/0xcc0 [ 1256.140355][T16082] ? psi_task_change+0x1a4/0x2c0 [ 1256.145375][T16082] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1256.151284][T16082] __handle_mm_fault+0x1c5e/0x2cf0 [ 1256.156462][T16082] handle_mm_fault+0x21c/0x540 [ 1256.161259][T16082] do_page_fault+0x4a4/0xa52 [ 1256.165924][T16082] ? prepare_exit_to_usermode+0x165/0x1c0 [ 1256.171768][T16082] page_fault+0x34/0x40 [ 1256.175972][T16082] RIP: 0033:0x4114c8 [ 1256.179885][T16082] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 78 1d 4c 00 31 c0 e8 e3 09 ff ff 31 ff e8 2c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 11 87 00 [ 1256.199659][T16082] RSP: 002b:00007fff23ee3490 EFLAGS: 00010246 [ 1256.205945][T16082] RAX: 00000000df0d4adb RBX: 000000002c03fc4c RCX: 0000001b34320000 [ 1256.213923][T16082] RDX: 0000000000000000 RSI: 0000000000000adb RDI: ffffffffdf0d4adb [ 1256.221896][T16082] RBP: 0000000000000009 R08: 00000000df0d4adb R09: 00000000df0d4adf [ 1256.229868][T16082] R10: 00007fff23ee3630 R11: 0000000000000246 R12: 000000000076bfa8 09:01:52 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0xd000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:52 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xa000000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1256.237918][T16082] R13: 0000000080000000 R14: 00007f067ab1e008 R15: 0000000000000009 09:01:52 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x6, 0x0) close(r3) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x83, &(0x7f0000000240)={r5, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) r6 = socket$inet6(0xa, 0x6, 0x0) close(r6) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:52 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, 0x0) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:52 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0xe000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1256.481424][T16082] memory: usage 307200kB, limit 307200kB, failcnt 10788 [ 1256.490333][T16082] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1256.549423][T16082] Memory cgroup stats for /syz2: [ 1256.549635][T16082] anon 223948800 [ 1256.549635][T16082] file 0 [ 1256.549635][T16082] kernel_stack 10690560 [ 1256.549635][T16082] slab 14032896 [ 1256.549635][T16082] sock 0 [ 1256.549635][T16082] shmem 110592 [ 1256.549635][T16082] file_mapped 135168 [ 1256.549635][T16082] file_dirty 0 [ 1256.549635][T16082] file_writeback 0 [ 1256.549635][T16082] anon_thp 163577856 [ 1256.549635][T16082] inactive_anon 0 [ 1256.549635][T16082] active_anon 223952896 [ 1256.549635][T16082] inactive_file 0 [ 1256.549635][T16082] active_file 147456 [ 1256.549635][T16082] unevictable 0 [ 1256.549635][T16082] slab_reclaimable 1216512 [ 1256.549635][T16082] slab_unreclaimable 12816384 [ 1256.549635][T16082] pgfault 98736 [ 1256.549635][T16082] pgmajfault 0 [ 1256.549635][T16082] workingset_refault 660 [ 1256.549635][T16082] workingset_activate 198 [ 1256.549635][T16082] workingset_nodereclaim 0 [ 1256.549635][T16082] pgrefill 5143 [ 1256.549635][T16082] pgscan 19397 [ 1256.549635][T16082] pgsteal 13270 [ 1256.726621][T16082] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=16005,uid=0 [ 1256.745359][T16082] Memory cgroup out of memory: Killed process 16005 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1256.809942][ T7788] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1256.827956][ T7788] CPU: 0 PID: 7788 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1256.836610][ T7788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1256.846692][ T7788] Call Trace: [ 1256.850006][ T7788] dump_stack+0x11d/0x187 [ 1256.854353][ T7788] dump_header+0xa7/0x399 [ 1256.858698][ T7788] oom_kill_process.cold+0x10/0x15 [ 1256.863872][ T7788] out_of_memory+0x21d/0xa30 [ 1256.868508][ T7788] mem_cgroup_out_of_memory+0x12b/0x150 [ 1256.874079][ T7788] try_charge+0xb60/0xbe0 [ 1256.878521][ T7788] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1256.884100][ T7788] __memcg_kmem_charge+0xcd/0x1b0 [ 1256.889146][ T7788] __alloc_pages_nodemask+0x268/0x310 [ 1256.894552][ T7788] alloc_pages_current+0xca/0x170 [ 1256.899802][ T7788] pte_alloc_one+0x14/0x50 [ 1256.904257][ T7788] __pte_alloc+0x27/0x210 [ 1256.908607][ T7788] copy_page_range+0x1391/0x1a40 [ 1256.913653][ T7788] dup_mm+0x72e/0xb90 [ 1256.917685][ T7788] copy_process+0x39ad/0x3b10 [ 1256.922372][ T7788] ? _raw_spin_unlock+0x38/0x60 [ 1256.927294][ T7788] _do_fork+0xf7/0x790 [ 1256.931377][ T7788] ? __read_once_size+0x45/0xd0 [ 1256.936252][ T7788] ? ktime_get_ts64+0x286/0x2c0 [ 1256.941232][ T7788] __x64_sys_clone+0x12e/0x170 [ 1256.946078][ T7788] do_syscall_64+0xc7/0x390 [ 1256.950603][ T7788] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1256.956601][ T7788] RIP: 0033:0x45aa4a [ 1256.960510][ T7788] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1256.980147][ T7788] RSP: 002b:00007ffca9301c20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1256.988588][ T7788] RAX: ffffffffffffffda RBX: 00007ffca9301c20 RCX: 000000000045aa4a [ 1256.996567][ T7788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1257.004641][ T7788] RBP: 00007ffca9301c60 R08: 0000000000000001 R09: 00000000015e7940 [ 1257.012685][ T7788] R10: 00000000015e7c10 R11: 0000000000000246 R12: 0000000000000001 [ 1257.020668][ T7788] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffca9301cb0 [ 1257.036058][ T7788] memory: usage 307200kB, limit 307200kB, failcnt 6531 [ 1257.043443][ T7788] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1257.053945][ T7788] Memory cgroup stats for /syz0: [ 1257.054094][ T7788] anon 221429760 [ 1257.054094][ T7788] file 40960 [ 1257.054094][ T7788] kernel_stack 11685888 [ 1257.054094][ T7788] slab 15388672 [ 1257.054094][ T7788] sock 0 [ 1257.054094][ T7788] shmem 114688 [ 1257.054094][ T7788] file_mapped 135168 [ 1257.054094][ T7788] file_dirty 135168 [ 1257.054094][ T7788] file_writeback 0 [ 1257.054094][ T7788] anon_thp 161480704 [ 1257.054094][ T7788] inactive_anon 0 [ 1257.054094][ T7788] active_anon 221429760 [ 1257.054094][ T7788] inactive_file 0 [ 1257.054094][ T7788] active_file 16384 [ 1257.054094][ T7788] unevictable 0 09:01:53 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:53 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000000)) ptrace(0x10, 0x0) ptrace$getregset(0x4204, 0x0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:53 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0xf000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:53 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x6, 0x0) close(r3) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x83, &(0x7f0000000240)={r5, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) socket$inet6(0xa, 0x6, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1257.054094][ T7788] slab_reclaimable 1486848 [ 1257.054094][ T7788] slab_unreclaimable 13901824 [ 1257.054094][ T7788] pgfault 90156 [ 1257.054094][ T7788] pgmajfault 0 [ 1257.054094][ T7788] workingset_refault 1617 [ 1257.054094][ T7788] workingset_activate 330 [ 1257.054094][ T7788] workingset_nodereclaim 0 [ 1257.054094][ T7788] pgrefill 5323 [ 1257.054094][ T7788] pgscan 11753 [ 1257.054094][ T7788] pgsteal 3389 09:01:53 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x11000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1257.287986][ T7788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=20131,uid=0 [ 1257.358763][ T7788] Memory cgroup out of memory: Killed process 20131 (syz-executor.0) total-vm:74968kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:01:53 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xaf01000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:53 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x12000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1257.406593][ T1078] oom_reaper: reaped process 20131 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 09:01:53 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, 0x0) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1257.643811][T16143] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1257.691664][T16143] CPU: 0 PID: 16143 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1257.700467][T16143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1257.710522][T16143] Call Trace: [ 1257.713828][T16143] dump_stack+0x11d/0x187 [ 1257.718169][T16143] dump_header+0xa7/0x399 [ 1257.722528][T16143] oom_kill_process.cold+0x10/0x15 [ 1257.727657][T16143] out_of_memory+0x21d/0xa30 [ 1257.732327][T16143] ? __rcu_read_unlock+0x66/0x2f0 [ 1257.737449][T16143] mem_cgroup_out_of_memory+0x12b/0x150 [ 1257.743036][T16143] try_charge+0xb60/0xbe0 [ 1257.747388][T16143] ? __rcu_read_unlock+0x66/0x2f0 [ 1257.752440][T16143] mem_cgroup_try_charge+0xd7/0x260 [ 1257.757656][T16143] mem_cgroup_try_charge_delay+0x36/0x70 [ 1257.763350][T16143] wp_page_copy+0x31a/0xf20 [ 1257.767874][T16143] ? balance_dirty_pages_ratelimited+0xb5/0xa20 [ 1257.774227][T16143] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1257.780272][T16143] ? debug_smp_processor_id+0x3f/0x129 [ 1257.785752][T16143] do_wp_page+0x185/0xcc0 09:01:53 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0xffffffffffffffff, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1257.790116][T16143] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1257.796208][T16143] __handle_mm_fault+0x1c5e/0x2cf0 [ 1257.801430][T16143] handle_mm_fault+0x21c/0x540 [ 1257.806207][T16143] do_page_fault+0x4a4/0xa52 [ 1257.810819][T16143] ? prepare_exit_to_usermode+0x165/0x1c0 [ 1257.816576][T16143] page_fault+0x34/0x40 [ 1257.820740][T16143] RIP: 0033:0x4114c8 09:01:54 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x13000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1257.824639][T16143] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 78 1d 4c 00 31 c0 e8 e3 09 ff ff 31 ff e8 2c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 11 87 00 [ 1257.844247][T16143] RSP: 002b:00007fff23ee3490 EFLAGS: 00010246 [ 1257.850318][T16143] RAX: 00000000d24bf264 RBX: 000000009cceb83c RCX: 0000001b34320000 [ 1257.858396][T16143] RDX: 0000000000000000 RSI: 0000000000001264 RDI: ffffffffd24bf264 [ 1257.866376][T16143] RBP: 0000000000000001 R08: 00000000d24bf264 R09: 00000000d24bf268 [ 1257.874352][T16143] R10: 00007fff23ee3630 R11: 0000000000000246 R12: 000000000076bfa8 [ 1257.882326][T16143] R13: 0000000080000000 R14: 00007f067ab1e008 R15: 0000000000000001 09:01:54 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x14000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:54 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x6, 0x0) close(r3) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x83, &(0x7f0000000240)={r5, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1258.109240][T16143] memory: usage 307200kB, limit 307200kB, failcnt 10832 [ 1258.124155][T16143] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1258.147955][T16143] Memory cgroup stats for /syz2: [ 1258.148159][T16143] anon 223948800 [ 1258.148159][T16143] file 0 [ 1258.148159][T16143] kernel_stack 10690560 [ 1258.148159][T16143] slab 14032896 [ 1258.148159][T16143] sock 0 [ 1258.148159][T16143] shmem 110592 [ 1258.148159][T16143] file_mapped 135168 [ 1258.148159][T16143] file_dirty 0 [ 1258.148159][T16143] file_writeback 0 [ 1258.148159][T16143] anon_thp 163577856 [ 1258.148159][T16143] inactive_anon 0 [ 1258.148159][T16143] active_anon 223952896 [ 1258.148159][T16143] inactive_file 0 [ 1258.148159][T16143] active_file 147456 [ 1258.148159][T16143] unevictable 0 [ 1258.148159][T16143] slab_reclaimable 1216512 09:01:54 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1258.148159][T16143] slab_unreclaimable 12816384 [ 1258.148159][T16143] pgfault 98802 [ 1258.148159][T16143] pgmajfault 0 [ 1258.148159][T16143] workingset_refault 660 [ 1258.148159][T16143] workingset_activate 198 [ 1258.148159][T16143] workingset_nodereclaim 0 [ 1258.148159][T16143] pgrefill 5143 [ 1258.148159][T16143] pgscan 19463 [ 1258.148159][T16143] pgsteal 13270 [ 1258.444827][T16143] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=16089,uid=0 [ 1258.484547][T16143] Memory cgroup out of memory: Killed process 16089 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:01:54 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x15000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:54 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000000)) ptrace(0x10, 0x0) ptrace$getregset(0x4204, 0x0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:54 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xba00000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:54 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x16000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:54 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0xffffffffffffffff, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1258.801150][T16216] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1258.823888][T16216] CPU: 1 PID: 16216 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1258.832609][T16216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1258.842669][T16216] Call Trace: [ 1258.846005][T16216] dump_stack+0x11d/0x187 [ 1258.850353][T16216] dump_header+0xa7/0x399 [ 1258.854717][T16216] oom_kill_process.cold+0x10/0x15 [ 1258.859845][T16216] out_of_memory+0x21d/0xa30 [ 1258.864448][T16216] ? __rcu_read_unlock+0x66/0x2f0 [ 1258.869501][T16216] mem_cgroup_out_of_memory+0x12b/0x150 [ 1258.875100][T16216] try_charge+0xb60/0xbe0 [ 1258.879456][T16216] ? __rcu_read_unlock+0x66/0x2f0 [ 1258.884507][T16216] mem_cgroup_try_charge+0xd7/0x260 [ 1258.889750][T16216] mem_cgroup_try_charge_delay+0x36/0x70 [ 1258.895413][T16216] wp_page_copy+0x31a/0xf20 [ 1258.899934][T16216] ? __delayacct_freepages_end+0x7d/0x90 [ 1258.905608][T16216] ? kvm_clock_read+0x14/0x30 [ 1258.910300][T16216] ? kvm_sched_clock_read+0x5/0x10 [ 1258.915425][T16216] do_wp_page+0x185/0xcc0 [ 1258.919757][T16216] ? psi_task_change+0x1a4/0x2c0 [ 1258.924706][T16216] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1258.930648][T16216] __handle_mm_fault+0x1c5e/0x2cf0 [ 1258.935795][T16216] handle_mm_fault+0x21c/0x540 [ 1258.940685][T16216] do_page_fault+0x4a4/0xa52 [ 1258.945296][T16216] ? prepare_exit_to_usermode+0x165/0x1c0 [ 1258.951211][T16216] page_fault+0x34/0x40 [ 1258.955437][T16216] RIP: 0033:0x4114c8 [ 1258.959352][T16216] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 78 1d 4c 00 31 c0 e8 e3 09 ff ff 31 ff e8 2c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 11 87 00 [ 1258.978991][T16216] RSP: 002b:00007fff23ee3490 EFLAGS: 00010246 [ 1258.985060][T16216] RAX: 000000007a3b6050 RBX: 00000000872956bf RCX: 0000001b34320000 [ 1258.993087][T16216] RDX: 0000000000000000 RSI: 0000000000000050 RDI: ffffffff7a3b6050 09:01:55 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x6, 0x0) close(r3) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1259.001142][T16216] RBP: 0000000000000005 R08: 000000007a3b6050 R09: 000000007a3b6054 [ 1259.009119][T16216] R10: 00007fff23ee3630 R11: 0000000000000246 R12: 000000000076bfa8 [ 1259.017116][T16216] R13: 0000000080000000 R14: 00007f067ab1e008 R15: 0000000000000005 [ 1259.057147][T16216] memory: usage 307200kB, limit 307200kB, failcnt 10870 [ 1259.067833][T16216] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1259.075455][T16216] Memory cgroup stats for /syz2: [ 1259.075620][T16216] anon 224006144 [ 1259.075620][T16216] file 0 [ 1259.075620][T16216] kernel_stack 10690560 [ 1259.075620][T16216] slab 14032896 [ 1259.075620][T16216] sock 0 [ 1259.075620][T16216] shmem 110592 [ 1259.075620][T16216] file_mapped 135168 [ 1259.075620][T16216] file_dirty 0 [ 1259.075620][T16216] file_writeback 0 [ 1259.075620][T16216] anon_thp 163577856 [ 1259.075620][T16216] inactive_anon 0 [ 1259.075620][T16216] active_anon 224010240 [ 1259.075620][T16216] inactive_file 0 [ 1259.075620][T16216] active_file 147456 [ 1259.075620][T16216] unevictable 0 [ 1259.075620][T16216] slab_reclaimable 1216512 [ 1259.075620][T16216] slab_unreclaimable 12816384 [ 1259.075620][T16216] pgfault 98868 [ 1259.075620][T16216] pgmajfault 0 [ 1259.075620][T16216] workingset_refault 660 [ 1259.075620][T16216] workingset_activate 198 [ 1259.075620][T16216] workingset_nodereclaim 0 [ 1259.075620][T16216] pgrefill 5143 [ 1259.075620][T16216] pgscan 19529 [ 1259.075620][T16216] pgsteal 13270 09:01:55 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x17000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1259.212086][T16216] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17500,uid=0 [ 1259.229242][T16216] Memory cgroup out of memory: Killed process 17500 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:01:55 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000000)) ptrace(0x10, 0x0) ptrace$getregset(0x4204, 0x0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:55 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:55 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x18000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:55 executing program 2: r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1259.675128][ T7803] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1259.726867][ T7803] CPU: 1 PID: 7803 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1259.735550][ T7803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1259.745628][ T7803] Call Trace: [ 1259.748965][ T7803] dump_stack+0x11d/0x187 [ 1259.753372][ T7803] dump_header+0xa7/0x399 [ 1259.757685][ T7803] oom_kill_process.cold+0x10/0x15 [ 1259.762837][ T7803] out_of_memory+0x21d/0xa30 [ 1259.767414][ T7803] ? __rcu_read_unlock+0x66/0x2f0 [ 1259.772452][ T7803] mem_cgroup_out_of_memory+0x12b/0x150 [ 1259.778009][ T7803] try_charge+0xb60/0xbe0 [ 1259.782385][ T7803] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1259.787870][ T7803] __memcg_kmem_charge+0xcd/0x1b0 [ 1259.792901][ T7803] __alloc_pages_nodemask+0x268/0x310 [ 1259.798282][ T7803] alloc_pages_current+0xca/0x170 [ 1259.803320][ T7803] pte_alloc_one+0x14/0x50 [ 1259.807761][ T7803] __pte_alloc+0x27/0x210 [ 1259.812101][ T7803] copy_page_range+0x1391/0x1a40 [ 1259.817083][ T7803] ? anon_vma_interval_tree_insert+0x1bd/0x240 [ 1259.823264][ T7803] ? __rb_rotate_set_parents+0x96/0xe0 [ 1259.828810][ T7803] ? __rb_insert_augmented+0x11b/0x360 [ 1259.834253][ T7803] ? __vma_link_rb+0x3ed/0x440 [ 1259.839003][ T7803] dup_mm+0x72e/0xb90 [ 1259.842976][ T7803] copy_process+0x39ad/0x3b10 [ 1259.847658][ T7803] ? _raw_spin_unlock+0x38/0x60 [ 1259.852522][ T7803] _do_fork+0xf7/0x790 [ 1259.856664][ T7803] ? __read_once_size+0x45/0xd0 [ 1259.861608][ T7803] ? ktime_get_ts64+0x286/0x2c0 [ 1259.866471][ T7803] __x64_sys_clone+0x12e/0x170 [ 1259.871271][ T7803] do_syscall_64+0xc7/0x390 [ 1259.875795][ T7803] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1259.881689][ T7803] RIP: 0033:0x45aa4a [ 1259.885593][ T7803] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1259.905248][ T7803] RSP: 002b:00007fff23ee36c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1259.913700][ T7803] RAX: ffffffffffffffda RBX: 00007fff23ee36c0 RCX: 000000000045aa4a 09:01:56 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x19000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:56 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x1a000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:56 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0xffffffffffffffff, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1259.921675][ T7803] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1259.929728][ T7803] RBP: 00007fff23ee3700 R08: 0000000000000001 R09: 0000000000fd8940 [ 1259.937696][ T7803] R10: 0000000000fd8c10 R11: 0000000000000246 R12: 0000000000000001 [ 1259.945675][ T7803] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff23ee3750 09:01:56 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xba0f000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1259.977982][ T7803] memory: usage 307200kB, limit 307200kB, failcnt 10897 [ 1259.985344][ T7803] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1259.994758][ T7803] Memory cgroup stats for /syz2: [ 1259.994953][ T7803] anon 223911936 [ 1259.994953][ T7803] file 0 [ 1259.994953][ T7803] kernel_stack 10690560 [ 1259.994953][ T7803] slab 14032896 [ 1259.994953][ T7803] sock 0 [ 1259.994953][ T7803] shmem 110592 [ 1259.994953][ T7803] file_mapped 135168 [ 1259.994953][ T7803] file_dirty 0 [ 1259.994953][ T7803] file_writeback 0 [ 1259.994953][ T7803] anon_thp 163577856 [ 1259.994953][ T7803] inactive_anon 0 [ 1259.994953][ T7803] active_anon 223916032 [ 1259.994953][ T7803] inactive_file 0 [ 1259.994953][ T7803] active_file 147456 [ 1259.994953][ T7803] unevictable 0 [ 1259.994953][ T7803] slab_reclaimable 1216512 [ 1259.994953][ T7803] slab_unreclaimable 12816384 [ 1259.994953][ T7803] pgfault 98967 [ 1259.994953][ T7803] pgmajfault 0 [ 1259.994953][ T7803] workingset_refault 660 [ 1259.994953][ T7803] workingset_activate 198 09:01:56 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x6, 0x0) close(r3) socket$inet(0x2, 0x80001, 0x84) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1259.994953][ T7803] workingset_nodereclaim 0 [ 1259.994953][ T7803] pgrefill 5143 [ 1259.994953][ T7803] pgscan 19529 [ 1259.994953][ T7803] pgsteal 13270 [ 1260.170580][ T7803] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17446,uid=0 [ 1260.187562][ T7803] Memory cgroup out of memory: Killed process 17446 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1260.247589][ T1078] oom_reaper: reaped process 17446 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 09:01:56 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x1b000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:56 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:56 executing program 2: r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:56 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x1c000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:56 executing program 2: r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:56 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x1d000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:57 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:57 executing program 2: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:57 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x6, 0x0) close(r3) socket$inet(0x2, 0x80001, 0x84) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:57 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x1e000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:57 executing program 2: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:57 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xc003000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:01:57 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x1f000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:57 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:01:57 executing program 2: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:57 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x20000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:57 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:58 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:58 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x21000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:58 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x6, 0x0) close(r3) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:58 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x22000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1262.279062][T16393] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1262.319470][T16393] CPU: 0 PID: 16393 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1262.328177][T16393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1262.338254][T16393] Call Trace: [ 1262.341562][T16393] dump_stack+0x11d/0x187 [ 1262.345914][T16393] dump_header+0xa7/0x399 [ 1262.350316][T16393] oom_kill_process.cold+0x10/0x15 [ 1262.355454][T16393] out_of_memory+0x21d/0xa30 [ 1262.360056][T16393] ? __rcu_read_unlock+0x66/0x2f0 [ 1262.365099][T16393] mem_cgroup_out_of_memory+0x12b/0x150 [ 1262.370703][T16393] try_charge+0xb60/0xbe0 [ 1262.375052][T16393] ? __rcu_read_unlock+0x66/0x2f0 [ 1262.380103][T16393] ? __rcu_read_unlock+0x66/0x2f0 [ 1262.385233][T16393] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1262.390736][T16393] __memcg_kmem_charge+0xcd/0x1b0 [ 1262.395860][T16393] copy_process+0x12bc/0x3b10 [ 1262.400598][T16393] _do_fork+0xf7/0x790 [ 1262.404681][T16393] ? __read_once_size+0x45/0xd0 [ 1262.409554][T16393] ? ktime_get_ts64+0x286/0x2c0 [ 1262.414478][T16393] __x64_sys_clone+0x12e/0x170 [ 1262.419270][T16393] do_syscall_64+0xc7/0x390 [ 1262.423855][T16393] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1262.429763][T16393] RIP: 0033:0x45c479 [ 1262.433692][T16393] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1262.453384][T16393] RSP: 002b:00007f30b4712c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1262.461887][T16393] RAX: ffffffffffffffda RBX: 00007f30b47136d4 RCX: 000000000045c479 09:01:58 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x23000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:58 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xcc03000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1262.469869][T16393] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 00000000000041fc [ 1262.477855][T16393] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1262.485899][T16393] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1262.493875][T16393] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c [ 1262.507079][T16393] memory: usage 307200kB, limit 307200kB, failcnt 5220 [ 1262.514687][T16393] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1262.536051][T16393] Memory cgroup stats for /syz5: [ 1262.536312][T16393] anon 273264640 [ 1262.536312][T16393] file 180224 [ 1262.536312][T16393] kernel_stack 4902912 [ 1262.536312][T16393] slab 7131136 [ 1262.536312][T16393] sock 0 [ 1262.536312][T16393] shmem 0 [ 1262.536312][T16393] file_mapped 135168 [ 1262.536312][T16393] file_dirty 0 [ 1262.536312][T16393] file_writeback 0 [ 1262.536312][T16393] anon_thp 247463936 [ 1262.536312][T16393] inactive_anon 0 [ 1262.536312][T16393] active_anon 273276928 [ 1262.536312][T16393] inactive_file 0 [ 1262.536312][T16393] active_file 90112 [ 1262.536312][T16393] unevictable 0 [ 1262.536312][T16393] slab_reclaimable 946176 [ 1262.536312][T16393] slab_unreclaimable 6184960 [ 1262.536312][T16393] pgfault 138072 [ 1262.536312][T16393] pgmajfault 0 [ 1262.536312][T16393] workingset_refault 1254 [ 1262.536312][T16393] workingset_activate 198 [ 1262.536312][T16393] workingset_nodereclaim 0 09:01:58 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x0, &(0x7f0000000100)}], 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1262.536312][T16393] pgrefill 3773 [ 1262.536312][T16393] pgscan 14881 [ 1262.536312][T16393] pgsteal 8133 09:01:58 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x24000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:58 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:59 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:01:59 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x25000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1262.981432][T16393] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=7026,uid=0 [ 1263.037273][T16393] Memory cgroup out of memory: Killed process 7026 (syz-executor.5) total-vm:74968kB, anon-rss:2220kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1263.178675][T16392] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1263.218872][T16392] CPU: 0 PID: 16392 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1263.227586][T16392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1263.237640][T16392] Call Trace: [ 1263.240942][T16392] dump_stack+0x11d/0x187 [ 1263.245315][T16392] dump_header+0xa7/0x399 [ 1263.249669][T16392] oom_kill_process.cold+0x10/0x15 [ 1263.254818][T16392] out_of_memory+0x21d/0xa30 [ 1263.259453][T16392] mem_cgroup_out_of_memory+0x12b/0x150 [ 1263.265016][T16392] try_charge+0x7ed/0xbe0 [ 1263.269370][T16392] ? __rcu_read_unlock+0x66/0x2f0 [ 1263.274419][T16392] mem_cgroup_try_charge+0xd7/0x260 [ 1263.279635][T16392] mem_cgroup_try_charge_delay+0x36/0x70 [ 1263.285279][T16392] __handle_mm_fault+0x18f1/0x2cf0 [ 1263.290463][T16392] handle_mm_fault+0x21c/0x540 [ 1263.295245][T16392] do_page_fault+0x4a4/0xa52 [ 1263.299848][T16392] ? do_syscall_64+0x27f/0x390 [ 1263.304624][T16392] page_fault+0x34/0x40 [ 1263.308784][T16392] RIP: 0033:0x413c6f [ 1263.312685][T16392] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 1263.332313][T16392] RSP: 002b:00007ffd307688a0 EFLAGS: 00010206 [ 1263.338382][T16392] RAX: 00007f30b46d2000 RBX: 0000000000020000 RCX: 000000000045c4ca [ 1263.346358][T16392] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1263.354336][T16392] RBP: 00007ffd30768980 R08: ffffffffffffffff R09: 0000000000000000 09:01:59 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x26000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1263.362314][T16392] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd30768a70 [ 1263.370293][T16392] R13: 00007f30b46f2700 R14: 0000000000000001 R15: 000000000076bfcc [ 1263.441592][T16392] memory: usage 304872kB, limit 307200kB, failcnt 5220 [ 1263.471116][T16392] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1263.503786][T16392] Memory cgroup stats for /syz5: [ 1263.503941][T16392] anon 271142912 [ 1263.503941][T16392] file 180224 [ 1263.503941][T16392] kernel_stack 4902912 [ 1263.503941][T16392] slab 7131136 [ 1263.503941][T16392] sock 0 [ 1263.503941][T16392] shmem 0 [ 1263.503941][T16392] file_mapped 135168 [ 1263.503941][T16392] file_dirty 0 [ 1263.503941][T16392] file_writeback 0 [ 1263.503941][T16392] anon_thp 245366784 [ 1263.503941][T16392] inactive_anon 0 [ 1263.503941][T16392] active_anon 271155200 [ 1263.503941][T16392] inactive_file 0 [ 1263.503941][T16392] active_file 90112 [ 1263.503941][T16392] unevictable 0 [ 1263.503941][T16392] slab_reclaimable 946176 [ 1263.503941][T16392] slab_unreclaimable 6184960 [ 1263.503941][T16392] pgfault 138072 [ 1263.503941][T16392] pgmajfault 0 [ 1263.503941][T16392] workingset_refault 1254 [ 1263.503941][T16392] workingset_activate 198 [ 1263.503941][T16392] workingset_nodereclaim 0 [ 1263.503941][T16392] pgrefill 3773 [ 1263.503941][T16392] pgscan 14881 [ 1263.503941][T16392] pgsteal 8133 09:01:59 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x27000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:01:59 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x0, &(0x7f0000000100)}], 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1263.667519][T16392] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=6883,uid=0 [ 1263.683624][T16392] Memory cgroup out of memory: Killed process 6883 (syz-executor.5) total-vm:74968kB, anon-rss:2220kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1263.757960][T16442] ptrace attach of "/root/syz-executor.5"[16392] was attempted by "/root/syz-executor.5"[16442] 09:02:00 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x6, 0x0) close(r3) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:00 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:00 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xd003000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:00 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:00 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x28000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1264.223316][T16482] ptrace attach of "/root/syz-executor.5"[16477] was attempted by "/root/syz-executor.5"[16482] [ 1264.244489][T16473] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1264.259833][T16473] CPU: 1 PID: 16473 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1264.268513][T16473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1264.278565][T16473] Call Trace: [ 1264.281897][T16473] dump_stack+0x11d/0x187 [ 1264.286256][T16473] dump_header+0xa7/0x399 [ 1264.290599][T16473] oom_kill_process.cold+0x10/0x15 [ 1264.295721][T16473] out_of_memory+0x21d/0xa30 [ 1264.300375][T16473] ? __rcu_read_unlock+0x66/0x2f0 [ 1264.305413][T16473] mem_cgroup_out_of_memory+0x12b/0x150 [ 1264.310976][T16473] try_charge+0xb60/0xbe0 [ 1264.315355][T16473] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1264.320830][T16473] __memcg_kmem_charge+0xcd/0x1b0 [ 1264.325932][T16473] __alloc_pages_nodemask+0x268/0x310 [ 1264.331323][T16473] alloc_pages_current+0xca/0x170 [ 1264.336440][T16473] __pmd_alloc+0x48/0x2b0 [ 1264.340861][T16473] __handle_mm_fault+0x967/0x2cf0 [ 1264.345916][T16473] handle_mm_fault+0x21c/0x540 [ 1264.350700][T16473] do_page_fault+0x4a4/0xa52 [ 1264.355315][T16473] ? do_syscall_64+0x27f/0x390 [ 1264.360094][T16473] page_fault+0x34/0x40 [ 1264.364277][T16473] RIP: 0033:0x401c27 [ 1264.368201][T16473] Code: 00 00 00 48 83 ec 08 48 8b 15 6d 0a 88 00 48 8b 05 5e 0a 88 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 40 0a 88 00 48 83 c4 08 c3 48 89 c6 bf d0 ef 4c 00 [ 1264.387860][T16473] RSP: 002b:00007ffca9301ab0 EFLAGS: 00010287 [ 1264.393938][T16473] RAX: 0000001b32720000 RBX: 0000000000000000 RCX: 0000001b33720000 [ 1264.401918][T16473] RDX: 0000001b32720004 RSI: 00007ffca9301870 RDI: 0000000000000000 [ 1264.409898][T16473] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004 09:02:00 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x6, 0x0) close(r3) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1264.417978][T16473] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 1264.426038][T16473] R13: 00007ffca9301ca0 R14: 0000000000000000 R15: 00007ffca9301cb0 09:02:00 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x29000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1264.687376][T16473] memory: usage 307200kB, limit 307200kB, failcnt 6578 [ 1264.709492][T16473] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1264.751798][T16473] Memory cgroup stats for /syz0: [ 1264.752038][T16473] anon 220184576 [ 1264.752038][T16473] file 40960 [ 1264.752038][T16473] kernel_stack 11796480 [ 1264.752038][T16473] slab 15523840 [ 1264.752038][T16473] sock 0 [ 1264.752038][T16473] shmem 114688 [ 1264.752038][T16473] file_mapped 135168 [ 1264.752038][T16473] file_dirty 135168 [ 1264.752038][T16473] file_writeback 0 [ 1264.752038][T16473] anon_thp 159383552 [ 1264.752038][T16473] inactive_anon 0 [ 1264.752038][T16473] active_anon 220184576 09:02:01 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1264.752038][T16473] inactive_file 0 [ 1264.752038][T16473] active_file 16384 [ 1264.752038][T16473] unevictable 0 [ 1264.752038][T16473] slab_reclaimable 1486848 [ 1264.752038][T16473] slab_unreclaimable 14036992 [ 1264.752038][T16473] pgfault 90783 [ 1264.752038][T16473] pgmajfault 0 [ 1264.752038][T16473] workingset_refault 1617 [ 1264.752038][T16473] workingset_activate 330 [ 1264.752038][T16473] workingset_nodereclaim 0 [ 1264.752038][T16473] pgrefill 5356 [ 1264.752038][T16473] pgscan 11786 [ 1264.752038][T16473] pgsteal 3389 09:02:01 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x2a000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:02:01 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x0, &(0x7f0000000100)}], 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:01 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xd401000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1265.040282][T16473] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19971,uid=0 [ 1265.059780][T16473] Memory cgroup out of memory: Killed process 19971 (syz-executor.0) total-vm:74968kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:01 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x2b000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:02:01 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$inet6(0xa, 0x6, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:01 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x2c000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:02:01 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:02 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:02 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x2d000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:02:02 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100)}], 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1266.175113][T16552] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1266.205708][T16552] CPU: 0 PID: 16552 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1266.214467][T16552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1266.224521][T16552] Call Trace: [ 1266.227828][T16552] dump_stack+0x11d/0x187 [ 1266.232175][T16552] dump_header+0xa7/0x399 [ 1266.236524][T16552] oom_kill_process.cold+0x10/0x15 [ 1266.241659][T16552] out_of_memory+0x21d/0xa30 [ 1266.246342][T16552] ? __rcu_read_unlock+0x66/0x2f0 [ 1266.251458][T16552] mem_cgroup_out_of_memory+0x12b/0x150 [ 1266.257053][T16552] try_charge+0xb60/0xbe0 [ 1266.261417][T16552] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1266.266907][T16552] __memcg_kmem_charge+0xcd/0x1b0 [ 1266.271950][T16552] __alloc_pages_nodemask+0x268/0x310 [ 1266.277547][T16552] alloc_pages_current+0xca/0x170 [ 1266.282605][T16552] pte_alloc_one+0x14/0x50 [ 1266.287028][T16552] __do_fault+0x120/0x1e0 [ 1266.291373][T16552] __handle_mm_fault+0x1d2d/0x2cf0 [ 1266.296557][T16552] handle_mm_fault+0x21c/0x540 [ 1266.301341][T16552] do_page_fault+0x4a4/0xa52 [ 1266.305999][T16552] ? do_syscall_64+0x27f/0x390 [ 1266.310779][T16552] page_fault+0x34/0x40 [ 1266.314933][T16552] RIP: 0033:0x401c27 [ 1266.318890][T16552] Code: 00 00 00 48 83 ec 08 48 8b 15 6d 0a 88 00 48 8b 05 5e 0a 88 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 40 0a 88 00 48 83 c4 08 c3 48 89 c6 bf d0 ef 4c 00 [ 1266.338492][T16552] RSP: 002b:00007ffca9301ab0 EFLAGS: 00010287 [ 1266.344552][T16552] RAX: 0000001b32720000 RBX: 0000000000000000 RCX: 0000001b33720000 [ 1266.352522][T16552] RDX: 0000001b32720004 RSI: 00007ffca9301870 RDI: 0000000000000000 [ 1266.360576][T16552] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004 09:02:02 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xd403000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:02 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x2e000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:02:02 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1266.368652][T16552] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 1266.376631][T16552] R13: 00007ffca9301ca0 R14: 0000000000000000 R15: 00007ffca9301cb0 [ 1266.485123][T16552] memory: usage 307200kB, limit 307200kB, failcnt 6600 [ 1266.492646][T16552] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1266.500629][T16552] Memory cgroup stats for /syz0: [ 1266.500758][T16552] anon 220205056 [ 1266.500758][T16552] file 40960 [ 1266.500758][T16552] kernel_stack 11759616 [ 1266.500758][T16552] slab 15523840 [ 1266.500758][T16552] sock 0 [ 1266.500758][T16552] shmem 114688 [ 1266.500758][T16552] file_mapped 135168 [ 1266.500758][T16552] file_dirty 135168 [ 1266.500758][T16552] file_writeback 0 [ 1266.500758][T16552] anon_thp 159383552 [ 1266.500758][T16552] inactive_anon 0 [ 1266.500758][T16552] active_anon 220205056 [ 1266.500758][T16552] inactive_file 0 [ 1266.500758][T16552] active_file 16384 [ 1266.500758][T16552] unevictable 0 [ 1266.500758][T16552] slab_reclaimable 1486848 [ 1266.500758][T16552] slab_unreclaimable 14036992 [ 1266.500758][T16552] pgfault 90849 [ 1266.500758][T16552] pgmajfault 0 [ 1266.500758][T16552] workingset_refault 1617 [ 1266.500758][T16552] workingset_activate 330 09:02:02 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x2f000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1266.500758][T16552] workingset_nodereclaim 0 [ 1266.500758][T16552] pgrefill 5389 [ 1266.500758][T16552] pgscan 11786 [ 1266.500758][T16552] pgsteal 3389 [ 1266.609675][T16552] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19917,uid=0 09:02:02 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1266.627789][T16552] Memory cgroup out of memory: Killed process 19917 (syz-executor.0) total-vm:74968kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1266.653277][ T1078] oom_reaper: reaped process 19917 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 09:02:03 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x30000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1266.847852][T16552] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1266.906785][T16552] CPU: 0 PID: 16552 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1266.915517][T16552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1266.925569][T16552] Call Trace: [ 1266.928880][T16552] dump_stack+0x11d/0x187 [ 1266.933234][T16552] dump_header+0xa7/0x399 [ 1266.937577][T16552] oom_kill_process.cold+0x10/0x15 [ 1266.942708][T16552] out_of_memory+0x21d/0xa30 [ 1266.947309][T16552] ? __rcu_read_unlock+0x66/0x2f0 [ 1266.952401][T16552] mem_cgroup_out_of_memory+0x12b/0x150 [ 1266.958045][T16552] try_charge+0xb60/0xbe0 [ 1266.962392][T16552] ? __rcu_read_unlock+0x66/0x2f0 [ 1266.967428][T16552] ? __rcu_read_unlock+0x66/0x2f0 [ 1266.972469][T16552] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1266.978077][T16552] __memcg_kmem_charge+0xcd/0x1b0 [ 1266.983117][T16552] copy_process+0x12bc/0x3b10 [ 1266.987807][T16552] ? kvm_clock_read+0x14/0x30 [ 1266.992495][T16552] ? kvm_sched_clock_read+0x5/0x10 [ 1266.997645][T16552] ? sched_clock+0xf/0x20 [ 1267.001989][T16552] ? sched_clock_cpu+0x10/0xd0 [ 1267.006762][T16552] ? record_times+0x10/0x80 [ 1267.011291][T16552] _do_fork+0xf7/0x790 [ 1267.015480][T16552] ? __rcu_read_unlock+0x66/0x2f0 [ 1267.020521][T16552] ? blkcg_maybe_throttle_current+0x249/0x5a0 [ 1267.026622][T16552] __x64_sys_clone+0x12e/0x170 [ 1267.031408][T16552] do_syscall_64+0xc7/0x390 [ 1267.035995][T16552] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1267.041895][T16552] RIP: 0033:0x45ee49 [ 1267.045796][T16552] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1267.065405][T16552] RSP: 002b:00007ffca9301988 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1267.073846][T16552] RAX: ffffffffffffffda RBX: 00007f6633609700 RCX: 000000000045ee49 [ 1267.081828][T16552] RDX: 00007f66336099d0 RSI: 00007f6633608db0 RDI: 00000000003d0f00 [ 1267.089829][T16552] RBP: 00007ffca9301ba0 R08: 00007f6633609700 R09: 00007f6633609700 [ 1267.097809][T16552] R10: 00007f66336099d0 R11: 0000000000000202 R12: 0000000000000000 09:02:03 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x31000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1267.105853][T16552] R13: 00007ffca9301a3f R14: 00007f66336099c0 R15: 000000000076c06c [ 1267.120314][T16552] memory: usage 307056kB, limit 307200kB, failcnt 6621 [ 1267.128048][T16552] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1267.136069][T16552] Memory cgroup stats for /syz0: [ 1267.136215][T16552] anon 220282880 [ 1267.136215][T16552] file 40960 [ 1267.136215][T16552] kernel_stack 11796480 [ 1267.136215][T16552] slab 15523840 [ 1267.136215][T16552] sock 0 [ 1267.136215][T16552] shmem 114688 [ 1267.136215][T16552] file_mapped 135168 [ 1267.136215][T16552] file_dirty 135168 [ 1267.136215][T16552] file_writeback 0 [ 1267.136215][T16552] anon_thp 159383552 [ 1267.136215][T16552] inactive_anon 0 [ 1267.136215][T16552] active_anon 220282880 [ 1267.136215][T16552] inactive_file 0 [ 1267.136215][T16552] active_file 16384 [ 1267.136215][T16552] unevictable 0 [ 1267.136215][T16552] slab_reclaimable 1486848 [ 1267.136215][T16552] slab_unreclaimable 14036992 [ 1267.136215][T16552] pgfault 90882 09:02:03 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100)}], 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:03 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r1) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1267.136215][T16552] pgmajfault 0 [ 1267.136215][T16552] workingset_refault 1617 [ 1267.136215][T16552] workingset_activate 330 [ 1267.136215][T16552] workingset_nodereclaim 0 [ 1267.136215][T16552] pgrefill 5389 [ 1267.136215][T16552] pgscan 11786 [ 1267.136215][T16552] pgsteal 3389 [ 1267.304805][T16552] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19866,uid=0 [ 1267.321181][T16552] Memory cgroup out of memory: Killed process 19866 (syz-executor.0) total-vm:74968kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1267.485187][T16583] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1267.524221][T16583] CPU: 1 PID: 16583 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1267.532961][T16583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1267.543017][T16583] Call Trace: [ 1267.546329][T16583] dump_stack+0x11d/0x187 [ 1267.550667][T16583] dump_header+0xa7/0x399 [ 1267.555082][T16583] oom_kill_process.cold+0x10/0x15 [ 1267.560201][T16583] out_of_memory+0x21d/0xa30 [ 1267.564878][T16583] mem_cgroup_out_of_memory+0x12b/0x150 [ 1267.570451][T16583] try_charge+0xb60/0xbe0 [ 1267.574831][T16583] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1267.580388][T16583] __memcg_kmem_charge+0xcd/0x1b0 [ 1267.585432][T16583] __alloc_pages_nodemask+0x268/0x310 [ 1267.590824][T16583] alloc_pages_current+0xca/0x170 [ 1267.595882][T16583] __pmd_alloc+0x48/0x2b0 [ 1267.600332][T16583] __handle_mm_fault+0x967/0x2cf0 [ 1267.605355][T16583] handle_mm_fault+0x21c/0x540 [ 1267.610121][T16583] do_page_fault+0x4a4/0xa52 [ 1267.614728][T16583] ? do_syscall_64+0x27f/0x390 [ 1267.619498][T16583] page_fault+0x34/0x40 [ 1267.623651][T16583] RIP: 0033:0x401c27 [ 1267.627574][T16583] Code: 00 00 00 48 83 ec 08 48 8b 15 6d 0a 88 00 48 8b 05 5e 0a 88 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 40 0a 88 00 48 83 c4 08 c3 48 89 c6 bf d0 ef 4c 00 [ 1267.647161][T16583] RSP: 002b:00007fff23ee3550 EFLAGS: 00010287 [ 1267.653265][T16583] RAX: 0000001b33320000 RBX: 0000000000000000 RCX: 0000001b34320000 [ 1267.661224][T16583] RDX: 0000001b33320004 RSI: 00007fff23ee3310 RDI: 0000000000000000 [ 1267.669184][T16583] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004 [ 1267.677147][T16583] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 09:02:03 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:03 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x32000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:02:03 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xe403000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1267.685146][T16583] R13: 00007fff23ee3740 R14: 0000000000000000 R15: 00007fff23ee3750 [ 1267.703613][T16583] memory: usage 307192kB, limit 307200kB, failcnt 10934 [ 1267.719779][T16583] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1267.736226][T16583] Memory cgroup stats for /syz2: [ 1267.736360][T16583] anon 222789632 [ 1267.736360][T16583] file 0 [ 1267.736360][T16583] kernel_stack 10801152 [ 1267.736360][T16583] slab 14168064 [ 1267.736360][T16583] sock 0 [ 1267.736360][T16583] shmem 110592 [ 1267.736360][T16583] file_mapped 135168 [ 1267.736360][T16583] file_dirty 0 [ 1267.736360][T16583] file_writeback 0 [ 1267.736360][T16583] anon_thp 161480704 [ 1267.736360][T16583] inactive_anon 0 [ 1267.736360][T16583] active_anon 222793728 [ 1267.736360][T16583] inactive_file 0 [ 1267.736360][T16583] active_file 147456 [ 1267.736360][T16583] unevictable 0 [ 1267.736360][T16583] slab_reclaimable 1216512 [ 1267.736360][T16583] slab_unreclaimable 12951552 [ 1267.736360][T16583] pgfault 99792 [ 1267.736360][T16583] pgmajfault 0 [ 1267.736360][T16583] workingset_refault 660 [ 1267.736360][T16583] workingset_activate 198 [ 1267.736360][T16583] workingset_nodereclaim 0 [ 1267.736360][T16583] pgrefill 5209 [ 1267.736360][T16583] pgscan 19696 [ 1267.736360][T16583] pgsteal 13270 [ 1267.846856][T16583] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17395,uid=0 [ 1267.864194][T16583] Memory cgroup out of memory: Killed process 17395 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1267.887428][ T1078] oom_reaper: reaped process 17395 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 09:02:04 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x33000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1267.977689][T16583] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1267.989806][T16583] CPU: 1 PID: 16583 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1267.998501][T16583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1268.008561][T16583] Call Trace: [ 1268.011864][T16583] dump_stack+0x11d/0x187 [ 1268.016220][T16583] dump_header+0xa7/0x399 [ 1268.020571][T16583] oom_kill_process.cold+0x10/0x15 [ 1268.025692][T16583] out_of_memory+0x21d/0xa30 [ 1268.030353][T16583] ? __rcu_read_unlock+0x66/0x2f0 [ 1268.035482][T16583] mem_cgroup_out_of_memory+0x12b/0x150 [ 1268.041058][T16583] try_charge+0xb60/0xbe0 [ 1268.045457][T16583] ? debug_smp_processor_id+0x3f/0x129 [ 1268.050947][T16583] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1268.056420][T16583] __memcg_kmem_charge+0xcd/0x1b0 [ 1268.061484][T16583] copy_process+0x12bc/0x3b10 [ 1268.066204][T16583] ? __read_once_size+0x2f/0xd0 [ 1268.071075][T16583] ? __lru_cache_add+0x146/0x1c0 [ 1268.076036][T16583] _do_fork+0xf7/0x790 [ 1268.080121][T16583] __x64_sys_clone+0x12e/0x170 [ 1268.084929][T16583] do_syscall_64+0xc7/0x390 [ 1268.089453][T16583] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1268.095503][T16583] RIP: 0033:0x45ee49 [ 1268.099413][T16583] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1268.119280][T16583] RSP: 002b:00007fff23ee3428 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 09:02:04 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r1) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1268.127693][T16583] RAX: ffffffffffffffda RBX: 00007f0678afc700 RCX: 000000000045ee49 [ 1268.135664][T16583] RDX: 00007f0678afc9d0 RSI: 00007f0678afbdb0 RDI: 00000000003d0f00 [ 1268.143632][T16583] RBP: 00007fff23ee3640 R08: 00007f0678afc700 R09: 00007f0678afc700 [ 1268.151604][T16583] R10: 00007f0678afc9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1268.159574][T16583] R13: 00007fff23ee34df R14: 00007f0678afc9c0 R15: 000000000076bfcc 09:02:04 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100)}], 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:04 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x34000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1268.359525][T16583] memory: usage 307056kB, limit 307200kB, failcnt 10945 [ 1268.367144][T16583] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1268.393790][T16583] Memory cgroup stats for /syz2: [ 1268.393930][T16583] anon 222744576 [ 1268.393930][T16583] file 0 [ 1268.393930][T16583] kernel_stack 10838016 [ 1268.393930][T16583] slab 14168064 [ 1268.393930][T16583] sock 0 [ 1268.393930][T16583] shmem 110592 [ 1268.393930][T16583] file_mapped 135168 [ 1268.393930][T16583] file_dirty 0 [ 1268.393930][T16583] file_writeback 0 [ 1268.393930][T16583] anon_thp 161480704 [ 1268.393930][T16583] inactive_anon 0 [ 1268.393930][T16583] active_anon 222748672 [ 1268.393930][T16583] inactive_file 0 [ 1268.393930][T16583] active_file 147456 [ 1268.393930][T16583] unevictable 0 [ 1268.393930][T16583] slab_reclaimable 1216512 [ 1268.393930][T16583] slab_unreclaimable 12951552 [ 1268.393930][T16583] pgfault 99825 [ 1268.393930][T16583] pgmajfault 0 [ 1268.393930][T16583] workingset_refault 660 [ 1268.393930][T16583] workingset_activate 198 [ 1268.393930][T16583] workingset_nodereclaim 0 [ 1268.393930][T16583] pgrefill 5209 [ 1268.393930][T16583] pgscan 19696 [ 1268.393930][T16583] pgsteal 13270 [ 1268.618911][T16583] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17329,uid=0 [ 1268.727209][T16583] Memory cgroup out of memory: Killed process 17329 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1268.760399][ T1078] oom_reaper: reaped process 17329 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 09:02:05 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:05 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x35000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:02:05 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:05 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xe801000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:05 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r1) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1269.040007][T16657] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1269.087243][T16657] CPU: 0 PID: 16657 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1269.096038][T16657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1269.106246][T16657] Call Trace: [ 1269.109571][T16657] dump_stack+0x11d/0x187 [ 1269.113908][T16657] dump_header+0xa7/0x399 [ 1269.118248][T16657] oom_kill_process.cold+0x10/0x15 [ 1269.123366][T16657] out_of_memory+0x21d/0xa30 [ 1269.127964][T16657] ? __rcu_read_unlock+0x66/0x2f0 [ 1269.133002][T16657] mem_cgroup_out_of_memory+0x12b/0x150 [ 1269.138745][T16657] try_charge+0xb60/0xbe0 [ 1269.143095][T16657] ? __rcu_read_unlock+0x66/0x2f0 [ 1269.148176][T16657] mem_cgroup_try_charge+0xd7/0x260 [ 1269.153453][T16657] mem_cgroup_try_charge_delay+0x36/0x70 [ 1269.159095][T16657] __handle_mm_fault+0x18f1/0x2cf0 [ 1269.164278][T16657] handle_mm_fault+0x21c/0x540 [ 1269.169061][T16657] do_page_fault+0x4a4/0xa52 [ 1269.173666][T16657] ? do_syscall_64+0x27f/0x390 [ 1269.178499][T16657] page_fault+0x34/0x40 [ 1269.182760][T16657] RIP: 0033:0x40f61a [ 1269.186657][T16657] Code: 48 24 8b 4c 24 28 89 48 28 31 c0 48 8b 8c 04 20 01 00 00 48 89 8c 02 50 bf 76 00 48 83 c0 08 48 83 f8 48 75 e6 e8 76 3c ff ff <83> 05 e3 09 76 00 01 80 7c 24 07 00 74 0b f6 44 24 08 01 0f 84 b5 [ 1269.206268][T16657] RSP: 002b:00007ffca9301ac0 EFLAGS: 00010217 [ 1269.212354][T16657] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045c479 [ 1269.220324][T16657] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000076bf28 [ 1269.228297][T16657] RBP: 000000000076bf2c R08: 00007f663364b700 R09: 00ffffffffffffff 09:02:05 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x36000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1269.236305][T16657] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000076bf20 [ 1269.244280][T16657] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000076bf2c 09:02:05 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:05 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x37000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:02:05 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x38000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1269.687468][T16657] memory: usage 307200kB, limit 307200kB, failcnt 6660 [ 1269.734135][T16657] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1269.774110][T16657] Memory cgroup stats for /syz0: [ 1269.774255][T16657] anon 220282880 [ 1269.774255][T16657] file 40960 [ 1269.774255][T16657] kernel_stack 11722752 [ 1269.774255][T16657] slab 15523840 [ 1269.774255][T16657] sock 0 [ 1269.774255][T16657] shmem 114688 [ 1269.774255][T16657] file_mapped 135168 [ 1269.774255][T16657] file_dirty 0 [ 1269.774255][T16657] file_writeback 0 [ 1269.774255][T16657] anon_thp 159383552 [ 1269.774255][T16657] inactive_anon 0 [ 1269.774255][T16657] active_anon 220282880 [ 1269.774255][T16657] inactive_file 0 [ 1269.774255][T16657] active_file 16384 [ 1269.774255][T16657] unevictable 0 09:02:06 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1269.774255][T16657] slab_reclaimable 1486848 [ 1269.774255][T16657] slab_unreclaimable 14036992 [ 1269.774255][T16657] pgfault 90981 [ 1269.774255][T16657] pgmajfault 0 [ 1269.774255][T16657] workingset_refault 1650 [ 1269.774255][T16657] workingset_activate 330 [ 1269.774255][T16657] workingset_nodereclaim 0 [ 1269.774255][T16657] pgrefill 5389 [ 1269.774255][T16657] pgscan 11786 [ 1269.774255][T16657] pgsteal 3389 09:02:06 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:06 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xec03000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1269.923071][T16657] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=16577,uid=0 [ 1269.939586][T16657] Memory cgroup out of memory: Killed process 16577 (syz-executor.0) total-vm:74968kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:06 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x39000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1270.109012][T16664] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1270.164053][T16664] CPU: 0 PID: 16664 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1270.172765][T16664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1270.182819][T16664] Call Trace: [ 1270.186161][T16664] dump_stack+0x11d/0x187 [ 1270.190516][T16664] dump_header+0xa7/0x399 [ 1270.194863][T16664] oom_kill_process.cold+0x10/0x15 [ 1270.200031][T16664] out_of_memory+0x21d/0xa30 [ 1270.204641][T16664] mem_cgroup_out_of_memory+0x12b/0x150 [ 1270.210235][T16664] try_charge+0x7ed/0xbe0 [ 1270.214584][T16664] ? map_vm_area+0x83/0xa0 [ 1270.219068][T16664] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1270.224546][T16664] __memcg_kmem_charge+0xcd/0x1b0 [ 1270.229591][T16664] copy_process+0x12bc/0x3b10 [ 1270.234304][T16664] _do_fork+0xf7/0x790 [ 1270.238379][T16664] ? __read_once_size+0x45/0xd0 [ 1270.243316][T16664] ? ktime_get_ts64+0x286/0x2c0 [ 1270.248266][T16664] __x64_sys_clone+0x12e/0x170 [ 1270.253062][T16664] do_syscall_64+0xc7/0x390 [ 1270.257582][T16664] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1270.263473][T16664] RIP: 0033:0x45c479 [ 1270.267372][T16664] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1270.287001][T16664] RSP: 002b:00007f663364ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1270.295416][T16664] RAX: ffffffffffffffda RBX: 00007f663364b6d4 RCX: 000000000045c479 [ 1270.303390][T16664] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 00000000000041fc [ 1270.311464][T16664] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1270.319433][T16664] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1270.327478][T16664] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c 09:02:06 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x3a000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1270.385367][T16664] memory: usage 305008kB, limit 307200kB, failcnt 6660 [ 1270.398019][T16664] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1270.407442][T16664] Memory cgroup stats for /syz0: [ 1270.407614][T16664] anon 220205056 [ 1270.407614][T16664] file 40960 [ 1270.407614][T16664] kernel_stack 11722752 [ 1270.407614][T16664] slab 15523840 [ 1270.407614][T16664] sock 0 [ 1270.407614][T16664] shmem 114688 [ 1270.407614][T16664] file_mapped 135168 [ 1270.407614][T16664] file_dirty 0 [ 1270.407614][T16664] file_writeback 0 [ 1270.407614][T16664] anon_thp 159383552 [ 1270.407614][T16664] inactive_anon 0 [ 1270.407614][T16664] active_anon 220205056 [ 1270.407614][T16664] inactive_file 0 [ 1270.407614][T16664] active_file 16384 [ 1270.407614][T16664] unevictable 0 [ 1270.407614][T16664] slab_reclaimable 1486848 [ 1270.407614][T16664] slab_unreclaimable 14036992 [ 1270.407614][T16664] pgfault 91014 [ 1270.407614][T16664] pgmajfault 0 [ 1270.407614][T16664] workingset_refault 1650 [ 1270.407614][T16664] workingset_activate 330 [ 1270.407614][T16664] workingset_nodereclaim 0 [ 1270.407614][T16664] pgrefill 5389 [ 1270.407614][T16664] pgscan 11786 [ 1270.407614][T16664] pgsteal 3389 [ 1270.559007][T16664] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18836,uid=0 [ 1270.620109][T16664] Memory cgroup out of memory: Killed process 18836 (syz-executor.0) total-vm:74968kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1270.667243][T16696] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1270.708936][T16696] CPU: 0 PID: 16696 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1270.717658][T16696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1270.727716][T16696] Call Trace: [ 1270.731038][T16696] dump_stack+0x11d/0x187 [ 1270.735387][T16696] dump_header+0xa7/0x399 [ 1270.739732][T16696] oom_kill_process.cold+0x10/0x15 [ 1270.744870][T16696] out_of_memory+0x21d/0xa30 [ 1270.749499][T16696] mem_cgroup_out_of_memory+0x12b/0x150 [ 1270.755063][T16696] try_charge+0xb60/0xbe0 [ 1270.759431][T16696] ? __rcu_read_unlock+0x66/0x2f0 [ 1270.764478][T16696] mem_cgroup_try_charge+0xd7/0x260 [ 1270.769736][T16696] mem_cgroup_try_charge_delay+0x36/0x70 [ 1270.775378][T16696] wp_page_copy+0x31a/0xf20 [ 1270.779900][T16696] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1270.785853][T16696] ? __read_once_size+0x2f/0xd0 [ 1270.790715][T16696] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1270.796618][T16696] do_wp_page+0x185/0xcc0 [ 1270.800949][T16696] ? psi_task_change+0x1a4/0x2c0 [ 1270.805925][T16696] __handle_mm_fault+0x1c5e/0x2cf0 [ 1270.811069][T16696] handle_mm_fault+0x21c/0x540 [ 1270.815904][T16696] do_page_fault+0x4a4/0xa52 [ 1270.820526][T16696] ? prepare_exit_to_usermode+0x165/0x1c0 [ 1270.826261][T16696] page_fault+0x34/0x40 [ 1270.830416][T16696] RIP: 0033:0x45aa7e [ 1270.834327][T16696] Code: 00 00 85 c0 41 89 c5 0f 85 fc 00 00 00 64 8b 04 25 d0 02 00 00 41 39 c4 0f 84 12 02 00 00 48 8b 05 a7 de 82 00 48 85 c0 74 04 <48> 83 00 04 64 8b 04 25 d0 02 00 00 64 89 04 25 d4 02 00 00 0f 31 [ 1270.854054][T16696] RSP: 002b:00007fff23ee36c0 EFLAGS: 00010206 [ 1270.860121][T16696] RAX: 0000000000c88428 RBX: 00007fff23ee36c0 RCX: 000000000045aa4a [ 1270.868097][T16696] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1270.876142][T16696] RBP: 00007fff23ee3700 R08: 0000000000000001 R09: 0000000000fd8940 [ 1270.884115][T16696] R10: 0000000000fd8c10 R11: 0000000000000246 R12: 0000000000000001 [ 1270.892088][T16696] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff23ee3750 [ 1270.912859][T16696] memory: usage 307200kB, limit 307200kB, failcnt 10964 [ 1270.941017][T16696] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1270.957551][T16696] Memory cgroup stats for /syz2: 09:02:07 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:07 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:07 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x3b000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:02:07 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:07 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xf0967a78d6000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1270.957747][T16696] anon 222781440 [ 1270.957747][T16696] file 0 [ 1270.957747][T16696] kernel_stack 10801152 [ 1270.957747][T16696] slab 14168064 [ 1270.957747][T16696] sock 0 [ 1270.957747][T16696] shmem 110592 [ 1270.957747][T16696] file_mapped 135168 [ 1270.957747][T16696] file_dirty 0 [ 1270.957747][T16696] file_writeback 0 [ 1270.957747][T16696] anon_thp 161480704 [ 1270.957747][T16696] inactive_anon 0 [ 1270.957747][T16696] active_anon 222785536 [ 1270.957747][T16696] inactive_file 0 [ 1270.957747][T16696] active_file 147456 [ 1270.957747][T16696] unevictable 0 [ 1270.957747][T16696] slab_reclaimable 1216512 [ 1270.957747][T16696] slab_unreclaimable 12951552 [ 1270.957747][T16696] pgfault 99924 [ 1270.957747][T16696] pgmajfault 0 [ 1270.957747][T16696] workingset_refault 660 [ 1270.957747][T16696] workingset_activate 198 [ 1270.957747][T16696] workingset_nodereclaim 0 [ 1270.957747][T16696] pgrefill 5209 [ 1270.957747][T16696] pgscan 19729 [ 1270.957747][T16696] pgsteal 13270 [ 1271.053518][T16696] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=16666,uid=0 [ 1271.072438][T16696] Memory cgroup out of memory: Killed process 16666 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1271.201469][ T7813] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1271.227727][ T7813] CPU: 0 PID: 7813 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1271.236333][ T7813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1271.246393][ T7813] Call Trace: [ 1271.249705][ T7813] dump_stack+0x11d/0x187 [ 1271.254048][ T7813] dump_header+0xa7/0x399 [ 1271.258392][ T7813] oom_kill_process.cold+0x10/0x15 [ 1271.263516][ T7813] out_of_memory+0x21d/0xa30 [ 1271.268193][ T7813] mem_cgroup_out_of_memory+0x12b/0x150 [ 1271.273769][ T7813] try_charge+0xb60/0xbe0 [ 1271.278134][ T7813] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1271.283622][ T7813] __memcg_kmem_charge+0xcd/0x1b0 [ 1271.288663][ T7813] __alloc_pages_nodemask+0x268/0x310 [ 1271.294129][ T7813] alloc_pages_current+0xca/0x170 [ 1271.299182][ T7813] pte_alloc_one+0x14/0x50 [ 1271.303607][ T7813] __pte_alloc+0x27/0x210 [ 1271.307945][ T7813] copy_page_range+0x1391/0x1a40 [ 1271.312964][ T7813] dup_mm+0x72e/0xb90 [ 1271.316980][ T7813] copy_process+0x39ad/0x3b10 [ 1271.321665][ T7813] ? _raw_spin_unlock+0x38/0x60 [ 1271.326627][ T7813] _do_fork+0xf7/0x790 [ 1271.330701][ T7813] ? __read_once_size+0x45/0xd0 [ 1271.335559][ T7813] ? ktime_get_ts64+0x286/0x2c0 [ 1271.340429][ T7813] __x64_sys_clone+0x12e/0x170 [ 1271.345262][ T7813] do_syscall_64+0xc7/0x390 [ 1271.349780][ T7813] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1271.355732][ T7813] RIP: 0033:0x45aa4a [ 1271.359632][ T7813] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1271.379248][ T7813] RSP: 002b:00007ffd30768af0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1271.387698][ T7813] RAX: ffffffffffffffda RBX: 00007ffd30768af0 RCX: 000000000045aa4a 09:02:07 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x3c000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1271.395678][ T7813] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1271.403655][ T7813] RBP: 00007ffd30768b30 R08: 0000000000000001 R09: 00000000015a8940 [ 1271.411676][ T7813] R10: 00000000015a8c10 R11: 0000000000000246 R12: 0000000000000001 [ 1271.419652][ T7813] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffd30768b80 [ 1271.498791][ T7813] memory: usage 307056kB, limit 307200kB, failcnt 5263 [ 1271.507765][ T7813] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1271.518911][ T7813] Memory cgroup stats for /syz5: [ 1271.519146][ T7813] anon 271982592 [ 1271.519146][ T7813] file 180224 [ 1271.519146][ T7813] kernel_stack 5013504 [ 1271.519146][ T7813] slab 7405568 [ 1271.519146][ T7813] sock 0 [ 1271.519146][ T7813] shmem 0 [ 1271.519146][ T7813] file_mapped 135168 [ 1271.519146][ T7813] file_dirty 0 [ 1271.519146][ T7813] file_writeback 0 [ 1271.519146][ T7813] anon_thp 245366784 [ 1271.519146][ T7813] inactive_anon 0 [ 1271.519146][ T7813] active_anon 271994880 [ 1271.519146][ T7813] inactive_file 0 [ 1271.519146][ T7813] active_file 90112 [ 1271.519146][ T7813] unevictable 0 [ 1271.519146][ T7813] slab_reclaimable 946176 [ 1271.519146][ T7813] slab_unreclaimable 6459392 [ 1271.519146][ T7813] pgfault 138666 [ 1271.519146][ T7813] pgmajfault 0 [ 1271.519146][ T7813] workingset_refault 1254 [ 1271.519146][ T7813] workingset_activate 198 09:02:07 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x3d000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1271.519146][ T7813] workingset_nodereclaim 0 [ 1271.519146][ T7813] pgrefill 3773 [ 1271.519146][ T7813] pgscan 14914 [ 1271.519146][ T7813] pgsteal 8133 [ 1271.642476][ T7813] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=6795,uid=0 [ 1271.659705][ T7813] Memory cgroup out of memory: Killed process 6795 (syz-executor.5) total-vm:74968kB, anon-rss:2220kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1271.692633][ T1078] oom_reaper: reaped process 6795 (syz-executor.5), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 09:02:08 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:08 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x3e000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:02:08 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:08 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:08 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xf402000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1272.195005][T16774] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1272.217809][T16774] CPU: 1 PID: 16774 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1272.226509][T16774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1272.236561][T16774] Call Trace: [ 1272.239868][T16774] dump_stack+0x11d/0x187 09:02:08 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x3f000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1272.244211][T16774] dump_header+0xa7/0x399 [ 1272.248550][T16774] oom_kill_process.cold+0x10/0x15 [ 1272.253676][T16774] out_of_memory+0x21d/0xa30 [ 1272.258314][T16774] ? __rcu_read_unlock+0x66/0x2f0 [ 1272.263356][T16774] mem_cgroup_out_of_memory+0x12b/0x150 [ 1272.268920][T16774] try_charge+0xb60/0xbe0 [ 1272.273404][T16774] ? __rcu_read_unlock+0x66/0x2f0 [ 1272.278473][T16774] mem_cgroup_try_charge+0xd7/0x260 [ 1272.283699][T16774] mem_cgroup_try_charge_delay+0x36/0x70 [ 1272.289343][T16774] wp_page_copy+0x31a/0xf20 [ 1272.293880][T16774] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1272.299784][T16774] ? __read_once_size+0x2f/0xd0 [ 1272.304651][T16774] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1272.310598][T16774] do_wp_page+0x185/0xcc0 [ 1272.314934][T16774] ? psi_task_change+0x1a4/0x2c0 [ 1272.319937][T16774] __handle_mm_fault+0x1c5e/0x2cf0 [ 1272.325079][T16774] handle_mm_fault+0x21c/0x540 [ 1272.329999][T16774] do_page_fault+0x4a4/0xa52 [ 1272.334609][T16774] ? prepare_exit_to_usermode+0x165/0x1c0 [ 1272.340347][T16774] page_fault+0x34/0x40 09:02:08 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x40000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1272.344584][T16774] RIP: 0033:0x45aa7e [ 1272.348553][T16774] Code: 00 00 85 c0 41 89 c5 0f 85 fc 00 00 00 64 8b 04 25 d0 02 00 00 41 39 c4 0f 84 12 02 00 00 48 8b 05 a7 de 82 00 48 85 c0 74 04 <48> 83 00 04 64 8b 04 25 d0 02 00 00 64 89 04 25 d4 02 00 00 0f 31 [ 1272.368158][T16774] RSP: 002b:00007fff23ee36c0 EFLAGS: 00010206 [ 1272.374228][T16774] RAX: 0000000000c88428 RBX: 00007fff23ee36c0 RCX: 000000000045aa4a [ 1272.382203][T16774] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1272.390176][T16774] RBP: 00007fff23ee3700 R08: 0000000000000001 R09: 0000000000fd8940 [ 1272.398149][T16774] R10: 0000000000fd8c10 R11: 0000000000000246 R12: 0000000000000001 [ 1272.406134][T16774] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff23ee3750 [ 1272.422425][T16774] memory: usage 307196kB, limit 307200kB, failcnt 10989 [ 1272.431339][T16774] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1272.439459][T16774] Memory cgroup stats for /syz2: [ 1272.439599][T16774] anon 222703616 [ 1272.439599][T16774] file 0 [ 1272.439599][T16774] kernel_stack 10801152 [ 1272.439599][T16774] slab 14168064 [ 1272.439599][T16774] sock 0 [ 1272.439599][T16774] shmem 110592 [ 1272.439599][T16774] file_mapped 135168 [ 1272.439599][T16774] file_dirty 0 [ 1272.439599][T16774] file_writeback 0 [ 1272.439599][T16774] anon_thp 161480704 [ 1272.439599][T16774] inactive_anon 0 [ 1272.439599][T16774] active_anon 222707712 [ 1272.439599][T16774] inactive_file 0 [ 1272.439599][T16774] active_file 147456 [ 1272.439599][T16774] unevictable 0 [ 1272.439599][T16774] slab_reclaimable 1216512 [ 1272.439599][T16774] slab_unreclaimable 12951552 [ 1272.439599][T16774] pgfault 99990 [ 1272.439599][T16774] pgmajfault 0 [ 1272.439599][T16774] workingset_refault 660 [ 1272.439599][T16774] workingset_activate 198 [ 1272.439599][T16774] workingset_nodereclaim 0 [ 1272.439599][T16774] pgrefill 5242 [ 1272.439599][T16774] pgscan 19762 [ 1272.439599][T16774] pgsteal 13270 [ 1272.547154][T16774] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=16743,uid=0 [ 1272.565843][T16774] Memory cgroup out of memory: Killed process 16743 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:08 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:08 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x41000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1272.858413][T16796] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1272.878771][T16796] CPU: 0 PID: 16796 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1272.887509][T16796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1272.897662][T16796] Call Trace: [ 1272.900965][T16796] dump_stack+0x11d/0x187 [ 1272.905305][T16796] dump_header+0xa7/0x399 [ 1272.909678][T16796] oom_kill_process.cold+0x10/0x15 [ 1272.914890][T16796] out_of_memory+0x21d/0xa30 [ 1272.919505][T16796] ? __rcu_read_unlock+0x66/0x2f0 [ 1272.924554][T16796] mem_cgroup_out_of_memory+0x12b/0x150 [ 1272.930122][T16796] try_charge+0xb60/0xbe0 [ 1272.934537][T16796] ? __rcu_read_unlock+0x66/0x2f0 [ 1272.939615][T16796] mem_cgroup_try_charge+0xd7/0x260 [ 1272.944834][T16796] mem_cgroup_try_charge_delay+0x36/0x70 [ 1272.950531][T16796] wp_page_copy+0x31a/0xf20 [ 1272.955146][T16796] ? __delayacct_freepages_end+0x7d/0x90 [ 1272.960820][T16796] ? kvm_clock_read+0x14/0x30 [ 1272.965572][T16796] ? kvm_sched_clock_read+0x5/0x10 [ 1272.970697][T16796] do_wp_page+0x185/0xcc0 [ 1272.975030][T16796] ? psi_task_change+0x1a4/0x2c0 [ 1272.979999][T16796] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1272.985987][T16796] __handle_mm_fault+0x1c5e/0x2cf0 [ 1272.991131][T16796] handle_mm_fault+0x21c/0x540 [ 1272.995934][T16796] do_page_fault+0x4a4/0xa52 [ 1273.000616][T16796] ? prepare_exit_to_usermode+0x165/0x1c0 [ 1273.006352][T16796] page_fault+0x34/0x40 [ 1273.010538][T16796] RIP: 0033:0x4114c8 [ 1273.014452][T16796] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 78 1d 4c 00 31 c0 e8 e3 09 ff ff 31 ff e8 2c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 11 87 00 [ 1273.034072][T16796] RSP: 002b:00007ffd307688c0 EFLAGS: 00010246 [ 1273.040194][T16796] RAX: 00000000ee27a728 RBX: 00000000295f4034 RCX: 0000001b2ce20000 [ 1273.048172][T16796] RDX: 0000000000000000 RSI: 0000000000000728 RDI: ffffffffee27a728 [ 1273.056195][T16796] RBP: 000000000000000b R08: 00000000ee27a728 R09: 00000000ee27a72c [ 1273.064165][T16796] R10: 00007ffd30768a60 R11: 0000000000000246 R12: 000000000076bfa8 [ 1273.072128][T16796] R13: 0000000080000000 R14: 00007f30b6714008 R15: 000000000000000b [ 1273.093059][T16796] memory: usage 307200kB, limit 307200kB, failcnt 5300 [ 1273.100260][T16796] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1273.107523][T16796] Memory cgroup stats for /syz5: [ 1273.107699][T16796] anon 272019456 [ 1273.107699][T16796] file 180224 [ 1273.107699][T16796] kernel_stack 4976640 [ 1273.107699][T16796] slab 7405568 [ 1273.107699][T16796] sock 0 [ 1273.107699][T16796] shmem 0 [ 1273.107699][T16796] file_mapped 135168 [ 1273.107699][T16796] file_dirty 0 [ 1273.107699][T16796] file_writeback 0 [ 1273.107699][T16796] anon_thp 245366784 [ 1273.107699][T16796] inactive_anon 0 [ 1273.107699][T16796] active_anon 272031744 [ 1273.107699][T16796] inactive_file 0 09:02:09 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:09 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1273.107699][T16796] active_file 90112 [ 1273.107699][T16796] unevictable 0 [ 1273.107699][T16796] slab_reclaimable 946176 [ 1273.107699][T16796] slab_unreclaimable 6459392 [ 1273.107699][T16796] pgfault 138798 [ 1273.107699][T16796] pgmajfault 0 [ 1273.107699][T16796] workingset_refault 1287 [ 1273.107699][T16796] workingset_activate 198 [ 1273.107699][T16796] workingset_nodereclaim 0 [ 1273.107699][T16796] pgrefill 3806 [ 1273.107699][T16796] pgscan 14947 [ 1273.107699][T16796] pgsteal 8166 [ 1273.211401][T16796] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16759,uid=0 09:02:09 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x42000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1273.292117][T16796] Memory cgroup out of memory: Killed process 16759 (syz-executor.5) total-vm:74968kB, anon-rss:2220kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1273.473768][T16807] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1273.504877][T16807] CPU: 1 PID: 16807 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1273.513706][T16807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1273.523758][T16807] Call Trace: [ 1273.527059][T16807] dump_stack+0x11d/0x187 [ 1273.531397][T16807] dump_header+0xa7/0x399 [ 1273.535741][T16807] oom_kill_process.cold+0x10/0x15 [ 1273.540885][T16807] out_of_memory+0x21d/0xa30 [ 1273.545540][T16807] mem_cgroup_out_of_memory+0x12b/0x150 [ 1273.551099][T16807] try_charge+0xb60/0xbe0 [ 1273.555448][T16807] ? __rcu_read_unlock+0x66/0x2f0 [ 1273.560488][T16807] mem_cgroup_try_charge+0xd7/0x260 [ 1273.565716][T16807] mem_cgroup_try_charge_delay+0x36/0x70 [ 1273.571357][T16807] wp_page_copy+0x31a/0xf20 [ 1273.575897][T16807] ? __delayacct_freepages_end+0x7d/0x90 [ 1273.581575][T16807] ? kvm_clock_read+0x14/0x30 [ 1273.586270][T16807] ? kvm_sched_clock_read+0x5/0x10 [ 1273.591390][T16807] do_wp_page+0x185/0xcc0 [ 1273.595720][T16807] ? psi_task_change+0x1a4/0x2c0 [ 1273.600667][T16807] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1273.606573][T16807] __handle_mm_fault+0x1c5e/0x2cf0 [ 1273.611768][T16807] handle_mm_fault+0x21c/0x540 [ 1273.616543][T16807] do_page_fault+0x4a4/0xa52 09:02:09 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:09 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xf403000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1273.621158][T16807] ? prepare_exit_to_usermode+0x165/0x1c0 [ 1273.626925][T16807] page_fault+0x34/0x40 [ 1273.631076][T16807] RIP: 0033:0x4114c8 [ 1273.635047][T16807] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 78 1d 4c 00 31 c0 e8 e3 09 ff ff 31 ff e8 2c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 11 87 00 [ 1273.654653][T16807] RSP: 002b:00007ffca93019f0 EFLAGS: 00010246 [ 1273.660718][T16807] RAX: 0000000006055b39 RBX: 00000000a10a7ce9 RCX: 0000001b33720000 09:02:09 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x43000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1273.668704][T16807] RDX: 0000000000000000 RSI: 0000000000001b39 RDI: ffffffff06055b39 [ 1273.676767][T16807] RBP: 0000000000000006 R08: 0000000006055b39 R09: 0000000006055b3d [ 1273.684759][T16807] R10: 00007ffca9301b90 R11: 0000000000000246 R12: 000000000076bfa8 [ 1273.692826][T16807] R13: 0000000080000000 R14: 00007f663564c008 R15: 0000000000000006 09:02:09 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1273.799117][T16807] memory: usage 307200kB, limit 307200kB, failcnt 6688 [ 1273.806973][T16807] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1273.832903][T16807] Memory cgroup stats for /syz0: [ 1273.833024][T16807] anon 220311552 [ 1273.833024][T16807] file 40960 [ 1273.833024][T16807] kernel_stack 11722752 [ 1273.833024][T16807] slab 15523840 [ 1273.833024][T16807] sock 0 [ 1273.833024][T16807] shmem 114688 [ 1273.833024][T16807] file_mapped 135168 [ 1273.833024][T16807] file_dirty 0 [ 1273.833024][T16807] file_writeback 0 [ 1273.833024][T16807] anon_thp 159383552 [ 1273.833024][T16807] inactive_anon 0 [ 1273.833024][T16807] active_anon 220225536 [ 1273.833024][T16807] inactive_file 0 [ 1273.833024][T16807] active_file 16384 [ 1273.833024][T16807] unevictable 0 [ 1273.833024][T16807] slab_reclaimable 1486848 [ 1273.833024][T16807] slab_unreclaimable 14036992 09:02:10 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x44000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1273.833024][T16807] pgfault 91212 [ 1273.833024][T16807] pgmajfault 0 [ 1273.833024][T16807] workingset_refault 1650 [ 1273.833024][T16807] workingset_activate 330 [ 1273.833024][T16807] workingset_nodereclaim 0 [ 1273.833024][T16807] pgrefill 5389 [ 1273.833024][T16807] pgscan 11786 [ 1273.833024][T16807] pgsteal 3389 [ 1274.091784][T16807] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18365,uid=0 [ 1274.133362][T16807] Memory cgroup out of memory: Killed process 18365 (syz-executor.0) total-vm:74968kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:10 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x2208e28b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:02:10 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1274.183431][ T1078] oom_reaper: reaped process 18365 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 1274.196950][T16840] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1274.230415][T16840] CPU: 1 PID: 16840 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1274.239123][T16840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1274.249175][T16840] Call Trace: [ 1274.252474][T16840] dump_stack+0x11d/0x187 [ 1274.256817][T16840] dump_header+0xa7/0x399 [ 1274.261218][T16840] oom_kill_process.cold+0x10/0x15 [ 1274.266342][T16840] out_of_memory+0x21d/0xa30 [ 1274.271024][T16840] mem_cgroup_out_of_memory+0x12b/0x150 [ 1274.276586][T16840] try_charge+0xb60/0xbe0 [ 1274.280937][T16840] ? __rcu_read_unlock+0x66/0x2f0 [ 1274.286008][T16840] mem_cgroup_try_charge+0xd7/0x260 [ 1274.291246][T16840] mem_cgroup_try_charge_delay+0x36/0x70 [ 1274.296903][T16840] wp_page_copy+0x31a/0xf20 [ 1274.301433][T16840] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1274.307364][T16840] ? __read_once_size+0x2f/0xd0 [ 1274.312241][T16840] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1274.318144][T16840] do_wp_page+0x185/0xcc0 [ 1274.322495][T16840] __handle_mm_fault+0x1c5e/0x2cf0 [ 1274.327636][T16840] handle_mm_fault+0x21c/0x540 [ 1274.332478][T16840] do_page_fault+0x4a4/0xa52 [ 1274.337163][T16840] ? prepare_exit_to_usermode+0x165/0x1c0 [ 1274.342957][T16840] page_fault+0x34/0x40 [ 1274.347113][T16840] RIP: 0033:0x40ec48 [ 1274.351074][T16840] Code: 00 00 49 8d be 88 00 00 00 48 89 ea 48 89 de 0f 85 dd 00 00 00 e8 c8 2c 00 00 8b 05 c2 93 33 00 48 8b 15 33 3a 87 00 83 c0 01 <89> 05 b2 93 33 00 89 02 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f [ 1274.370774][T16840] RSP: 002b:00007ffd30768920 EFLAGS: 00010202 [ 1274.376840][T16840] RAX: 0000000000000001 RBX: 0000001b2be20014 RCX: 0000001b2ce20000 [ 1274.384929][T16840] RDX: 0000001b2be20000 RSI: 0000000000000349 RDI: ffffffff7bc92349 [ 1274.392909][T16840] RBP: 0000001b2be20018 R08: 000000007bc92349 R09: 000000007bc9234d [ 1274.400926][T16840] R10: 00007ffd30768a60 R11: 0000000000000246 R12: 0000001b2be2001c [ 1274.408903][T16840] R13: 00000000001370c0 R14: 000000000076bf20 R15: 000000000076bf2c 09:02:10 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:10 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1274.501302][T16840] memory: usage 307200kB, limit 307200kB, failcnt 5349 [ 1274.528911][T16840] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1274.540908][T16840] Memory cgroup stats for /syz5: [ 1274.541150][T16840] anon 272019456 [ 1274.541150][T16840] file 180224 [ 1274.541150][T16840] kernel_stack 5013504 [ 1274.541150][T16840] slab 7405568 [ 1274.541150][T16840] sock 0 [ 1274.541150][T16840] shmem 0 [ 1274.541150][T16840] file_mapped 135168 [ 1274.541150][T16840] file_dirty 0 [ 1274.541150][T16840] file_writeback 0 [ 1274.541150][T16840] anon_thp 245366784 [ 1274.541150][T16840] inactive_anon 0 [ 1274.541150][T16840] active_anon 272031744 [ 1274.541150][T16840] inactive_file 0 [ 1274.541150][T16840] active_file 90112 [ 1274.541150][T16840] unevictable 0 [ 1274.541150][T16840] slab_reclaimable 946176 [ 1274.541150][T16840] slab_unreclaimable 6459392 [ 1274.541150][T16840] pgfault 138864 [ 1274.541150][T16840] pgmajfault 0 [ 1274.541150][T16840] workingset_refault 1287 [ 1274.541150][T16840] workingset_activate 198 [ 1274.541150][T16840] workingset_nodereclaim 0 [ 1274.541150][T16840] pgrefill 3806 [ 1274.541150][T16840] pgscan 14980 [ 1274.541150][T16840] pgsteal 8166 [ 1274.698818][T16840] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=5710,uid=0 [ 1274.735256][T16840] Memory cgroup out of memory: Killed process 5710 (syz-executor.5) total-vm:74968kB, anon-rss:2220kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:10 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xf603000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1274.869988][T16867] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1274.897454][T16867] CPU: 0 PID: 16867 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1274.906295][T16867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1274.916359][T16867] Call Trace: [ 1274.919684][T16867] dump_stack+0x11d/0x187 [ 1274.924028][T16867] dump_header+0xa7/0x399 [ 1274.928379][T16867] oom_kill_process.cold+0x10/0x15 [ 1274.933643][T16867] out_of_memory+0x21d/0xa30 [ 1274.938254][T16867] ? __rcu_read_unlock+0x66/0x2f0 [ 1274.943293][T16867] mem_cgroup_out_of_memory+0x12b/0x150 [ 1274.948915][T16867] try_charge+0xb60/0xbe0 [ 1274.953282][T16867] ? free_one_page+0x1d0/0x4e0 [ 1274.958082][T16867] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1274.963626][T16867] __memcg_kmem_charge+0xcd/0x1b0 [ 1274.968667][T16867] __alloc_pages_nodemask+0x268/0x310 [ 1274.974100][T16867] alloc_pages_current+0xca/0x170 [ 1274.979243][T16867] pte_alloc_one+0x14/0x50 [ 1274.983664][T16867] __pte_alloc+0x27/0x210 [ 1274.988009][T16867] __handle_mm_fault+0x1f63/0x2cf0 [ 1274.993151][T16867] handle_mm_fault+0x21c/0x540 [ 1274.997949][T16867] do_page_fault+0x4a4/0xa52 [ 1275.002557][T16867] ? prepare_exit_to_usermode+0x165/0x1c0 [ 1275.008482][T16867] page_fault+0x34/0x40 [ 1275.012640][T16867] RIP: 0033:0x400644 [ 1275.016575][T16867] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 1275.036259][T16867] RSP: 002b:00007ffca9301a80 EFLAGS: 00010206 [ 1275.042340][T16867] RAX: 0000000000000000 RBX: 000000000076c920 RCX: 0000000000000000 [ 1275.050320][T16867] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000000 [ 1275.058300][T16867] RBP: 00000000007700a8 R08: 0000000000000000 R09: 0000000000000000 [ 1275.066383][T16867] R10: 00007ffca9301b90 R11: 0000000000000246 R12: 000000000076bf20 [ 1275.074355][T16867] R13: 00000000007700b0 R14: 00000000001373ac R15: 000000000076bf2c [ 1275.093817][T16867] memory: usage 307200kB, limit 307200kB, failcnt 6728 [ 1275.101283][T16867] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1275.109084][T16867] Memory cgroup stats for /syz0: [ 1275.109343][T16867] anon 220131328 [ 1275.109343][T16867] file 40960 [ 1275.109343][T16867] kernel_stack 11722752 [ 1275.109343][T16867] slab 15523840 [ 1275.109343][T16867] sock 0 [ 1275.109343][T16867] shmem 114688 [ 1275.109343][T16867] file_mapped 135168 [ 1275.109343][T16867] file_dirty 0 [ 1275.109343][T16867] file_writeback 0 [ 1275.109343][T16867] anon_thp 159383552 [ 1275.109343][T16867] inactive_anon 0 [ 1275.109343][T16867] active_anon 220131328 [ 1275.109343][T16867] inactive_file 0 [ 1275.109343][T16867] active_file 16384 [ 1275.109343][T16867] unevictable 0 [ 1275.109343][T16867] slab_reclaimable 1486848 09:02:11 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1275.109343][T16867] slab_unreclaimable 14036992 [ 1275.109343][T16867] pgfault 91278 [ 1275.109343][T16867] pgmajfault 0 [ 1275.109343][T16867] workingset_refault 1683 [ 1275.109343][T16867] workingset_activate 330 [ 1275.109343][T16867] workingset_nodereclaim 0 [ 1275.109343][T16867] pgrefill 5389 [ 1275.109343][T16867] pgscan 11819 [ 1275.109343][T16867] pgsteal 3389 [ 1275.212868][T16867] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18206,uid=0 [ 1275.263978][T16867] Memory cgroup out of memory: Killed process 18206 (syz-executor.0) total-vm:74968kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:11 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1275.355931][T16882] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1275.396050][T16882] CPU: 0 PID: 16882 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1275.404882][T16882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1275.414981][T16882] Call Trace: [ 1275.418312][T16882] dump_stack+0x11d/0x187 [ 1275.422654][T16882] dump_header+0xa7/0x399 [ 1275.427512][T16882] oom_kill_process.cold+0x10/0x15 [ 1275.432669][T16882] out_of_memory+0x21d/0xa30 [ 1275.437321][T16882] mem_cgroup_out_of_memory+0x12b/0x150 [ 1275.442882][T16882] try_charge+0xb60/0xbe0 [ 1275.447231][T16882] ? __rcu_read_unlock+0x66/0x2f0 [ 1275.452274][T16882] mem_cgroup_try_charge+0xd7/0x260 [ 1275.457491][T16882] mem_cgroup_try_charge_delay+0x36/0x70 [ 1275.463140][T16882] wp_page_copy+0x31a/0xf20 [ 1275.467660][T16882] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1275.473583][T16882] ? __read_once_size+0x2f/0xd0 [ 1275.478511][T16882] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1275.484429][T16882] do_wp_page+0x185/0xcc0 [ 1275.488801][T16882] __handle_mm_fault+0x1c5e/0x2cf0 [ 1275.494032][T16882] handle_mm_fault+0x21c/0x540 [ 1275.498859][T16882] do_page_fault+0x4a4/0xa52 [ 1275.503469][T16882] ? do_syscall_64+0x27f/0x390 [ 1275.508250][T16882] page_fault+0x34/0x40 [ 1275.512420][T16882] RIP: 0033:0x40ee88 [ 1275.516348][T16882] Code: d9 48 8b 47 78 48 83 f8 ff 0f 84 0b 01 00 00 48 8b 73 18 48 83 fe ff 74 29 48 81 fe e7 03 00 00 0f 87 5e 01 00 00 48 c1 e6 04 86 80 80 76 00 01 48 89 86 88 80 76 00 66 2e 0f 1f 84 00 00 00 [ 1275.535983][T16882] RSP: 002b:00007ffd30768960 EFLAGS: 00010246 09:02:11 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = fsopen(&(0x7f0000000140)='coda\x00', 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) fsconfig$FSCONFIG_SET_PATH_EMPTY(r3, 0x4, &(0x7f00000000c0)='user_id', &(0x7f0000000180)='./file0\x00', r4) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f00000002c0)={&(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}) ioctl$DRM_IOCTL_MODE_SETPLANE(0xffffffffffffffff, 0xc03064b7, &(0x7f0000000340)={r5, 0x1, 0x2, 0x0, 0x8, 0x0, 0x8, 0x9, 0x100, 0x0, 0x7, 0x6}) ioctl$DRM_IOCTL_MODE_SETPLANE(r2, 0xc03064b7, &(0x7f0000000000)={r5, 0xfff, 0x50, 0x6, 0x1, 0x30000, 0x0, 0x3, 0x80, 0x4633, 0x6, 0x6}) 09:02:11 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1275.542056][T16882] RAX: 0000000000001635 RBX: 000000000076bf20 RCX: 0000000000000001 [ 1275.550034][T16882] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000076bf20 [ 1275.558009][T16882] RBP: 000000000000002d R08: 00ffffffffffffff R09: 00ffffffffffffff [ 1275.566000][T16882] R10: 00007ffd30768a60 R11: 0000000000000246 R12: 000000000076bf20 [ 1275.574001][T16882] R13: 0000000000137595 R14: 00000000001375c2 R15: 000000000076bf2c [ 1275.589398][T16882] memory: usage 307200kB, limit 307200kB, failcnt 5363 [ 1275.636450][T16882] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 09:02:11 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1275.679286][T16882] Memory cgroup stats for /syz5: [ 1275.679411][T16882] anon 272019456 [ 1275.679411][T16882] file 180224 [ 1275.679411][T16882] kernel_stack 4976640 [ 1275.679411][T16882] slab 7405568 [ 1275.679411][T16882] sock 0 [ 1275.679411][T16882] shmem 0 [ 1275.679411][T16882] file_mapped 135168 [ 1275.679411][T16882] file_dirty 0 [ 1275.679411][T16882] file_writeback 0 [ 1275.679411][T16882] anon_thp 245366784 [ 1275.679411][T16882] inactive_anon 0 [ 1275.679411][T16882] active_anon 272031744 [ 1275.679411][T16882] inactive_file 0 [ 1275.679411][T16882] active_file 90112 [ 1275.679411][T16882] unevictable 0 [ 1275.679411][T16882] slab_reclaimable 946176 [ 1275.679411][T16882] slab_unreclaimable 6459392 [ 1275.679411][T16882] pgfault 138930 [ 1275.679411][T16882] pgmajfault 0 [ 1275.679411][T16882] workingset_refault 1287 [ 1275.679411][T16882] workingset_activate 198 [ 1275.679411][T16882] workingset_nodereclaim 0 [ 1275.679411][T16882] pgrefill 3839 [ 1275.679411][T16882] pgscan 14980 [ 1275.679411][T16882] pgsteal 8166 09:02:11 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000240)={0xa20000, 0x5, 0xe31d, 0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x9d0001, 0x20, [], @p_u32=&(0x7f0000000180)=0x3}}) linkat(r2, &(0x7f0000000140)='./file1\x00', r3, &(0x7f0000000280)='./file0\x00', 0x400) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) quotactl(0x8001, &(0x7f0000000000)='./file0\x00', r4, &(0x7f0000000100)="ae34b4c46ebcbe0752c665b33fe5519b3c9abae511b18ef91d3a61d873dce4d211bb35ec73022de4af6c709cbdc7") mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1275.840365][T16882] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=5582,uid=0 [ 1275.859588][T16882] Memory cgroup out of memory: Killed process 5582 (syz-executor.5) total-vm:74968kB, anon-rss:2220kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:12 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xf6ffffff00000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:12 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:12 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f0000000000)=""/120) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:02:12 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1276.444013][T16923] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1276.480045][T16923] CPU: 0 PID: 16923 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1276.488772][T16923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1276.498944][T16923] Call Trace: [ 1276.502246][T16923] dump_stack+0x11d/0x187 [ 1276.506619][T16923] dump_header+0xa7/0x399 [ 1276.510963][T16923] oom_kill_process.cold+0x10/0x15 [ 1276.516204][T16923] out_of_memory+0x21d/0xa30 [ 1276.520836][T16923] ? __rcu_read_unlock+0x66/0x2f0 [ 1276.525885][T16923] mem_cgroup_out_of_memory+0x12b/0x150 [ 1276.531447][T16923] try_charge+0xb60/0xbe0 [ 1276.535869][T16923] ? __rcu_read_unlock+0x66/0x2f0 [ 1276.540914][T16923] mem_cgroup_try_charge+0xd7/0x260 [ 1276.546141][T16923] mem_cgroup_try_charge_delay+0x36/0x70 [ 1276.551836][T16923] wp_page_copy+0x31a/0xf20 [ 1276.556445][T16923] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1276.562347][T16923] ? __read_once_size+0x2f/0xd0 [ 1276.567307][T16923] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1276.573257][T16923] do_wp_page+0x185/0xcc0 [ 1276.577618][T16923] ? psi_task_change+0x1a4/0x2c0 [ 1276.582609][T16923] __handle_mm_fault+0x1c5e/0x2cf0 [ 1276.587759][T16923] handle_mm_fault+0x21c/0x540 [ 1276.592550][T16923] do_page_fault+0x4a4/0xa52 [ 1276.597349][T16923] ? do_syscall_64+0x27f/0x390 [ 1276.602139][T16923] page_fault+0x34/0x40 [ 1276.606365][T16923] RIP: 0033:0x40f603 [ 1276.610270][T16923] Code: 50 80 60 20 01 48 89 48 10 48 8b 4c 24 60 48 89 48 18 8b 4c 24 68 89 48 24 8b 4c 24 28 89 48 28 31 c0 48 8b 8c 04 20 01 00 00 <48> 89 8c 02 50 bf 76 00 48 83 c0 08 48 83 f8 48 75 e6 e8 76 3c ff [ 1276.629876][T16923] RSP: 002b:00007ffd30768990 EFLAGS: 00010293 [ 1276.636012][T16923] RAX: 0000000000000010 RBX: 0000000000000000 RCX: 0000000000000000 [ 1276.644115][T16923] RDX: 00000000000000a0 RSI: 00007f30b46f1db0 RDI: 000000000076bfc8 [ 1276.652087][T16923] RBP: 000000000076bfcc R08: 0000000000000000 R09: 00007f30b46f2700 [ 1276.660101][T16923] R10: 00007f30b46f29d0 R11: 0000000000000202 R12: 000000000076bfc0 [ 1276.668077][T16923] R13: 0000000000000002 R14: 0000000000000001 R15: 000000000076bfcc 09:02:12 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:12 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1276.691503][T16923] memory: usage 307200kB, limit 307200kB, failcnt 5405 [ 1276.698383][T16923] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1276.705307][T16923] Memory cgroup stats for /syz5: [ 1276.705493][T16923] anon 272146432 [ 1276.705493][T16923] file 180224 [ 1276.705493][T16923] kernel_stack 4976640 [ 1276.705493][T16923] slab 7405568 [ 1276.705493][T16923] sock 0 [ 1276.705493][T16923] shmem 0 [ 1276.705493][T16923] file_mapped 135168 [ 1276.705493][T16923] file_dirty 0 [ 1276.705493][T16923] file_writeback 0 [ 1276.705493][T16923] anon_thp 245366784 [ 1276.705493][T16923] inactive_anon 0 [ 1276.705493][T16923] active_anon 272158720 [ 1276.705493][T16923] inactive_file 0 [ 1276.705493][T16923] active_file 90112 [ 1276.705493][T16923] unevictable 0 [ 1276.705493][T16923] slab_reclaimable 946176 [ 1276.705493][T16923] slab_unreclaimable 6459392 [ 1276.705493][T16923] pgfault 139029 [ 1276.705493][T16923] pgmajfault 0 [ 1276.705493][T16923] workingset_refault 1287 [ 1276.705493][T16923] workingset_activate 198 [ 1276.705493][T16923] workingset_nodereclaim 0 [ 1276.705493][T16923] pgrefill 3872 [ 1276.705493][T16923] pgscan 14980 [ 1276.705493][T16923] pgsteal 8166 09:02:13 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = socket$key(0xf, 0x3, 0x2) getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f0000000280)) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1276.882707][T16923] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=5526,uid=0 [ 1276.899913][T16923] Memory cgroup out of memory: Killed process 5526 (syz-executor.5) total-vm:74968kB, anon-rss:2220kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:13 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xf9fdffff00000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:13 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:13 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYRES64], 0x1}}, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000000914000127bd7000fb079801000000000008000100010000000800010000000000080001000200"/58], 0x40}, 0x1, 0x0, 0x0, 0x48051}, 0x800) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000b40)={0x3, {{0x2, 0x4e22, @local}}}, 0x88) r2 = syz_open_dev$media(&(0x7f0000000200)='/dev/media#\x00', 0x7f, 0x80100) sendto$llc(r2, &(0x7f00000002c0)="bce3b1b5a0596269dbfa396949afb0cce63a23d9477c90413ae4a508372bf62fc263d1126db712fad90233d121ea1ca1728ff4f143605c35b633221c59693e77426ba026aa3118880dd940cfb94c1dfdd2eec4fda2bbdfdb8441b75ab9e5b51f4944157311f1ebda47519a808b7cfe9af4d6a7e0e4a135b9341fc74dd52a56ee144959c7f7af12c7b874421d62c5e9e35bacdf3e5cfd9051236059ecc062756f5f268ae7914a0569adb12e32f16aad", 0xaf, 0x44000, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) openat$autofs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs\x00', 0x252a00, 0x0) r4 = socket$key(0xf, 0x3, 0x2) getsockopt$sock_buf(r4, 0x1, 0x1c, 0x0, &(0x7f0000000280)) read(r4, &(0x7f0000000140)=""/23, 0x17) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r3, 0x0) 09:02:13 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:13 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:13 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:14 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xfcfdffff00000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:14 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000000)) ptrace(0x10, 0x0) ptrace$getregset(0x4204, 0x0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:14 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000000)) ptrace(0x10, 0x0) ptrace$getregset(0x4204, 0x0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:14 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000000)) ptrace(0x10, 0x0) ptrace$getregset(0x4204, 0x0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:14 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:14 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = socket$key(0xf, 0x3, 0x2) getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f0000000280)) r2 = socket$key(0xf, 0x3, 0x2) getsockopt$sock_buf(r2, 0x1, 0x1c, 0x0, &(0x7f0000000280)) r3 = dup3(r1, r2, 0x80000) ioctl$SNDCTL_DSP_RESET(r3, 0x5000, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) r4 = ioctl$NS_GET_PARENT(r3, 0xb702, 0x0) mmap(&(0x7f00007c0000/0x4000)=nil, 0x4000, 0x0, 0x40010, r4, 0x0) 09:02:14 executing program 5: r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:14 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:14 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:14 executing program 5: r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:15 executing program 5: r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:15 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xfdfdffff00000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:15 executing program 5: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:15 executing program 5: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:15 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:15 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:15 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:15 executing program 5: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:16 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd0001000000000023cd3741ce8074c5fe8524c0306554362ddd4c0617b1ed0cd8cb892ef805ab93a186423f124b7c6a03d724f7ead1ef33adfdbe08b8c5236b93b9797b4409f6e3", @ANYRES32=0x0, @ANYBLOB="00000079abd1932a"], 0x48}}, 0x0) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040)='l2tp\x00') r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd0001000000000023cd3741ce8074c5fe8524c0306554362ddd4c0617b1ed0cd8cb892ef805ab93a186423f124b7c6a03d724f7ead1ef33adfdbe08b8c5236b93b9797b4409f6e3", @ANYRES32=0x0, @ANYBLOB="00000079abd1932a"], 0x48}}, 0x0) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240)='batadv\x00') sendmsg$BATADV_CMD_GET_HARDIF(r3, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x34, r4, 0x120, 0x70bd25, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x8}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x50}, 0x0) r5 = socket$inet(0x10, 0x2, 0x0) r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snapshot\x00', 0x8000, 0x0) ioctl$SNDRV_TIMER_IOCTL_INFO(r6, 0x80e85411, &(0x7f0000000380)=""/218) sendmsg(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="24000000190007041dfffd946f6105000af80200fe0200000002080008001e000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x4c, r2, 0x8, 0x70bd2b, 0x25dfdbfb, {}, [@L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x7}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x101}, @L2TP_ATTR_FD={0x8, 0x17, @udp=r5}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x1f}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x3}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x40}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4050}, 0x4000) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) r7 = open(0x0, 0x0, 0x0) sendmmsg$unix(r7, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(0xffffffffffffffff, &(0x7f0000000000)={0x1, 0x10, 0xfa00, {&(0x7f0000000300), r8}}, 0x18) write$RDMA_USER_CM_CMD_REJECT(r7, &(0x7f00000002c0)={0x9, 0x108, 0xfa00, {r8, 0xa7, "625eef", "12e0b6f86f11c246208d7cfd93e2150d375cb8ae9b3d9fbdf5dfdc9c5852ef99b790cd89a769b756794ed5d171799956be6fdf8e9de426c33093cfb71bf9da5ee69e9b3603ff42d59e18eb4a2bcc38f5f75299aa631c80b778c289449589b08fd993d9db776e92d5bc44862280166042761b3c1e022acc427a1a596a9c978ddff7311bb2e92c0aa9b9c2fa855369fbb36f0d2ee1f4cbee499320d81d6e394c4461ccbedca21500cea3d32c85f382f141f0a26d185a374a44c56620572e127d06791f77c6105f253cf965bb56b76040d98282d0cdc1ebd7fbdd6e4786174e14370022f8f62b5d7fed268b6671441eb3ba1fb1b1a22a84849159c7e19aabc351a2"}}, 0x110) write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f0000000480)={0x14, 0x88, 0xfa00, {r8, 0x0, 0x0, @in6={0xa, 0x4e20, 0x8, @rand_addr="e13de8d06c9d8eeaeda622857940cc6e", 0x9}}}, 0x90) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) clock_settime(0x2, &(0x7f0000000540)={0x77359400}) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000580)='/dev/video36\x00', 0x2, 0x0) [ 1279.950614][T17084] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. 09:02:16 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xfdffffff00000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1279.997728][T17088] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. 09:02:16 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1280.096723][T17090] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 09:02:16 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd0001000000000023cd3741ce8074c5fe8524c0306554362ddd4c0617b1ed0cd8cb892ef805ab93a186423f124b7c6a03d724f7ead1ef33adfdbe08b8c5236b93b9797b4409f6e3", @ANYRES32=0x0, @ANYBLOB="00000079abd1932a"], 0x48}}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x74, 0x2, 0x8, 0x201, 0x0, 0x0, {0x7, 0x0, 0x9}, [@CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @fccp}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_DATA={0x2c, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0xfffffff7}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x400}]}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_RETRANS={0x8, 0xa, 0x1, 0x0, 0x7}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x4004095}, 0x40004) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:02:16 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:16 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1280.446161][T17102] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. 09:02:16 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1280.622484][ T7803] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1280.682110][ T7803] CPU: 0 PID: 7803 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1280.690835][ T7803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1280.700882][ T7803] Call Trace: [ 1280.704224][ T7803] dump_stack+0x11d/0x187 [ 1280.708564][ T7803] dump_header+0xa7/0x399 [ 1280.712904][ T7803] oom_kill_process.cold+0x10/0x15 [ 1280.718030][ T7803] out_of_memory+0x21d/0xa30 [ 1280.722657][ T7803] ? __rcu_read_unlock+0x66/0x2f0 [ 1280.727696][ T7803] mem_cgroup_out_of_memory+0x12b/0x150 [ 1280.733259][ T7803] try_charge+0xb60/0xbe0 [ 1280.737591][ T7803] ? __this_cpu_preempt_check+0x3c/0x130 [ 1280.743264][ T7803] ? __perf_event_task_sched_in+0x150/0x3a0 [ 1280.749278][ T7803] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1280.754766][ T7803] __memcg_kmem_charge+0xcd/0x1b0 [ 1280.759829][ T7803] __alloc_pages_nodemask+0x268/0x310 [ 1280.765219][ T7803] alloc_pages_current+0xca/0x170 [ 1280.770265][ T7803] pte_alloc_one+0x14/0x50 [ 1280.774688][ T7803] __pte_alloc+0x27/0x210 [ 1280.779097][ T7803] copy_page_range+0x1391/0x1a40 [ 1280.784180][ T7803] dup_mm+0x72e/0xb90 [ 1280.788192][ T7803] copy_process+0x39ad/0x3b10 [ 1280.792888][ T7803] ? _raw_spin_unlock+0x38/0x60 [ 1280.797769][ T7803] _do_fork+0xf7/0x790 [ 1280.801844][ T7803] ? __read_once_size+0x45/0xd0 [ 1280.806705][ T7803] ? ktime_get_ts64+0x286/0x2c0 [ 1280.811571][ T7803] __x64_sys_clone+0x12e/0x170 [ 1280.816435][ T7803] do_syscall_64+0xc7/0x390 [ 1280.821002][ T7803] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1280.827007][ T7803] RIP: 0033:0x45aa4a [ 1280.830944][ T7803] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1280.850560][ T7803] RSP: 002b:00007fff23ee36c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1280.858982][ T7803] RAX: ffffffffffffffda RBX: 00007fff23ee36c0 RCX: 000000000045aa4a [ 1280.866964][ T7803] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1280.874948][ T7803] RBP: 00007fff23ee3700 R08: 0000000000000001 R09: 0000000000fd8940 09:02:17 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, 0x0, 0x0, 0x8802, 0x0, 0x0) syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x3, 0xc0003) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$rfkill(r3, &(0x7f0000000000)={0x8, 0x1, 0x2, 0x1}, 0x8) r4 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1\x00', 0x40400, 0x0) ioctl$SNDCTL_DSP_GETTRIGGER(r4, 0x80045010, &(0x7f0000000080)) [ 1280.882954][ T7803] R10: 0000000000fd8c10 R11: 0000000000000246 R12: 0000000000000001 [ 1280.890964][ T7803] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff23ee3750 [ 1280.910080][ T7803] memory: usage 307200kB, limit 307200kB, failcnt 11039 [ 1280.919155][ T7803] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 09:02:17 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1280.943676][ T7803] Memory cgroup stats for /syz2: [ 1280.943811][ T7803] anon 221495296 [ 1280.943811][ T7803] file 45056 [ 1280.943811][ T7803] kernel_stack 10911744 [ 1280.943811][ T7803] slab 14303232 [ 1280.943811][ T7803] sock 0 [ 1280.943811][ T7803] shmem 110592 [ 1280.943811][ T7803] file_mapped 135168 [ 1280.943811][ T7803] file_dirty 0 [ 1280.943811][ T7803] file_writeback 0 [ 1280.943811][ T7803] anon_thp 159383552 [ 1280.943811][ T7803] inactive_anon 0 [ 1280.943811][ T7803] active_anon 221499392 [ 1280.943811][ T7803] inactive_file 0 [ 1280.943811][ T7803] active_file 147456 [ 1280.943811][ T7803] unevictable 0 [ 1280.943811][ T7803] slab_reclaimable 1216512 [ 1280.943811][ T7803] slab_unreclaimable 13086720 [ 1280.943811][ T7803] pgfault 100584 [ 1280.943811][ T7803] pgmajfault 0 [ 1280.943811][ T7803] workingset_refault 660 [ 1280.943811][ T7803] workingset_activate 198 [ 1280.943811][ T7803] workingset_nodereclaim 0 [ 1280.943811][ T7803] pgrefill 5275 [ 1280.943811][ T7803] pgscan 19862 [ 1280.943811][ T7803] pgsteal 13270 09:02:17 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xfe01000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1281.132713][ T7803] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=16625,uid=0 [ 1281.163748][ T7803] Memory cgroup out of memory: Killed process 16625 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1281.326693][T17123] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1281.400030][T17123] CPU: 0 PID: 17123 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1281.408754][T17123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1281.418804][T17123] Call Trace: [ 1281.422103][T17123] dump_stack+0x11d/0x187 [ 1281.426444][T17123] dump_header+0xa7/0x399 [ 1281.430878][T17123] oom_kill_process.cold+0x10/0x15 [ 1281.435996][T17123] out_of_memory+0x21d/0xa30 [ 1281.440636][T17123] ? __rcu_read_unlock+0x66/0x2f0 [ 1281.445746][T17123] mem_cgroup_out_of_memory+0x12b/0x150 [ 1281.451307][T17123] try_charge+0xb60/0xbe0 [ 1281.455655][T17123] ? __rcu_read_unlock+0x66/0x2f0 [ 1281.460754][T17123] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1281.466230][T17123] __memcg_kmem_charge+0xcd/0x1b0 [ 1281.471274][T17123] copy_process+0x12bc/0x3b10 [ 1281.475981][T17123] ? kvm_clock_read+0x14/0x30 [ 1281.480752][T17123] ? kvm_sched_clock_read+0x5/0x10 [ 1281.485880][T17123] ? sched_clock+0xf/0x20 [ 1281.490214][T17123] ? sched_clock_cpu+0x10/0xd0 [ 1281.494984][T17123] ? record_times+0x10/0x80 [ 1281.499513][T17123] _do_fork+0xf7/0x790 [ 1281.503591][T17123] ? __rcu_read_unlock+0x66/0x2f0 [ 1281.508627][T17123] ? blkcg_maybe_throttle_current+0x249/0x5a0 [ 1281.514727][T17123] __x64_sys_clone+0x12e/0x170 [ 1281.519521][T17123] do_syscall_64+0xc7/0x390 [ 1281.524035][T17123] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1281.529946][T17123] RIP: 0033:0x45ee49 [ 1281.533849][T17123] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1281.553459][T17123] RSP: 002b:00007ffd30768858 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1281.561879][T17123] RAX: ffffffffffffffda RBX: 00007f30b46f2700 RCX: 000000000045ee49 [ 1281.569854][T17123] RDX: 00007f30b46f29d0 RSI: 00007f30b46f1db0 RDI: 00000000003d0f00 [ 1281.577831][T17123] RBP: 00007ffd30768a70 R08: 00007f30b46f2700 R09: 00007f30b46f2700 [ 1281.585815][T17123] R10: 00007f30b46f29d0 R11: 0000000000000202 R12: 0000000000000000 09:02:17 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1281.593791][T17123] R13: 00007ffd3076890f R14: 00007f30b46f29c0 R15: 000000000076bfcc [ 1281.618344][T17123] memory: usage 307200kB, limit 307200kB, failcnt 5448 [ 1281.638916][T17123] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1281.673436][T17123] Memory cgroup stats for /syz5: [ 1281.673572][T17123] anon 270929920 [ 1281.673572][T17123] file 180224 [ 1281.673572][T17123] kernel_stack 5050368 [ 1281.673572][T17123] slab 7405568 [ 1281.673572][T17123] sock 0 [ 1281.673572][T17123] shmem 0 [ 1281.673572][T17123] file_mapped 135168 [ 1281.673572][T17123] file_dirty 0 [ 1281.673572][T17123] file_writeback 0 [ 1281.673572][T17123] anon_thp 243269632 [ 1281.673572][T17123] inactive_anon 0 [ 1281.673572][T17123] active_anon 270942208 [ 1281.673572][T17123] inactive_file 0 [ 1281.673572][T17123] active_file 90112 [ 1281.673572][T17123] unevictable 0 [ 1281.673572][T17123] slab_reclaimable 946176 [ 1281.673572][T17123] slab_unreclaimable 6459392 [ 1281.673572][T17123] pgfault 139887 [ 1281.673572][T17123] pgmajfault 0 [ 1281.673572][T17123] workingset_refault 1287 [ 1281.673572][T17123] workingset_activate 198 [ 1281.673572][T17123] workingset_nodereclaim 0 [ 1281.673572][T17123] pgrefill 3905 [ 1281.673572][T17123] pgscan 15013 [ 1281.673572][T17123] pgsteal 8166 09:02:18 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1281.877644][T17123] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=5010,uid=0 [ 1282.030861][T17123] Memory cgroup out of memory: Killed process 5010 (syz-executor.5) total-vm:74968kB, anon-rss:2220kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1282.087443][ T1078] oom_reaper: reaped process 5010 (syz-executor.5), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 09:02:18 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:18 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:18 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xfeffffff00000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1282.239813][ T7803] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1282.282706][ T7803] CPU: 0 PID: 7803 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1282.291330][ T7803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1282.301408][ T7803] Call Trace: [ 1282.304710][ T7803] dump_stack+0x11d/0x187 [ 1282.309158][ T7803] dump_header+0xa7/0x399 [ 1282.313508][ T7803] oom_kill_process.cold+0x10/0x15 [ 1282.318653][ T7803] out_of_memory+0x21d/0xa30 [ 1282.323266][ T7803] ? __rcu_read_unlock+0x66/0x2f0 [ 1282.328306][ T7803] mem_cgroup_out_of_memory+0x12b/0x150 [ 1282.333926][ T7803] try_charge+0xb60/0xbe0 [ 1282.338331][ T7803] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1282.343824][ T7803] __memcg_kmem_charge+0xcd/0x1b0 [ 1282.348881][ T7803] __alloc_pages_nodemask+0x268/0x310 [ 1282.354267][ T7803] alloc_pages_current+0xca/0x170 [ 1282.359314][ T7803] pte_alloc_one+0x14/0x50 [ 1282.363753][ T7803] __pte_alloc+0x27/0x210 [ 1282.368100][ T7803] copy_page_range+0x1391/0x1a40 [ 1282.373137][ T7803] ? vma_gap_callbacks_rotate+0x11a/0x180 [ 1282.378875][ T7803] ? __rb_insert_augmented+0x11b/0x360 [ 1282.384346][ T7803] ? __vma_link_rb+0x3ed/0x440 [ 1282.389131][ T7803] dup_mm+0x72e/0xb90 [ 1282.393223][ T7803] copy_process+0x39ad/0x3b10 [ 1282.398003][ T7803] ? _raw_spin_unlock+0x38/0x60 [ 1282.402885][ T7803] _do_fork+0xf7/0x790 [ 1282.407001][ T7803] ? __read_once_size+0x45/0xd0 [ 1282.411865][ T7803] ? ktime_get_ts64+0x286/0x2c0 [ 1282.416735][ T7803] __x64_sys_clone+0x12e/0x170 [ 1282.421527][ T7803] do_syscall_64+0xc7/0x390 [ 1282.426108][ T7803] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1282.432002][ T7803] RIP: 0033:0x45aa4a [ 1282.436001][ T7803] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1282.455615][ T7803] RSP: 002b:00007fff23ee36c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1282.464127][ T7803] RAX: ffffffffffffffda RBX: 00007fff23ee36c0 RCX: 000000000045aa4a [ 1282.472112][ T7803] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 09:02:18 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1282.480133][ T7803] RBP: 00007fff23ee3700 R08: 0000000000000001 R09: 0000000000fd8940 [ 1282.488119][ T7803] R10: 0000000000fd8c10 R11: 0000000000000246 R12: 0000000000000001 [ 1282.496151][ T7803] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff23ee3750 09:02:18 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1282.958766][ T7803] memory: usage 307200kB, limit 307200kB, failcnt 11076 [ 1282.968131][ T7803] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1282.996214][ T7803] Memory cgroup stats for /syz2: [ 1282.996467][ T7803] anon 221548544 [ 1282.996467][ T7803] file 45056 [ 1282.996467][ T7803] kernel_stack 10948608 [ 1282.996467][ T7803] slab 14442496 [ 1282.996467][ T7803] sock 0 [ 1282.996467][ T7803] shmem 110592 [ 1282.996467][ T7803] file_mapped 135168 [ 1282.996467][ T7803] file_dirty 0 [ 1282.996467][ T7803] file_writeback 0 [ 1282.996467][ T7803] anon_thp 159383552 [ 1282.996467][ T7803] inactive_anon 0 [ 1282.996467][ T7803] active_anon 221552640 [ 1282.996467][ T7803] inactive_file 0 [ 1282.996467][ T7803] active_file 147456 [ 1282.996467][ T7803] unevictable 0 [ 1282.996467][ T7803] slab_reclaimable 1216512 [ 1282.996467][ T7803] slab_unreclaimable 13225984 [ 1282.996467][ T7803] pgfault 100617 [ 1282.996467][ T7803] pgmajfault 0 [ 1282.996467][ T7803] workingset_refault 660 [ 1282.996467][ T7803] workingset_activate 198 [ 1282.996467][ T7803] workingset_nodereclaim 0 [ 1282.996467][ T7803] pgrefill 5275 [ 1282.996467][ T7803] pgscan 19929 [ 1282.996467][ T7803] pgsteal 13303 [ 1283.105788][ T7803] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17135,uid=0 [ 1283.124867][ T7803] Memory cgroup out of memory: Killed process 17135 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:19 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:19 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1283.528928][ T7788] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1283.565323][ T7788] CPU: 0 PID: 7788 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1283.574060][ T7788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1283.584118][ T7788] Call Trace: [ 1283.587420][ T7788] dump_stack+0x11d/0x187 [ 1283.591761][ T7788] dump_header+0xa7/0x399 [ 1283.596102][ T7788] oom_kill_process.cold+0x10/0x15 [ 1283.601229][ T7788] out_of_memory+0x21d/0xa30 [ 1283.605835][ T7788] ? __rcu_read_unlock+0x66/0x2f0 [ 1283.610923][ T7788] mem_cgroup_out_of_memory+0x12b/0x150 [ 1283.616488][ T7788] try_charge+0xb60/0xbe0 [ 1283.620877][ T7788] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1283.626446][ T7788] __memcg_kmem_charge+0xcd/0x1b0 [ 1283.631489][ T7788] __alloc_pages_nodemask+0x268/0x310 [ 1283.636913][ T7788] alloc_pages_current+0xca/0x170 [ 1283.641946][ T7788] __get_free_pages+0x8/0x40 [ 1283.646538][ T7788] pgd_alloc+0x30/0x220 [ 1283.650703][ T7788] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1283.656606][ T7788] mm_init+0x33e/0x500 [ 1283.660685][ T7788] dup_mm+0x98/0xb90 [ 1283.664585][ T7788] ? memcg_kmem_put_cache+0x77/0xc0 [ 1283.669848][ T7788] ? __hrtimer_init+0x11b/0x1a0 [ 1283.674721][ T7788] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1283.680632][ T7788] copy_process+0x39ad/0x3b10 [ 1283.685314][ T7788] ? _raw_spin_unlock+0x38/0x60 [ 1283.690192][ T7788] _do_fork+0xf7/0x790 [ 1283.694329][ T7788] ? __read_once_size+0x45/0xd0 [ 1283.699232][ T7788] ? ktime_get_ts64+0x286/0x2c0 [ 1283.704106][ T7788] __x64_sys_clone+0x12e/0x170 [ 1283.708893][ T7788] do_syscall_64+0xc7/0x390 [ 1283.713410][ T7788] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1283.719342][ T7788] RIP: 0033:0x45aa4a [ 1283.723242][ T7788] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1283.742882][ T7788] RSP: 002b:00007ffca9301c20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1283.751294][ T7788] RAX: ffffffffffffffda RBX: 00007ffca9301c20 RCX: 000000000045aa4a [ 1283.759293][ T7788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1283.767265][ T7788] RBP: 00007ffca9301c60 R08: 0000000000000001 R09: 00000000015e7940 09:02:19 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xff00000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1283.775234][ T7788] R10: 00000000015e7c10 R11: 0000000000000246 R12: 0000000000000001 [ 1283.783204][ T7788] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffca9301cb0 [ 1283.799619][ T7788] memory: usage 307200kB, limit 307200kB, failcnt 6760 [ 1283.806728][ T7788] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1283.813870][ T7788] Memory cgroup stats for /syz0: [ 1283.814014][ T7788] anon 219140096 [ 1283.814014][ T7788] file 40960 [ 1283.814014][ T7788] kernel_stack 11796480 [ 1283.814014][ T7788] slab 15659008 [ 1283.814014][ T7788] sock 0 [ 1283.814014][ T7788] shmem 114688 [ 1283.814014][ T7788] file_mapped 135168 [ 1283.814014][ T7788] file_dirty 0 [ 1283.814014][ T7788] file_writeback 0 [ 1283.814014][ T7788] anon_thp 157286400 [ 1283.814014][ T7788] inactive_anon 0 [ 1283.814014][ T7788] active_anon 219140096 [ 1283.814014][ T7788] inactive_file 0 [ 1283.814014][ T7788] active_file 0 [ 1283.814014][ T7788] unevictable 0 [ 1283.814014][ T7788] slab_reclaimable 1486848 [ 1283.814014][ T7788] slab_unreclaimable 14172160 09:02:20 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1283.814014][ T7788] pgfault 91905 [ 1283.814014][ T7788] pgmajfault 0 [ 1283.814014][ T7788] workingset_refault 1683 [ 1283.814014][ T7788] workingset_activate 330 [ 1283.814014][ T7788] workingset_nodereclaim 0 [ 1283.814014][ T7788] pgrefill 5422 [ 1283.814014][ T7788] pgscan 11852 [ 1283.814014][ T7788] pgsteal 3389 [ 1283.963744][ T7788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18136,uid=0 09:02:20 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(0x0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1284.007790][ T7788] Memory cgroup out of memory: Killed process 18136 (syz-executor.0) total-vm:74968kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:20 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(0x0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:20 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:20 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(0x0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:20 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, 0x0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:20 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, 0x0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:20 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xff0f000000000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:20 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, 0x0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:21 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x0, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:21 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:21 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x0, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:21 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1285.121926][ T7788] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1285.175965][ T7788] CPU: 1 PID: 7788 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1285.184604][ T7788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1285.194662][ T7788] Call Trace: [ 1285.197973][ T7788] dump_stack+0x11d/0x187 [ 1285.202315][ T7788] dump_header+0xa7/0x399 [ 1285.206661][ T7788] oom_kill_process.cold+0x10/0x15 [ 1285.211790][ T7788] out_of_memory+0x21d/0xa30 [ 1285.216463][ T7788] ? __rcu_read_unlock+0x66/0x2f0 [ 1285.221518][ T7788] mem_cgroup_out_of_memory+0x12b/0x150 [ 1285.227083][ T7788] try_charge+0xb60/0xbe0 [ 1285.231444][ T7788] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1285.236929][ T7788] __memcg_kmem_charge+0xcd/0x1b0 [ 1285.241973][ T7788] __alloc_pages_nodemask+0x268/0x310 [ 1285.247453][ T7788] alloc_pages_current+0xca/0x170 [ 1285.252497][ T7788] pte_alloc_one+0x14/0x50 [ 1285.256984][ T7788] __pte_alloc+0x27/0x210 [ 1285.261338][ T7788] copy_page_range+0x1391/0x1a40 [ 1285.266305][ T7788] ? anon_vma_interval_tree_insert+0x1bd/0x240 [ 1285.272470][ T7788] ? __rb_insert_augmented+0x11b/0x360 [ 1285.277948][ T7788] ? __vma_link_rb+0x3ed/0x440 [ 1285.282729][ T7788] dup_mm+0x72e/0xb90 [ 1285.286743][ T7788] copy_process+0x39ad/0x3b10 [ 1285.291439][ T7788] ? _raw_spin_unlock+0x38/0x60 [ 1285.296324][ T7788] _do_fork+0xf7/0x790 [ 1285.300402][ T7788] ? __read_once_size+0x45/0xd0 [ 1285.305338][ T7788] ? ktime_get_ts64+0x286/0x2c0 [ 1285.310203][ T7788] __x64_sys_clone+0x12e/0x170 [ 1285.314993][ T7788] do_syscall_64+0xc7/0x390 [ 1285.319528][ T7788] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1285.325423][ T7788] RIP: 0033:0x45aa4a [ 1285.329326][ T7788] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1285.348937][ T7788] RSP: 002b:00007ffca9301c20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1285.357352][ T7788] RAX: ffffffffffffffda RBX: 00007ffca9301c20 RCX: 000000000045aa4a [ 1285.365390][ T7788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 09:02:21 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1285.373373][ T7788] RBP: 00007ffca9301c60 R08: 0000000000000001 R09: 00000000015e7940 [ 1285.381346][ T7788] R10: 00000000015e7c10 R11: 0000000000000246 R12: 0000000000000001 [ 1285.389323][ T7788] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffca9301cb0 [ 1285.473591][ T7788] memory: usage 307200kB, limit 307200kB, failcnt 6790 [ 1285.483562][ T7788] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1285.490982][ T7788] Memory cgroup stats for /syz0: [ 1285.491175][ T7788] anon 219136000 [ 1285.491175][ T7788] file 40960 [ 1285.491175][ T7788] kernel_stack 11796480 [ 1285.491175][ T7788] slab 15659008 [ 1285.491175][ T7788] sock 0 [ 1285.491175][ T7788] shmem 114688 [ 1285.491175][ T7788] file_mapped 135168 [ 1285.491175][ T7788] file_dirty 0 [ 1285.491175][ T7788] file_writeback 0 [ 1285.491175][ T7788] anon_thp 157286400 [ 1285.491175][ T7788] inactive_anon 0 [ 1285.491175][ T7788] active_anon 219136000 [ 1285.491175][ T7788] inactive_file 0 [ 1285.491175][ T7788] active_file 0 [ 1285.491175][ T7788] unevictable 0 [ 1285.491175][ T7788] slab_reclaimable 1486848 [ 1285.491175][ T7788] slab_unreclaimable 14172160 [ 1285.491175][ T7788] pgfault 91971 [ 1285.491175][ T7788] pgmajfault 0 [ 1285.491175][ T7788] workingset_refault 1683 [ 1285.491175][ T7788] workingset_activate 330 [ 1285.491175][ T7788] workingset_nodereclaim 0 [ 1285.491175][ T7788] pgrefill 5455 [ 1285.491175][ T7788] pgscan 11852 [ 1285.491175][ T7788] pgsteal 3389 [ 1285.595601][ T7788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17694,uid=0 [ 1285.618297][ T7788] Memory cgroup out of memory: Killed process 17694 (syz-executor.0) total-vm:74968kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1285.655619][ T1078] oom_reaper: reaped process 17694 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 1285.656436][ T7803] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1285.717873][ T7803] CPU: 1 PID: 7803 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1285.726496][ T7803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1285.736576][ T7803] Call Trace: [ 1285.739947][ T7803] dump_stack+0x11d/0x187 [ 1285.744291][ T7803] dump_header+0xa7/0x399 [ 1285.748639][ T7803] oom_kill_process.cold+0x10/0x15 [ 1285.753761][ T7803] out_of_memory+0x21d/0xa30 [ 1285.758392][ T7803] mem_cgroup_out_of_memory+0x12b/0x150 [ 1285.763957][ T7803] try_charge+0xb60/0xbe0 [ 1285.768343][ T7803] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1285.773882][ T7803] __memcg_kmem_charge+0xcd/0x1b0 [ 1285.778949][ T7803] __alloc_pages_nodemask+0x268/0x310 [ 1285.784343][ T7803] alloc_pages_current+0xca/0x170 [ 1285.789442][ T7803] pte_alloc_one+0x14/0x50 [ 1285.793869][ T7803] __pte_alloc+0x27/0x210 [ 1285.798208][ T7803] copy_page_range+0x1391/0x1a40 [ 1285.803219][ T7803] dup_mm+0x72e/0xb90 [ 1285.807227][ T7803] copy_process+0x39ad/0x3b10 [ 1285.811911][ T7803] ? _raw_spin_unlock+0x38/0x60 [ 1285.816831][ T7803] _do_fork+0xf7/0x790 [ 1285.820903][ T7803] ? __read_once_size+0x45/0xd0 [ 1285.825759][ T7803] ? ktime_get_ts64+0x286/0x2c0 [ 1285.830648][ T7803] __x64_sys_clone+0x12e/0x170 [ 1285.835457][ T7803] do_syscall_64+0xc7/0x390 [ 1285.840045][ T7803] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1285.845945][ T7803] RIP: 0033:0x45aa4a 09:02:22 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xffffff7f00000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1285.849913][ T7803] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1285.869519][ T7803] RSP: 002b:00007fff23ee36c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1285.877972][ T7803] RAX: ffffffffffffffda RBX: 00007fff23ee36c0 RCX: 000000000045aa4a [ 1285.885942][ T7803] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1285.893949][ T7803] RBP: 00007fff23ee3700 R08: 0000000000000001 R09: 0000000000fd8940 [ 1285.901923][ T7803] R10: 0000000000fd8c10 R11: 0000000000000246 R12: 0000000000000001 [ 1285.909896][ T7803] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff23ee3750 [ 1285.958704][ T7803] memory: usage 307200kB, limit 307200kB, failcnt 11125 [ 1285.969921][ T7803] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1285.994697][ T7803] Memory cgroup stats for /syz2: [ 1285.995161][ T7803] anon 220180480 [ 1285.995161][ T7803] file 45056 [ 1285.995161][ T7803] kernel_stack 11059200 [ 1285.995161][ T7803] slab 14442496 [ 1285.995161][ T7803] sock 0 [ 1285.995161][ T7803] shmem 110592 [ 1285.995161][ T7803] file_mapped 135168 [ 1285.995161][ T7803] file_dirty 0 [ 1285.995161][ T7803] file_writeback 0 [ 1285.995161][ T7803] anon_thp 157286400 [ 1285.995161][ T7803] inactive_anon 0 [ 1285.995161][ T7803] active_anon 220184576 [ 1285.995161][ T7803] inactive_file 0 [ 1285.995161][ T7803] active_file 147456 [ 1285.995161][ T7803] unevictable 0 [ 1285.995161][ T7803] slab_reclaimable 1216512 09:02:22 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, 0x0) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1285.995161][ T7803] slab_unreclaimable 13225984 [ 1285.995161][ T7803] pgfault 101178 [ 1285.995161][ T7803] pgmajfault 0 [ 1285.995161][ T7803] workingset_refault 660 [ 1285.995161][ T7803] workingset_activate 198 [ 1285.995161][ T7803] workingset_nodereclaim 0 [ 1285.995161][ T7803] pgrefill 5375 [ 1285.995161][ T7803] pgscan 20066 [ 1285.995161][ T7803] pgsteal 13303 09:02:22 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1286.266739][ T7803] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17282,uid=0 [ 1286.327266][ T7803] Memory cgroup out of memory: Killed process 17282 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1286.399053][ T1078] oom_reaper: reaped process 17282 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 09:02:22 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x0, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:22 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, 0x0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:22 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, 0x0) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:22 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, 0x0) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:23 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, 0x0) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:23 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xfffffffc00000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:23 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0xffffffffffffffff, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:23 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, 0x0) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:23 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:23 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, 0x0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:24 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0xffffffffffffffff, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:24 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:24 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, 0x0) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:24 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xffffffff00000000, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:24 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, 0x0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:25 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0xffffffffffffffff, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:25 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:25 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x0, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:25 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, 0x0) recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1289.382261][T17374] syz-executor.5 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=1000 [ 1289.401487][T17374] CPU: 1 PID: 17374 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1289.410182][T17374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1289.420302][T17374] Call Trace: [ 1289.423623][T17374] dump_stack+0x11d/0x187 [ 1289.427963][T17374] dump_header+0xa7/0x399 [ 1289.432309][T17374] oom_kill_process.cold+0x10/0x15 [ 1289.437496][T17374] out_of_memory+0x21d/0xa30 [ 1289.442186][T17374] ? __rcu_read_unlock+0x66/0x2f0 [ 1289.447227][T17374] mem_cgroup_out_of_memory+0x12b/0x150 [ 1289.452796][T17374] try_charge+0xb60/0xbe0 [ 1289.457359][T17374] ? try_charge+0x1b0/0xbe0 [ 1289.461908][T17374] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1289.467454][T17374] cache_grow_begin+0x39f/0x590 [ 1289.472363][T17374] ? __cpuset_node_allowed+0xf6/0x200 [ 1289.477746][T17374] fallback_alloc+0x167/0x1f0 [ 1289.482478][T17374] kmem_cache_alloc_node+0xb4/0x680 [ 1289.487730][T17374] ? __read_once_size+0xb7/0x100 [ 1289.492680][T17374] copy_process+0x388/0x3b10 [ 1289.497282][T17374] ? kvm_clock_read+0x14/0x30 [ 1289.502000][T17374] ? kvm_sched_clock_read+0x5/0x10 [ 1289.507121][T17374] ? sched_clock+0xf/0x20 [ 1289.511449][T17374] ? sched_clock_cpu+0x10/0xd0 [ 1289.516264][T17374] ? record_times+0x10/0x80 [ 1289.520799][T17374] ? psi_task_change+0x1a4/0x2c0 [ 1289.525762][T17374] _do_fork+0xf7/0x790 [ 1289.529848][T17374] ? __rcu_read_unlock+0x66/0x2f0 [ 1289.534883][T17374] ? blkcg_maybe_throttle_current+0x249/0x5a0 [ 1289.540979][T17374] __x64_sys_clone+0x12e/0x170 [ 1289.545868][T17374] do_syscall_64+0xc7/0x390 [ 1289.550384][T17374] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1289.556276][T17374] RIP: 0033:0x45ee49 [ 1289.560291][T17374] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 09:02:25 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1289.579900][T17374] RSP: 002b:00007ffd30768858 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1289.588317][T17374] RAX: ffffffffffffffda RBX: 00007f30b46f2700 RCX: 000000000045ee49 [ 1289.596337][T17374] RDX: 00007f30b46f29d0 RSI: 00007f30b46f1db0 RDI: 00000000003d0f00 [ 1289.604309][T17374] RBP: 00007ffd30768a70 R08: 00007f30b46f2700 R09: 00007f30b46f2700 [ 1289.612281][T17374] R10: 00007f30b46f29d0 R11: 0000000000000202 R12: 0000000000000000 [ 1289.620260][T17374] R13: 00007ffd3076890f R14: 00007f30b46f29c0 R15: 000000000076bfcc 09:02:26 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, 0x0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1289.878681][T17374] memory: usage 307200kB, limit 307200kB, failcnt 5490 [ 1289.923363][T17374] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1289.992669][T17374] Memory cgroup stats for /syz5: [ 1289.992895][T17374] anon 269582336 [ 1289.992895][T17374] file 180224 [ 1289.992895][T17374] kernel_stack 5197824 [ 1289.992895][T17374] slab 7540736 [ 1289.992895][T17374] sock 0 [ 1289.992895][T17374] shmem 0 [ 1289.992895][T17374] file_mapped 135168 [ 1289.992895][T17374] file_dirty 0 [ 1289.992895][T17374] file_writeback 0 [ 1289.992895][T17374] anon_thp 241172480 [ 1289.992895][T17374] inactive_anon 0 [ 1289.992895][T17374] active_anon 269594624 [ 1289.992895][T17374] inactive_file 0 [ 1289.992895][T17374] active_file 90112 [ 1289.992895][T17374] unevictable 0 [ 1289.992895][T17374] slab_reclaimable 946176 [ 1289.992895][T17374] slab_unreclaimable 6594560 [ 1289.992895][T17374] pgfault 140481 [ 1289.992895][T17374] pgmajfault 0 [ 1289.992895][T17374] workingset_refault 1287 [ 1289.992895][T17374] workingset_activate 198 [ 1289.992895][T17374] workingset_nodereclaim 0 [ 1289.992895][T17374] pgrefill 3938 [ 1289.992895][T17374] pgscan 15046 [ 1289.992895][T17374] pgsteal 8166 09:02:26 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x0, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:26 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000001440)='/dev/snd/controlC#\x00', 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r3 = creat(0x0, 0x0) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r3, 0xc01064c7, &(0x7f00000003c0)={0x4, 0x0, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0]}) r5 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_buf(r5, 0x29, 0x11, &(0x7f0000c86000), &(0x7f0000000040)=0xfffffffffffffcbc) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000400)={&(0x7f00000000c0)=[0x2, 0x400, 0x0, 0x4, 0x10000, 0x5, 0x5d9, 0x6, 0x7], 0x9, 0x800, r4, r5}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x3, 0xea41, 0x400, 0x3, 0x4e, 0x1, 0x7ff, 0x8000, 0x1], 0x9, 0x80000, r4, r0}) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000040)) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r1, 0xc008551b, &(0x7f0000000000)={0x7fff, 0xc, [0x6, 0x1f, 0xc0000000]}) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = gettid() process_vm_writev(r8, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000a40)=[{&(0x7f0000000140)=""/31, 0x1f}, {&(0x7f0000000700)=""/89, 0x59}, {&(0x7f0000000780)=""/129, 0x81}, {&(0x7f0000000840)=""/148, 0x94}, {&(0x7f0000000900)=""/81, 0x51}, {&(0x7f0000000980)=""/150, 0x96}], 0x6, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000180)={0x2, 0x5, {r8}, {0xee01}, 0x401, 0x8}) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000200)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0xc) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='fuse\x00', 0x0, &(0x7f0000000440)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r9}, 0x2c, {'group_id', 0x3d, r10}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x400}}], [{@subj_type={'subj_type', 0x3d, '-($nodevbdev*'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '/dev/snd/controlC#\x00'}}]}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1290.284196][T17374] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=4781,uid=0 [ 1290.348107][T17374] Memory cgroup out of memory: Killed process 4781 (syz-executor.5) total-vm:74968kB, anon-rss:2220kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:26 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, 0x0) recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1290.463031][ T1078] oom_reaper: reaped process 4781 (syz-executor.5), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 1290.476618][ T7803] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1290.561002][ T7803] CPU: 0 PID: 7803 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1290.569665][ T7803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1290.579715][ T7803] Call Trace: [ 1290.583038][ T7803] dump_stack+0x11d/0x187 [ 1290.587386][ T7803] dump_header+0xa7/0x399 [ 1290.591734][ T7803] oom_kill_process.cold+0x10/0x15 [ 1290.596853][ T7803] out_of_memory+0x21d/0xa30 [ 1290.601547][ T7803] mem_cgroup_out_of_memory+0x12b/0x150 [ 1290.607115][ T7803] try_charge+0xb60/0xbe0 [ 1290.611634][ T7803] ? __this_cpu_preempt_check+0x3c/0x130 [ 1290.617297][ T7803] ? __perf_event_task_sched_in+0x150/0x3a0 [ 1290.623220][ T7803] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1290.628716][ T7803] __memcg_kmem_charge+0xcd/0x1b0 [ 1290.633780][ T7803] __alloc_pages_nodemask+0x268/0x310 [ 1290.639179][ T7803] alloc_pages_current+0xca/0x170 [ 1290.644241][ T7803] pte_alloc_one+0x14/0x50 [ 1290.648675][ T7803] __pte_alloc+0x27/0x210 [ 1290.653081][ T7803] copy_page_range+0x1391/0x1a40 [ 1290.658060][ T7803] dup_mm+0x72e/0xb90 [ 1290.662077][ T7803] copy_process+0x39ad/0x3b10 [ 1290.666764][ T7803] ? _raw_spin_unlock+0x38/0x60 [ 1290.671652][ T7803] _do_fork+0xf7/0x790 [ 1290.675737][ T7803] ? __read_once_size+0x45/0xd0 [ 1290.680597][ T7803] ? ktime_get_ts64+0x286/0x2c0 [ 1290.685466][ T7803] __x64_sys_clone+0x12e/0x170 [ 1290.690327][ T7803] do_syscall_64+0xc7/0x390 [ 1290.694852][ T7803] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1290.700748][ T7803] RIP: 0033:0x45aa4a [ 1290.704649][ T7803] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1290.724258][ T7803] RSP: 002b:00007fff23ee36c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1290.732678][ T7803] RAX: ffffffffffffffda RBX: 00007fff23ee36c0 RCX: 000000000045aa4a [ 1290.740657][ T7803] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1290.748697][ T7803] RBP: 00007fff23ee3700 R08: 0000000000000001 R09: 0000000000fd8940 09:02:26 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1290.756677][ T7803] R10: 0000000000fd8c10 R11: 0000000000000246 R12: 0000000000000001 [ 1290.764664][ T7803] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff23ee3750 [ 1290.788854][ T7803] memory: usage 307200kB, limit 307200kB, failcnt 11214 [ 1290.795892][ T7803] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1290.836857][ T7803] Memory cgroup stats for /syz2: [ 1290.837011][ T7803] anon 218992640 [ 1290.837011][ T7803] file 45056 [ 1290.837011][ T7803] kernel_stack 11206656 [ 1290.837011][ T7803] slab 14577664 [ 1290.837011][ T7803] sock 0 [ 1290.837011][ T7803] shmem 110592 [ 1290.837011][ T7803] file_mapped 135168 [ 1290.837011][ T7803] file_dirty 0 [ 1290.837011][ T7803] file_writeback 0 [ 1290.837011][ T7803] anon_thp 155189248 [ 1290.837011][ T7803] inactive_anon 0 [ 1290.837011][ T7803] active_anon 218996736 [ 1290.837011][ T7803] inactive_file 0 [ 1290.837011][ T7803] active_file 12288 [ 1290.837011][ T7803] unevictable 0 [ 1290.837011][ T7803] slab_reclaimable 1216512 [ 1290.837011][ T7803] slab_unreclaimable 13361152 [ 1290.837011][ T7803] pgfault 101706 [ 1290.837011][ T7803] pgmajfault 0 [ 1290.837011][ T7803] workingset_refault 660 [ 1290.837011][ T7803] workingset_activate 198 [ 1290.837011][ T7803] workingset_nodereclaim 0 [ 1290.837011][ T7803] pgrefill 5475 [ 1290.837011][ T7803] pgscan 20266 [ 1290.837011][ T7803] pgsteal 13303 [ 1290.933594][T17404] fuse: Bad value for 'group_id' 09:02:27 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x2, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1290.999079][ T7803] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17233,uid=0 [ 1291.018757][ T7803] Memory cgroup out of memory: Killed process 17233 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1291.083734][T17399] syz-executor.3 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=1000 [ 1291.124419][T17399] CPU: 1 PID: 17399 Comm: syz-executor.3 Not tainted 5.6.0-rc1-syzkaller #0 [ 1291.133139][T17399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1291.143240][T17399] Call Trace: [ 1291.146561][T17399] dump_stack+0x11d/0x187 [ 1291.150989][T17399] dump_header+0xa7/0x399 [ 1291.155410][T17399] oom_kill_process.cold+0x10/0x15 [ 1291.160534][T17399] out_of_memory+0x21d/0xa30 [ 1291.165179][T17399] ? __rcu_read_unlock+0x66/0x2f0 [ 1291.170227][T17399] mem_cgroup_out_of_memory+0x12b/0x150 [ 1291.175794][T17399] try_charge+0xb60/0xbe0 [ 1291.180141][T17399] ? __rcu_read_unlock+0x66/0x2f0 [ 1291.185189][T17399] mem_cgroup_try_charge+0xd7/0x260 [ 1291.190414][T17399] __add_to_page_cache_locked+0x16c/0x770 [ 1291.196148][T17399] ? __alloc_pages_nodemask+0x15e/0x310 [ 1291.201702][T17399] ? __read_once_size.constprop.0+0x20/0x20 [ 1291.207697][T17399] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1291.213699][T17399] add_to_page_cache_lru+0xc7/0x260 [ 1291.218904][T17399] pagecache_get_page+0x2b0/0x700 [ 1291.223946][T17399] ? radix_tree_load_root+0xb3/0xf0 [ 1291.229197][T17399] grab_cache_page_write_begin+0x56/0x80 [ 1291.234826][T17399] ext4_da_write_begin+0x1b4/0x860 [ 1291.240008][T17399] generic_perform_write+0x13a/0x320 [ 1291.245313][T17399] ext4_buffered_write_iter+0x14e/0x280 [ 1291.250885][T17399] ext4_file_write_iter+0xf4/0xd30 [ 1291.256002][T17399] new_sync_write+0x303/0x400 [ 1291.260681][T17399] __vfs_write+0x9e/0xb0 [ 1291.264962][T17399] vfs_write+0x189/0x380 [ 1291.269270][T17399] ksys_write+0xc5/0x1a0 [ 1291.273555][T17399] __x64_sys_write+0x49/0x60 [ 1291.274206][T17426] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" [ 1291.278195][T17399] do_syscall_64+0xc7/0x390 [ 1291.278253][T17399] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1291.298269][T17399] RIP: 0033:0x45c479 [ 1291.302171][T17399] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:02:27 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x0, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1291.321780][T17399] RSP: 002b:00007f0d46288c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1291.330193][T17399] RAX: ffffffffffffffda RBX: 00007f0d462896d4 RCX: 000000000045c479 [ 1291.338172][T17399] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000003 [ 1291.346146][T17399] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1291.354150][T17399] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1291.362147][T17399] R13: 0000000000000cdc R14: 00000000004cec0d R15: 000000000076bf2c 09:02:27 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, 0x0) recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1291.375964][T17399] memory: usage 305096kB, limit 307200kB, failcnt 9649 [ 1291.383333][T17399] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1291.392795][T17399] Memory cgroup stats for /syz3: [ 1291.392983][T17399] anon 248299520 [ 1291.392983][T17399] file 151552 [ 1291.392983][T17399] kernel_stack 6819840 [ 1291.392983][T17399] slab 9236480 [ 1291.392983][T17399] sock 4096 [ 1291.392983][T17399] shmem 0 [ 1291.392983][T17399] file_mapped 135168 [ 1291.392983][T17399] file_dirty 135168 [ 1291.392983][T17399] file_writeback 135168 [ 1291.392983][T17399] anon_thp 205520896 [ 1291.392983][T17399] inactive_anon 0 [ 1291.392983][T17399] active_anon 248299520 [ 1291.392983][T17399] inactive_file 180224 [ 1291.392983][T17399] active_file 221184 [ 1291.392983][T17399] unevictable 0 [ 1291.392983][T17399] slab_reclaimable 811008 [ 1291.392983][T17399] slab_unreclaimable 8425472 [ 1291.392983][T17399] pgfault 132891 [ 1291.392983][T17399] pgmajfault 33 [ 1291.392983][T17399] workingset_refault 3531 [ 1291.392983][T17399] workingset_activate 1221 [ 1291.392983][T17399] workingset_nodereclaim 0 [ 1291.392983][T17399] pgrefill 7113 [ 1291.392983][T17399] pgscan 34033 [ 1291.392983][T17399] pgsteal 23626 [ 1291.491923][T17399] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=25160,uid=0 [ 1291.507509][T17399] Memory cgroup out of memory: Killed process 25160 (syz-executor.3) total-vm:74968kB, anon-rss:2224kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 09:02:27 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = socket$key(0xf, 0x3, 0x2) getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f0000000280)) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt(r0, 0x40, 0x14e4, &(0x7f00000000c0)=""/133, &(0x7f0000000000)=0x85) r3 = dup(0xffffffffffffffff) r4 = openat$cgroup_ro(r3, &(0x7f0000000080)='cgroup.events\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000040)=ANY=[], 0x208e24b) r5 = epoll_create(0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000004, 0x28011, r5, 0x0) 09:02:27 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x3, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:27 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:28 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, 0x0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1292.030372][ T7803] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1292.043442][ T7803] CPU: 0 PID: 7803 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1292.052099][ T7803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1292.062189][ T7803] Call Trace: [ 1292.065495][ T7803] dump_stack+0x11d/0x187 [ 1292.069837][ T7803] dump_header+0xa7/0x399 [ 1292.074178][ T7803] oom_kill_process.cold+0x10/0x15 [ 1292.079379][ T7803] out_of_memory+0x21d/0xa30 [ 1292.083992][ T7803] ? __rcu_read_unlock+0x66/0x2f0 [ 1292.089036][ T7803] mem_cgroup_out_of_memory+0x12b/0x150 [ 1292.094597][ T7803] try_charge+0xb60/0xbe0 [ 1292.099085][ T7803] ? __this_cpu_preempt_check+0x3c/0x130 [ 1292.104804][ T7803] ? __perf_event_task_sched_in+0x150/0x3a0 [ 1292.110719][ T7803] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1292.116314][ T7803] __memcg_kmem_charge+0xcd/0x1b0 [ 1292.121353][ T7803] __alloc_pages_nodemask+0x268/0x310 [ 1292.126742][ T7803] alloc_pages_current+0xca/0x170 [ 1292.131778][ T7803] pte_alloc_one+0x14/0x50 [ 1292.136249][ T7803] __pte_alloc+0x27/0x210 [ 1292.140684][ T7803] copy_page_range+0x1391/0x1a40 [ 1292.145680][ T7803] dup_mm+0x72e/0xb90 [ 1292.149689][ T7803] copy_process+0x39ad/0x3b10 [ 1292.154378][ T7803] ? _raw_spin_unlock+0x38/0x60 [ 1292.159320][ T7803] _do_fork+0xf7/0x790 [ 1292.163394][ T7803] ? __read_once_size+0x45/0xd0 [ 1292.168255][ T7803] ? ktime_get_ts64+0x286/0x2c0 [ 1292.173124][ T7803] __x64_sys_clone+0x12e/0x170 [ 1292.177912][ T7803] do_syscall_64+0xc7/0x390 [ 1292.182518][ T7803] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1292.188478][ T7803] RIP: 0033:0x45aa4a [ 1292.192382][ T7803] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1292.212037][ T7803] RSP: 002b:00007fff23ee36c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1292.220467][ T7803] RAX: ffffffffffffffda RBX: 00007fff23ee36c0 RCX: 000000000045aa4a [ 1292.228444][ T7803] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1292.236425][ T7803] RBP: 00007fff23ee3700 R08: 0000000000000001 R09: 0000000000fd8940 [ 1292.244430][ T7803] R10: 0000000000fd8c10 R11: 0000000000000246 R12: 0000000000000001 [ 1292.252471][ T7803] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff23ee3750 [ 1292.276261][ T7803] memory: usage 307200kB, limit 307200kB, failcnt 11256 [ 1292.285142][ T7803] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1292.306218][T17459] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:02:28 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x6, 0x0) ioctl$VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f0000000080)={0x25d, 0x7, 0x4, 0x40000, 0x4, {0x0, 0x7530}, {0x4, 0x12, 0x8, 0x2, 0x4, 0x7, "0d27a975"}, 0x9, 0x3, @planes=&(0x7f0000000000)={0x80000000, 0x8, @mem_offset=0x8, 0x2}, 0x6, 0x0, r2}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r3, 0x0) [ 1292.327770][ T7803] Memory cgroup stats for /syz2: [ 1292.327952][ T7803] anon 218988544 [ 1292.327952][ T7803] file 45056 [ 1292.327952][ T7803] kernel_stack 11169792 [ 1292.327952][ T7803] slab 14577664 [ 1292.327952][ T7803] sock 0 [ 1292.327952][ T7803] shmem 110592 [ 1292.327952][ T7803] file_mapped 135168 [ 1292.327952][ T7803] file_dirty 0 [ 1292.327952][ T7803] file_writeback 0 [ 1292.327952][ T7803] anon_thp 155189248 [ 1292.327952][ T7803] inactive_anon 0 [ 1292.327952][ T7803] active_anon 218992640 [ 1292.327952][ T7803] inactive_file 0 [ 1292.327952][ T7803] active_file 12288 [ 1292.327952][ T7803] unevictable 0 [ 1292.327952][ T7803] slab_reclaimable 1216512 [ 1292.327952][ T7803] slab_unreclaimable 13361152 [ 1292.327952][ T7803] pgfault 101805 [ 1292.327952][ T7803] pgmajfault 0 [ 1292.327952][ T7803] workingset_refault 660 [ 1292.327952][ T7803] workingset_activate 198 [ 1292.327952][ T7803] workingset_nodereclaim 0 [ 1292.327952][ T7803] pgrefill 5475 [ 1292.327952][ T7803] pgscan 20333 [ 1292.327952][ T7803] pgsteal 13303 09:02:28 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, 0x0) [ 1292.434071][ T7803] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17424,uid=0 [ 1292.464947][ T7803] Memory cgroup out of memory: Killed process 17424 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:28 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuset.memory_pressure\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$CAPI_REGISTER(r2, 0x400c4301, &(0x7f0000000040)={0x9, 0xcc, 0x40}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:02:28 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x4, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:28 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)) recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:28 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:29 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x182, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000200)='cpuacct.usage_user\x00', 0x275a, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x1c, 0x8, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) r4 = socket$key(0xf, 0x3, 0x2) getsockopt$sock_buf(r4, 0x1, 0x1c, 0x0, &(0x7f0000000280)) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f00000000c0)={0x7, &(0x7f0000000040)=[{0x1000, 0x4, 0x40}, {0xff, 0x3, 0xd7, 0x1}, {0x4, 0x2, 0x3f, 0x4}, {0x0, 0x20, 0x7, 0x4}, {0x3ff, 0x0, 0x0, 0x101}, {0x449, 0x6, 0x3, 0x4793}, {0x80, 0xad, 0x7, 0x7}]}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) [ 1292.991912][T17482] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:02:29 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x5, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:29 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="a348ecda1500f013b2a09714c25fb99c993b1ae92cffff60f7fe8ae870480000001000000e11704d0000000f259297999b24bf53683ef470d70df565a69b361c06d08925bb28361ef84a4f5a11c0e792103e8c44e25d634a217270472631ac105970ee059ab7157b725e64df19bb095a624f8bb7bd2fd1dc8dc26af69dc41b26a94236692d83655f6f63a76a1447ec352dca58887dcd9dac3f06dfdcf86a685148487e55b0dec4680e34c20743f264c4", @ANYRES32, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd0001000000000023cd37413d055de1b969ffce8074c5fe8524c0306554362ddd4c0617b1ed0cd8cb892ef805ab93a186423f124b7c6a03d724f7ead1ef33adfdbe08b8c5236b93", @ANYRES32=0x0, @ANYBLOB="00000079abd1932a"], 0x48}}, 0x0) setsockopt$netlink_NETLINK_RX_RING(r0, 0x10e, 0x6, &(0x7f0000000180)={0x6, 0x7ff, 0x0, 0x1}, 0x10) ioctl$VIDIOC_G_INPUT(0xffffffffffffffff, 0x80045626, &(0x7f0000000080)) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VIDIOC_SUBDEV_S_FMT(r3, 0xc0585605, &(0x7f0000000340)={0x1, 0x0, {0x61f9100, 0xce, 0x100f, 0x7, 0x0, 0x0, 0x0, 0x1}}) write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000000540)={0x48, 0x0, 0x5, [{0x1, 0x349, 0x5, 0x8, 'syz2\x00'}, {0x6, 0x9, 0x0, 0x1}]}, 0x48) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="74c9fca15e3b73bf94d005000000", @ANYRES16=r4, @ANYBLOB="000226bd7000fedbdf25090000000c00028008000900070000000800060008000000080004000000000044000380080003000200000014000200726f73653000000000000000000000000800030000000000060007004e23000014000200767863616e3100"/110], 0x74}, 0x1, 0x0, 0x0, 0x8800}, 0x4c800) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000008, 0x28011, r1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$sock_inet6_udp_SIOCOUTQ(r6, 0x5411, &(0x7f00000005c0)) r7 = getpid() sched_setscheduler(r7, 0x5, &(0x7f0000000380)) r8 = syz_open_procfs(r7, &(0x7f00000000c0)='comm\x00') sendmsg$NFT_MSG_GETOBJ_RESET(r8, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x3c, 0x15, 0xa, 0x401, 0x0, 0x0, {0xc, 0x0, 0x9}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x9}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x1}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x8800) 09:02:29 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, 0x0) [ 1293.373578][T17508] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:02:29 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, 0x0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:29 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1293.584305][ T7788] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1293.656691][ T7788] CPU: 0 PID: 7788 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1293.665323][ T7788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1293.675367][ T7788] Call Trace: [ 1293.678662][ T7788] dump_stack+0x11d/0x187 [ 1293.682995][ T7788] dump_header+0xa7/0x399 [ 1293.687338][ T7788] oom_kill_process.cold+0x10/0x15 [ 1293.692460][ T7788] out_of_memory+0x21d/0xa30 [ 1293.697057][ T7788] ? __rcu_read_unlock+0x66/0x2f0 [ 1293.702098][ T7788] mem_cgroup_out_of_memory+0x12b/0x150 [ 1293.707870][ T7788] try_charge+0xb60/0xbe0 [ 1293.712218][ T7788] ? __perf_event_task_sched_out+0x150/0xaa0 [ 1293.718243][ T7788] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1293.723719][ T7788] __memcg_kmem_charge+0xcd/0x1b0 [ 1293.728758][ T7788] __alloc_pages_nodemask+0x268/0x310 [ 1293.734148][ T7788] alloc_pages_current+0xca/0x170 [ 1293.739186][ T7788] pte_alloc_one+0x14/0x50 [ 1293.743651][ T7788] __pte_alloc+0x27/0x210 [ 1293.748153][ T7788] copy_page_range+0x1391/0x1a40 [ 1293.753217][ T7788] dup_mm+0x72e/0xb90 [ 1293.757230][ T7788] copy_process+0x39ad/0x3b10 [ 1293.761916][ T7788] ? _raw_spin_unlock+0x38/0x60 [ 1293.766796][ T7788] _do_fork+0xf7/0x790 [ 1293.770876][ T7788] ? __read_once_size+0x45/0xd0 [ 1293.775798][ T7788] ? ktime_get_ts64+0x286/0x2c0 [ 1293.780665][ T7788] __x64_sys_clone+0x12e/0x170 [ 1293.785467][ T7788] do_syscall_64+0xc7/0x390 [ 1293.789984][ T7788] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1293.795880][ T7788] RIP: 0033:0x45aa4a [ 1293.799784][ T7788] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1293.819392][ T7788] RSP: 002b:00007ffca9301c20 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1293.827819][ T7788] RAX: ffffffffffffffda RBX: 00007ffca9301c20 RCX: 000000000045aa4a [ 1293.835823][ T7788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1293.843819][ T7788] RBP: 00007ffca9301c60 R08: 0000000000000001 R09: 00000000015e7940 09:02:30 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x6, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:30 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=@gettaction={0xb4, 0x32, 0x10, 0x70bd2b, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x5c, 0x1, [{0xc, 0x11, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xfff}}, {0x10, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x14, 0xa, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0x10, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0xc, 0x1b, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x466b}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}]}, @action_gd=@TCA_ACT_TAB={0x4}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_gd=@TCA_ACT_TAB={0x34, 0x1, [{0xc, 0x1e, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7fff}}, {0xc, 0x1b, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8000}}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x20000044}, 0x40010) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7, 0x633}) ioctl$VT_GETMODE(r1, 0x5601, &(0x7f0000000000)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1293.851813][ T7788] R10: 00000000015e7c10 R11: 0000000000000246 R12: 0000000000000001 [ 1293.859784][ T7788] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffca9301cb0 09:02:30 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)) recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1294.028132][ T7788] memory: usage 307200kB, limit 307200kB, failcnt 6844 [ 1294.038009][ T7788] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1294.045124][T17532] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" [ 1294.048966][ T7788] Memory cgroup stats for /syz0: [ 1294.049093][ T7788] anon 217767936 [ 1294.049093][ T7788] file 40960 [ 1294.049093][ T7788] kernel_stack 11870208 [ 1294.049093][ T7788] slab 15794176 [ 1294.049093][ T7788] sock 0 [ 1294.049093][ T7788] shmem 114688 [ 1294.049093][ T7788] file_mapped 135168 [ 1294.049093][ T7788] file_dirty 0 [ 1294.049093][ T7788] file_writeback 0 [ 1294.049093][ T7788] anon_thp 155189248 [ 1294.049093][ T7788] inactive_anon 0 [ 1294.049093][ T7788] active_anon 217767936 [ 1294.049093][ T7788] inactive_file 0 [ 1294.049093][ T7788] active_file 16384 [ 1294.049093][ T7788] unevictable 0 [ 1294.049093][ T7788] slab_reclaimable 1486848 [ 1294.049093][ T7788] slab_unreclaimable 14307328 [ 1294.049093][ T7788] pgfault 92565 [ 1294.049093][ T7788] pgmajfault 0 [ 1294.049093][ T7788] workingset_refault 1683 [ 1294.049093][ T7788] workingset_activate 330 [ 1294.049093][ T7788] workingset_nodereclaim 0 [ 1294.049093][ T7788] pgrefill 5488 [ 1294.049093][ T7788] pgscan 11887 [ 1294.049093][ T7788] pgsteal 3422 09:02:30 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1294.179186][ T7788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17379,uid=0 [ 1294.208788][ T7788] Memory cgroup out of memory: Killed process 17379 (syz-executor.0) total-vm:74968kB, anon-rss:2216kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:30 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x7, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1294.333996][ T7803] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1294.379138][ T7803] CPU: 1 PID: 7803 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1294.387764][ T7803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1294.397812][ T7803] Call Trace: [ 1294.401247][ T7803] dump_stack+0x11d/0x187 [ 1294.405596][ T7803] dump_header+0xa7/0x399 [ 1294.409935][ T7803] oom_kill_process.cold+0x10/0x15 [ 1294.415112][ T7803] out_of_memory+0x21d/0xa30 [ 1294.419795][ T7803] mem_cgroup_out_of_memory+0x12b/0x150 [ 1294.425355][ T7803] try_charge+0xb60/0xbe0 [ 1294.429718][ T7803] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1294.435240][ T7803] __memcg_kmem_charge+0xcd/0x1b0 [ 1294.440272][ T7803] __alloc_pages_nodemask+0x268/0x310 [ 1294.445659][ T7803] alloc_pages_current+0xca/0x170 [ 1294.450720][ T7803] pte_alloc_one+0x14/0x50 [ 1294.455148][ T7803] __pte_alloc+0x27/0x210 [ 1294.459517][ T7803] copy_page_range+0x1391/0x1a40 [ 1294.464499][ T7803] dup_mm+0x72e/0xb90 [ 1294.468517][ T7803] copy_process+0x39ad/0x3b10 [ 1294.473197][ T7803] ? _raw_spin_unlock+0x38/0x60 [ 1294.478079][ T7803] _do_fork+0xf7/0x790 [ 1294.482151][ T7803] ? __read_once_size+0x45/0xd0 [ 1294.487010][ T7803] ? ktime_get_ts64+0x286/0x2c0 [ 1294.491882][ T7803] __x64_sys_clone+0x12e/0x170 [ 1294.496723][ T7803] do_syscall_64+0xc7/0x390 [ 1294.501239][ T7803] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1294.507144][ T7803] RIP: 0033:0x45aa4a [ 1294.511048][ T7803] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1294.530658][ T7803] RSP: 002b:00007fff23ee36c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1294.539085][ T7803] RAX: ffffffffffffffda RBX: 00007fff23ee36c0 RCX: 000000000045aa4a [ 1294.547056][ T7803] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1294.555031][ T7803] RBP: 00007fff23ee3700 R08: 0000000000000001 R09: 0000000000fd8940 [ 1294.562999][ T7803] R10: 0000000000fd8c10 R11: 0000000000000246 R12: 0000000000000001 [ 1294.570969][ T7803] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff23ee3750 [ 1294.620165][ T7803] memory: usage 307200kB, limit 307200kB, failcnt 11289 [ 1294.628505][ T7803] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1294.636027][ T7803] Memory cgroup stats for /syz2: [ 1294.636241][ T7803] anon 219086848 [ 1294.636241][ T7803] file 45056 [ 1294.636241][ T7803] kernel_stack 11206656 [ 1294.636241][ T7803] slab 14577664 [ 1294.636241][ T7803] sock 0 [ 1294.636241][ T7803] shmem 110592 [ 1294.636241][ T7803] file_mapped 135168 [ 1294.636241][ T7803] file_dirty 0 [ 1294.636241][ T7803] file_writeback 0 [ 1294.636241][ T7803] anon_thp 155189248 [ 1294.636241][ T7803] inactive_anon 0 [ 1294.636241][ T7803] active_anon 219090944 [ 1294.636241][ T7803] inactive_file 0 [ 1294.636241][ T7803] active_file 12288 [ 1294.636241][ T7803] unevictable 0 [ 1294.636241][ T7803] slab_reclaimable 1216512 [ 1294.636241][ T7803] slab_unreclaimable 13361152 [ 1294.636241][ T7803] pgfault 101871 [ 1294.636241][ T7803] pgmajfault 0 [ 1294.636241][ T7803] workingset_refault 660 [ 1294.636241][ T7803] workingset_activate 198 09:02:30 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x4, 0x24480) r1 = openat$cgroup_ro(r0, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:02:30 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1294.636241][ T7803] workingset_nodereclaim 0 [ 1294.636241][ T7803] pgrefill 5475 [ 1294.636241][ T7803] pgscan 20366 [ 1294.636241][ T7803] pgsteal 13303 [ 1294.680301][T17556] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" [ 1294.773147][ T7803] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17477,uid=0 [ 1294.851302][ T7803] Memory cgroup out of memory: Killed process 17477 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:31 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x149002, 0x0) ioctl$IMHOLD_L1(r0, 0x80044948, &(0x7f0000000040)=0x8) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:02:31 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x8, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1294.959002][ T1078] oom_reaper: reaped process 17477 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 09:02:31 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, 0x0) [ 1295.229944][T17583] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:02:31 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, 0x0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:31 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)) recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:31 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$ARPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x63, &(0x7f0000000000)={'IDLETIMER\x00'}, &(0x7f0000000040)=0x1e) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) socket$unix(0x1, 0x1, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:02:31 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xa, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:31 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1296.030957][T17615] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:02:32 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f00006fe000/0x1000)=nil, 0x1000, 0x0, 0x28011, r0, 0x0) 09:02:32 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={0x0}) 09:02:32 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x10, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1296.507575][T17634] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:02:32 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x34, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:32 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0b") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:32 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:32 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, 0x0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:33 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={0x0}) 09:02:33 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x48, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:33 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7, 0x633}) ioctl$VT_DISALLOCATE(r0, 0x5608) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20040000, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) [ 1297.377547][T17673] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:02:33 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x4a, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:33 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:33 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, 0x0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:34 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={0x0}) 09:02:34 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) r1 = socket$key(0xf, 0x3, 0x2) getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f0000000280)) r2 = fcntl$dupfd(0xffffffffffffffff, 0x406, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x6, 0x0) close(r3) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x83, &(0x7f0000000240)={r5, @in={{0x2, 0x0, @broadcast}}}, &(0x7f0000000540)=0x100) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000000)={r5, 0xfb, "1332c079c85c78d342b185c311810741fc9222d6bf2216c69f286a208c53bf56d11bd52b323a12d5fb84d1d252040ce009f7cec074c7deeacf618e51a908d8305d5869ea295e20881854172336d8b480f9ba4545c566082f68c9f8dd8268efe1d026a01c7c08139f9ed74facb16b8c54af5debc8f98d94494209a31163c471604599177bc8e4cfff629291a1f2e33e2b75200c9fe0e4904fb4109ac77c0b41d96c86803841ffdc9c546516fc08fbd59dffd5ed7e7f8cfaa565e0c3bb365c847ddb94bab6a204aa4f425d6301a965e5d0894d4c5577538c95e88e0a96a9f7ff02ada395cf39a51f4d7b1392778f75f7c4e72a06cc949a5bbc3070ed"}, &(0x7f0000000140)=0x103) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snapshot\x00', 0x18000, 0x0) write$FUSE_BMAP(r6, &(0x7f0000000200)={0x18, 0x0, 0x4, {0xff}}, 0x18) [ 1297.881966][T17686] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 09:02:34 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0b") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1297.949098][T17688] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" [ 1298.028711][T17686] CPU: 0 PID: 17686 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1298.037436][T17686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1298.047487][T17686] Call Trace: [ 1298.050792][T17686] dump_stack+0x11d/0x187 [ 1298.055133][T17686] dump_header+0xa7/0x399 [ 1298.059471][T17686] oom_kill_process.cold+0x10/0x15 [ 1298.064683][T17686] out_of_memory+0x21d/0xa30 [ 1298.069397][T17686] ? __rcu_read_unlock+0x66/0x2f0 [ 1298.074446][T17686] mem_cgroup_out_of_memory+0x12b/0x150 [ 1298.080014][T17686] try_charge+0xb60/0xbe0 [ 1298.084359][T17686] ? __rcu_read_unlock+0x66/0x2f0 [ 1298.089401][T17686] mem_cgroup_try_charge+0xd7/0x260 [ 1298.094620][T17686] mem_cgroup_try_charge_delay+0x36/0x70 [ 1298.100259][T17686] wp_page_copy+0x31a/0xf20 [ 1298.104772][T17686] ? __delayacct_freepages_end+0x7d/0x90 [ 1298.110406][T17686] ? kvm_clock_read+0x14/0x30 [ 1298.115122][T17686] ? kvm_sched_clock_read+0x5/0x10 [ 1298.120268][T17686] do_wp_page+0x185/0xcc0 [ 1298.124598][T17686] ? psi_task_change+0x1a4/0x2c0 [ 1298.129543][T17686] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1298.135465][T17686] __handle_mm_fault+0x1c5e/0x2cf0 [ 1298.140620][T17686] handle_mm_fault+0x21c/0x540 [ 1298.145518][T17686] do_page_fault+0x4a4/0xa52 [ 1298.150155][T17686] ? prepare_exit_to_usermode+0x165/0x1c0 [ 1298.155916][T17686] page_fault+0x34/0x40 [ 1298.160065][T17686] RIP: 0033:0x4114c8 [ 1298.164010][T17686] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 78 1d 4c 00 31 c0 e8 e3 09 ff ff 31 ff e8 2c 06 ff ff 0f 1f 40 00 <89> 3c b5 00 00 74 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 11 87 00 [ 1298.183617][T17686] RSP: 002b:00007ffd307688c0 EFLAGS: 00010246 [ 1298.189743][T17686] RAX: 000000007a3b6050 RBX: 00000000872956bf RCX: 0000001b2ce20000 [ 1298.197725][T17686] RDX: 0000000000000000 RSI: 0000000000000050 RDI: ffffffff7a3b6050 [ 1298.205703][T17686] RBP: 0000000000000005 R08: 000000007a3b6050 R09: 000000007a3b6054 [ 1298.213675][T17686] R10: 00007ffd30768a60 R11: 0000000000000246 R12: 000000000076bfa8 [ 1298.221651][T17686] R13: 0000000080000000 R14: 00007f30b6714008 R15: 0000000000000005 [ 1298.238926][T17686] memory: usage 307200kB, limit 307200kB, failcnt 5541 [ 1298.246282][T17686] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1298.253936][T17686] Memory cgroup stats for /syz5: [ 1298.276044][T17686] anon 268328960 [ 1298.276044][T17686] file 180224 [ 1298.276044][T17686] kernel_stack 5271552 [ 1298.276044][T17686] slab 7811072 [ 1298.276044][T17686] sock 0 [ 1298.276044][T17686] shmem 0 [ 1298.276044][T17686] file_mapped 135168 [ 1298.276044][T17686] file_dirty 0 [ 1298.276044][T17686] file_writeback 0 [ 1298.276044][T17686] anon_thp 239075328 [ 1298.276044][T17686] inactive_anon 0 [ 1298.276044][T17686] active_anon 268341248 [ 1298.276044][T17686] inactive_file 0 [ 1298.276044][T17686] active_file 0 [ 1298.276044][T17686] unevictable 0 [ 1298.276044][T17686] slab_reclaimable 946176 09:02:34 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x11, r0, 0x0) r1 = socket$key(0xf, 0x3, 0x2) getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f0000000280)) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x11, 0x800000003, 0x0) bind(r3, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r3, &(0x7f00000006c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000007c0)=@newtfilter={0x24, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) ioctl$sock_SIOCADDRT(r1, 0x890b, &(0x7f0000000040)={0x0, @l2tp={0x2, 0x0, @multicast2, 0x4}, @xdp={0x2c, 0x9, r4, 0x11}, @rc={0x1f, @any, 0x20}, 0x2, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000000)='macsec0\x00', 0x8, 0xffffffff, 0x7f}) ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f00000000c0)={@empty, 0x15, r5}) 09:02:34 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x4b, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1298.276044][T17686] slab_unreclaimable 6864896 [ 1298.276044][T17686] pgfault 141009 [ 1298.276044][T17686] pgmajfault 0 [ 1298.276044][T17686] workingset_refault 1287 [ 1298.276044][T17686] workingset_activate 198 [ 1298.276044][T17686] workingset_nodereclaim 0 [ 1298.276044][T17686] pgrefill 3938 [ 1298.276044][T17686] pgscan 15113 [ 1298.276044][T17686] pgsteal 8200 [ 1298.580302][T17686] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=4646,uid=0 [ 1298.596754][T17718] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" [ 1298.608972][T17686] Memory cgroup out of memory: Killed process 4646 (syz-executor.5) total-vm:74968kB, anon-rss:2220kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:34 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x0, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1298.632918][ T1078] oom_reaper: reaped process 4646 (syz-executor.5), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 09:02:34 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:34 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x4c, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:35 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)) recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:35 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES64=r0, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd0001000000000023cd3741ce8074c5fe8524c0306554362ddd4c0617b1ed0cd8cb892ef805ab93a186423f124b7c6a03d724f7ead1ef33adfdbe08b8c5236b93b9797b4409f6e3", @ANYPTR, @ANYBLOB="00000079abd1932aac8e632d44c4c6ec3e5d020ea25b47c869628ad66117607ef70da3dd34de6154cb4c3770c6"], 0x5}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x11, 0x800000003, 0x0) bind(r3, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r3, &(0x7f00000006c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000007c0)=@newtfilter={0x24, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) r5 = socket(0xa, 0x2, 0x0) ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f0000000100)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x8, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bpq0='bpq0\x00', 0x4, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null]}) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r6) sendmsg$nl_xfrm(r1, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000040)={&(0x7f0000000200)=@polexpire={0x1c4, 0x1b, 0x300, 0x70bd25, 0x25dfdbfb, {{{@in=@broadcast, @in6=@mcast2, 0x4e21, 0x20, 0x4e20, 0x4, 0xa, 0x0, 0x20, 0x0, r4, r6}, {0x63, 0x5, 0x1f, 0x9, 0x5, 0x6, 0x400, 0x7fff}, {0x7, 0x5, 0x9, 0x80000001}, 0x800, 0x6e6bb6, 0x2, 0x0, 0x3, 0x2}, 0x81}, [@tmpl={0x104, 0x5, [{{@in6=@local, 0x4d2, 0x32}, 0xa, @in=@dev={0xac, 0x14, 0x14, 0x28}, 0x3504, 0x4, 0x0, 0x81, 0x1, 0x9, 0x1}, {{@in=@remote, 0x4d6, 0x5e}, 0xa, @in=@broadcast, 0x0, 0x4, 0x1, 0x3, 0xffffffff, 0x0, 0x2800}, {{@in=@rand_addr=0x4, 0x4d6, 0x3c}, 0xa, @in6=@remote, 0x3502, 0x1, 0x2, 0x7, 0x10000, 0x8000, 0x8}, {{@in=@remote, 0x4d2, 0x6c}, 0x2, @in=@loopback, 0x3504, 0x4, 0x2, 0x22, 0x9, 0x4, 0x4}]}]}, 0x1c4}, 0x1, 0x0, 0x0, 0x8010}, 0x20000040) ioctl$TIOCMIWAIT(r0, 0x545c, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) ioctl$TIOCSSERIAL(0xffffffffffffffff, 0x541e, &(0x7f0000000580)={0x7af, 0x9, 0x3, 0x0, 0x7, 0xffffffff, 0x3f, 0x2, 0x7, 0xb0, 0x7, 0xab3000, 0x20, 0x8, &(0x7f0000000400)=""/78, 0x2, 0x3f, 0x80000001}) [ 1299.061160][T17736] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:02:35 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x68, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:35 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0b") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:35 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x0, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:35 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x6c, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:36 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(0x0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:36 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(0x0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:36 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(0x0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:36 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0b") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:36 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, 0x0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:36 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x74, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:36 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, 0x0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:36 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:36 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x0, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:36 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, 0x0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:36 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x7a, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:37 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x0, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1300.864642][T17831] ptrace attach of "/root/syz-executor.5"[17818] was attempted by "/root/syz-executor.5"[17831] 09:02:37 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x0, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:37 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x98, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1301.279452][ T7813] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1301.298695][ T7813] CPU: 0 PID: 7813 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1301.307297][ T7813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1301.317366][ T7813] Call Trace: [ 1301.320673][ T7813] dump_stack+0x11d/0x187 [ 1301.325024][ T7813] dump_header+0xa7/0x399 [ 1301.329363][ T7813] oom_kill_process.cold+0x10/0x15 [ 1301.334486][ T7813] out_of_memory+0x21d/0xa30 [ 1301.339092][ T7813] ? __rcu_read_unlock+0x66/0x2f0 [ 1301.344231][ T7813] mem_cgroup_out_of_memory+0x12b/0x150 [ 1301.349800][ T7813] try_charge+0xb60/0xbe0 [ 1301.354159][ T7813] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1301.359747][ T7813] __memcg_kmem_charge+0xcd/0x1b0 [ 1301.364792][ T7813] __alloc_pages_nodemask+0x268/0x310 [ 1301.370244][ T7813] alloc_pages_current+0xca/0x170 [ 1301.375317][ T7813] __pmd_alloc+0x48/0x2b0 [ 1301.379663][ T7813] copy_page_range+0x14df/0x1a40 [ 1301.384671][ T7813] ? vma_gap_callbacks_rotate+0x11a/0x180 [ 1301.390415][ T7813] ? __rb_insert_augmented+0x11b/0x360 [ 1301.395926][ T7813] ? __vma_link_rb+0x3ed/0x440 [ 1301.400823][ T7813] dup_mm+0x72e/0xb90 [ 1301.404830][ T7813] copy_process+0x39ad/0x3b10 [ 1301.409516][ T7813] ? _raw_spin_unlock+0x38/0x60 [ 1301.414391][ T7813] _do_fork+0xf7/0x790 [ 1301.418522][ T7813] ? __read_once_size+0x45/0xd0 [ 1301.423381][ T7813] ? ktime_get_ts64+0x286/0x2c0 [ 1301.428248][ T7813] __x64_sys_clone+0x12e/0x170 [ 1301.433062][ T7813] do_syscall_64+0xc7/0x390 [ 1301.437589][ T7813] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1301.443481][ T7813] RIP: 0033:0x45aa4a [ 1301.447420][ T7813] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1301.467032][ T7813] RSP: 002b:00007ffd30768af0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 09:02:37 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, 0x0) [ 1301.475452][ T7813] RAX: ffffffffffffffda RBX: 00007ffd30768af0 RCX: 000000000045aa4a [ 1301.483425][ T7813] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1301.491456][ T7813] RBP: 00007ffd30768b30 R08: 0000000000000001 R09: 00000000015a8940 [ 1301.499492][ T7813] R10: 00000000015a8c10 R11: 0000000000000246 R12: 0000000000000001 [ 1301.507542][ T7813] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffd30768b80 [ 1301.519278][ T7813] memory: usage 307200kB, limit 307200kB, failcnt 5574 [ 1301.526440][ T7813] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1301.533912][ T7813] Memory cgroup stats for /syz5: [ 1301.534069][ T7813] anon 267075584 [ 1301.534069][ T7813] file 180224 [ 1301.534069][ T7813] kernel_stack 5382144 [ 1301.534069][ T7813] slab 7946240 [ 1301.534069][ T7813] sock 0 [ 1301.534069][ T7813] shmem 0 [ 1301.534069][ T7813] file_mapped 135168 [ 1301.534069][ T7813] file_dirty 0 [ 1301.534069][ T7813] file_writeback 0 [ 1301.534069][ T7813] anon_thp 236978176 [ 1301.534069][ T7813] inactive_anon 0 [ 1301.534069][ T7813] active_anon 267087872 [ 1301.534069][ T7813] inactive_file 0 [ 1301.534069][ T7813] active_file 0 [ 1301.534069][ T7813] unevictable 0 [ 1301.534069][ T7813] slab_reclaimable 1081344 [ 1301.534069][ T7813] slab_unreclaimable 6864896 [ 1301.534069][ T7813] pgfault 141603 [ 1301.534069][ T7813] pgmajfault 0 [ 1301.534069][ T7813] workingset_refault 1287 [ 1301.534069][ T7813] workingset_activate 198 [ 1301.534069][ T7813] workingset_nodereclaim 0 [ 1301.534069][ T7813] pgrefill 4038 [ 1301.534069][ T7813] pgscan 15146 [ 1301.534069][ T7813] pgsteal 8200 [ 1301.534296][T17846] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" [ 1301.539510][ T7813] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=4578,uid=0 [ 1301.654407][ T7813] Memory cgroup out of memory: Killed process 4578 (syz-executor.5) total-vm:74968kB, anon-rss:2220kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1301.674704][ T1078] oom_reaper: reaped process 4578 (syz-executor.5), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 09:02:37 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000001440)='/dev/snd/controlC#\x00', 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r3 = creat(0x0, 0x0) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r3, 0xc01064c7, &(0x7f00000003c0)={0x4, 0x0, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0]}) r5 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_buf(r5, 0x29, 0x11, &(0x7f0000c86000), &(0x7f0000000040)=0xfffffffffffffcbc) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000400)={&(0x7f00000000c0)=[0x2, 0x400, 0x0, 0x4, 0x10000, 0x5, 0x5d9, 0x6, 0x7], 0x9, 0x800, r4, r5}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000080)=[0x3, 0xea41, 0x400, 0x3, 0x4e, 0x1, 0x7ff, 0x8000, 0x1], 0x9, 0x80000, r4, r0}) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000040)) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r1, 0xc008551b, &(0x7f0000000000)={0x7fff, 0xc, [0x6, 0x1f, 0xc0000000]}) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = gettid() process_vm_writev(r8, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000000a40)=[{&(0x7f0000000140)=""/31, 0x1f}, {&(0x7f0000000700)=""/89, 0x59}, {&(0x7f0000000780)=""/129, 0x81}, {&(0x7f0000000840)=""/148, 0x94}, {&(0x7f0000000900)=""/81, 0x51}, {&(0x7f0000000980)=""/150, 0x96}], 0x6, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000180)={0x2, 0x5, {r8}, {0xee01}, 0x401, 0x8}) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000200)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0xc) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='fuse\x00', 0x0, &(0x7f0000000440)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r9}, 0x2c, {'group_id', 0x3d, r10}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x400}}], [{@subj_type={'subj_type', 0x3d, '-($nodevbdev*'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '/dev/snd/controlC#\x00'}}]}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:02:37 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x0, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:37 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1301.914500][T17858] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 09:02:38 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, 0x0) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:38 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xa0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1302.011119][T17858] CPU: 0 PID: 17858 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1302.019864][T17858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1302.030049][T17858] Call Trace: [ 1302.033358][T17858] dump_stack+0x11d/0x187 [ 1302.037710][T17858] dump_header+0xa7/0x399 [ 1302.042055][T17858] oom_kill_process.cold+0x10/0x15 [ 1302.047182][T17858] out_of_memory+0x21d/0xa30 [ 1302.051803][T17858] ? __rcu_read_unlock+0x66/0x2f0 [ 1302.056955][T17858] mem_cgroup_out_of_memory+0x12b/0x150 [ 1302.062625][T17858] try_charge+0xb60/0xbe0 [ 1302.066973][T17858] ? free_one_page+0x1d0/0x4e0 [ 1302.071749][T17858] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1302.077401][T17858] __memcg_kmem_charge+0xcd/0x1b0 [ 1302.082454][T17858] __alloc_pages_nodemask+0x268/0x310 [ 1302.087936][T17858] alloc_pages_current+0xca/0x170 [ 1302.093013][T17858] pte_alloc_one+0x14/0x50 [ 1302.097482][T17858] __pte_alloc+0x27/0x210 [ 1302.101826][T17858] __handle_mm_fault+0x1f63/0x2cf0 [ 1302.107003][T17858] handle_mm_fault+0x21c/0x540 [ 1302.111781][T17858] do_page_fault+0x4a4/0xa52 [ 1302.116459][T17858] page_fault+0x34/0x40 [ 1302.120621][T17858] RIP: 0010:__put_user_4+0x1c/0x30 [ 1302.125736][T17858] Code: 1f 00 c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 40 8c 01 00 48 8b 9b 50 0b 00 00 48 83 eb 03 48 39 d9 73 4a 0f 1f 00 <89> 01 31 c0 0f 1f 00 c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 1302.145375][T17858] RSP: 0018:ffffc9001aec3e88 EFLAGS: 00010297 [ 1302.151446][T17858] RAX: 0000000000000003 RBX: 00007fffffffeffd RCX: 00000000200001c0 [ 1302.159417][T17858] RDX: 0000000000000000 RSI: ffffffff83b10a33 RDI: 0000000000000005 [ 1302.166975][T17870] fuse: Bad value for 'group_id' [ 1302.167394][T17858] RBP: 0000000000000003 R08: ffff888013aae0c0 R09: 0000ffff85a5a730 [ 1302.167405][T17858] R10: 0000ffffffffffff R11: 0000ffff85a5a737 R12: 0000000000000004 [ 1302.167473][T17858] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000 [ 1302.196448][T17858] ? __sys_socketpair+0xa3/0x440 [ 1302.201406][T17858] __sys_socketpair+0xae/0x440 [ 1302.206180][T17858] ? put_timespec64+0x91/0xc0 [ 1302.210870][T17858] __x64_sys_socketpair+0x59/0x70 [ 1302.215906][T17858] do_syscall_64+0xc7/0x390 [ 1302.220482][T17858] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1302.226374][T17858] RIP: 0033:0x45c479 [ 1302.230277][T17858] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1302.249931][T17858] RSP: 002b:00007f0678b1cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 1302.258353][T17858] RAX: ffffffffffffffda RBX: 00007f0678b1d6d4 RCX: 000000000045c479 [ 1302.266387][T17858] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 1302.274362][T17858] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1302.282340][T17858] R10: 00000000200001c0 R11: 0000000000000246 R12: 00000000ffffffff [ 1302.290321][T17858] R13: 0000000000000b9e R14: 00000000004cd8e8 R15: 000000000076bf2c 09:02:38 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, 0x0) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1302.331404][T17858] memory: usage 307200kB, limit 307200kB, failcnt 11319 [ 1302.348667][T17858] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1302.355587][T17858] Memory cgroup stats for /syz2: [ 1302.355731][T17858] anon 217817088 [ 1302.355731][T17858] file 45056 [ 1302.355731][T17858] kernel_stack 11280384 [ 1302.355731][T17858] slab 14848000 [ 1302.355731][T17858] sock 0 [ 1302.355731][T17858] shmem 110592 [ 1302.355731][T17858] file_mapped 135168 [ 1302.355731][T17858] file_dirty 0 [ 1302.355731][T17858] file_writeback 0 [ 1302.355731][T17858] anon_thp 153092096 [ 1302.355731][T17858] inactive_anon 0 [ 1302.355731][T17858] active_anon 217821184 [ 1302.355731][T17858] inactive_file 0 [ 1302.355731][T17858] active_file 12288 [ 1302.355731][T17858] unevictable 0 [ 1302.355731][T17858] slab_reclaimable 1216512 [ 1302.355731][T17858] slab_unreclaimable 13631488 [ 1302.355731][T17858] pgfault 102432 [ 1302.355731][T17858] pgmajfault 0 [ 1302.355731][T17858] workingset_refault 660 [ 1302.355731][T17858] workingset_activate 231 [ 1302.355731][T17858] workingset_nodereclaim 0 [ 1302.355731][T17858] pgrefill 5541 [ 1302.355731][T17858] pgscan 20566 [ 1302.355731][T17858] pgsteal 13336 09:02:38 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, 0x0) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:38 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYRES64], 0x1}}, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000000914000127bd7000fb079801000000000008000100010000000800010000000000080001000200"/58], 0x40}, 0x1, 0x0, 0x0, 0x48051}, 0x800) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000b40)={0x3, {{0x2, 0x4e22, @local}}}, 0x88) r2 = syz_open_dev$media(&(0x7f0000000200)='/dev/media#\x00', 0x7f, 0x80100) sendto$llc(r2, &(0x7f00000002c0)="bce3b1b5a0596269dbfa396949afb0cce63a23d9477c90413ae4a508372bf62fc263d1126db712fad90233d121ea1ca1728ff4f143605c35b633221c59693e77426ba026aa3118880dd940cfb94c1dfdd2eec4fda2bbdfdb8441b75ab9e5b51f4944157311f1ebda47519a808b7cfe9af4d6a7e0e4a135b9341fc74dd52a56ee144959c7f7af12c7b874421d62c5e9e35bacdf3e5cfd9051236059ecc062756f5f268ae7914a0569adb12e32f16aad", 0xaf, 0x44000, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) openat$autofs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs\x00', 0x252a00, 0x0) r4 = socket$key(0xf, 0x3, 0x2) getsockopt$sock_buf(r4, 0x1, 0x1c, 0x0, &(0x7f0000000280)) read(r4, &(0x7f0000000140)=""/23, 0x17) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r3, 0x0) [ 1302.662518][T17858] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17175,uid=0 09:02:38 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0xffffffffffffffff, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1302.770024][T17858] Memory cgroup out of memory: Killed process 17175 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:39 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xba, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:39 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:39 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, 0x0) 09:02:39 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x1af, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:39 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0xffffffffffffffff, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:39 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x1d4, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:40 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1304.012332][T17939] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:02:40 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, 0x0) 09:02:40 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a0") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:40 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x1e8, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:40 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0xffffffffffffffff, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:40 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x1fe, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:41 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={0x0}) 09:02:41 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x244, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:41 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f0000000000)=""/120) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:02:41 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a0") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1305.394064][T17996] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:02:41 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, 0x0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:41 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x2f4, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1305.690581][ T7813] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1305.719230][ T7813] CPU: 0 PID: 7813 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1305.727847][ T7813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1305.737900][ T7813] Call Trace: [ 1305.741217][ T7813] dump_stack+0x11d/0x187 [ 1305.745558][ T7813] dump_header+0xa7/0x399 [ 1305.749903][ T7813] oom_kill_process.cold+0x10/0x15 [ 1305.755029][ T7813] out_of_memory+0x21d/0xa30 [ 1305.759694][ T7813] ? __rcu_read_unlock+0x66/0x2f0 [ 1305.764809][ T7813] mem_cgroup_out_of_memory+0x12b/0x150 [ 1305.770381][ T7813] try_charge+0xb60/0xbe0 [ 1305.774803][ T7813] ? __this_cpu_preempt_check+0x3c/0x130 [ 1305.780451][ T7813] ? __perf_event_task_sched_in+0x150/0x3a0 [ 1305.786358][ T7813] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1305.791832][ T7813] __memcg_kmem_charge+0xcd/0x1b0 [ 1305.796869][ T7813] __alloc_pages_nodemask+0x268/0x310 [ 1305.802262][ T7813] alloc_pages_current+0xca/0x170 [ 1305.807308][ T7813] pte_alloc_one+0x14/0x50 [ 1305.811734][ T7813] __pte_alloc+0x27/0x210 [ 1305.816075][ T7813] copy_page_range+0x1391/0x1a40 [ 1305.821055][ T7813] dup_mm+0x72e/0xb90 [ 1305.825182][ T7813] copy_process+0x39ad/0x3b10 [ 1305.829972][ T7813] _do_fork+0xf7/0x790 [ 1305.834072][ T7813] ? __read_once_size+0x45/0xd0 [ 1305.838955][ T7813] ? ktime_get_ts64+0x286/0x2c0 [ 1305.843821][ T7813] __x64_sys_clone+0x12e/0x170 [ 1305.848609][ T7813] do_syscall_64+0xc7/0x390 [ 1305.853129][ T7813] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1305.859026][ T7813] RIP: 0033:0x45aa4a [ 1305.862995][ T7813] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1305.882608][ T7813] RSP: 002b:00007ffd30768af0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 09:02:42 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f0000000000)=""/120) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) [ 1305.891204][ T7813] RAX: ffffffffffffffda RBX: 00007ffd30768af0 RCX: 000000000045aa4a [ 1305.899199][ T7813] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1305.907185][ T7813] RBP: 00007ffd30768b30 R08: 0000000000000001 R09: 00000000015a8940 [ 1305.915164][ T7813] R10: 00000000015a8c10 R11: 0000000000000246 R12: 0000000000000001 [ 1305.923250][ T7813] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffd30768b80 [ 1305.942788][ T7813] memory: usage 307200kB, limit 307200kB, failcnt 5633 [ 1305.952639][ T7813] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1305.999087][ T7813] Memory cgroup stats for /syz5: [ 1305.999250][ T7813] anon 265924608 [ 1305.999250][ T7813] file 180224 [ 1305.999250][ T7813] kernel_stack 5419008 [ 1305.999250][ T7813] slab 8081408 [ 1305.999250][ T7813] sock 0 [ 1305.999250][ T7813] shmem 0 [ 1305.999250][ T7813] file_mapped 135168 [ 1305.999250][ T7813] file_dirty 0 [ 1305.999250][ T7813] file_writeback 0 [ 1305.999250][ T7813] anon_thp 234881024 [ 1305.999250][ T7813] inactive_anon 0 [ 1305.999250][ T7813] active_anon 265936896 [ 1305.999250][ T7813] inactive_file 0 09:02:42 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={0x0}) [ 1305.999250][ T7813] active_file 0 [ 1305.999250][ T7813] unevictable 0 [ 1305.999250][ T7813] slab_reclaimable 1081344 [ 1305.999250][ T7813] slab_unreclaimable 7000064 [ 1305.999250][ T7813] pgfault 142098 [ 1305.999250][ T7813] pgmajfault 0 [ 1305.999250][ T7813] workingset_refault 1320 [ 1305.999250][ T7813] workingset_activate 198 [ 1305.999250][ T7813] workingset_nodereclaim 0 [ 1305.999250][ T7813] pgrefill 4071 [ 1305.999250][ T7813] pgscan 15212 [ 1305.999250][ T7813] pgsteal 8200 [ 1306.107331][ T7813] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=4515,uid=0 09:02:42 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x300, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1306.333601][ T7813] Memory cgroup out of memory: Killed process 4515 (syz-executor.5) total-vm:74968kB, anon-rss:2220kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:42 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f0000000000)=""/120) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:02:42 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a0") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1306.524838][T18033] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:02:42 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x314, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:43 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f0000000000)=""/120) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) 09:02:43 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={0x0}) [ 1307.009326][T18053] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:02:43 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, 0x0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:43 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x328, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1307.341618][ T7813] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1307.402732][ T7813] CPU: 0 PID: 7813 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1307.412326][ T7813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1307.422769][ T7813] Call Trace: [ 1307.426316][ T7813] dump_stack+0x11d/0x187 [ 1307.431065][ T7813] dump_header+0xa7/0x399 [ 1307.435733][ T7813] oom_kill_process.cold+0x10/0x15 [ 1307.440872][ T7813] out_of_memory+0x21d/0xa30 [ 1307.445653][ T7813] ? __rcu_read_unlock+0x66/0x2f0 [ 1307.450948][ T7813] mem_cgroup_out_of_memory+0x12b/0x150 [ 1307.456688][ T7813] try_charge+0xb60/0xbe0 [ 1307.461244][ T7813] ? __this_cpu_preempt_check+0x3c/0x130 [ 1307.467298][ T7813] ? __perf_event_task_sched_in+0x150/0x3a0 [ 1307.473330][ T7813] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1307.478894][ T7813] __memcg_kmem_charge+0xcd/0x1b0 [ 1307.484140][ T7813] __alloc_pages_nodemask+0x268/0x310 [ 1307.489549][ T7813] alloc_pages_current+0xca/0x170 [ 1307.494602][ T7813] pte_alloc_one+0x14/0x50 [ 1307.499309][ T7813] __pte_alloc+0x27/0x210 [ 1307.503808][ T7813] copy_page_range+0x1391/0x1a40 [ 1307.509127][ T7813] dup_mm+0x72e/0xb90 [ 1307.514227][ T7813] copy_process+0x39ad/0x3b10 [ 1307.518933][ T7813] ? _raw_spin_unlock+0x38/0x60 [ 1307.524085][ T7813] _do_fork+0xf7/0x790 [ 1307.528313][ T7813] ? __read_once_size+0x45/0xd0 [ 1307.533276][ T7813] ? ktime_get_ts64+0x286/0x2c0 [ 1307.538594][ T7813] __x64_sys_clone+0x12e/0x170 [ 1307.543615][ T7813] do_syscall_64+0xc7/0x390 [ 1307.548310][ T7813] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1307.554305][ T7813] RIP: 0033:0x45aa4a [ 1307.558616][ T7813] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1307.578631][ T7813] RSP: 002b:00007ffd30768af0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1307.587165][ T7813] RAX: ffffffffffffffda RBX: 00007ffd30768af0 RCX: 000000000045aa4a [ 1307.595155][ T7813] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 09:02:43 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(0xffffffffffffffff, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1307.603372][ T7813] RBP: 00007ffd30768b30 R08: 0000000000000001 R09: 00000000015a8940 [ 1307.612013][ T7813] R10: 00000000015a8c10 R11: 0000000000000246 R12: 0000000000000001 [ 1307.620380][ T7813] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffd30768b80 09:02:44 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x44000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:02:44 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x396, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1307.928675][ T7813] memory: usage 307200kB, limit 307200kB, failcnt 5670 [ 1307.935875][ T7813] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1308.008386][ T7813] Memory cgroup stats for /syz5: [ 1308.008545][ T7813] anon 265924608 [ 1308.008545][ T7813] file 180224 [ 1308.008545][ T7813] kernel_stack 5419008 [ 1308.008545][ T7813] slab 8081408 [ 1308.008545][ T7813] sock 0 [ 1308.008545][ T7813] shmem 0 [ 1308.008545][ T7813] file_mapped 135168 [ 1308.008545][ T7813] file_dirty 0 [ 1308.008545][ T7813] file_writeback 0 [ 1308.008545][ T7813] anon_thp 234881024 [ 1308.008545][ T7813] inactive_anon 0 [ 1308.008545][ T7813] active_anon 265936896 [ 1308.008545][ T7813] inactive_file 0 [ 1308.008545][ T7813] active_file 0 [ 1308.008545][ T7813] unevictable 0 [ 1308.008545][ T7813] slab_reclaimable 1081344 [ 1308.008545][ T7813] slab_unreclaimable 7000064 [ 1308.008545][ T7813] pgfault 142197 [ 1308.008545][ T7813] pgmajfault 0 [ 1308.008545][ T7813] workingset_refault 1320 [ 1308.008545][ T7813] workingset_activate 198 [ 1308.008545][ T7813] workingset_nodereclaim 0 [ 1308.008545][ T7813] pgrefill 4071 [ 1308.008545][ T7813] pgscan 15245 [ 1308.008545][ T7813] pgsteal 8200 [ 1308.116239][ T7813] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=4457,uid=0 [ 1308.133745][ T7813] Memory cgroup out of memory: Killed process 4457 (syz-executor.5) total-vm:74968kB, anon-rss:2220kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:44 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x2f000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:02:44 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f0000000000)=""/120) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) [ 1308.318032][T18093] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:02:44 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x3c0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:44 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(0xffffffffffffffff, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:45 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x0, &(0x7f0000000100)}], 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:45 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, 0x0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1309.013344][T18112] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" [ 1309.068086][T18119] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1309.151966][T18119] CPU: 0 PID: 18119 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1309.161027][T18119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1309.171221][T18119] Call Trace: [ 1309.175274][T18119] dump_stack+0x11d/0x187 [ 1309.179712][T18119] dump_header+0xa7/0x399 [ 1309.184071][T18119] oom_kill_process.cold+0x10/0x15 [ 1309.189465][T18119] out_of_memory+0x21d/0xa30 [ 1309.194178][T18119] ? __rcu_read_unlock+0x66/0x2f0 [ 1309.199302][T18119] mem_cgroup_out_of_memory+0x12b/0x150 [ 1309.205173][T18119] try_charge+0xb60/0xbe0 [ 1309.209962][T18119] ? up_read+0x40/0x90 [ 1309.214253][T18119] ? __this_cpu_preempt_check+0x3c/0x130 [ 1309.219916][T18119] mem_cgroup_charge_skmem+0xd2/0x190 [ 1309.225483][T18119] __sk_mem_raise_allocated+0x466/0xa10 [ 1309.231093][T18119] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1309.237211][T18119] __sk_mem_schedule+0x7a/0xd0 [ 1309.242002][T18119] sk_stream_alloc_skb+0x552/0x6a0 [ 1309.247219][T18119] tcp_sendmsg_locked+0xa9a/0x20f0 [ 1309.252560][T18119] ? aa_label_sk_perm.part.0+0x270/0x290 [ 1309.258355][T18119] tcp_sendmsg+0x35/0x50 [ 1309.262613][T18119] inet_sendmsg+0x69/0x90 [ 1309.266959][T18119] ? inet_send_prepare+0x1f0/0x1f0 [ 1309.272239][T18119] sock_sendmsg+0x98/0xc0 [ 1309.276591][T18119] __sys_sendto+0x1e2/0x2c0 [ 1309.281127][T18119] ? _copy_to_user+0x7d/0xb0 [ 1309.285746][T18119] __x64_sys_sendto+0x7e/0xa0 [ 1309.290602][T18119] do_syscall_64+0xc7/0x390 [ 1309.295128][T18119] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1309.301133][T18119] RIP: 0033:0x45c479 [ 1309.305208][T18119] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1309.325329][T18119] RSP: 002b:00007f0678b1cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1309.333867][T18119] RAX: ffffffffffffffda RBX: 00007f0678b1d6d4 RCX: 000000000045c479 [ 1309.342078][T18119] RDX: fffffffffffffeb4 RSI: 0000000020000200 RDI: 0000000000000003 [ 1309.350083][T18119] RBP: 000000000076bf20 R08: 0000000020db4ff0 R09: 0000000000000010 [ 1309.358186][T18119] R10: 0000000020008011 R11: 0000000000000246 R12: 00000000ffffffff [ 1309.366187][T18119] R13: 0000000000000a03 R14: 00000000004cc7a4 R15: 000000000076bf2c 09:02:45 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x3cc, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1309.465371][T18119] memory: usage 307200kB, limit 307200kB, failcnt 11348 [ 1309.472953][T18119] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1309.487891][T18119] Memory cgroup stats for /syz2: [ 1309.488102][T18119] anon 216313856 [ 1309.488102][T18119] file 180224 [ 1309.488102][T18119] kernel_stack 11317248 [ 1309.488102][T18119] slab 14848000 [ 1309.488102][T18119] sock 512000 [ 1309.488102][T18119] shmem 110592 [ 1309.488102][T18119] file_mapped 135168 [ 1309.488102][T18119] file_dirty 0 [ 1309.488102][T18119] file_writeback 135168 [ 1309.488102][T18119] anon_thp 150994944 [ 1309.488102][T18119] inactive_anon 0 [ 1309.488102][T18119] active_anon 216317952 [ 1309.488102][T18119] inactive_file 114688 [ 1309.488102][T18119] active_file 147456 [ 1309.488102][T18119] unevictable 0 [ 1309.488102][T18119] slab_reclaimable 1216512 [ 1309.488102][T18119] slab_unreclaimable 13631488 [ 1309.488102][T18119] pgfault 103290 [ 1309.488102][T18119] pgmajfault 0 09:02:45 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f0000000000)=""/120) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) [ 1309.488102][T18119] workingset_refault 660 [ 1309.488102][T18119] workingset_activate 231 [ 1309.488102][T18119] workingset_nodereclaim 0 [ 1309.488102][T18119] pgrefill 5692 [ 1309.488102][T18119] pgscan 20914 [ 1309.488102][T18119] pgsteal 13423 [ 1309.598661][T18119] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17125,uid=0 [ 1309.643306][T18129] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" [ 1309.687430][T18119] Memory cgroup out of memory: Killed process 17125 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:46 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(0xffffffffffffffff, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:46 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x3d0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1309.912374][T18118] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1310.016905][T18118] CPU: 0 PID: 18118 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1310.025988][T18118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1310.036060][T18118] Call Trace: [ 1310.039383][T18118] dump_stack+0x11d/0x187 [ 1310.043745][T18118] dump_header+0xa7/0x399 [ 1310.048368][T18118] oom_kill_process.cold+0x10/0x15 [ 1310.053659][T18118] out_of_memory+0x21d/0xa30 [ 1310.058468][T18118] mem_cgroup_out_of_memory+0x12b/0x150 [ 1310.064141][T18118] try_charge+0x7ed/0xbe0 [ 1310.068655][T18118] ? __rcu_read_unlock+0x66/0x2f0 [ 1310.073896][T18118] mem_cgroup_try_charge+0xd7/0x260 [ 1310.079297][T18118] mem_cgroup_try_charge_delay+0x36/0x70 [ 1310.085028][T18118] __handle_mm_fault+0x18f1/0x2cf0 [ 1310.090192][T18118] handle_mm_fault+0x21c/0x540 [ 1310.095056][T18118] do_page_fault+0x4a4/0xa52 [ 1310.099756][T18118] ? do_syscall_64+0x27f/0x390 [ 1310.104703][T18118] page_fault+0x34/0x40 [ 1310.109255][T18118] RIP: 0033:0x413c6f [ 1310.113413][T18118] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 1310.133210][T18118] RSP: 002b:00007fff23ee3470 EFLAGS: 00010206 [ 1310.139471][T18118] RAX: 00007f0678adc000 RBX: 0000000000020000 RCX: 000000000045c4ca [ 1310.148080][T18118] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1310.156080][T18118] RBP: 00007fff23ee3550 R08: ffffffffffffffff R09: 0000000000000000 [ 1310.164363][T18118] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff23ee3640 [ 1310.172611][T18118] R13: 00007f0678afc700 R14: 0000000000000001 R15: 000000000076bfcc [ 1310.246012][T18151] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" [ 1310.269164][T18118] memory: usage 307160kB, limit 307200kB, failcnt 11350 [ 1310.279436][T18118] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1310.318784][T18118] Memory cgroup stats for /syz2: [ 1310.318920][T18118] anon 214093824 [ 1310.318920][T18118] file 180224 [ 1310.318920][T18118] kernel_stack 11317248 [ 1310.318920][T18118] slab 14848000 [ 1310.318920][T18118] sock 2699264 [ 1310.318920][T18118] shmem 110592 [ 1310.318920][T18118] file_mapped 135168 [ 1310.318920][T18118] file_dirty 0 [ 1310.318920][T18118] file_writeback 135168 [ 1310.318920][T18118] anon_thp 148897792 [ 1310.318920][T18118] inactive_anon 0 [ 1310.318920][T18118] active_anon 214097920 [ 1310.318920][T18118] inactive_file 114688 [ 1310.318920][T18118] active_file 147456 [ 1310.318920][T18118] unevictable 0 [ 1310.318920][T18118] slab_reclaimable 1216512 [ 1310.318920][T18118] slab_unreclaimable 13631488 [ 1310.318920][T18118] pgfault 103686 [ 1310.318920][T18118] pgmajfault 0 [ 1310.318920][T18118] workingset_refault 660 [ 1310.318920][T18118] workingset_activate 231 [ 1310.318920][T18118] workingset_nodereclaim 0 [ 1310.318920][T18118] pgrefill 5692 [ 1310.318920][T18118] pgscan 20914 [ 1310.318920][T18118] pgsteal 13423 09:02:46 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x3d4, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1310.588659][T18118] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17070,uid=0 09:02:46 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f0000000000)=""/120) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) [ 1310.642622][T18118] Memory cgroup out of memory: Killed process 17070 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1310.661165][T18161] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" [ 1310.690214][T18126] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1310.692115][ T1078] oom_reaper: reaped process 17070 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 1310.703707][T18126] CPU: 0 PID: 18126 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1310.722405][T18126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1310.732483][T18126] Call Trace: [ 1310.735799][T18126] dump_stack+0x11d/0x187 [ 1310.740181][T18126] dump_header+0xa7/0x399 [ 1310.744617][T18126] oom_kill_process.cold+0x10/0x15 [ 1310.749858][T18126] out_of_memory+0x21d/0xa30 [ 1310.754577][T18126] mem_cgroup_out_of_memory+0x12b/0x150 [ 1310.760155][T18126] try_charge+0xb60/0xbe0 [ 1310.764806][T18126] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1310.770431][T18126] __memcg_kmem_charge+0xcd/0x1b0 [ 1310.775488][T18126] __alloc_pages_nodemask+0x268/0x310 [ 1310.780888][T18126] alloc_pages_current+0xca/0x170 [ 1310.785979][T18126] pte_alloc_one+0x14/0x50 [ 1310.790748][T18126] __handle_mm_fault+0x2ae5/0x2cf0 [ 1310.795977][T18126] handle_mm_fault+0x21c/0x540 [ 1310.800765][T18126] do_page_fault+0x4a4/0xa52 [ 1310.805919][T18126] ? syscall_return_slowpath+0x1c6/0x240 [ 1310.811843][T18126] page_fault+0x34/0x40 [ 1310.816024][T18126] RIP: 0033:0x45aa4a [ 1310.820062][T18126] Code: Bad RIP value. [ 1310.824294][T18126] RSP: 002b:00007ffd30768af0 EFLAGS: 00010246 [ 1310.830381][T18126] RAX: 0000000000000000 RBX: 00007ffd30768af0 RCX: 000000000045aa4a [ 1310.838501][T18126] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1310.846487][T18126] RBP: 00007ffd30768b30 R08: 0000000000000001 R09: 00000000015a8940 [ 1310.854704][T18126] R10: 00000000015a8c10 R11: 0000000000000246 R12: 0000000000000001 [ 1310.862695][T18126] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffd30768b80 09:02:47 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x3e4, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1311.049002][T18126] memory: usage 307200kB, limit 307200kB, failcnt 5713 [ 1311.056335][T18126] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1311.102885][T18126] Memory cgroup stats for /syz5: [ 1311.103134][T18126] anon 265916416 [ 1311.103134][T18126] file 180224 [ 1311.103134][T18126] kernel_stack 5419008 [ 1311.103134][T18126] slab 8081408 [ 1311.103134][T18126] sock 0 [ 1311.103134][T18126] shmem 0 [ 1311.103134][T18126] file_mapped 135168 [ 1311.103134][T18126] file_dirty 0 [ 1311.103134][T18126] file_writeback 0 [ 1311.103134][T18126] anon_thp 234881024 [ 1311.103134][T18126] inactive_anon 0 [ 1311.103134][T18126] active_anon 265928704 [ 1311.103134][T18126] inactive_file 0 [ 1311.103134][T18126] active_file 0 [ 1311.103134][T18126] unevictable 0 [ 1311.103134][T18126] slab_reclaimable 1081344 [ 1311.103134][T18126] slab_unreclaimable 7000064 [ 1311.103134][T18126] pgfault 142263 [ 1311.103134][T18126] pgmajfault 0 [ 1311.103134][T18126] workingset_refault 1320 [ 1311.103134][T18126] workingset_activate 198 [ 1311.103134][T18126] workingset_nodereclaim 0 [ 1311.103134][T18126] pgrefill 4104 [ 1311.103134][T18126] pgscan 15245 [ 1311.103134][T18126] pgsteal 8200 09:02:47 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:02:47 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f0000000000)=""/120) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) [ 1311.383441][T18126] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=4411,uid=0 09:02:47 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x3ec, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:47 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f0000000000)=""/120) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) [ 1311.598734][T18126] Memory cgroup out of memory: Killed process 4411 (syz-executor.5) total-vm:74968kB, anon-rss:2220kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1311.697967][ T7813] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1311.710415][ T7813] CPU: 0 PID: 7813 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1311.719193][ T7813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1311.729350][ T7813] Call Trace: [ 1311.732797][ T7813] dump_stack+0x11d/0x187 [ 1311.737150][ T7813] dump_header+0xa7/0x399 [ 1311.741507][ T7813] oom_kill_process.cold+0x10/0x15 [ 1311.746802][ T7813] out_of_memory+0x21d/0xa30 [ 1311.751513][ T7813] mem_cgroup_out_of_memory+0x12b/0x150 [ 1311.757169][ T7813] try_charge+0x7ed/0xbe0 [ 1311.761527][ T7813] ? __rcu_read_unlock+0x66/0x2f0 [ 1311.766670][ T7813] mem_cgroup_try_charge+0xd7/0x260 [ 1311.772004][ T7813] mem_cgroup_try_charge_delay+0x36/0x70 [ 1311.777766][ T7813] wp_page_copy+0x31a/0xf20 [ 1311.782566][ T7813] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1311.788546][ T7813] ? __read_once_size+0x2f/0xd0 [ 1311.793593][ T7813] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1311.799513][ T7813] do_wp_page+0x185/0xcc0 [ 1311.803988][ T7813] ? psi_task_change+0x1a4/0x2c0 [ 1311.808958][ T7813] __handle_mm_fault+0x1c5e/0x2cf0 [ 1311.814192][ T7813] handle_mm_fault+0x21c/0x540 [ 1311.819217][ T7813] do_page_fault+0x4a4/0xa52 [ 1311.823906][ T7813] ? prepare_exit_to_usermode+0x165/0x1c0 [ 1311.829808][ T7813] page_fault+0x34/0x40 [ 1311.833977][ T7813] RIP: 0033:0x410071 [ 1311.837892][ T7813] Code: 3d 23 80 35 00 00 0f 85 d8 08 00 00 e8 18 a9 04 00 85 c0 89 c5 0f 88 39 06 00 00 0f 84 ba 05 00 00 89 c6 bf 28 20 4c 00 31 c0 2a 1e ff ff c7 44 24 30 00 00 00 00 e8 fd 25 ff ff 49 89 c6 48 [ 1311.857653][ T7813] RSP: 002b:00007ffd30768b40 EFLAGS: 00010246 [ 1311.863788][ T7813] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045aa4a [ 1311.871774][ T7813] RDX: 0000000000000000 RSI: 00000000000016dd RDI: 00000000004c2028 [ 1311.879835][ T7813] RBP: 00000000000016dd R08: 0000000000000001 R09: 00000000015a8940 [ 1311.888120][ T7813] R10: 00000000015a8c10 R11: 0000000000000246 R12: 0000000000000000 [ 1311.896100][ T7813] R13: 00007ffd30768b70 R14: 0000000000000000 R15: 00007ffd30768b80 [ 1311.923483][ T7813] memory: usage 305152kB, limit 307200kB, failcnt 5714 [ 1311.999140][ T7813] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1312.040529][ T7813] Memory cgroup stats for /syz5: [ 1312.040687][ T7813] anon 263749632 [ 1312.040687][ T7813] file 180224 [ 1312.040687][ T7813] kernel_stack 5419008 [ 1312.040687][ T7813] slab 8081408 [ 1312.040687][ T7813] sock 0 [ 1312.040687][ T7813] shmem 0 [ 1312.040687][ T7813] file_mapped 135168 [ 1312.040687][ T7813] file_dirty 0 [ 1312.040687][ T7813] file_writeback 0 [ 1312.040687][ T7813] anon_thp 232783872 [ 1312.040687][ T7813] inactive_anon 0 [ 1312.040687][ T7813] active_anon 263761920 [ 1312.040687][ T7813] inactive_file 0 [ 1312.040687][ T7813] active_file 0 [ 1312.040687][ T7813] unevictable 0 [ 1312.040687][ T7813] slab_reclaimable 1081344 [ 1312.040687][ T7813] slab_unreclaimable 7000064 [ 1312.040687][ T7813] pgfault 142329 [ 1312.040687][ T7813] pgmajfault 0 [ 1312.040687][ T7813] workingset_refault 1320 [ 1312.040687][ T7813] workingset_activate 198 [ 1312.040687][ T7813] workingset_nodereclaim 0 [ 1312.040687][ T7813] pgrefill 4104 [ 1312.040687][ T7813] pgscan 15245 [ 1312.040687][ T7813] pgsteal 8200 [ 1312.141840][ T7813] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=4364,uid=0 [ 1312.208688][ T7813] Memory cgroup out of memory: Killed process 4364 (syz-executor.5) total-vm:74968kB, anon-rss:2220kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:48 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, 0x0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:48 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x3f4, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1312.279493][ T1078] oom_reaper: reaped process 4364 (syz-executor.5), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 09:02:48 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 09:02:48 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f0000000000)=""/120) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) 09:02:48 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:02:48 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f0000000000)=""/120) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) 09:02:48 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x3f6, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:49 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r0, 0x0, r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:02:49 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:02:49 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x500, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:49 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, 0x0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:49 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 1313.579673][T18255] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:02:49 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x204000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x6, 0x0) close(r3) openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:49 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r0, 0x0, r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:02:49 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x600, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1314.064665][T18278] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:02:50 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000000)={0x0, 0x0, 0xffffffffffffffff}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x28011, r3, 0x0) 09:02:50 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r0, 0x0, r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:02:50 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, 0x0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:50 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x700, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:50 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r0, 0x0, r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:02:50 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1314.661446][T18301] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:02:50 executing program 4: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r0, 0x0, r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:02:51 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xa00, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:51 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:51 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:02:51 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x0, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:51 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) r2 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1315.243498][T18322] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:02:51 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$USBDEVFS_CLAIM_PORT(r2, 0x80045518, &(0x7f0000000000)=0x6) [ 1315.442440][T18322] REISERFS warning (device loop1): reiserfs_fill_super: Cannot allocate commit workqueue 09:02:51 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xfba, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:51 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1315.687202][T18341] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=3, oom_score_adj=1000 [ 1315.772017][T18341] CPU: 1 PID: 18341 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1315.780765][T18341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1315.790815][T18341] Call Trace: [ 1315.794119][T18341] dump_stack+0x11d/0x187 [ 1315.798462][T18341] dump_header+0xa7/0x399 [ 1315.802808][T18341] oom_kill_process.cold+0x10/0x15 [ 1315.808224][T18341] out_of_memory+0x21d/0xa30 [ 1315.812857][T18341] ? __rcu_read_unlock+0x66/0x2f0 [ 1315.817985][T18341] mem_cgroup_out_of_memory+0x12b/0x150 [ 1315.823538][T18341] try_charge+0xb60/0xbe0 [ 1315.827858][T18341] ? __this_cpu_preempt_check+0x3c/0x130 [ 1315.833495][T18341] mem_cgroup_charge_skmem+0xd2/0x190 [ 1315.838898][T18341] __sk_mem_raise_allocated+0x466/0xa10 [ 1315.844457][T18341] ? skb_page_frag_refill+0x196/0x250 [ 1315.849839][T18341] __sk_mem_schedule+0x7a/0xd0 [ 1315.854600][T18341] tcp_sendmsg_locked+0x133f/0x20f0 [ 1315.859824][T18341] ? aa_label_sk_perm.part.0+0x270/0x290 [ 1315.865486][T18341] tcp_sendmsg+0x35/0x50 [ 1315.869723][T18341] inet_sendmsg+0x69/0x90 [ 1315.874056][T18341] ? inet_send_prepare+0x1f0/0x1f0 [ 1315.879166][T18341] sock_sendmsg+0x98/0xc0 [ 1315.883498][T18341] __sys_sendto+0x1e2/0x2c0 [ 1315.888074][T18341] ? _copy_to_user+0x7d/0xb0 [ 1315.892718][T18341] __x64_sys_sendto+0x7e/0xa0 [ 1315.897405][T18341] do_syscall_64+0xc7/0x390 [ 1315.901960][T18341] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1315.907845][T18341] RIP: 0033:0x45c479 [ 1315.911743][T18341] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1315.931336][T18341] RSP: 002b:00007f0678b1cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1315.939735][T18341] RAX: ffffffffffffffda RBX: 00007f0678b1d6d4 RCX: 000000000045c479 [ 1315.947816][T18341] RDX: fffffffffffffeb4 RSI: 0000000020000200 RDI: 0000000000000003 [ 1315.955826][T18341] RBP: 000000000076bf20 R08: 0000000020db4ff0 R09: 0000000000000010 [ 1315.963784][T18341] R10: 0000000020008011 R11: 0000000000000246 R12: 00000000ffffffff 09:02:52 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x7b, &(0x7f0000000000)="14b131868d643996aa21eaaeca45ea1f049b165d1c59245a825f05c4bb7c81ef935a0531bb87836b4dc960b9fb310bf3f04056a579a2e4eb7ce62115530222c99160208557d5d52307f48e04e0f3d77424e9f070093f67b0f90c594614c9b0b44412415b504c5e45186b87850e0d26bd9250aa57f76d38160fd74a", 0x0, 0x2, 0x9, 0x73, 0x200, 0x0, 0x5, 'syz1\x00'}) r1 = socket$nl_rdma(0x10, 0x3, 0x14) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000200)={'bond0\x00', &(0x7f0000000180)=@ethtool_pauseparam={0x1a, 0xffffffff, 0x101, 0x80000001}}) creat(&(0x7f0000000140)='./file0\x00', 0x44) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x80010, r0, 0x0) [ 1315.971802][T18341] R13: 0000000000000a03 R14: 00000000004cc7a4 R15: 000000000076bf2c [ 1315.984392][T18341] memory: usage 307200kB, limit 307200kB, failcnt 11647 [ 1315.991803][T18341] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1315.999576][T18341] Memory cgroup stats for /syz2: [ 1315.999718][T18341] anon 216272896 [ 1315.999718][T18341] file 0 [ 1315.999718][T18341] kernel_stack 11354112 [ 1315.999718][T18341] slab 14987264 [ 1315.999718][T18341] sock 757760 [ 1315.999718][T18341] shmem 110592 [ 1315.999718][T18341] file_mapped 135168 [ 1315.999718][T18341] file_dirty 0 [ 1315.999718][T18341] file_writeback 135168 [ 1315.999718][T18341] anon_thp 150994944 [ 1315.999718][T18341] inactive_anon 0 [ 1315.999718][T18341] active_anon 216276992 [ 1315.999718][T18341] inactive_file 0 [ 1315.999718][T18341] active_file 147456 [ 1315.999718][T18341] unevictable 0 [ 1315.999718][T18341] slab_reclaimable 1216512 [ 1315.999718][T18341] slab_unreclaimable 13770752 [ 1315.999718][T18341] pgfault 104313 [ 1315.999718][T18341] pgmajfault 0 [ 1315.999718][T18341] workingset_refault 660 [ 1315.999718][T18341] workingset_activate 231 [ 1315.999718][T18341] workingset_nodereclaim 0 [ 1315.999718][T18341] pgrefill 5725 [ 1315.999718][T18341] pgscan 21809 [ 1315.999718][T18341] pgsteal 14288 [ 1316.104440][T18341] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18268,uid=0 [ 1316.132694][T18341] Memory cgroup out of memory: Killed process 18268 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35788kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:52 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x0, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1316.254140][ T1078] oom_reaper: reaped process 18268 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 09:02:52 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:52 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:02:52 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x1020, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:52 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:02:53 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x1403, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:53 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x0, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:53 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:02:53 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:02:53 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x1f00, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:53 executing program 4 (fault-call:19 fault-nth:0): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:53 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_open_dev$dri(&(0x7f00000001c0)='/dev/dri/card#\x00', 0x1, 0x0) ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000540)={0x0, 0x0, 0x20}) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000440)={0x0}) ioctl$DRM_IOCTL_GET_SAREA_CTX(0xffffffffffffffff, 0xc010641d, &(0x7f0000000500)={r4, &(0x7f0000000480)=""/69}) ioctl$DRM_IOCTL_LOCK(r3, 0x4008642a, &(0x7f0000000300)={r4, 0x17}) ioctl$DRM_IOCTL_NEW_CTX(0xffffffffffffffff, 0x40086425, &(0x7f0000000040)={r4}) ioctl$DRM_IOCTL_GET_SAREA_CTX(r2, 0xc010641d, &(0x7f0000000080)={r4, &(0x7f0000000000)=""/72}) r5 = socket$inet_dccp(0x2, 0x6, 0x0) fsetxattr(r5, &(0x7f00000000c0)=@random={'os2.', '@\x00'}, &(0x7f0000000100)=']{-^\x00', 0x5, 0x2) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:02:53 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = socket$key(0xf, 0x3, 0x2) getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f0000000280)) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000380)) fcntl$setownex(r0, 0xf, &(0x7f0000000000)={0x1, r2}) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:02:54 executing program 0: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:02:54 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, 0x0) 09:02:54 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:02:54 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1318.130787][T18443] FAULT_INJECTION: forcing a failure. [ 1318.130787][T18443] name failslab, interval 1, probability 0, space 0, times 0 [ 1318.197656][T18443] CPU: 0 PID: 18443 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0 [ 1318.206405][T18443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1318.216557][T18443] Call Trace: [ 1318.219858][T18443] dump_stack+0x11d/0x187 [ 1318.224202][T18443] should_fail.cold+0x5/0xf [ 1318.228726][T18443] __should_failslab+0x82/0xb0 [ 1318.233492][T18443] should_failslab+0x5/0xf [ 1318.237939][T18443] kmem_cache_alloc_node+0x35/0x680 [ 1318.243183][T18443] ? ___cache_free+0x2c/0x320 [ 1318.247862][T18443] ? _raw_spin_unlock+0x38/0x60 [ 1318.252742][T18443] __alloc_skb+0x8d/0x360 [ 1318.257076][T18443] __tcp_send_ack+0x7b/0x2f0 [ 1318.261670][T18443] tcp_send_ack+0x2d/0x40 [ 1318.266010][T18443] tcp_cleanup_rbuf+0x124/0x340 [ 1318.270872][T18443] tcp_recvmsg+0x687/0x1cc0 [ 1318.275403][T18443] inet_recvmsg+0xc1/0x250 [ 1318.279824][T18443] ? apparmor_socket_recvmsg+0x38/0x40 [ 1318.285282][T18443] ? inet_sendpage+0xf0/0xf0 [ 1318.289963][T18443] sock_recvmsg+0x8e/0xb0 [ 1318.294297][T18443] __sys_recvfrom+0x176/0x270 [ 1318.298987][T18443] ? __sb_end_write+0xbc/0x100 [ 1318.303748][T18443] ? vfs_write+0x10b/0x380 [ 1318.308187][T18443] ? fput_many+0xe2/0x130 [ 1318.312616][T18443] ? fput+0x20/0x30 [ 1318.316432][T18443] __x64_sys_recvfrom+0x7e/0xa0 [ 1318.321286][T18443] do_syscall_64+0xc7/0x390 [ 1318.325806][T18443] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1318.331700][T18443] RIP: 0033:0x45c479 [ 1318.335598][T18443] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1318.355203][T18443] RSP: 002b:00007fc20bc2bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 1318.363621][T18443] RAX: ffffffffffffffda RBX: 00007fc20bc2c6d4 RCX: 000000000045c479 [ 1318.371591][T18443] RDX: ffffffffffffff5e RSI: 0000000020000100 RDI: 0000000000000003 [ 1318.379606][T18443] RBP: 000000000076c060 R08: 0000000000000000 R09: 0000000000000000 [ 1318.387582][T18443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 1318.395554][T18443] R13: 0000000000000888 R14: 00000000004cafc3 R15: 0000000000000000 09:02:54 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2100) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r1, 0x800443d3, &(0x7f0000000040)={@none, 0x1c00000, 0xfc00, 0x8001}) 09:02:54 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:02:54 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:02:54 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x2010, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:55 executing program 4 (fault-call:19 fault-nth:1): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:55 executing program 2: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:02:55 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x2803, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:55 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x6, 0x2) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f0000000100)=0x401) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000000)={0x0, @local, @initdev}, &(0x7f0000000040)=0xc) r2 = socket$key(0xf, 0x3, 0x2) getsockopt$sock_buf(r2, 0x1, 0x1c, 0x0, &(0x7f0000000280)) write$binfmt_script(r2, &(0x7f00000000c0)=ANY=[], 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x11, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) 09:02:55 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:02:55 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, 0x0) 09:02:55 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) syz_open_dev$vcsu(&(0x7f0000000040)='/dev/vcsu#\x00', 0x401, 0x200) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(r1, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) [ 1319.316285][T18507] FAULT_INJECTION: forcing a failure. [ 1319.316285][T18507] name failslab, interval 1, probability 0, space 0, times 0 [ 1319.386417][T18507] CPU: 1 PID: 18507 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0 [ 1319.395138][T18507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1319.405193][T18507] Call Trace: [ 1319.408504][T18507] dump_stack+0x11d/0x187 [ 1319.412852][T18507] should_fail.cold+0x5/0xf [ 1319.417375][T18507] __should_failslab+0x82/0xb0 [ 1319.422210][T18507] should_failslab+0x5/0xf [ 1319.426632][T18507] kmem_cache_alloc_node_trace+0x37/0x610 [ 1319.432451][T18507] ? memcg_kmem_put_cache+0x77/0xc0 [ 1319.437654][T18507] ? debug_smp_processor_id+0x3f/0x129 [ 1319.443121][T18507] ? kmem_cache_alloc_node+0x1bb/0x680 [ 1319.448673][T18507] __kmalloc_reserve.isra.0+0x43/0xd0 [ 1319.454052][T18507] ? _raw_spin_unlock+0x38/0x60 [ 1319.458994][T18507] __alloc_skb+0xbe/0x360 [ 1319.463336][T18507] __tcp_send_ack+0x7b/0x2f0 [ 1319.467935][T18507] tcp_send_ack+0x2d/0x40 [ 1319.472274][T18507] tcp_cleanup_rbuf+0x124/0x340 [ 1319.477222][T18507] tcp_recvmsg+0x687/0x1cc0 [ 1319.481766][T18507] inet_recvmsg+0xc1/0x250 [ 1319.486204][T18507] ? apparmor_socket_recvmsg+0x38/0x40 [ 1319.491678][T18507] ? inet_sendpage+0xf0/0xf0 [ 1319.496280][T18507] sock_recvmsg+0x8e/0xb0 [ 1319.500626][T18507] __sys_recvfrom+0x176/0x270 [ 1319.505331][T18507] ? __sb_end_write+0xbc/0x100 [ 1319.510132][T18507] ? vfs_write+0x10b/0x380 [ 1319.514558][T18507] ? fput_many+0xe2/0x130 [ 1319.518920][T18507] ? fput+0x20/0x30 [ 1319.522735][T18507] __x64_sys_recvfrom+0x7e/0xa0 [ 1319.527657][T18507] do_syscall_64+0xc7/0x390 [ 1319.532175][T18507] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1319.538145][T18507] RIP: 0033:0x45c479 [ 1319.542047][T18507] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1319.561662][T18507] RSP: 002b:00007fc20bc0ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 1319.570071][T18507] RAX: ffffffffffffffda RBX: 00007fc20bc0b6d4 RCX: 000000000045c479 [ 1319.578041][T18507] RDX: ffffffffffffff5e RSI: 0000000020000100 RDI: 0000000000000003 09:02:55 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x3400, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1319.586013][T18507] RBP: 000000000076c100 R08: 0000000000000000 R09: 0000000000000000 [ 1319.593981][T18507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 1319.601957][T18507] R13: 0000000000000888 R14: 00000000004cafc3 R15: 0000000000000001 09:02:55 executing program 2 (fault-call:7 fault-nth:0): clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:55 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:02:55 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x0) ioctl$SIOCX25SDTEFACILITIES(0xffffffffffffffff, 0x89eb, &(0x7f0000000000)={0x1f, 0x6, 0x6, 0xff, 0x0, 0x19, 0xe, "00fbdf8e69480720c4e5627d7b1ff93d0327099d", "d9e025970fd730e521f0c7daeb1ee1a34487c11f"}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) 09:02:56 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x3f00, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:56 executing program 4 (fault-call:19 fault-nth:2): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:56 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f000037f000/0x2000)=nil, 0x2000, 0x0, 0x28011, r0, 0x1000) 09:02:56 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:02:56 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x4000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:56 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, 0x0) [ 1320.530608][T18560] FAULT_INJECTION: forcing a failure. [ 1320.530608][T18560] name failslab, interval 1, probability 0, space 0, times 0 [ 1320.543307][T18560] CPU: 1 PID: 18560 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0 [ 1320.551997][T18560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1320.562051][T18560] Call Trace: [ 1320.565356][T18560] dump_stack+0x11d/0x187 [ 1320.569698][T18560] should_fail.cold+0x5/0xf [ 1320.574219][T18560] __should_failslab+0x82/0xb0 [ 1320.578987][T18560] should_failslab+0x5/0xf [ 1320.583407][T18560] kmem_cache_alloc+0x23/0x5e0 [ 1320.588178][T18560] ? __skb_flow_get_ports+0x93/0x1f0 [ 1320.593473][T18560] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1320.599377][T18560] skb_clone+0xf4/0x280 [ 1320.603544][T18560] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1320.604819][T18565] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1320.609444][T18560] dev_queue_xmit_nit+0x2b8/0x600 [ 1320.609472][T18560] dev_hard_start_xmit+0x3ed/0x420 [ 1320.609524][T18560] sch_direct_xmit+0x2ae/0x8a0 [ 1320.636520][T18560] ? __read_once_size.constprop.0+0xd/0x20 [ 1320.642341][T18560] ? hhf_dequeue+0x248/0x4e0 [ 1320.646946][T18560] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1320.652880][T18560] __qdisc_run+0x336/0xe10 [ 1320.657315][T18560] __dev_queue_xmit+0x10ca/0x1b80 [ 1320.662351][T18560] ? ipt_do_table+0x90b/0xe70 [ 1320.667050][T18560] ? nf_nat_packet+0xb9/0x100 [ 1320.671789][T18560] dev_queue_xmit+0x1e/0x30 [ 1320.676313][T18560] ip_finish_output2+0x87d/0xed0 [ 1320.681272][T18560] __ip_finish_output+0x22f/0x460 [ 1320.686302][T18560] ? ipv4_confirm+0xcf/0x150 [ 1320.690895][T18560] ip_finish_output+0x3e/0x160 [ 1320.695657][T18560] ip_output+0xf2/0x240 [ 1320.699835][T18560] ? __ip_finish_output+0x460/0x460 [ 1320.705035][T18560] ip_local_out+0x70/0x90 [ 1320.709363][T18560] __ip_queue_xmit+0x3a6/0xa40 [ 1320.714138][T18560] ip_queue_xmit+0x3e/0x50 [ 1320.718560][T18560] __tcp_transmit_skb+0xe1f/0x1c90 [ 1320.723691][T18560] __tcp_send_ack+0x22c/0x2f0 [ 1320.728380][T18560] tcp_send_ack+0x2d/0x40 [ 1320.732712][T18560] tcp_cleanup_rbuf+0x124/0x340 [ 1320.737600][T18560] tcp_recvmsg+0x687/0x1cc0 [ 1320.742127][T18560] inet_recvmsg+0xc1/0x250 [ 1320.746553][T18560] ? apparmor_socket_recvmsg+0x38/0x40 [ 1320.752017][T18560] ? inet_sendpage+0xf0/0xf0 [ 1320.756611][T18560] sock_recvmsg+0x8e/0xb0 [ 1320.760948][T18560] __sys_recvfrom+0x176/0x270 [ 1320.765639][T18560] ? __sb_end_write+0xbc/0x100 [ 1320.766100][T18566] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" [ 1320.770407][T18560] ? vfs_write+0x10b/0x380 [ 1320.770425][T18560] ? fput_many+0xe2/0x130 [ 1320.770442][T18560] ? fput+0x20/0x30 [ 1320.770465][T18560] __x64_sys_recvfrom+0x7e/0xa0 [ 1320.770506][T18560] do_syscall_64+0xc7/0x390 [ 1320.801963][T18560] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1320.807851][T18560] RIP: 0033:0x45c479 [ 1320.811749][T18560] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:02:56 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1320.831349][T18560] RSP: 002b:00007fc20bc2bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 1320.839762][T18560] RAX: ffffffffffffffda RBX: 00007fc20bc2c6d4 RCX: 000000000045c479 [ 1320.847754][T18560] RDX: ffffffffffffff5e RSI: 0000000020000100 RDI: 0000000000000003 [ 1320.855730][T18560] RBP: 000000000076c060 R08: 0000000000000000 R09: 0000000000000000 [ 1320.863719][T18560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 1320.871687][T18560] R13: 0000000000000888 R14: 00000000004cafc3 R15: 0000000000000002 [ 1320.895694][T18565] CPU: 0 PID: 18565 Comm: syz-executor.5 Not tainted 5.6.0-rc1-syzkaller #0 [ 1320.904423][T18565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1320.914519][T18565] Call Trace: [ 1320.917996][T18565] dump_stack+0x11d/0x187 [ 1320.922335][T18565] dump_header+0xa7/0x399 [ 1320.926677][T18565] oom_kill_process.cold+0x10/0x15 [ 1320.931817][T18565] out_of_memory+0x21d/0xa30 [ 1320.936415][T18565] ? __rcu_read_unlock+0x66/0x2f0 [ 1320.941513][T18565] mem_cgroup_out_of_memory+0x12b/0x150 [ 1320.947077][T18565] try_charge+0xb60/0xbe0 [ 1320.951538][T18565] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1320.957020][T18565] __memcg_kmem_charge+0xcd/0x1b0 [ 1320.962070][T18565] __alloc_pages_nodemask+0x268/0x310 [ 1320.967460][T18565] alloc_pages_current+0xca/0x170 [ 1320.972509][T18565] pte_alloc_one+0x14/0x50 [ 1320.976928][T18565] __do_fault+0x120/0x1e0 [ 1320.981327][T18565] __handle_mm_fault+0x1d2d/0x2cf0 [ 1320.986531][T18565] handle_mm_fault+0x21c/0x540 [ 1320.991307][T18565] do_page_fault+0x4a4/0xa52 09:02:57 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x642041, 0x0) r2 = socket$key(0xf, 0x3, 0x2) getsockopt$sock_buf(r2, 0x1, 0x1c, 0x0, &(0x7f0000000280)) ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000080)={'wg1\x00', 0x0}) sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)={0x120, 0x12, 0x10, 0x70bd25, 0x25dfdbfb, {0x15, 0x2, 0x0, 0x3, {0x4e20, 0x4e21, [0x5, 0xff, 0xfffffffe, 0x2], [0xfff, 0x5, 0x1b, 0x40000], r3, [0x1, 0x6]}, 0x0, 0x8000}, [@INET_DIAG_REQ_BYTECODE={0xd3, 0x1, "1f2dcf68e4b5031cec5b6ed4138716c2e26dc89ba4354f592716eab1cd4272d00b6130d1ab3b058d0c960ee1613705c3e3be182126ca670b43692df40174eaa0122f50501d5075fb84e4e7d6eda56e5bb0dd8debd6f1a2e0e746f7393314a70afa28c61bfcc9e23e42bc6ca324b9d45a7b3ccc4e3cb7b3240ae296470ccaa3fed9027cfc0b56fe508f374df4412771a52f95c87c3a248f1c1c0683d02d2973a13072d9f40eb5f95d5e7f4c44947832a013a8e3565064c1ec19e99c5458f4f7c5e2f47d0b173d07c6280eb57447dc38"}]}, 0x120}, 0x1, 0x0, 0x0, 0x40001}, 0x880) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1320.995907][T18565] ? do_syscall_64+0x27f/0x390 [ 1321.000686][T18565] page_fault+0x34/0x40 [ 1321.004848][T18565] RIP: 0033:0x401c27 [ 1321.008821][T18565] Code: 00 00 00 48 83 ec 08 48 8b 15 6d 0a 88 00 48 8b 05 5e 0a 88 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 40 0a 88 00 48 83 c4 08 c3 48 89 c6 bf d0 ef 4c 00 [ 1321.028427][T18565] RSP: 002b:00007ffd30768980 EFLAGS: 00010287 [ 1321.034496][T18565] RAX: 0000001b2be20000 RBX: 0000000000000000 RCX: 0000001b2ce20000 09:02:57 executing program 0: socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) [ 1321.042465][T18565] RDX: 0000001b2be20004 RSI: 00007ffd30768740 RDI: 0000000000000000 [ 1321.050438][T18565] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004 [ 1321.058417][T18565] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 1321.066393][T18565] R13: 00007ffd30768b70 R14: 0000000000000000 R15: 00007ffd30768b80 [ 1321.079852][T18565] memory: usage 307200kB, limit 307200kB, failcnt 5743 [ 1321.111435][T18565] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1321.248910][T18565] Memory cgroup stats for /syz5: [ 1321.249102][T18565] anon 264667136 [ 1321.249102][T18565] file 180224 [ 1321.249102][T18565] kernel_stack 5492736 [ 1321.249102][T18565] slab 8351744 [ 1321.249102][T18565] sock 0 [ 1321.249102][T18565] shmem 0 [ 1321.249102][T18565] file_mapped 135168 [ 1321.249102][T18565] file_dirty 0 [ 1321.249102][T18565] file_writeback 0 [ 1321.249102][T18565] anon_thp 232783872 [ 1321.249102][T18565] inactive_anon 0 [ 1321.249102][T18565] active_anon 264679424 [ 1321.249102][T18565] inactive_file 0 09:02:57 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = socket$key(0xf, 0x3, 0x2) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000280)) fcntl$getownex(r0, 0x10, &(0x7f0000000000)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) [ 1321.249102][T18565] active_file 0 [ 1321.249102][T18565] unevictable 0 [ 1321.249102][T18565] slab_reclaimable 1081344 [ 1321.249102][T18565] slab_unreclaimable 7270400 [ 1321.249102][T18565] pgfault 142923 [ 1321.249102][T18565] pgmajfault 0 [ 1321.249102][T18565] workingset_refault 1320 [ 1321.249102][T18565] workingset_activate 198 [ 1321.249102][T18565] workingset_nodereclaim 0 [ 1321.249102][T18565] pgrefill 4137 [ 1321.249102][T18565] pgscan 15278 [ 1321.249102][T18565] pgsteal 8200 09:02:57 executing program 4 (fault-call:19 fault-nth:3): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:57 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x4402, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1321.364298][T18565] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=4318,uid=0 [ 1321.386543][T18565] Memory cgroup out of memory: Killed process 4318 (syz-executor.5) total-vm:74968kB, anon-rss:2220kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:02:57 executing program 0: socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) [ 1321.548842][T18593] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" [ 1321.780440][T18608] FAULT_INJECTION: forcing a failure. [ 1321.780440][T18608] name failslab, interval 1, probability 0, space 0, times 0 [ 1321.793292][T18608] CPU: 1 PID: 18608 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0 [ 1321.801989][T18608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1321.812042][T18608] Call Trace: [ 1321.815349][T18608] dump_stack+0x11d/0x187 [ 1321.819697][T18608] should_fail.cold+0x5/0xf [ 1321.824222][T18608] __should_failslab+0x82/0xb0 [ 1321.828997][T18608] should_failslab+0x5/0xf [ 1321.833415][T18608] kmem_cache_alloc+0x23/0x5e0 [ 1321.838182][T18608] ? __skb_flow_get_ports+0x93/0x1f0 [ 1321.843477][T18608] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1321.849385][T18608] skb_clone+0xf4/0x280 [ 1321.853551][T18608] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1321.859462][T18608] dev_queue_xmit_nit+0x2b8/0x600 [ 1321.864626][T18608] dev_hard_start_xmit+0x3ed/0x420 [ 1321.869770][T18608] sch_direct_xmit+0x2ae/0x8a0 [ 1321.874544][T18608] ? __read_once_size.constprop.0+0xd/0x20 [ 1321.880367][T18608] ? hhf_dequeue+0x248/0x4e0 [ 1321.884986][T18608] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1321.890897][T18608] __qdisc_run+0x336/0xe10 [ 1321.895334][T18608] __dev_queue_xmit+0x10ca/0x1b80 [ 1321.900374][T18608] ? ipt_do_table+0x90b/0xe70 [ 1321.905079][T18608] ? nf_nat_packet+0xb9/0x100 [ 1321.909772][T18608] dev_queue_xmit+0x1e/0x30 [ 1321.914284][T18608] ip_finish_output2+0x87d/0xed0 [ 1321.919240][T18608] __ip_finish_output+0x22f/0x460 [ 1321.924266][T18608] ? ipv4_confirm+0xcf/0x150 [ 1321.928859][T18608] ip_finish_output+0x3e/0x160 [ 1321.933632][T18608] ip_output+0xf2/0x240 [ 1321.937805][T18608] ? __ip_finish_output+0x460/0x460 [ 1321.943009][T18608] ip_local_out+0x70/0x90 [ 1321.947347][T18608] __ip_queue_xmit+0x3a6/0xa40 [ 1321.952129][T18608] ip_queue_xmit+0x3e/0x50 [ 1321.956548][T18608] __tcp_transmit_skb+0xe1f/0x1c90 [ 1321.961679][T18608] tcp_write_xmit+0x5a3/0x31e0 [ 1321.966483][T18608] __tcp_push_pending_frames+0x72/0x1b0 [ 1321.972038][T18608] tcp_rcv_established+0x54c/0xee0 [ 1321.977159][T18608] ? __read_once_size+0x45/0xd0 [ 1321.982018][T18608] tcp_v4_do_rcv+0x396/0x4f0 [ 1321.986623][T18608] __release_sock+0x130/0x1e0 [ 1321.991335][T18608] release_sock+0x5e/0x160 [ 1321.995779][T18608] tcp_recvmsg+0x68f/0x1cc0 [ 1321.998529][T18614] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" [ 1322.000324][T18608] inet_recvmsg+0xc1/0x250 [ 1322.000346][T18608] ? apparmor_socket_recvmsg+0x38/0x40 [ 1322.000373][T18608] ? inet_sendpage+0xf0/0xf0 [ 1322.024560][T18608] sock_recvmsg+0x8e/0xb0 [ 1322.028897][T18608] __sys_recvfrom+0x176/0x270 [ 1322.033589][T18608] ? __sb_end_write+0xbc/0x100 [ 1322.038361][T18608] ? vfs_write+0x10b/0x380 [ 1322.042789][T18608] ? fput_many+0xe2/0x130 [ 1322.047123][T18608] ? fput+0x20/0x30 [ 1322.050949][T18608] __x64_sys_recvfrom+0x7e/0xa0 [ 1322.055816][T18608] do_syscall_64+0xc7/0x390 [ 1322.060330][T18608] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1322.066223][T18608] RIP: 0033:0x45c479 09:02:58 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x2, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:58 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x4800, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:58 executing program 3: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x21001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20008890, 0x0, 0xffffffffffffff6e) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:02:58 executing program 0: socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) [ 1322.070127][T18608] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1322.089750][T18608] RSP: 002b:00007fc20bc2bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 1322.098163][T18608] RAX: ffffffffffffffda RBX: 00007fc20bc2c6d4 RCX: 000000000045c479 [ 1322.106141][T18608] RDX: ffffffffffffff5e RSI: 0000000020000100 RDI: 0000000000000003 [ 1322.114107][T18608] RBP: 000000000076c060 R08: 0000000000000000 R09: 0000000000000000 [ 1322.122069][T18608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 [ 1322.130035][T18608] R13: 0000000000000888 R14: 00000000004cafc3 R15: 0000000000000003 09:02:58 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={0x0}) 09:02:58 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x4a00, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:58 executing program 4 (fault-call:19 fault-nth:4): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:58 executing program 3: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x12340, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f00003df000/0x1000)=nil, 0x1000, 0x300000c, 0x10010, r1, 0x5000) 09:02:58 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) [ 1322.686279][T18640] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:02:59 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x4b00, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1322.978447][T18661] FAULT_INJECTION: forcing a failure. [ 1322.978447][T18661] name failslab, interval 1, probability 0, space 0, times 0 [ 1322.991188][T18661] CPU: 0 PID: 18661 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0 [ 1322.999866][T18661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1323.009928][T18661] Call Trace: [ 1323.013239][T18661] dump_stack+0x11d/0x187 [ 1323.017605][T18661] should_fail.cold+0x5/0xf [ 1323.022133][T18661] __should_failslab+0x82/0xb0 [ 1323.026904][T18661] should_failslab+0x5/0xf [ 1323.031325][T18661] kmem_cache_alloc+0x23/0x5e0 [ 1323.036106][T18661] ? __skb_flow_get_ports+0x93/0x1f0 [ 1323.041410][T18661] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1323.047320][T18661] skb_clone+0xf4/0x280 [ 1323.051546][T18661] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1323.057448][T18661] dev_queue_xmit_nit+0x2b8/0x600 [ 1323.062502][T18661] dev_hard_start_xmit+0x3ed/0x420 [ 1323.067635][T18661] sch_direct_xmit+0x2ae/0x8a0 [ 1323.072417][T18661] ? __read_once_size.constprop.0+0xd/0x20 [ 1323.078239][T18661] ? hhf_dequeue+0x248/0x4e0 [ 1323.082845][T18661] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1323.088753][T18661] __qdisc_run+0x336/0xe10 [ 1323.093192][T18661] __dev_queue_xmit+0x10ca/0x1b80 [ 1323.098245][T18661] ? ipt_do_table+0x90b/0xe70 [ 1323.102943][T18661] ? nf_nat_packet+0xb9/0x100 [ 1323.107637][T18661] dev_queue_xmit+0x1e/0x30 [ 1323.112148][T18661] ip_finish_output2+0x87d/0xed0 [ 1323.117103][T18661] __ip_finish_output+0x22f/0x460 [ 1323.122133][T18661] ? ipv4_confirm+0xcf/0x150 [ 1323.126735][T18661] ip_finish_output+0x3e/0x160 [ 1323.131505][T18661] ip_output+0xf2/0x240 [ 1323.134437][T18666] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" [ 1323.135666][T18661] ? __ip_finish_output+0x460/0x460 [ 1323.135752][T18661] ip_local_out+0x70/0x90 [ 1323.154874][T18661] __ip_queue_xmit+0x3a6/0xa40 [ 1323.159655][T18661] ip_queue_xmit+0x3e/0x50 [ 1323.164083][T18661] __tcp_transmit_skb+0xe1f/0x1c90 [ 1323.169283][T18661] tcp_write_xmit+0x5a3/0x31e0 [ 1323.174083][T18661] __tcp_push_pending_frames+0x72/0x1b0 [ 1323.179636][T18661] tcp_rcv_established+0x54c/0xee0 [ 1323.184759][T18661] ? __read_once_size+0x45/0xd0 [ 1323.189631][T18661] tcp_v4_do_rcv+0x396/0x4f0 [ 1323.194244][T18661] __release_sock+0x130/0x1e0 [ 1323.198933][T18661] release_sock+0x5e/0x160 [ 1323.203363][T18661] tcp_recvmsg+0x68f/0x1cc0 [ 1323.207897][T18661] inet_recvmsg+0xc1/0x250 [ 1323.212328][T18661] ? apparmor_socket_recvmsg+0x38/0x40 [ 1323.217792][T18661] ? inet_sendpage+0xf0/0xf0 [ 1323.222406][T18661] sock_recvmsg+0x8e/0xb0 [ 1323.226753][T18661] __sys_recvfrom+0x176/0x270 [ 1323.231451][T18661] ? __sb_end_write+0xbc/0x100 [ 1323.236226][T18661] ? vfs_write+0x10b/0x380 [ 1323.240664][T18661] ? fput_many+0xe2/0x130 [ 1323.245008][T18661] ? fput+0x20/0x30 [ 1323.248835][T18661] __x64_sys_recvfrom+0x7e/0xa0 [ 1323.253708][T18661] do_syscall_64+0xc7/0x390 [ 1323.258252][T18661] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1323.264161][T18661] RIP: 0033:0x45c479 [ 1323.268069][T18661] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1323.287680][T18661] RSP: 002b:00007fc20bc2bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 1323.296106][T18661] RAX: ffffffffffffffda RBX: 00007fc20bc2c6d4 RCX: 000000000045c479 [ 1323.304082][T18661] RDX: ffffffffffffff5e RSI: 0000000020000100 RDI: 0000000000000003 [ 1323.312054][T18661] RBP: 000000000076c060 R08: 0000000000000000 R09: 0000000000000000 [ 1323.320030][T18661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008 09:02:59 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:02:59 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:02:59 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={0x0}) [ 1323.328009][T18661] R13: 0000000000000888 R14: 00000000004cafc3 R15: 0000000000000004 [ 1323.466481][T18666] REISERFS warning (device loop1): reiserfs_fill_super: Cannot allocate commit workqueue 09:02:59 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x4c00, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:02:59 executing program 4 (fault-call:19 fault-nth:5): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) 09:02:59 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) [ 1324.006665][T18696] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:03:00 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x6800, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:00 executing program 5: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000100)={0x0}) 09:03:00 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) [ 1324.442192][T18679] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1324.511325][T18679] CPU: 0 PID: 18679 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1324.520145][T18679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1324.530202][T18679] Call Trace: [ 1324.533503][T18679] dump_stack+0x11d/0x187 [ 1324.537836][T18679] dump_header+0xa7/0x399 [ 1324.542192][T18679] oom_kill_process.cold+0x10/0x15 [ 1324.547316][T18679] out_of_memory+0x21d/0xa30 [ 1324.551928][T18679] ? __rcu_read_unlock+0x66/0x2f0 [ 1324.557013][T18679] mem_cgroup_out_of_memory+0x12b/0x150 [ 1324.562581][T18679] try_charge+0xb60/0xbe0 [ 1324.566928][T18679] ? map_vm_area+0x83/0xa0 [ 1324.571459][T18679] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1324.576956][T18679] __memcg_kmem_charge+0xcd/0x1b0 [ 1324.582011][T18679] copy_process+0x12bc/0x3b10 [ 1324.586865][T18679] ? kvm_clock_read+0x14/0x30 [ 1324.591563][T18679] ? kvm_sched_clock_read+0x5/0x10 [ 1324.596792][T18679] ? sched_clock+0xf/0x20 [ 1324.601146][T18679] ? sched_clock_cpu+0x10/0xd0 [ 1324.605915][T18679] ? record_times+0x10/0x80 [ 1324.610480][T18679] _do_fork+0xf7/0x790 [ 1324.614578][T18679] ? __rcu_read_unlock+0x66/0x2f0 [ 1324.619622][T18679] ? blkcg_maybe_throttle_current+0x249/0x5a0 [ 1324.625775][T18679] __x64_sys_clone+0x12e/0x170 [ 1324.630560][T18679] do_syscall_64+0xc7/0x390 [ 1324.635079][T18679] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1324.640971][T18679] RIP: 0033:0x45ee49 [ 1324.644872][T18679] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1324.664481][T18679] RSP: 002b:00007fff23ee3428 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1324.672915][T18679] RAX: ffffffffffffffda RBX: 00007f0678adb700 RCX: 000000000045ee49 [ 1324.680893][T18679] RDX: 00007f0678adb9d0 RSI: 00007f0678adadb0 RDI: 00000000003d0f00 [ 1324.688970][T18679] RBP: 00007fff23ee3640 R08: 00007f0678adb700 R09: 00007f0678adb700 [ 1324.696945][T18679] R10: 00007f0678adb9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1324.704975][T18679] R13: 00007fff23ee34df R14: 00007f0678adb9c0 R15: 000000000076c06c 09:03:01 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x0, 0x0, 0x0) [ 1324.919010][T18679] memory: usage 307200kB, limit 307200kB, failcnt 11939 [ 1324.951133][T18679] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 09:03:01 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x6c00, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1325.001356][T18679] Memory cgroup stats for /syz2: [ 1325.001522][T18679] anon 216379392 [ 1325.001522][T18679] file 122880 [ 1325.001522][T18679] kernel_stack 11390976 [ 1325.001522][T18679] slab 14987264 [ 1325.001522][T18679] sock 8192 [ 1325.001522][T18679] shmem 110592 [ 1325.001522][T18679] file_mapped 135168 [ 1325.001522][T18679] file_dirty 0 [ 1325.001522][T18679] file_writeback 135168 [ 1325.001522][T18679] anon_thp 150994944 [ 1325.001522][T18679] inactive_anon 0 [ 1325.001522][T18679] active_anon 216383488 09:03:01 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) [ 1325.001522][T18679] inactive_file 16384 [ 1325.001522][T18679] active_file 12288 [ 1325.001522][T18679] unevictable 0 [ 1325.001522][T18679] slab_reclaimable 1216512 [ 1325.001522][T18679] slab_unreclaimable 13770752 [ 1325.001522][T18679] pgfault 105072 [ 1325.001522][T18679] pgmajfault 0 [ 1325.001522][T18679] workingset_refault 660 [ 1325.001522][T18679] workingset_activate 264 [ 1325.001522][T18679] workingset_nodereclaim 0 [ 1325.001522][T18679] pgrefill 5725 [ 1325.001522][T18679] pgscan 22328 [ 1325.001522][T18679] pgsteal 14576 [ 1325.418684][T18679] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18529,uid=0 [ 1325.479250][T18679] Memory cgroup out of memory: Killed process 18529 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:03:01 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x5, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:03:01 executing program 5: socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:03:01 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:01 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x7400, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:02 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x7a00, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:02 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:03:02 executing program 5: socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:03:02 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x2, 0x0, 0x0) 09:03:02 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:03:02 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x7, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:03:02 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x9603, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:02 executing program 5: socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:03:03 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:03:03 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x9800, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:03 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x642041, 0x0) r2 = socket$key(0xf, 0x3, 0x2) getsockopt$sock_buf(r2, 0x1, 0x1c, 0x0, &(0x7f0000000280)) ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000080)={'wg1\x00', 0x0}) sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)={0x120, 0x12, 0x10, 0x70bd25, 0x25dfdbfb, {0x15, 0x2, 0x0, 0x3, {0x4e20, 0x4e21, [0x5, 0xff, 0xfffffffe, 0x2], [0xfff, 0x5, 0x1b, 0x40000], r3, [0x1, 0x6]}, 0x0, 0x8000}, [@INET_DIAG_REQ_BYTECODE={0xd3, 0x1, "1f2dcf68e4b5031cec5b6ed4138716c2e26dc89ba4354f592716eab1cd4272d00b6130d1ab3b058d0c960ee1613705c3e3be182126ca670b43692df40174eaa0122f50501d5075fb84e4e7d6eda56e5bb0dd8debd6f1a2e0e746f7393314a70afa28c61bfcc9e23e42bc6ca324b9d45a7b3ccc4e3cb7b3240ae296470ccaa3fed9027cfc0b56fe508f374df4412771a52f95c87c3a248f1c1c0683d02d2973a13072d9f40eb5f95d5e7f4c44947832a013a8e3565064c1ec19e99c5458f4f7c5e2f47d0b173d07c6280eb57447dc38"}]}, 0x120}, 0x1, 0x0, 0x0, 0x40001}, 0x880) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:03:03 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:03 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x3, 0x0, 0x0) 09:03:03 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x8, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:03:04 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xa000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:04 executing program 5: sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x642041, 0x0) r2 = socket$key(0xf, 0x3, 0x2) getsockopt$sock_buf(r2, 0x1, 0x1c, 0x0, &(0x7f0000000280)) ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000080)={'wg1\x00', 0x0}) sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)={0x120, 0x12, 0x10, 0x70bd25, 0x25dfdbfb, {0x15, 0x2, 0x0, 0x3, {0x4e20, 0x4e21, [0x5, 0xff, 0xfffffffe, 0x2], [0xfff, 0x5, 0x1b, 0x40000], r3, [0x1, 0x6]}, 0x0, 0x8000}, [@INET_DIAG_REQ_BYTECODE={0xd3, 0x1, "1f2dcf68e4b5031cec5b6ed4138716c2e26dc89ba4354f592716eab1cd4272d00b6130d1ab3b058d0c960ee1613705c3e3be182126ca670b43692df40174eaa0122f50501d5075fb84e4e7d6eda56e5bb0dd8debd6f1a2e0e746f7393314a70afa28c61bfcc9e23e42bc6ca324b9d45a7b3ccc4e3cb7b3240ae296470ccaa3fed9027cfc0b56fe508f374df4412771a52f95c87c3a248f1c1c0683d02d2973a13072d9f40eb5f95d5e7f4c44947832a013a8e3565064c1ec19e99c5458f4f7c5e2f47d0b173d07c6280eb57447dc38"}]}, 0x120}, 0x1, 0x0, 0x0, 0x40001}, 0x880) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:03:04 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xaf01, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:04 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:04 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:04 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x9, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:03:05 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x4, 0x0, 0x0) 09:03:05 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xba00, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:05 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:05 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:05 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xba0f, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:05 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:05 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x10, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:03:05 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:05 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:06 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xc003, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:06 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:06 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x7, 0x0, 0x0) [ 1330.233294][T18946] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:03:06 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:06 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x11, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:03:06 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xcc03, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:06 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) [ 1330.643017][T18972] ptrace attach of "/root/syz-executor.2"[18968] was attempted by "/root/syz-executor.2"[18972] 09:03:06 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x15, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:03:06 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) [ 1330.861163][T18979] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:03:07 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:07 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xd003, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:07 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x9, 0x0, 0x0) 09:03:07 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) 09:03:07 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) [ 1331.767596][T18982] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1331.877323][T18982] CPU: 0 PID: 18982 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1331.886037][T18982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1331.897483][T18982] Call Trace: [ 1331.900783][T18982] dump_stack+0x11d/0x187 [ 1331.905177][T18982] dump_header+0xa7/0x399 [ 1331.909592][T18982] oom_kill_process.cold+0x10/0x15 [ 1331.914716][T18982] out_of_memory+0x21d/0xa30 [ 1331.919338][T18982] ? __rcu_read_unlock+0x66/0x2f0 [ 1331.924380][T18982] mem_cgroup_out_of_memory+0x12b/0x150 [ 1331.929945][T18982] try_charge+0xb60/0xbe0 [ 1331.934295][T18982] ? map_vm_area+0x83/0xa0 [ 1331.938731][T18982] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1331.944215][T18982] __memcg_kmem_charge+0xcd/0x1b0 [ 1331.949270][T18982] copy_process+0x12bc/0x3b10 [ 1331.953953][T18982] ? kvm_clock_read+0x14/0x30 [ 1331.958629][T18982] ? kvm_sched_clock_read+0x5/0x10 [ 1331.963755][T18982] ? sched_clock+0xf/0x20 [ 1331.968087][T18982] ? sched_clock_cpu+0x10/0xd0 [ 1331.972899][T18982] ? record_times+0x10/0x80 [ 1331.977430][T18982] _do_fork+0xf7/0x790 [ 1331.981579][T18982] ? __rcu_read_unlock+0x66/0x2f0 [ 1331.986658][T18982] ? blkcg_maybe_throttle_current+0x249/0x5a0 [ 1331.992799][T18982] __x64_sys_clone+0x12e/0x170 [ 1331.997596][T18982] do_syscall_64+0xc7/0x390 [ 1332.002109][T18982] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1332.008018][T18982] RIP: 0033:0x45ee49 [ 1332.011921][T18982] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1332.031532][T18982] RSP: 002b:00007fff23ee3428 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1332.039963][T18982] RAX: ffffffffffffffda RBX: 00007f0678aba700 RCX: 000000000045ee49 [ 1332.047937][T18982] RDX: 00007f0678aba9d0 RSI: 00007f0678ab9db0 RDI: 00000000003d0f00 [ 1332.055906][T18982] RBP: 00007fff23ee3640 R08: 00007f0678aba700 R09: 00007f0678aba700 [ 1332.063877][T18982] R10: 00007f0678aba9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1332.071852][T18982] R13: 00007fff23ee34df R14: 00007f0678aba9c0 R15: 000000000076c10c 09:03:08 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:08 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xd401, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:08 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0xa, 0x0, 0x0) [ 1332.308850][T18982] memory: usage 307200kB, limit 307200kB, failcnt 11973 [ 1332.369072][T18982] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1332.376370][T18982] Memory cgroup stats for /syz2: [ 1332.376557][T18982] anon 215179264 [ 1332.376557][T18982] file 122880 [ 1332.376557][T18982] kernel_stack 11612160 [ 1332.376557][T18982] slab 15257600 [ 1332.376557][T18982] sock 8192 [ 1332.376557][T18982] shmem 110592 [ 1332.376557][T18982] file_mapped 135168 [ 1332.376557][T18982] file_dirty 0 [ 1332.376557][T18982] file_writeback 0 [ 1332.376557][T18982] anon_thp 148897792 [ 1332.376557][T18982] inactive_anon 0 [ 1332.376557][T18982] active_anon 215183360 [ 1332.376557][T18982] inactive_file 16384 [ 1332.376557][T18982] active_file 12288 [ 1332.376557][T18982] unevictable 0 [ 1332.376557][T18982] slab_reclaimable 1216512 [ 1332.376557][T18982] slab_unreclaimable 14041088 [ 1332.376557][T18982] pgfault 105600 [ 1332.376557][T18982] pgmajfault 0 [ 1332.376557][T18982] workingset_refault 693 [ 1332.376557][T18982] workingset_activate 264 [ 1332.376557][T18982] workingset_nodereclaim 0 [ 1332.376557][T18982] pgrefill 5791 [ 1332.376557][T18982] pgscan 22463 09:03:08 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) [ 1332.376557][T18982] pgsteal 14609 09:03:08 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) [ 1332.921782][T18982] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17020,uid=0 [ 1333.019725][T18982] Memory cgroup out of memory: Killed process 17020 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:03:09 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x18, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:03:09 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xd403, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:09 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:09 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, r2, 0x0) 09:03:09 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0xe, 0x0, 0x0) 09:03:09 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) 09:03:09 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xe403, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:10 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, r2, 0x0) 09:03:10 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x21, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:03:10 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xe801, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:10 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xec03, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:10 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) 09:03:10 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x15, 0x0, 0x0) 09:03:11 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) 09:03:11 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4200, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:03:11 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xedc0, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:11 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) 09:03:11 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, r2, 0x0) 09:03:11 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r0, 0x0, r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:03:11 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xf402, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:12 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r0, 0x0, r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:03:12 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x34, 0x0, 0x0) 09:03:12 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4201, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:03:12 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xf403, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:12 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) fcntl$dupfd(r0, 0x0, r0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) 09:03:12 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) 09:03:12 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xf603, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:12 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:03:13 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4202, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:03:13 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xfe01, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:13 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:03:13 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x1f4, 0x0, 0x0) 09:03:13 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xff00, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:13 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:03:13 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) 09:03:13 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xff0f, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:14 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4203, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:03:14 executing program 5: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:03:14 executing program 5: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:03:14 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x40000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:14 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x240, 0x0, 0x0) 09:03:15 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) 09:03:15 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4205, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:03:15 executing program 5: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:03:15 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x80040, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:15 executing program 5: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:03:15 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x989680, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:15 executing program 5: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:03:15 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x300, 0x0, 0x0) 09:03:16 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x1000000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:16 executing program 5: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:03:16 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4206, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1340.072987][T19350] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:03:16 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1340.166106][ T7803] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1340.273188][ T7803] CPU: 0 PID: 7803 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1340.281844][ T7803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1340.291897][ T7803] Call Trace: [ 1340.295197][ T7803] dump_stack+0x11d/0x187 [ 1340.299552][ T7803] dump_header+0xa7/0x399 [ 1340.303968][ T7803] oom_kill_process.cold+0x10/0x15 [ 1340.309144][ T7803] out_of_memory+0x21d/0xa30 [ 1340.313794][ T7803] ? __rcu_read_unlock+0x66/0x2f0 [ 1340.318839][ T7803] mem_cgroup_out_of_memory+0x12b/0x150 [ 1340.324395][ T7803] try_charge+0xb60/0xbe0 [ 1340.328736][ T7803] ? __this_cpu_preempt_check+0x3c/0x130 [ 1340.334403][ T7803] ? __perf_event_task_sched_in+0x150/0x3a0 [ 1340.340310][ T7803] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1340.345818][ T7803] __memcg_kmem_charge+0xcd/0x1b0 [ 1340.350863][ T7803] __alloc_pages_nodemask+0x268/0x310 [ 1340.356277][ T7803] alloc_pages_current+0xca/0x170 [ 1340.361362][ T7803] pte_alloc_one+0x14/0x50 [ 1340.365786][ T7803] __pte_alloc+0x27/0x210 [ 1340.370131][ T7803] copy_page_range+0x1391/0x1a40 [ 1340.375139][ T7803] dup_mm+0x72e/0xb90 [ 1340.379159][ T7803] copy_process+0x39ad/0x3b10 [ 1340.383844][ T7803] ? _raw_spin_unlock+0x38/0x60 [ 1340.388726][ T7803] _do_fork+0xf7/0x790 [ 1340.392799][ T7803] ? __read_once_size+0x45/0xd0 [ 1340.397650][ T7803] ? ktime_get_ts64+0x286/0x2c0 [ 1340.402506][ T7803] __x64_sys_clone+0x12e/0x170 [ 1340.407304][ T7803] do_syscall_64+0xc7/0x390 [ 1340.411814][ T7803] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1340.417745][ T7803] RIP: 0033:0x45aa4a [ 1340.421647][ T7803] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1340.441476][ T7803] RSP: 002b:00007fff23ee36c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1340.450158][ T7803] RAX: ffffffffffffffda RBX: 00007fff23ee36c0 RCX: 000000000045aa4a [ 1340.458193][ T7803] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1340.466171][ T7803] RBP: 00007fff23ee3700 R08: 0000000000000001 R09: 0000000000fd8940 09:03:16 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x2000000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:16 executing program 5: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1340.474146][ T7803] R10: 0000000000fd8c10 R11: 0000000000000246 R12: 0000000000000001 [ 1340.482127][ T7803] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff23ee3750 [ 1340.524124][T19372] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:03:16 executing program 5: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 09:03:16 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x3000000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1340.838665][ T7803] memory: usage 307200kB, limit 307200kB, failcnt 12032 [ 1340.856576][ T7803] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1341.011110][ T7803] Memory cgroup stats for /syz2: [ 1341.011282][ T7803] anon 213934080 [ 1341.011282][ T7803] file 0 [ 1341.011282][ T7803] kernel_stack 11833344 [ 1341.011282][ T7803] slab 15392768 [ 1341.011282][ T7803] sock 8192 [ 1341.011282][ T7803] shmem 110592 [ 1341.011282][ T7803] file_mapped 135168 [ 1341.011282][ T7803] file_dirty 0 [ 1341.011282][ T7803] file_writeback 0 [ 1341.011282][ T7803] anon_thp 146800640 [ 1341.011282][ T7803] inactive_anon 0 [ 1341.011282][ T7803] active_anon 213938176 [ 1341.011282][ T7803] inactive_file 16384 09:03:17 executing program 5: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1341.011282][ T7803] active_file 12288 [ 1341.011282][ T7803] unevictable 0 [ 1341.011282][ T7803] slab_reclaimable 1216512 [ 1341.011282][ T7803] slab_unreclaimable 14176256 [ 1341.011282][ T7803] pgfault 106128 [ 1341.011282][ T7803] pgmajfault 0 [ 1341.011282][ T7803] workingset_refault 693 [ 1341.011282][ T7803] workingset_activate 264 [ 1341.011282][ T7803] workingset_nodereclaim 0 [ 1341.011282][ T7803] pgrefill 5858 [ 1341.011282][ T7803] pgscan 22665 [ 1341.011282][ T7803] pgsteal 14642 09:03:17 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1341.217866][T19390] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:03:17 executing program 5: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1341.411342][ T7803] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=16962,uid=0 [ 1341.467338][ T7803] Memory cgroup out of memory: Killed process 16962 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 1341.579785][T19354] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=3, oom_score_adj=1000 [ 1341.649025][T19354] CPU: 1 PID: 19354 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0 [ 1341.657777][T19354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1341.667831][T19354] Call Trace: [ 1341.671229][T19354] dump_stack+0x11d/0x187 [ 1341.675646][T19354] dump_header+0xa7/0x399 [ 1341.679990][T19354] oom_kill_process.cold+0x10/0x15 [ 1341.685112][T19354] out_of_memory+0x21d/0xa30 [ 1341.689734][T19354] ? __rcu_read_unlock+0x66/0x2f0 [ 1341.694873][T19354] mem_cgroup_out_of_memory+0x12b/0x150 [ 1341.700438][T19354] try_charge+0xb60/0xbe0 [ 1341.704789][T19354] ? __this_cpu_preempt_check+0x3c/0x130 [ 1341.710436][T19354] mem_cgroup_charge_skmem+0xd2/0x190 [ 1341.715810][T19354] __sk_mem_raise_allocated+0x466/0xa10 [ 1341.721357][T19354] ? skb_page_frag_refill+0x196/0x250 [ 1341.726767][T19354] __sk_mem_schedule+0x7a/0xd0 [ 1341.731809][T19354] tcp_sendmsg_locked+0x133f/0x20f0 [ 1341.737064][T19354] ? aa_label_sk_perm.part.0+0x272/0x290 [ 1341.742730][T19354] tcp_sendmsg+0x35/0x50 [ 1341.746981][T19354] inet_sendmsg+0x69/0x90 [ 1341.751313][T19354] ? inet_send_prepare+0x1f0/0x1f0 [ 1341.756436][T19354] sock_sendmsg+0x98/0xc0 [ 1341.760783][T19354] __sys_sendto+0x1e2/0x2c0 [ 1341.765307][T19354] ? _copy_to_user+0x7d/0xb0 [ 1341.769922][T19354] __x64_sys_sendto+0x7e/0xa0 [ 1341.774626][T19354] do_syscall_64+0xc7/0x390 [ 1341.779208][T19354] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1341.785104][T19354] RIP: 0033:0x45c479 [ 1341.789085][T19354] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1341.808713][T19354] RSP: 002b:00007fc20bc6dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1341.817179][T19354] RAX: ffffffffffffffda RBX: 00007fc20bc6e6d4 RCX: 000000000045c479 [ 1341.825155][T19354] RDX: fffffffffffffeb4 RSI: 0000000020000200 RDI: 0000000000000003 [ 1341.833174][T19354] RBP: 000000000076bf20 R08: 0000000020db4ff0 R09: 0000000000000010 [ 1341.841157][T19354] R10: 0000000020008011 R11: 0000000000000246 R12: 00000000ffffffff [ 1341.849128][T19354] R13: 0000000000000a03 R14: 00000000004cc7a4 R15: 000000000076bf2c [ 1341.874586][T19354] memory: usage 307200kB, limit 307200kB, failcnt 41449 [ 1341.899805][T19354] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1341.923326][T19354] Memory cgroup stats for /syz4: [ 1341.923508][T19354] anon 266166272 [ 1341.923508][T19354] file 0 [ 1341.923508][T19354] kernel_stack 6709248 [ 1341.923508][T19354] slab 8335360 [ 1341.923508][T19354] sock 2940928 [ 1341.923508][T19354] shmem 114688 [ 1341.923508][T19354] file_mapped 135168 [ 1341.923508][T19354] file_dirty 135168 [ 1341.923508][T19354] file_writeback 135168 [ 1341.923508][T19354] anon_thp 236978176 [ 1341.923508][T19354] inactive_anon 16384 [ 1341.923508][T19354] active_anon 266215424 [ 1341.923508][T19354] inactive_file 0 [ 1341.923508][T19354] active_file 0 [ 1341.923508][T19354] unevictable 49152 [ 1341.923508][T19354] slab_reclaimable 811008 [ 1341.923508][T19354] slab_unreclaimable 7524352 [ 1341.923508][T19354] pgfault 126456 [ 1341.923508][T19354] pgmajfault 0 [ 1341.923508][T19354] workingset_refault 198 [ 1341.923508][T19354] workingset_activate 33 [ 1341.923508][T19354] workingset_nodereclaim 0 [ 1341.923508][T19354] pgrefill 1948 [ 1341.923508][T19354] pgscan 87101 [ 1341.923508][T19354] pgsteal 85501 [ 1342.030203][T19354] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19353,uid=0 09:03:18 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x3e8, 0x0, 0x0) 09:03:18 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x4000000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:18 executing program 5: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) [ 1342.046760][T19354] Memory cgroup out of memory: Killed process 19353 (syz-executor.4) total-vm:75100kB, anon-rss:6324kB, file-rss:35792kB, shmem-rss:0kB, UID:0 pgtables:140kB oom_score_adj:1000 [ 1342.072567][ T1078] oom_reaper: reaped process 19353 (syz-executor.4), now anon-rss:0kB, file-rss:34928kB, shmem-rss:0kB [ 1342.301762][T19417] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:03:18 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4207, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:03:18 executing program 0 (fault-call:4 fault-nth:0): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:18 executing program 5: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, r0, 0x0) 09:03:18 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x5000000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1342.619546][T19438] FAULT_INJECTION: forcing a failure. [ 1342.619546][T19438] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1342.691706][T19438] CPU: 0 PID: 19438 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1342.700435][T19438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1342.710492][T19438] Call Trace: [ 1342.713798][T19438] dump_stack+0x11d/0x187 [ 1342.718148][T19438] should_fail.cold+0x5/0xf [ 1342.722669][T19438] __alloc_pages_nodemask+0xcf/0x310 [ 1342.727980][T19438] alloc_pages_current+0xca/0x170 [ 1342.733029][T19438] __page_cache_alloc+0x17f/0x1a0 [ 1342.738103][T19438] pagecache_get_page+0x251/0x700 [ 1342.743201][T19438] grab_cache_page_write_begin+0x56/0x80 [ 1342.748854][T19438] ext4_da_write_begin+0x1b4/0x860 [ 1342.753971][T19438] ? iov_iter_fault_in_readable+0x22b/0x2c0 [ 1342.759906][T19438] generic_perform_write+0x13a/0x320 [ 1342.765289][T19438] ext4_buffered_write_iter+0x14e/0x280 [ 1342.770843][T19438] ext4_file_write_iter+0xf4/0xd30 [ 1342.775975][T19438] ? proc_cwd_link+0x160/0x160 [ 1342.780751][T19438] ? _kstrtoull+0xfc/0x130 [ 1342.785183][T19438] new_sync_write+0x303/0x400 [ 1342.789875][T19438] __vfs_write+0x9e/0xb0 [ 1342.794126][T19438] vfs_write+0x189/0x380 [ 1342.798376][T19438] ksys_write+0xc5/0x1a0 [ 1342.802636][T19438] __x64_sys_write+0x49/0x60 [ 1342.807238][T19438] do_syscall_64+0xc7/0x390 [ 1342.811755][T19438] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1342.817742][T19438] RIP: 0033:0x45c479 [ 1342.821640][T19438] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1342.841315][T19438] RSP: 002b:00007f663364ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1342.849732][T19438] RAX: ffffffffffffffda RBX: 00007f663364b6d4 RCX: 000000000045c479 [ 1342.857699][T19438] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000006 [ 1342.865710][T19438] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1342.873733][T19438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1342.881703][T19438] R13: 0000000000000cdc R14: 00000000004cec0d R15: 0000000000000000 [ 1342.917309][T19446] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:03:19 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x6000000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:19 executing program 0 (fault-call:4 fault-nth:1): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:19 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4208, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:03:19 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x700, 0x0, 0x0) [ 1343.393313][T19461] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:03:19 executing program 5: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, r0, 0x0) [ 1343.454082][T19463] FAULT_INJECTION: forcing a failure. [ 1343.454082][T19463] name failslab, interval 1, probability 0, space 0, times 0 [ 1343.563020][T19463] CPU: 1 PID: 19463 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1343.571756][T19463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1343.581807][T19463] Call Trace: [ 1343.585113][T19463] dump_stack+0x11d/0x187 [ 1343.589454][T19463] should_fail.cold+0x5/0xf [ 1343.593974][T19463] __should_failslab+0x82/0xb0 [ 1343.598766][T19463] should_failslab+0x5/0xf [ 1343.603188][T19463] __kmalloc+0x54/0x640 [ 1343.607363][T19463] ? ext4_find_extent+0x52a/0x5e0 [ 1343.612399][T19463] ? percpu_ref_put_many+0x5d/0xa0 [ 1343.617519][T19463] ? drain_stock.isra.0+0x2e/0xf0 [ 1343.622554][T19463] ext4_find_extent+0x52a/0x5e0 [ 1343.627411][T19463] ? kick_process+0x41/0x70 [ 1343.631928][T19463] ext4_ext_map_blocks+0xcd/0x20f0 [ 1343.637062][T19463] ? percpu_counter_add_batch+0x10f/0x140 [ 1343.642824][T19463] ? _raw_read_unlock+0x21/0x40 [ 1343.647678][T19463] ? ext4_es_lookup_extent+0x231/0x570 [ 1343.653236][T19463] ext4_da_get_block_prep+0x758/0xa50 [ 1343.658657][T19463] ? __read_once_size+0x7c/0x100 09:03:19 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x7000000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1343.663612][T19463] ? create_empty_buffers+0x215/0x3e0 [ 1343.669002][T19463] ext4_block_write_begin+0x336/0xbd0 [ 1343.674395][T19463] ? ext4_bmap+0x230/0x230 [ 1343.678908][T19463] ? __read_once_size+0x2f/0xd0 [ 1343.683894][T19463] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1343.689798][T19463] ext4_da_write_begin+0x220/0x860 [ 1343.694934][T19463] generic_perform_write+0x13a/0x320 [ 1343.700275][T19463] ext4_buffered_write_iter+0x14e/0x280 [ 1343.705855][T19463] ext4_file_write_iter+0xf4/0xd30 [ 1343.710989][T19463] ? proc_cwd_link+0x160/0x160 [ 1343.715779][T19463] ? _kstrtoull+0xfc/0x130 [ 1343.720286][T19463] new_sync_write+0x303/0x400 [ 1343.724998][T19463] __vfs_write+0x9e/0xb0 [ 1343.729314][T19463] vfs_write+0x189/0x380 [ 1343.733578][T19463] ksys_write+0xc5/0x1a0 [ 1343.737868][T19463] __x64_sys_write+0x49/0x60 [ 1343.742480][T19463] do_syscall_64+0xc7/0x390 [ 1343.747016][T19463] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1343.753023][T19463] RIP: 0033:0x45c479 [ 1343.756973][T19463] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1343.776579][T19463] RSP: 002b:00007f663364ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1343.786995][T19463] RAX: ffffffffffffffda RBX: 00007f663364b6d4 RCX: 000000000045c479 [ 1343.794971][T19463] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000006 [ 1343.802953][T19463] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1343.810931][T19463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1343.818901][T19463] R13: 0000000000000cdc R14: 00000000004cec0d R15: 0000000000000001 09:03:20 executing program 0 (fault-call:4 fault-nth:2): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) [ 1343.954856][T19484] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" [ 1344.016219][T19494] FAULT_INJECTION: forcing a failure. [ 1344.016219][T19494] name failslab, interval 1, probability 0, space 0, times 0 [ 1344.029024][T19494] CPU: 1 PID: 19494 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1344.037756][T19494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1344.047818][T19494] Call Trace: [ 1344.051180][T19494] dump_stack+0x11d/0x187 [ 1344.055561][T19494] should_fail.cold+0x5/0xf [ 1344.060085][T19494] __should_failslab+0x82/0xb0 [ 1344.064864][T19494] should_failslab+0x5/0xf [ 1344.069288][T19494] kmem_cache_alloc+0x23/0x5e0 [ 1344.074063][T19494] ? retint_kernel+0x1b/0x1b [ 1344.078688][T19494] __es_insert_extent+0x1ee/0x870 [ 1344.083812][T19494] ? __es_tree_search.isra.0+0x144/0x170 [ 1344.089464][T19494] ext4_es_insert_extent+0x1c0/0x5d0 [ 1344.094766][T19494] ? _raw_read_unlock+0x21/0x40 [ 1344.099630][T19494] ext4_ext_put_gap_in_cache+0xb2/0xf0 [ 1344.105134][T19494] ext4_ext_map_blocks+0x1071/0x20f0 [ 1344.110448][T19494] ? percpu_counter_add_batch+0x10f/0x140 [ 1344.116188][T19494] ? _raw_read_unlock+0x21/0x40 [ 1344.121055][T19494] ? ext4_es_lookup_extent+0x231/0x570 [ 1344.126544][T19494] ext4_da_get_block_prep+0x758/0xa50 [ 1344.131930][T19494] ? __read_once_size+0x7c/0x100 [ 1344.136903][T19494] ? create_empty_buffers+0x215/0x3e0 [ 1344.142318][T19494] ext4_block_write_begin+0x336/0xbd0 [ 1344.147724][T19494] ? ext4_bmap+0x230/0x230 [ 1344.152156][T19494] ? __read_once_size+0x2f/0xd0 [ 1344.157037][T19494] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1344.162965][T19494] ext4_da_write_begin+0x220/0x860 [ 1344.168125][T19494] generic_perform_write+0x13a/0x320 [ 1344.173598][T19494] ext4_buffered_write_iter+0x14e/0x280 [ 1344.179211][T19494] ext4_file_write_iter+0xf4/0xd30 [ 1344.184343][T19494] ? proc_cwd_link+0x160/0x160 [ 1344.189105][T19494] ? _kstrtoull+0xfc/0x130 [ 1344.193531][T19494] new_sync_write+0x303/0x400 [ 1344.198240][T19494] __vfs_write+0x9e/0xb0 [ 1344.202493][T19494] vfs_write+0x189/0x380 [ 1344.206750][T19494] ksys_write+0xc5/0x1a0 [ 1344.211107][T19494] __x64_sys_write+0x49/0x60 [ 1344.215708][T19494] do_syscall_64+0xc7/0x390 [ 1344.220233][T19494] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1344.226131][T19494] RIP: 0033:0x45c479 [ 1344.230035][T19494] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1344.249663][T19494] RSP: 002b:00007f663364ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1344.258082][T19494] RAX: ffffffffffffffda RBX: 00007f663364b6d4 RCX: 000000000045c479 09:03:20 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4209, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1344.266052][T19494] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000006 [ 1344.274019][T19494] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1344.281994][T19494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1344.289968][T19494] R13: 0000000000000cdc R14: 00000000004cec0d R15: 0000000000000002 [ 1344.411206][T19476] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=3, oom_score_adj=1000 09:03:20 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x8000000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1344.563503][T19476] CPU: 1 PID: 19476 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0 [ 1344.572236][T19476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1344.582299][T19476] Call Trace: [ 1344.585634][T19476] dump_stack+0x11d/0x187 [ 1344.589982][T19476] dump_header+0xa7/0x399 [ 1344.594325][T19476] oom_kill_process.cold+0x10/0x15 [ 1344.599491][T19476] out_of_memory+0x21d/0xa30 [ 1344.604134][T19476] ? __rcu_read_unlock+0x66/0x2f0 [ 1344.609177][T19476] mem_cgroup_out_of_memory+0x12b/0x150 [ 1344.614762][T19476] try_charge+0xb60/0xbe0 [ 1344.619152][T19476] ? __this_cpu_preempt_check+0x3c/0x130 [ 1344.624890][T19476] mem_cgroup_charge_skmem+0xd2/0x190 [ 1344.630295][T19476] __sk_mem_raise_allocated+0x466/0xa10 [ 1344.635852][T19476] ? skb_page_frag_refill+0x196/0x250 [ 1344.641276][T19476] __sk_mem_schedule+0x7a/0xd0 [ 1344.646051][T19476] tcp_sendmsg_locked+0x133f/0x20f0 [ 1344.651282][T19476] ? aa_label_sk_perm.part.0+0x272/0x290 [ 1344.656990][T19476] tcp_sendmsg+0x35/0x50 09:03:20 executing program 0 (fault-call:4 fault-nth:3): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) [ 1344.661243][T19476] inet_sendmsg+0x69/0x90 [ 1344.665586][T19476] ? inet_send_prepare+0x1f0/0x1f0 [ 1344.670789][T19476] sock_sendmsg+0x98/0xc0 [ 1344.675183][T19476] __sys_sendto+0x1e2/0x2c0 [ 1344.679730][T19476] ? _copy_to_user+0x7d/0xb0 [ 1344.684353][T19476] __x64_sys_sendto+0x7e/0xa0 [ 1344.689054][T19476] do_syscall_64+0xc7/0x390 [ 1344.693580][T19476] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1344.699518][T19476] RIP: 0033:0x45c479 [ 1344.703473][T19476] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1344.723104][T19476] RSP: 002b:00007fc20bc6dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1344.731602][T19476] RAX: ffffffffffffffda RBX: 00007fc20bc6e6d4 RCX: 000000000045c479 [ 1344.739631][T19476] RDX: fffffffffffffeb4 RSI: 0000000020000200 RDI: 0000000000000003 [ 1344.747632][T19476] RBP: 000000000076bf20 R08: 0000000020db4ff0 R09: 0000000000000010 [ 1344.755613][T19476] R10: 0000000020008011 R11: 0000000000000246 R12: 00000000ffffffff 09:03:20 executing program 5: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, r0, 0x0) [ 1344.763592][T19476] R13: 0000000000000a03 R14: 00000000004cc7a4 R15: 000000000076bf2c [ 1345.007632][T19519] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" [ 1345.020392][T19476] memory: usage 307200kB, limit 307200kB, failcnt 41703 [ 1345.043011][T19476] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1345.104066][T19476] Memory cgroup stats for /syz4: [ 1345.104225][T19476] anon 264441856 [ 1345.104225][T19476] file 45056 [ 1345.104225][T19476] kernel_stack 6672384 [ 1345.104225][T19476] slab 8335360 [ 1345.104225][T19476] sock 4608000 [ 1345.104225][T19476] shmem 114688 [ 1345.104225][T19476] file_mapped 135168 [ 1345.104225][T19476] file_dirty 0 [ 1345.104225][T19476] file_writeback 135168 [ 1345.104225][T19476] anon_thp 234881024 [ 1345.104225][T19476] inactive_anon 16384 [ 1345.104225][T19476] active_anon 264441856 [ 1345.104225][T19476] inactive_file 32768 [ 1345.104225][T19476] active_file 0 [ 1345.104225][T19476] unevictable 49152 [ 1345.104225][T19476] slab_reclaimable 811008 [ 1345.104225][T19476] slab_unreclaimable 7524352 [ 1345.104225][T19476] pgfault 126819 [ 1345.104225][T19476] pgmajfault 0 [ 1345.104225][T19476] workingset_refault 198 [ 1345.104225][T19476] workingset_activate 33 [ 1345.104225][T19476] workingset_nodereclaim 0 [ 1345.104225][T19476] pgrefill 1981 [ 1345.104225][T19476] pgscan 87948 [ 1345.104225][T19476] pgsteal 86335 [ 1345.143515][T19524] FAULT_INJECTION: forcing a failure. [ 1345.143515][T19524] name failslab, interval 1, probability 0, space 0, times 0 [ 1345.212998][T19524] CPU: 1 PID: 19524 Comm: syz-executor.0 Not tainted 5.6.0-rc1-syzkaller #0 [ 1345.221667][T19524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1345.231716][T19524] Call Trace: [ 1345.235019][T19524] dump_stack+0x11d/0x187 [ 1345.239359][T19524] should_fail.cold+0x5/0xf [ 1345.243877][T19524] __should_failslab+0x82/0xb0 [ 1345.248715][T19524] should_failslab+0x5/0xf [ 1345.253136][T19524] kmem_cache_alloc+0x23/0x5e0 [ 1345.257906][T19524] ? ext4_es_can_be_merged+0xef/0x1b0 [ 1345.263286][T19524] __es_insert_extent+0x1ee/0x870 [ 1345.268327][T19524] ext4_es_insert_delayed_block+0x11d/0x290 [ 1345.274248][T19524] ? _raw_spin_unlock+0x38/0x60 [ 1345.279273][T19524] ext4_da_get_block_prep+0x4fc/0xa50 [ 1345.284664][T19524] ? create_empty_buffers+0x215/0x3e0 [ 1345.290161][T19524] ext4_block_write_begin+0x336/0xbd0 [ 1345.295564][T19524] ? ext4_bmap+0x230/0x230 [ 1345.300013][T19524] ? __read_once_size+0x2f/0xd0 [ 1345.305007][T19524] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 1345.310998][T19524] ext4_da_write_begin+0x220/0x860 [ 1345.316134][T19524] generic_perform_write+0x13a/0x320 [ 1345.321440][T19524] ext4_buffered_write_iter+0x14e/0x280 [ 1345.327001][T19524] ext4_file_write_iter+0xf4/0xd30 [ 1345.332130][T19524] ? proc_cwd_link+0x160/0x160 [ 1345.336909][T19524] ? _kstrtoull+0xfc/0x130 [ 1345.341419][T19524] new_sync_write+0x303/0x400 [ 1345.346193][T19524] __vfs_write+0x9e/0xb0 [ 1345.350504][T19524] vfs_write+0x189/0x380 [ 1345.354806][T19524] ksys_write+0xc5/0x1a0 [ 1345.359124][T19524] __x64_sys_write+0x49/0x60 [ 1345.363772][T19524] do_syscall_64+0xc7/0x390 [ 1345.368352][T19524] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1345.374275][T19524] RIP: 0033:0x45c479 [ 1345.378177][T19524] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1345.398094][T19524] RSP: 002b:00007f663364ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1345.406581][T19524] RAX: ffffffffffffffda RBX: 00007f663364b6d4 RCX: 000000000045c479 [ 1345.414569][T19524] RDX: 000000000208e24b RSI: 0000000020000040 RDI: 0000000000000006 [ 1345.422553][T19524] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1345.430535][T19524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007 [ 1345.438514][T19524] R13: 0000000000000cdc R14: 00000000004cec0d R15: 0000000000000003 [ 1345.448920][T19476] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19472,uid=0 [ 1345.485375][T19476] Memory cgroup out of memory: Killed process 19472 (syz-executor.4) total-vm:75100kB, anon-rss:4536kB, file-rss:35800kB, shmem-rss:0kB, UID:0 pgtables:144kB oom_score_adj:1000 09:03:21 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x420a, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1345.574975][ T1078] oom_reaper: reaped process 19472 (syz-executor.4), now anon-rss:0kB, file-rss:34936kB, shmem-rss:0kB 09:03:21 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0xa000000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:21 executing program 0 (fault-call:4 fault-nth:4): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:21 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x900, 0x0, 0x0) 09:03:21 executing program 5: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) [ 1345.946627][T19540] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:03:22 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:22 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x10000000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:22 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x420b, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1346.543528][T19548] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=3, oom_score_adj=1000 [ 1346.585792][T19569] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" [ 1346.598082][T19548] CPU: 0 PID: 19548 Comm: syz-executor.4 Not tainted 5.6.0-rc1-syzkaller #0 [ 1346.606774][T19548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1346.616826][T19548] Call Trace: [ 1346.620158][T19548] dump_stack+0x11d/0x187 [ 1346.624476][T19548] dump_header+0xa7/0x399 [ 1346.628804][T19548] oom_kill_process.cold+0x10/0x15 [ 1346.633929][T19548] out_of_memory+0x21d/0xa30 [ 1346.638536][T19548] ? __rcu_read_unlock+0x66/0x2f0 [ 1346.643585][T19548] mem_cgroup_out_of_memory+0x12b/0x150 [ 1346.649174][T19548] try_charge+0xb60/0xbe0 [ 1346.653596][T19548] ? __this_cpu_preempt_check+0x3c/0x130 [ 1346.659249][T19548] mem_cgroup_charge_skmem+0xd2/0x190 [ 1346.664634][T19548] __sk_mem_raise_allocated+0x466/0xa10 [ 1346.670190][T19548] ? skb_page_frag_refill+0x196/0x250 [ 1346.675569][T19548] __sk_mem_schedule+0x7a/0xd0 [ 1346.680353][T19548] tcp_sendmsg_locked+0x133f/0x20f0 [ 1346.685590][T19548] ? aa_label_sk_perm.part.0+0x271/0x290 [ 1346.691317][T19548] tcp_sendmsg+0x35/0x50 [ 1346.695837][T19548] inet_sendmsg+0x69/0x90 [ 1346.700184][T19548] ? inet_send_prepare+0x1f0/0x1f0 [ 1346.705365][T19548] sock_sendmsg+0x98/0xc0 [ 1346.709709][T19548] __sys_sendto+0x1e2/0x2c0 [ 1346.714232][T19548] ? _copy_to_user+0x7d/0xb0 [ 1346.718836][T19548] __x64_sys_sendto+0x7e/0xa0 [ 1346.723529][T19548] do_syscall_64+0xc7/0x390 [ 1346.728049][T19548] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1346.733950][T19548] RIP: 0033:0x45c479 [ 1346.737852][T19548] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1346.757460][T19548] RSP: 002b:00007fc20bc6dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1346.765875][T19548] RAX: ffffffffffffffda RBX: 00007fc20bc6e6d4 RCX: 000000000045c479 [ 1346.773849][T19548] RDX: fffffffffffffeb4 RSI: 0000000020000200 RDI: 0000000000000003 [ 1346.781825][T19548] RBP: 000000000076bf20 R08: 0000000020db4ff0 R09: 0000000000000010 [ 1346.789874][T19548] R10: 0000000020008011 R11: 0000000000000246 R12: 00000000ffffffff [ 1346.797848][T19548] R13: 0000000000000a03 R14: 00000000004cc7a4 R15: 000000000076bf2c 09:03:23 executing program 5: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) 09:03:23 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x14030000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:23 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x2000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:23 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x3000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:23 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x420c, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) [ 1347.588692][T19548] memory: usage 307200kB, limit 307200kB, failcnt 41908 09:03:23 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x1f000000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1347.629594][T19548] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1347.707947][T19548] Memory cgroup stats for /syz4: [ 1347.708272][T19548] anon 264085504 [ 1347.708272][T19548] file 4096 [ 1347.708272][T19548] kernel_stack 6672384 [ 1347.708272][T19548] slab 8335360 [ 1347.708272][T19548] sock 5054464 [ 1347.708272][T19548] shmem 114688 [ 1347.708272][T19548] file_mapped 135168 [ 1347.708272][T19548] file_dirty 0 [ 1347.708272][T19548] file_writeback 0 [ 1347.708272][T19548] anon_thp 234881024 [ 1347.708272][T19548] inactive_anon 16384 [ 1347.708272][T19548] active_anon 264085504 [ 1347.708272][T19548] inactive_file 8192 [ 1347.708272][T19548] active_file 0 [ 1347.708272][T19548] unevictable 49152 [ 1347.708272][T19548] slab_reclaimable 811008 [ 1347.708272][T19548] slab_unreclaimable 7524352 [ 1347.708272][T19548] pgfault 126984 [ 1347.708272][T19548] pgmajfault 0 [ 1347.708272][T19548] workingset_refault 198 [ 1347.708272][T19548] workingset_activate 33 [ 1347.708272][T19548] workingset_nodereclaim 0 [ 1347.708272][T19548] pgrefill 2014 [ 1347.708272][T19548] pgscan 88382 [ 1347.708272][T19548] pgsteal 86648 [ 1347.836240][T19606] ptrace attach of "/root/syz-executor.2"[19599] was attempted by "/root/syz-executor.2"[19606] [ 1347.878870][T19548] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=19544,uid=0 09:03:24 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x4000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) [ 1347.929412][T19548] Memory cgroup out of memory: Killed process 19544 (syz-executor.4) total-vm:75100kB, anon-rss:4276kB, file-rss:35904kB, shmem-rss:0kB, UID:0 pgtables:140kB oom_score_adj:1000 [ 1347.936075][T19612] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" [ 1348.075453][ T1078] oom_reaper: reaped process 19544 (syz-executor.4), now anon-rss:0kB, file-rss:34944kB, shmem-rss:0kB [ 1348.163499][T19599] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1348.233466][T19599] CPU: 1 PID: 19599 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1348.242285][T19599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1348.252340][T19599] Call Trace: [ 1348.255690][T19599] dump_stack+0x11d/0x187 [ 1348.260044][T19599] dump_header+0xa7/0x399 [ 1348.264393][T19599] oom_kill_process.cold+0x10/0x15 [ 1348.269571][T19599] out_of_memory+0x21d/0xa30 [ 1348.274284][T19599] mem_cgroup_out_of_memory+0x12b/0x150 [ 1348.279844][T19599] try_charge+0xb60/0xbe0 [ 1348.284218][T19599] ? __rcu_read_unlock+0x66/0x2f0 [ 1348.289338][T19599] mem_cgroup_try_charge+0xd7/0x260 [ 1348.294596][T19599] mem_cgroup_try_charge_delay+0x36/0x70 [ 1348.300351][T19599] __handle_mm_fault+0x18f1/0x2cf0 [ 1348.305489][T19599] handle_mm_fault+0x21c/0x540 [ 1348.310265][T19599] do_page_fault+0x4a4/0xa52 [ 1348.314926][T19599] ? do_syscall_64+0x27f/0x390 [ 1348.319785][T19599] page_fault+0x34/0x40 [ 1348.323946][T19599] RIP: 0033:0x45ee2d [ 1348.327861][T19599] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 e0 8c fb ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 1348.347486][T19599] RSP: 002b:00007fff23ee3428 EFLAGS: 00010202 [ 1348.353556][T19599] RAX: ffffffffffffffea RBX: 00007f0678adb700 RCX: 00007f0678adb700 [ 1348.361532][T19599] RDX: 00000000003d0f00 RSI: 00007f0678adadb0 RDI: 0000000000413060 [ 1348.369539][T19599] RBP: 00007fff23ee3640 R08: 00007f0678adb9d0 R09: 00007f0678adb700 [ 1348.377516][T19599] R10: 00007f0678adadc0 R11: 0000000000000246 R12: 0000000000000000 [ 1348.386449][T19599] R13: 00007fff23ee34df R14: 00007f0678adb9c0 R15: 000000000076c06c 09:03:24 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x20000000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:24 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x5000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:24 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0xa00, 0x0, 0x0) 09:03:24 executing program 5: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) [ 1348.570322][T19599] memory: usage 307200kB, limit 307200kB, failcnt 12079 [ 1348.577299][T19599] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1348.617029][T19599] Memory cgroup stats for /syz2: [ 1348.617188][T19599] anon 212647936 [ 1348.617188][T19599] file 0 [ 1348.617188][T19599] kernel_stack 12054528 [ 1348.617188][T19599] slab 15667200 [ 1348.617188][T19599] sock 8192 [ 1348.617188][T19599] shmem 110592 [ 1348.617188][T19599] file_mapped 135168 [ 1348.617188][T19599] file_dirty 0 [ 1348.617188][T19599] file_writeback 0 [ 1348.617188][T19599] anon_thp 144703488 [ 1348.617188][T19599] inactive_anon 0 [ 1348.617188][T19599] active_anon 212652032 [ 1348.617188][T19599] inactive_file 16384 [ 1348.617188][T19599] active_file 12288 [ 1348.617188][T19599] unevictable 0 [ 1348.617188][T19599] slab_reclaimable 1216512 [ 1348.617188][T19599] slab_unreclaimable 14450688 [ 1348.617188][T19599] pgfault 106656 [ 1348.617188][T19599] pgmajfault 0 [ 1348.617188][T19599] workingset_refault 693 [ 1348.617188][T19599] workingset_activate 264 [ 1348.617188][T19599] workingset_nodereclaim 0 [ 1348.617188][T19599] pgrefill 5924 [ 1348.617188][T19599] pgscan 22798 [ 1348.617188][T19599] pgsteal 14642 [ 1348.664120][T19636] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" 09:03:24 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x6000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) [ 1348.810689][T19599] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=16914,uid=0 [ 1348.899602][T19599] Memory cgroup out of memory: Killed process 16914 (syz-executor.2) total-vm:74836kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 09:03:25 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x20100000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:25 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x7000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:25 executing program 2: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x420d, r0, 0x202, &(0x7f0000000100)={&(0x7f0000001300)=""/4096, 0x1000}) 09:03:25 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x28030000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) 09:03:25 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x20000000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1349.574614][T19677] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 09:03:25 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x9000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 09:03:25 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10) ioctl$SIOCRSGL2CALL(0xffffffffffffffff, 0x89e5, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x0, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x0, 0x0) socket(0x10, 0x80002, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe0, 0x0) accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x208e24b) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000280)=ANY=[]) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000000)="080db5055e0bcfe847a071") recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0xe00, 0x0, 0x0) [ 1349.636476][T19677] CPU: 0 PID: 19677 Comm: syz-executor.2 Not tainted 5.6.0-rc1-syzkaller #0 [ 1349.645189][T19677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1349.655248][T19677] Call Trace: [ 1349.658575][T19677] dump_stack+0x11d/0x187 [ 1349.662921][T19677] dump_header+0xa7/0x399 [ 1349.667314][T19677] oom_kill_process.cold+0x10/0x15 [ 1349.672442][T19677] out_of_memory+0x21d/0xa30 [ 1349.677061][T19677] ? __rcu_read_unlock+0x66/0x2f0 [ 1349.682146][T19677] mem_cgroup_out_of_memory+0x12b/0x150 [ 1349.687708][T19677] try_charge+0xb60/0xbe0 [ 1349.692056][T19677] ? __rcu_read_unlock+0x66/0x2f0 [ 1349.697091][T19677] ? __rcu_read_unlock+0x66/0x2f0 [ 1349.702145][T19677] __memcg_kmem_charge_memcg+0x49/0xe0 [ 1349.707623][T19677] __memcg_kmem_charge+0xcd/0x1b0 [ 1349.712658][T19677] copy_process+0x12bc/0x3b10 [ 1349.717355][T19677] ? kvm_clock_read+0x14/0x30 [ 1349.722074][T19677] ? kvm_sched_clock_read+0x5/0x10 [ 1349.727268][T19677] ? sched_clock+0xf/0x20 [ 1349.731605][T19677] ? sched_clock_cpu+0x10/0xd0 [ 1349.736377][T19677] ? record_times+0x10/0x80 [ 1349.740907][T19677] _do_fork+0xf7/0x790 [ 1349.745037][T19677] ? __rcu_read_unlock+0x66/0x2f0 [ 1349.750096][T19677] ? blkcg_maybe_throttle_current+0x249/0x5a0 [ 1349.756285][T19677] __x64_sys_clone+0x12e/0x170 [ 1349.761077][T19677] do_syscall_64+0xc7/0x390 [ 1349.765599][T19677] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1349.771492][T19677] RIP: 0033:0x45ee49 [ 1349.775483][T19677] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1349.795099][T19677] RSP: 002b:00007fff23ee3428 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1349.803538][T19677] RAX: ffffffffffffffda RBX: 00007f0678afc700 RCX: 000000000045ee49 [ 1349.811515][T19677] RDX: 00007f0678afc9d0 RSI: 00007f0678afbdb0 RDI: 00000000003d0f00 [ 1349.819556][T19677] RBP: 00007fff23ee3640 R08: 00007f0678afc700 R09: 00007f0678afc700 [ 1349.827529][T19677] R10: 00007f0678afc9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1349.835505][T19677] R13: 00007fff23ee34df R14: 00007f0678afc9c0 R15: 000000000076bfcc [ 1349.850159][T19677] memory: usage 307200kB, limit 307200kB, failcnt 12091 [ 1349.862014][T19677] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1349.869427][T19677] Memory cgroup stats for /syz2: [ 1349.869664][T19677] anon 212807680 [ 1349.869664][T19677] file 0 [ 1349.869664][T19677] kernel_stack 12054528 [ 1349.869664][T19677] slab 15667200 [ 1349.869664][T19677] sock 8192 [ 1349.869664][T19677] shmem 110592 [ 1349.869664][T19677] file_mapped 135168 [ 1349.869664][T19677] file_dirty 0 [ 1349.869664][T19677] file_writeback 0 [ 1349.869664][T19677] anon_thp 144703488 [ 1349.869664][T19677] inactive_anon 0 [ 1349.869664][T19677] active_anon 212811776 [ 1349.869664][T19677] inactive_file 16384 [ 1349.869664][T19677] active_file 12288 [ 1349.869664][T19677] unevictable 0 [ 1349.869664][T19677] slab_reclaimable 1216512 [ 1349.869664][T19677] slab_unreclaimable 14450688 [ 1349.869664][T19677] pgfault 106722 [ 1349.869664][T19677] pgmajfault 0 [ 1349.869664][T19677] workingset_refault 693 [ 1349.869664][T19677] workingset_activate 264 [ 1349.869664][T19677] workingset_nodereclaim 0 [ 1349.869664][T19677] pgrefill 5924 [ 1349.869664][T19677] pgscan 22798 [ 1349.869664][T19677] pgsteal 14642 09:03:26 executing program 5: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) 09:03:26 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000b40)='reiserfs\x00', &(0x7f0000000b80)='./file0\x00', 0x0, 0x0, 0x0, 0x34000000, &(0x7f0000000000)={[{@grpjquota='grpjquota', 0x3d}, {@data_ordered='data=ordered'}]}) [ 1350.069011][T19677] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=16858,uid=0 09:03:26 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0xa000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) [ 1350.248961][T19711] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "" [ 1350.264660][ T7817] ================================================================== [ 1350.272789][ T7817] BUG: KCSAN: data-race in percpu_counter_add_batch / wb_over_bg_thresh [ 1350.281110][ T7817] [ 1350.283439][ T7817] write to 0xffff8881213d2468 of 8 bytes by task 19703 on cpu 1: [ 1350.291161][ T7817] percpu_counter_add_batch+0xbc/0x140 [ 1350.296623][ T7817] account_page_dirtied+0x1e8/0x490 [ 1350.301824][ T7817] __set_page_dirty+0x86/0x270 [ 1350.306588][ T7817] mark_buffer_dirty+0x26e/0x2b0 [ 1350.311531][ T7817] __block_commit_write.isra.0+0x11d/0x170 [ 1350.317375][ T7817] block_write_end+0x6d/0x140 [ 1350.322060][ T7817] generic_write_end+0x8c/0x1f0 [ 1350.326913][ T7817] ext4_da_write_end+0x162/0x670 [ 1350.331855][ T7817] generic_perform_write+0x1d7/0x320 [ 1350.337145][ T7817] ext4_buffered_write_iter+0x14e/0x280 [ 1350.342694][ T7817] ext4_file_write_iter+0xf4/0xd30 [ 1350.347809][ T7817] new_sync_write+0x303/0x400 [ 1350.352507][ T7817] __vfs_write+0x9e/0xb0 [ 1350.356749][ T7817] vfs_write+0x189/0x380 [ 1350.361000][ T7817] ksys_write+0xc5/0x1a0 [ 1350.365275][ T7817] __x64_sys_write+0x49/0x60 [ 1350.369908][ T7817] do_syscall_64+0xc7/0x390 [ 1350.374435][ T7817] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1350.380322][ T7817] [ 1350.382655][ T7817] read to 0xffff8881213d2468 of 8 bytes by task 7817 on cpu 0: [ 1350.390214][ T7817] wb_over_bg_thresh+0x244/0x440 [ 1350.395233][ T7817] wb_writeback+0x4bc/0x6a0 09:03:26 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0xb000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) [ 1350.399736][ T7817] wb_workfn+0x66b/0x970 [ 1350.403991][ T7817] process_one_work+0x424/0x930 [ 1350.408844][ T7817] worker_thread+0x9a/0x7e0 [ 1350.413355][ T7817] kthread+0x1cb/0x1f0 [ 1350.417434][ T7817] ret_from_fork+0x1f/0x30 [ 1350.421840][ T7817] [ 1350.424163][ T7817] Reported by Kernel Concurrency Sanitizer on: [ 1350.430332][ T7817] CPU: 0 PID: 7817 Comm: kworker/u4:4 Not tainted 5.6.0-rc1-syzkaller #0 [ 1350.438734][ T7817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1350.448795][ T7817] Workqueue: writeback wb_workfn (flush-8:0) [ 1350.454776][ T7817] ================================================================== [ 1350.462849][ T7817] Kernel panic - not syncing: panic_on_warn set ... [ 1350.469444][ T7817] CPU: 0 PID: 7817 Comm: kworker/u4:4 Not tainted 5.6.0-rc1-syzkaller #0 [ 1350.477876][ T7817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1350.487953][ T7817] Workqueue: writeback wb_workfn (flush-8:0) [ 1350.493933][ T7817] Call Trace: [ 1350.497238][ T7817] dump_stack+0x11d/0x187 [ 1350.501583][ T7817] panic+0x210/0x640 [ 1350.505492][ T7817] ? vprintk_func+0x89/0x13a [ 1350.510105][ T7817] kcsan_report.cold+0xc/0x14 [ 1350.514811][ T7817] kcsan_setup_watchpoint+0x304/0x400 [ 1350.520199][ T7817] wb_over_bg_thresh+0x244/0x440 [ 1350.525145][ T7817] ? memcg_exact_page_state+0xc4/0x100 [ 1350.530639][ T7817] wb_writeback+0x4bc/0x6a0 [ 1350.535160][ T7817] wb_workfn+0x66b/0x970 [ 1350.539432][ T7817] process_one_work+0x424/0x930 [ 1350.544302][ T7817] worker_thread+0x9a/0x7e0 09:03:26 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0xc000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) [ 1350.548826][ T7817] ? rescuer_thread+0x6a0/0x6a0 [ 1350.553680][ T7817] kthread+0x1cb/0x1f0 [ 1350.557785][ T7817] ? kthread_unpark+0xd0/0xd0 [ 1350.562468][ T7817] ret_from_fork+0x1f/0x30 [ 1350.568093][ T7817] Kernel Offset: disabled [ 1350.572419][ T7817] Rebooting in 86400 seconds..