0x0, 0x20, 0x0, "2681a759af559b030354ea5591345ed880f168c148bcc822bbe599b77d6287369bbea43679bb9b267d78589528c5b7596622c42c2870bdfd181a93eaa9f2facb846301de40ba6f7a883a90c39a7bf523"}, 0xd8) syz_genetlink_get_family_id$tipc(0x0) getsockopt$IP_VS_SO_GET_SERVICES(r1, 0x0, 0x482, 0x0, &(0x7f0000000100)) sendmsg$TIPC_CMD_SHOW_STATS(r3, 0x0, 0x0) vmsplice(r5, 0x0, 0x11f, 0x0) clock_gettime(0x800000080, &(0x7f0000000180)) recvmmsg(r0, 0x0, 0x0, 0x2140, 0x0) write$P9_RMKDIR(r4, &(0x7f0000000040)={0x14, 0x49, 0x2, {0x40, 0x3, 0x1}}, 0x14) sendmmsg(r1, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) sendmmsg(r2, &(0x7f0000000c00), 0x4000000000001e6, 0x0) write(r1, &(0x7f0000000040), 0xfffffffffffffdba) 03:51:18 executing program 5: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x80480, 0x0) ioctl$SIOCAX25GETINFO(r0, 0x89ed, &(0x7f0000000040)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000003fe8)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000013e95), 0x4) close(r3) close(r2) [ 1499.883450] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1500.015144] CPU: 0 PID: 737 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1500.022184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1500.031538] Call Trace: [ 1500.034152] dump_stack+0x172/0x1f0 [ 1500.037804] dump_header+0x10f/0xb6c [ 1500.041532] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1500.046649] ? ___ratelimit+0x60/0x595 [ 1500.050548] ? do_raw_spin_unlock+0x57/0x270 [ 1500.054973] oom_kill_process.cold+0x10/0x6f5 [ 1500.059485] ? task_will_free_mem+0x139/0x6e0 [ 1500.064000] out_of_memory+0x79a/0x1280 [ 1500.068003] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1500.073119] ? oom_killer_disable+0x280/0x280 [ 1500.077625] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1500.082751] mem_cgroup_out_of_memory+0x99/0xe0 [ 1500.087429] ? memcg_memory_event+0x40/0x40 [ 1500.091766] ? _raw_spin_unlock+0x2d/0x50 [ 1500.095942] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1500.101058] try_charge+0xfec/0x1570 [ 1500.104776] ? find_held_lock+0x35/0x130 [ 1500.108853] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1500.113707] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1500.118557] ? find_held_lock+0x35/0x130 [ 1500.122634] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1500.127497] memcg_kmem_charge_memcg+0x7c/0x130 [ 1500.132209] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1500.136737] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1500.141593] memcg_kmem_charge+0x13b/0x340 [ 1500.145838] __alloc_pages_nodemask+0x437/0x710 [ 1500.150520] ? debug_smp_processor_id+0x1c/0x20 [ 1500.155207] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1500.160275] ? copy_page_range+0x125a/0x1f90 [ 1500.164706] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1500.170272] alloc_pages_current+0x107/0x210 [ 1500.174738] pte_alloc_one+0x1b/0x1a0 [ 1500.178551] __pte_alloc+0x20/0x310 [ 1500.182208] copy_page_range+0x1529/0x1f90 [ 1500.186452] ? mark_held_locks+0x100/0x100 [ 1500.190743] ? pmd_alloc+0x180/0x180 [ 1500.194471] ? __rb_insert_augmented+0x231/0xdf0 [ 1500.199250] ? validate_mm_rb+0xa3/0xc0 [ 1500.203238] ? __vma_link_rb+0x279/0x370 [ 1500.207322] copy_process.part.0+0x56aa/0x79a0 [ 1500.211997] ? __cleanup_sighand+0x70/0x70 [ 1500.216286] _do_fork+0x257/0xfe0 [ 1500.219758] ? fork_idle+0x1d0/0x1d0 [ 1500.223508] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1500.228276] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1500.233040] ? do_syscall_64+0x26/0x610 [ 1500.237024] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1500.242395] ? do_syscall_64+0x26/0x610 [ 1500.246390] __x64_sys_clone+0xbf/0x150 [ 1500.250394] do_syscall_64+0x103/0x610 [ 1500.254297] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1500.259492] RIP: 0033:0x457e29 [ 1500.262695] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1500.281604] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1500.289319] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1500.296596] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1500.303876] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1500.311161] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1500.318453] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1500.881148] memory: usage 307200kB, limit 307200kB, failcnt 19974 [ 1500.940790] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1500.990663] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1501.041539] Memory cgroup stats for /syz0: cache:0KB rss:97128KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97068KB inactive_file:0KB active_file:0KB unevictable:0KB 03:51:20 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x9400}, 0x0) 03:51:20 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:51:20 executing program 1: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$TIOCGLCKTRMIOS(r0, 0x5456, &(0x7f0000000180)={0x5, 0xb5b9, 0xfffffffffffffff8, 0x6, 0x15, 0x8, 0x7d71a096, 0x8, 0x8, 0x7, 0x5, 0x4}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r2, 0x8925, &(0x7f0000000000)) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x400, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000100)={&(0x7f0000000040)='./file0\x00', r3}, 0x10) 03:51:20 executing program 5: sysinfo(&(0x7f000000b500)=""/4096) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x100, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x20, &(0x7f0000000180)={0x2, 0x0, @multicast2}, 0x10) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000340)=0xa3, 0x289) connect$inet(r1, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000240)=0x0) tkill(r2, 0x25) accept4$packet(r0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14, 0x80800) 03:51:20 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x3) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f00000001c0)={0x2, 0x4e23, @remote}, 0x10) r2 = accept4(r0, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) sendto(r2, 0x0, 0x0, 0x44, 0x0, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000340)=0x16, 0x4) setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f0000000900)=0x2, 0xfc7d) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r3, 0x84, 0x12, 0x0, 0x0) recvmmsg(r2, &(0x7f0000004e00)=[{{&(0x7f0000000680)=@nfc_llcp, 0x80, 0x0}, 0xfffffffffffffffb}, {{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000001180)=""/90, 0x5a}, {&(0x7f0000001200)=""/78, 0x4e}], 0x2, &(0x7f0000001380)=""/245, 0xf5}}], 0x2, 0x0, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) write$cgroup_type(r4, &(0x7f00000002c0)='threaded\x00', 0x9) setsockopt$inet_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000480)={@in6={{0xa, 0x4e20, 0x3, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x6}}, 0x0, 0x20, 0x0, "2681a759af559b030354ea5591345ed880f168c148bcc822bbe599b77d6287369bbea43679bb9b267d78589528c5b7596622c42c2870bdfd181a93eaa9f2facb846301de40ba6f7a883a90c39a7bf523"}, 0xd8) syz_genetlink_get_family_id$tipc(0x0) getsockopt$IP_VS_SO_GET_SERVICES(r1, 0x0, 0x482, 0x0, &(0x7f0000000100)) sendmsg$TIPC_CMD_SHOW_STATS(r3, 0x0, 0x0) vmsplice(r5, 0x0, 0x11f, 0x0) clock_gettime(0x800000080, &(0x7f0000000180)) recvmmsg(r0, 0x0, 0x0, 0x2140, 0x0) write$P9_RMKDIR(r4, &(0x7f0000000040)={0x14, 0x49, 0x2, {0x40, 0x3, 0x1}}, 0x14) sendmmsg(r1, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) sendmmsg(r2, &(0x7f0000000c00), 0x4000000000001e6, 0x0) write(r1, &(0x7f0000000040), 0xfffffffffffffdba) [ 1501.265677] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=731,uid=0 [ 1501.429153] Memory cgroup out of memory: Kill process 731 (syz-executor.0) score 1106 or sacrifice child [ 1501.554338] Killed process 745 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB 03:51:20 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x307100}, 0x0) 03:51:20 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x80000, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)={0x20000000, 0x4, 0x3, 0x0, 0x0, 0x0, 0x7, 0x0, 0x801a14, 0x0, 0x0, 0x7}) 03:51:21 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:51:21 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x3) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f00000001c0)={0x2, 0x4e23, @remote}, 0x10) r2 = accept4(r0, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) sendto(r2, 0x0, 0x0, 0x44, 0x0, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000340)=0x16, 0x4) setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f0000000900)=0x2, 0xfc7d) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r3, 0x84, 0x12, 0x0, 0x0) recvmmsg(r2, &(0x7f0000004e00)=[{{&(0x7f0000000680)=@nfc_llcp, 0x80, 0x0}, 0xfffffffffffffffb}, {{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000001180)=""/90, 0x5a}, {&(0x7f0000001200)=""/78, 0x4e}], 0x2, &(0x7f0000001380)=""/245, 0xf5}}], 0x2, 0x0, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) write$cgroup_type(r4, &(0x7f00000002c0)='threaded\x00', 0x9) setsockopt$inet_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000480)={@in6={{0xa, 0x4e20, 0x3, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x6}}, 0x0, 0x20, 0x0, "2681a759af559b030354ea5591345ed880f168c148bcc822bbe599b77d6287369bbea43679bb9b267d78589528c5b7596622c42c2870bdfd181a93eaa9f2facb846301de40ba6f7a883a90c39a7bf523"}, 0xd8) syz_genetlink_get_family_id$tipc(0x0) getsockopt$IP_VS_SO_GET_SERVICES(r1, 0x0, 0x482, 0x0, &(0x7f0000000100)) sendmsg$TIPC_CMD_SHOW_STATS(r3, 0x0, 0x0) vmsplice(r5, 0x0, 0x11f, 0x0) clock_gettime(0x800000080, &(0x7f0000000180)) recvmmsg(r0, 0x0, 0x0, 0x2140, 0x0) write$P9_RMKDIR(r4, &(0x7f0000000040)={0x14, 0x49, 0x2, {0x40, 0x3, 0x1}}, 0x14) sendmmsg(r1, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) sendmmsg(r2, &(0x7f0000000c00), 0x4000000000001e6, 0x0) write(r1, &(0x7f0000000040), 0xfffffffffffffdba) 03:51:21 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x400000}, 0x0) 03:51:21 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)={0x0, 0xaa94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffc}) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) r2 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x9, 0x40000) ioctl$PPPOEIOCSFWD(r2, 0x4008b100, &(0x7f0000000080)={0x18, 0x0, {0x2, @broadcast, 'veth1\x00'}}) 03:51:22 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x50a000}, 0x0) 03:51:22 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000040)='trusted.overlay.opaque\x00', &(0x7f0000000100)='y\x00', 0x2, 0x2) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="800000001000000019000300e60100006c000000000000180000000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) 03:51:22 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$GIO_FONT(r1, 0x4b60, &(0x7f0000000080)=""/58) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000040)={0x2, 0x936, 0x0, 0x800, 0x1, 0x7, 0x232b, 0x10001, 0x4, 0x800, 0x80000000, 0x7fffffff}) [ 1503.580291] net_ratelimit: 27 callbacks suppressed [ 1503.580301] protocol 88fb is buggy, dev hsr_slave_0 [ 1503.590456] protocol 88fb is buggy, dev hsr_slave_1 [ 1503.595620] protocol 88fb is buggy, dev hsr_slave_0 [ 1503.600763] protocol 88fb is buggy, dev hsr_slave_1 [ 1503.605915] protocol 88fb is buggy, dev hsr_slave_0 [ 1503.611019] protocol 88fb is buggy, dev hsr_slave_1 [ 1503.616142] protocol 88fb is buggy, dev hsr_slave_0 [ 1503.621246] protocol 88fb is buggy, dev hsr_slave_1 [ 1503.900322] protocol 88fb is buggy, dev hsr_slave_0 [ 1503.905473] protocol 88fb is buggy, dev hsr_slave_1 [ 1504.313965] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 03:51:23 executing program 4: r0 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:51:23 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x3) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f00000001c0)={0x2, 0x4e23, @remote}, 0x10) r2 = accept4(r0, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) sendto(r2, 0x0, 0x0, 0x44, 0x0, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000340)=0x16, 0x4) setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f0000000900)=0x2, 0xfc7d) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r3, 0x84, 0x12, 0x0, 0x0) recvmmsg(r2, &(0x7f0000004e00)=[{{&(0x7f0000000680)=@nfc_llcp, 0x80, 0x0}, 0xfffffffffffffffb}, {{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000001180)=""/90, 0x5a}, {&(0x7f0000001200)=""/78, 0x4e}], 0x2, &(0x7f0000001380)=""/245, 0xf5}}], 0x2, 0x0, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) write$cgroup_type(r4, &(0x7f00000002c0)='threaded\x00', 0x9) setsockopt$inet_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000480)={@in6={{0xa, 0x4e20, 0x3, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x6}}, 0x0, 0x20, 0x0, "2681a759af559b030354ea5591345ed880f168c148bcc822bbe599b77d6287369bbea43679bb9b267d78589528c5b7596622c42c2870bdfd181a93eaa9f2facb846301de40ba6f7a883a90c39a7bf523"}, 0xd8) syz_genetlink_get_family_id$tipc(0x0) getsockopt$IP_VS_SO_GET_SERVICES(r1, 0x0, 0x482, 0x0, &(0x7f0000000100)) sendmsg$TIPC_CMD_SHOW_STATS(r3, 0x0, 0x0) vmsplice(r5, 0x0, 0x11f, 0x0) clock_gettime(0x800000080, &(0x7f0000000180)) recvmmsg(r0, 0x0, 0x0, 0x2140, 0x0) write$P9_RMKDIR(r4, &(0x7f0000000040)={0x14, 0x49, 0x2, {0x40, 0x3, 0x1}}, 0x14) sendmmsg(r1, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) sendmmsg(r2, &(0x7f0000000c00), 0x4000000000001e6, 0x0) write(r1, &(0x7f0000000040), 0xfffffffffffffdba) 03:51:23 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = socket$inet6(0xa, 0x3, 0x42) connect$inet6(r1, &(0x7f0000000280)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = getpgid(0x0) getpgid(r2) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) sendmsg(r1, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) 03:51:23 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x70a000}, 0x0) 03:51:23 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) fsetxattr$security_capability(r1, &(0x7f0000000080)='security.capability\x00', &(0x7f0000000100)=@v1={0x1000000, [{0x3, 0x1f}]}, 0xc, 0x3) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) ioctl$SG_GET_LOW_DMA(r2, 0x227a, &(0x7f0000000180)) r3 = dup(r1) fcntl$addseals(r1, 0x409, 0x2) getsockopt$TIPC_SRC_DROPPABLE(r2, 0x10f, 0x80, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$PPPIOCGCHAN(r3, 0x80047437, &(0x7f0000000040)) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) [ 1504.450484] CPU: 1 PID: 851 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1504.457538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1504.466904] Call Trace: [ 1504.469508] dump_stack+0x172/0x1f0 [ 1504.473153] dump_header+0x10f/0xb6c [ 1504.476875] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1504.482025] ? ___ratelimit+0x60/0x595 [ 1504.485934] ? do_raw_spin_unlock+0x57/0x270 [ 1504.490374] oom_kill_process.cold+0x10/0x6f5 [ 1504.494891] ? task_will_free_mem+0x139/0x6e0 [ 1504.499445] out_of_memory+0x79a/0x1280 [ 1504.503468] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1504.508588] ? oom_killer_disable+0x280/0x280 [ 1504.513107] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1504.518236] mem_cgroup_out_of_memory+0x99/0xe0 [ 1504.522928] ? memcg_memory_event+0x40/0x40 [ 1504.527270] ? _raw_spin_unlock+0x2d/0x50 [ 1504.531436] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1504.536555] try_charge+0xfec/0x1570 [ 1504.540277] ? find_held_lock+0x35/0x130 [ 1504.544360] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1504.549219] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1504.554078] ? find_held_lock+0x35/0x130 [ 1504.558149] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1504.563015] memcg_kmem_charge_memcg+0x7c/0x130 [ 1504.567698] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1504.572211] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1504.577072] memcg_kmem_charge+0x13b/0x340 [ 1504.581325] __alloc_pages_nodemask+0x437/0x710 [ 1504.586003] ? debug_smp_processor_id+0x1c/0x20 [ 1504.590690] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1504.595728] ? copy_page_range+0x125a/0x1f90 [ 1504.600153] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1504.605711] alloc_pages_current+0x107/0x210 [ 1504.610141] pte_alloc_one+0x1b/0x1a0 [ 1504.613954] __pte_alloc+0x20/0x310 [ 1504.617612] copy_page_range+0x1529/0x1f90 [ 1504.621859] ? mark_held_locks+0x100/0x100 [ 1504.626324] ? pmd_alloc+0x180/0x180 [ 1504.630053] ? __rb_insert_augmented+0x231/0xdf0 [ 1504.634821] ? validate_mm_rb+0xa3/0xc0 [ 1504.638815] ? __vma_link_rb+0x279/0x370 [ 1504.642911] copy_process.part.0+0x56aa/0x79a0 [ 1504.647537] ? __cleanup_sighand+0x70/0x70 [ 1504.651807] _do_fork+0x257/0xfe0 [ 1504.655282] ? fork_idle+0x1d0/0x1d0 [ 1504.659022] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1504.663791] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1504.668560] ? do_syscall_64+0x26/0x610 [ 1504.672548] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1504.677943] ? do_syscall_64+0x26/0x610 [ 1504.681972] __x64_sys_clone+0xbf/0x150 [ 1504.685974] do_syscall_64+0x103/0x610 [ 1504.689880] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1504.695088] RIP: 0033:0x457e29 [ 1504.698287] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1504.717196] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1504.724922] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1504.732200] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1504.739474] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1504.746751] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1504.754025] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1506.271834] memory: usage 307184kB, limit 307200kB, failcnt 19985 [ 1506.278447] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1506.495953] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1506.622536] Memory cgroup stats for /syz0: cache:0KB rss:96988KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97000KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1506.931317] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=6748,uid=0 [ 1507.048492] Memory cgroup out of memory: Kill process 6748 (syz-executor.0) score 1103 or sacrifice child [ 1507.200498] Killed process 6748 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1507.295956] oom_reaper: reaped process 6748 (syz-executor.0), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 03:51:27 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x713000}, 0x0) 03:51:27 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x2, 0x0) write$binfmt_elf32(r0, &(0x7f0000000100)=ANY=[@ANYRES16], 0x2) mmap$binder(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000002, 0x1013, r0, 0x0) ioctl$int_in(r0, 0x800010c0045009, &(0x7f0000000000)=0x400034) 03:51:27 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:51:27 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x800) ioctl$SCSI_IOCTL_TEST_UNIT_READY(r1, 0x2) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x80000, 0x0) recvfrom$ax25(r2, &(0x7f0000000200)=""/197, 0xc5, 0x0, &(0x7f0000000100)={{0x3, @bcast, 0x6}, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) r3 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000001c0)=0x1) fcntl$setflags(r3, 0x2, 0x0) ioctl$TCSETSW(r3, 0x8925, &(0x7f0000000000)) 03:51:27 executing program 2: r0 = socket$kcm(0x10, 0x4000000002, 0x10) r1 = syz_open_dev$media(&(0x7f00000000c0)='/dev/media#\x00', 0x9, 0x0) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/commit_pending_bools\x00', 0x1, 0x0) fcntl$notify(r1, 0x402, 0xf) setsockopt$inet6_icmp_ICMP_FILTER(r2, 0x1, 0x1, &(0x7f00000001c0)={0x3}, 0x4) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x7, r2}) r3 = dup3(r0, r0, 0x80000) ioctl$sock_inet_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000040)) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r3, 0x80045700, &(0x7f0000000080)) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000240), &(0x7f0000000280)=0x34e) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000000)={'rose0\x00', 0x6}) setsockopt$RDS_FREE_MR(r1, 0x114, 0x3, &(0x7f0000000180)={{0x7fffffff, 0x2}, 0x2}, 0x10) 03:51:27 executing program 4: r0 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:51:27 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x2000001000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e24, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x3de) sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f0000000380)={0x0, 0x9, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="14c40000", @ANYRES16=0x0, @ANYBLOB="0000000000000000000004000000"], 0x9b8}}, 0x5000000) 03:51:27 executing program 2: r0 = socket$inet(0x2b, 0x1, 0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000000c0)={{{@in6=@mcast2, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in6=@mcast2, 0x0, 0x3c}, 0x0, @in=@initdev}}, 0xe8) bind$inet(r0, &(0x7f0000000600)={0x2, 0x4e23, @multicast2}, 0x10) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23}, 0x10) getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, &(0x7f0000000000), &(0x7f0000000080)=0x30) r1 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x1, 0x2) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, &(0x7f0000000640)={{0x7, 0x5, 0x3, 0x4, '\x00', 0x2}, 0x0, [0x8, 0x8, 0x1, 0x6, 0x80000, 0xbd4, 0x101, 0x9f, 0x4, 0x7, 0x7f, 0x5, 0x6, 0x7fff, 0x101, 0x6a, 0x7, 0x6, 0x3, 0x7, 0xfffffffffffffa04, 0x6, 0x42, 0x200, 0x4, 0xffffffffffffff00, 0x400, 0x80008000000000, 0x19fe, 0x0, 0x3, 0x1000, 0x2, 0x7da9, 0x3ff, 0x1000, 0x4, 0x21, 0x3f, 0x1, 0xffffffffffffffff, 0x9, 0x8, 0x1f5f8a99, 0xfffffffffffffffe, 0xee641db, 0x1ff, 0x2, 0x0, 0x1, 0x2, 0x9, 0x9, 0x8001, 0x4, 0x8, 0xb7, 0xffffffffffffff7f, 0x8, 0x6, 0x99, 0x1f, 0x8, 0x6, 0x6, 0x9, 0x101, 0x0, 0x1, 0x101, 0x7, 0x0, 0x2, 0xa2, 0x3ff, 0x8, 0x200, 0x4, 0x400, 0x95, 0x756f, 0xa7, 0xfffffffffffffffd, 0x9, 0x3f, 0xfffffffffffffff8, 0x8, 0x400, 0x2, 0x1a, 0x6e2, 0x1, 0x6, 0x40, 0x80000000, 0x9, 0x2, 0x0, 0x4, 0x10001, 0x6, 0xff, 0x8, 0x304, 0x8, 0x2, 0x8000, 0x9, 0x5, 0x5, 0x7, 0x2e77b30d, 0x5, 0x0, 0xff, 0x4f0a, 0x9, 0x7fff, 0x8, 0x100000000, 0xfffffffffffffff8, 0xfffffffffffffff9, 0xfff, 0x9, 0x1, 0x3, 0xbcfb, 0x2], {0x0, 0x1c9c380}}) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10) 03:51:27 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x740000}, 0x0) 03:51:28 executing program 5: r0 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000001380)=[{&(0x7f0000000240)="02", 0x1}], 0x1, 0x0) fallocate(r0, 0x20, 0x0, 0xfffffeff000) r1 = open(&(0x7f0000002000)='./bus\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, &(0x7f0000000000)=[@in={0x2, 0x4e22, @multicast2}, @in={0x2, 0x4e20, @multicast1}, @in6={0xa, 0x4e20, 0x3, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x6}, @in={0x2, 0x4e20, @broadcast}, @in={0x2, 0x4e23, @multicast1}, @in6={0xa, 0x4e24, 0x7, @mcast2, 0x6}, @in6={0xa, 0x4e23, 0x101, @mcast2, 0x7fff}], 0x94) lseek(r1, 0x0, 0x3) 03:51:28 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)={0xfffffffffffffffe, 0x0, 0x1000000000}) syz_open_pts(r0, 0x48080) r1 = syz_open_pts(r0, 0x208002) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) 03:51:28 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x940000}, 0x0) 03:51:28 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:51:28 executing program 2: syz_emit_ethernet(0xff27, &(0x7f0000000000)=ANY=[@ANYBLOB="09e1ffffffffffff7fffffff02004500fe4b0000000100010078ac00073f000000001890780ff8018179f9d5eac995209796ffa9f24360842878bed9471578cdd6d6f614d50840d876a48e6e89b62386e2b22c7ac6eee31fea5a50d4"], 0x0) [ 1509.745505] audit: type=1804 audit(2000001088.700:150): pid=957 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir186871136/syzkaller.y1AeaV/2229/bus" dev="sda1" ino=18709 res=1 [ 1509.820271] net_ratelimit: 26 callbacks suppressed [ 1509.820280] protocol 88fb is buggy, dev hsr_slave_0 [ 1509.830352] protocol 88fb is buggy, dev hsr_slave_1 [ 1509.835490] protocol 88fb is buggy, dev hsr_slave_0 [ 1509.840614] protocol 88fb is buggy, dev hsr_slave_1 [ 1509.845753] protocol 88fb is buggy, dev hsr_slave_0 [ 1509.850859] protocol 88fb is buggy, dev hsr_slave_1 [ 1509.856031] protocol 88fb is buggy, dev hsr_slave_0 [ 1509.861201] protocol 88fb is buggy, dev hsr_slave_1 03:51:28 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0xa05000}, 0x0) 03:51:29 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) r2 = fcntl$getown(r1, 0x9) fcntl$lock(r1, 0x27, &(0x7f0000000040)={0x0, 0x3, 0x178000000000000, 0xffffffff, r2}) [ 1510.140266] protocol 88fb is buggy, dev hsr_slave_0 [ 1510.145428] protocol 88fb is buggy, dev hsr_slave_1 [ 1510.180244] audit: type=1804 audit(2000001088.800:151): pid=957 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir186871136/syzkaller.y1AeaV/2229/bus" dev="sda1" ino=18709 res=1 03:51:29 executing program 5: socketpair(0x0, 0x0, 0x0, 0x0) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, 0x0) ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0x486, 0x0, 0x0) write$P9_RLERROR(r0, 0x0, 0x0) [ 1510.583849] audit: type=1804 audit(2000001088.840:152): pid=961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir186871136/syzkaller.y1AeaV/2229/bus" dev="sda1" ino=18709 res=1 [ 1510.705985] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1510.948860] CPU: 0 PID: 959 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1510.955936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1510.965305] Call Trace: [ 1510.967925] dump_stack+0x172/0x1f0 [ 1510.971603] dump_header+0x10f/0xb6c [ 1510.975328] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1510.980482] ? ___ratelimit+0x60/0x595 [ 1510.984422] ? do_raw_spin_unlock+0x57/0x270 [ 1510.988843] oom_kill_process.cold+0x10/0x6f5 [ 1510.993356] ? task_will_free_mem+0x139/0x6e0 [ 1510.997875] out_of_memory+0x79a/0x1280 [ 1511.001904] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1511.007028] ? oom_killer_disable+0x280/0x280 [ 1511.011531] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1511.016652] mem_cgroup_out_of_memory+0x99/0xe0 [ 1511.021329] ? memcg_memory_event+0x40/0x40 [ 1511.025679] ? _raw_spin_unlock+0x2d/0x50 [ 1511.029866] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1511.034989] try_charge+0xfec/0x1570 [ 1511.038723] ? find_held_lock+0x35/0x130 [ 1511.042803] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1511.047662] ? kasan_check_read+0x11/0x20 [ 1511.051825] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1511.056686] mem_cgroup_try_charge+0x24d/0x5e0 [ 1511.061286] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1511.066238] wp_page_copy+0x408/0x1740 [ 1511.070134] ? find_held_lock+0x35/0x130 [ 1511.074209] ? pmd_pfn+0x1d0/0x1d0 [ 1511.077758] ? lock_downgrade+0x810/0x810 [ 1511.081943] ? swp_swapcount+0x540/0x540 [ 1511.086022] ? kasan_check_read+0x11/0x20 [ 1511.090180] ? do_raw_spin_unlock+0x57/0x270 [ 1511.094606] do_wp_page+0x2ed/0x1520 [ 1511.098333] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1511.103021] __handle_mm_fault+0x22db/0x3f20 [ 1511.107447] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1511.112294] ? find_held_lock+0x35/0x130 [ 1511.116367] ? handle_mm_fault+0x322/0xb30 [ 1511.120670] ? kasan_check_read+0x11/0x20 [ 1511.124831] handle_mm_fault+0x43f/0xb30 [ 1511.128949] __do_page_fault+0x5da/0xd60 [ 1511.133033] do_page_fault+0x71/0x581 [ 1511.136845] ? page_fault+0x8/0x30 [ 1511.140410] page_fault+0x1e/0x30 [ 1511.143904] RIP: 0033:0x40b56c [ 1511.147114] Code: 74 28 41 8b 07 85 c0 0f 85 02 01 00 00 41 83 c5 01 49 81 c4 a0 00 00 00 41 83 fd 10 75 d4 bf 88 d5 4b 00 31 c0 e8 d4 62 ff ff <41> c6 44 24 f8 01 45 89 6c 24 f4 4c 89 e7 41 c6 44 24 15 00 41 c7 [ 1511.166024] RSP: 002b:00007ffee6aa57b0 EFLAGS: 00010246 [ 1511.171396] RAX: 0000000000000000 RBX: 000000000073bf0c RCX: 00007ffee6aa5858 [ 1511.178693] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 1511.185964] RBP: 000000000073bfa0 R08: 00007ffee6aa5860 R09: 0000000000740978 [ 1511.193263] R10: 00007ffee6aa5870 R11: 0000000000000246 R12: 000000000073bfac [ 1511.200540] R13: 0000000000000001 R14: 0000000000000005 R15: 000000000073bfac 03:51:30 executing program 4: r0 = gettid() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:51:30 executing program 2: recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000002240)=@ipx={0x4, 0x0, 0x0, "5d6f634e9e66"}, 0x80) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='loginuid\x00') preadv(r0, &(0x7f0000000700), 0x31f, 0x10400003) 03:51:30 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0xa07000}, 0x0) 03:51:30 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0xad5) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000140)=0x4000000) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000580)=ANY=[@ANYBLOB='\a']) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000040)=0x201) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r0, 0x400) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r2, 0x8925, &(0x7f0000000000)) syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x5, 0x100) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f0000000180)={0x4, &(0x7f0000000100)=[{}, {}, {0x0}, {}]}) r4 = dup2(r2, r0) ioctl$DRM_IOCTL_NEW_CTX(r4, 0x40086425, &(0x7f0000000240)={r3}) 03:51:30 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x404c534a, &(0x7f0000000400)) [ 1511.339430] memory: usage 307200kB, limit 307200kB, failcnt 20031 [ 1511.370621] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1511.457267] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1511.545315] Memory cgroup stats for /syz0: cache:0KB rss:96988KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97056KB inactive_file:0KB active_file:0KB unevictable:0KB 03:51:30 executing program 2: r0 = socket$inet(0x2, 0x2, 0x2000000088) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x2, 0x18004e20}, 0x10) 03:51:30 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0xff600000}, 0x0) [ 1511.910803] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=6812,uid=0 [ 1512.143824] Memory cgroup out of memory: Kill process 6812 (syz-executor.0) score 1103 or sacrifice child [ 1514.070317] Killed process 6812 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1514.383487] oom_reaper: reaped process 971 (syz-executor.0), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 1514.450889] oom_reaper: reaped process 964 (syz-executor.0), now anon-rss:0kB, file-rss:34048kB, shmem-rss:0kB [ 1514.631708] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1515.300188] CPU: 0 PID: 8038 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1515.307326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1515.316683] Call Trace: [ 1515.319280] dump_stack+0x172/0x1f0 [ 1515.322942] dump_header+0x10f/0xb6c [ 1515.326665] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1515.331789] ? ___ratelimit+0x60/0x595 [ 1515.335700] ? do_raw_spin_unlock+0x57/0x270 [ 1515.340121] oom_kill_process.cold+0x10/0x6f5 [ 1515.344632] ? task_will_free_mem+0x139/0x6e0 [ 1515.349145] out_of_memory+0x79a/0x1280 [ 1515.353137] ? oom_killer_disable+0x280/0x280 [ 1515.357652] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1515.362776] mem_cgroup_out_of_memory+0x99/0xe0 [ 1515.367457] ? memcg_memory_event+0x40/0x40 [ 1515.371798] ? _raw_spin_unlock+0x2d/0x50 [ 1515.375966] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1515.381074] try_charge+0xb4a/0x1570 [ 1515.384794] ? find_held_lock+0x35/0x130 [ 1515.388871] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1515.393740] ? kasan_check_read+0x11/0x20 [ 1515.397910] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1515.402786] mem_cgroup_try_charge+0x24d/0x5e0 [ 1515.407397] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1515.412335] wp_page_copy+0x408/0x1740 [ 1515.416225] ? find_held_lock+0x35/0x130 [ 1515.420301] ? pmd_pfn+0x1d0/0x1d0 [ 1515.423848] ? lock_downgrade+0x810/0x810 [ 1515.428000] ? swp_swapcount+0x540/0x540 [ 1515.432069] ? kasan_check_read+0x11/0x20 [ 1515.436229] ? do_raw_spin_unlock+0x57/0x270 [ 1515.440654] do_wp_page+0x2ed/0x1520 [ 1515.444372] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1515.449100] __handle_mm_fault+0x22db/0x3f20 [ 1515.453514] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1515.458373] ? find_held_lock+0x35/0x130 [ 1515.462443] ? handle_mm_fault+0x322/0xb30 [ 1515.466702] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1515.472261] ? sync_mm_rss+0xa4/0x1c0 [ 1515.476123] handle_mm_fault+0x43f/0xb30 [ 1515.480219] __do_page_fault+0x5da/0xd60 [ 1515.484301] do_page_fault+0x71/0x581 [ 1515.488120] ? page_fault+0x8/0x30 [ 1515.491665] page_fault+0x1e/0x30 [ 1515.495126] RIP: 0033:0x42efba [ 1515.498324] Code: 48 29 e8 31 c9 48 81 fb 40 16 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 48 89 4a 08 <48> 89 46 08 48 8d 4a 10 8b 05 ac 5f 62 00 85 c0 0f 84 3a f7 ff ff [ 1515.517241] RSP: 002b:00007ffee6aa57b0 EFLAGS: 00010206 [ 1515.522623] RAX: 0000000000018691 RBX: 0000000000711640 RCX: 0000000000008041 [ 1515.529904] RDX: 0000000001ffa930 RSI: 0000000002002970 RDI: 0000000000000003 [ 1515.537184] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001ff9940 [ 1515.544459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000711698 [ 1515.551745] R13: 0000000000711698 R14: 0000000000000685 R15: 0000000000002710 [ 1516.040339] memory: usage 306432kB, limit 307200kB, failcnt 20039 [ 1516.046640] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1516.060253] net_ratelimit: 26 callbacks suppressed [ 1516.060261] protocol 88fb is buggy, dev hsr_slave_0 [ 1516.070374] protocol 88fb is buggy, dev hsr_slave_1 [ 1516.075522] protocol 88fb is buggy, dev hsr_slave_0 [ 1516.080642] protocol 88fb is buggy, dev hsr_slave_1 [ 1516.085768] protocol 88fb is buggy, dev hsr_slave_0 [ 1516.090867] protocol 88fb is buggy, dev hsr_slave_1 [ 1516.095991] protocol 88fb is buggy, dev hsr_slave_0 [ 1516.101109] protocol 88fb is buggy, dev hsr_slave_1 [ 1516.380228] protocol 88fb is buggy, dev hsr_slave_0 [ 1516.385329] protocol 88fb is buggy, dev hsr_slave_1 [ 1518.651573] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1518.657762] Memory cgroup stats for /syz0: cache:0KB rss:96856KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96860KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1518.980221] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=6950,uid=0 [ 1519.170217] Memory cgroup out of memory: Kill process 6950 (syz-executor.0) score 1103 or sacrifice child [ 1519.180082] Killed process 6950 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1522.300238] net_ratelimit: 26 callbacks suppressed [ 1522.300247] protocol 88fb is buggy, dev hsr_slave_0 [ 1522.310344] protocol 88fb is buggy, dev hsr_slave_1 [ 1522.315466] protocol 88fb is buggy, dev hsr_slave_0 [ 1522.320599] protocol 88fb is buggy, dev hsr_slave_1 [ 1522.325719] protocol 88fb is buggy, dev hsr_slave_0 [ 1522.330844] protocol 88fb is buggy, dev hsr_slave_1 [ 1522.335980] protocol 88fb is buggy, dev hsr_slave_0 [ 1522.341135] protocol 88fb is buggy, dev hsr_slave_1 [ 1522.620288] protocol 88fb is buggy, dev hsr_slave_0 [ 1522.625904] protocol 88fb is buggy, dev hsr_slave_1 03:51:41 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x2) 03:51:41 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000640)={'syz1\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f0000000540)=[{&(0x7f0000000f40)=""/4096, 0x1000}, {0x0}, {&(0x7f0000000200)=""/218, 0xda}], 0x3) write$uinput_user_dev(r0, &(0x7f0000001f40)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000000]}, 0x45c) 03:51:41 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x400000000000}, 0x0) 03:51:41 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x2, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x8000, 0x100) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f00000000c0)=0x7, 0x4) r2 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000001c0)=0x1) ioctl$SG_GET_RESERVED_SIZE(r1, 0x2272, &(0x7f0000000100)) ioctl$TCSETSW(r2, 0x8925, &(0x7f0000000000)) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000400)=ANY=[@ANYBLOB="08000000000000009c08000001000000000000000000000001200000090000000000007b00000000000000000000000000000000000000003bc7bf2201000000000000000000000000000000000000000000000000000000000000000000000000000000000000007f00000007000000000000000000000004000000010000000000000000000000000000000000002d1a20e318eb04000000000000000000040000000200000000000000000000008e00000003000000000000000000000000000000000000000000000000000000080000000200000000000000000000000600000000800000ff0f000000000000000000000000000000000000000000000300000004000000000000000000000000000300000000000000000000000000000000000000000100000000000000000000000000000001000000feffffff0000000000000000000000000000000000000000000000000700000000000000000000040000000000002000020000000100000000000000000000000000000000000000000000008ace4d93de74a76f5aea3410bc279e0571e809a9c9ab3df859d3c16d271f83bab1f9800d93ac1fece1c65f4fdfbfb52bfeb6954c9d15243b0fb57603f181a54668c2119c2aa4c924"]) 03:51:41 executing program 2: r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote={0xac, 0x14, 0x48}}, 0x10, &(0x7f0000000100), 0x60, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7}}], 0x48}, 0x0) 03:51:41 executing program 4: timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = socket(0xa, 0x5, 0x0) sendmsg$rds(r0, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(0x0, 0x1000000000016) [ 1523.253962] rdma_op 00000000a78318ba conn xmit_rdma (null) 03:51:42 executing program 5: socket$inet6(0xa, 0x0, 0x0) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3}, 0x4) [ 1523.415538] rdma_op 000000004a9ddbc9 conn xmit_rdma (null) 03:51:42 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x60ffffffffff}, 0x0) 03:51:42 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x0, 0x0}, 0x10) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x6) fcntl$setstatus(r0, 0x4, 0x42803) sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f00000000c0)="240000002e0007031d", 0x9}], 0x1}, 0x0) 03:51:42 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x3) 03:51:43 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) getresgid(&(0x7f0000000040), &(0x7f0000000080)=0x0, &(0x7f0000000100)) getgroups(0x2a3, &(0x7f0000000140)=[0xffffffffffffffff, 0x0, 0xee01]) r4 = getgid() setresgid(r2, r3, r4) 03:51:43 executing program 4: timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = socket(0xa, 0x5, 0x0) sendmsg$rds(r0, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(0x0, 0x1000000000016) 03:51:43 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000640)={'syz1\x00'}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f0000000540)=[{&(0x7f0000000f40)=""/4096, 0x1000}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}, {0x0}, {&(0x7f0000000080)=""/41, 0x29}, {&(0x7f0000000200)=""/218, 0xda}], 0x6) write$uinput_user_dev(r0, &(0x7f0000001f40)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc]}, 0x45c) 03:51:43 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x740000000000}, 0x0) 03:51:43 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) socket$tipc(0x1e, 0x2, 0x0) 03:51:43 executing program 5: socketpair$unix(0x1, 0x80005, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x0, 0x0) clone(0x40000210a101ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCSSOFTCAR(r1, 0x40096101, &(0x7f0000000000)) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = memfd_create(&(0x7f0000000280)='Pev ', 0x0) ftruncate(r3, 0x200739) sendfile(r2, r3, 0x0, 0xa0000400000000a) 03:51:44 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x7fffffffefff}, 0x0) [ 1525.178172] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1525.486644] CPU: 1 PID: 1110 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1525.493783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1525.503137] Call Trace: [ 1525.505739] dump_stack+0x172/0x1f0 [ 1525.509404] dump_header+0x10f/0xb6c [ 1525.513133] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1525.518243] ? ___ratelimit+0x60/0x595 [ 1525.522143] ? do_raw_spin_unlock+0x57/0x270 [ 1525.526572] oom_kill_process.cold+0x10/0x6f5 [ 1525.531086] ? task_will_free_mem+0x139/0x6e0 [ 1525.535601] out_of_memory+0x79a/0x1280 [ 1525.539645] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1525.544761] ? oom_killer_disable+0x280/0x280 [ 1525.549266] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1525.554389] mem_cgroup_out_of_memory+0x99/0xe0 [ 1525.559079] ? memcg_memory_event+0x40/0x40 [ 1525.563424] ? _raw_spin_unlock+0x2d/0x50 [ 1525.567585] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1525.572712] try_charge+0xfec/0x1570 [ 1525.576465] ? find_held_lock+0x35/0x130 [ 1525.580585] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1525.585456] ? kasan_check_read+0x11/0x20 [ 1525.589635] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1525.594495] mem_cgroup_try_charge+0x24d/0x5e0 [ 1525.599123] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1525.604069] wp_page_copy+0x408/0x1740 [ 1525.607966] ? find_held_lock+0x35/0x130 [ 1525.612042] ? pmd_pfn+0x1d0/0x1d0 [ 1525.615597] ? lock_downgrade+0x810/0x810 [ 1525.619760] ? swp_swapcount+0x540/0x540 [ 1525.623833] ? kasan_check_read+0x11/0x20 [ 1525.628005] ? do_raw_spin_unlock+0x57/0x270 [ 1525.632432] do_wp_page+0x2ed/0x1520 [ 1525.636187] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1525.640880] __handle_mm_fault+0x22db/0x3f20 [ 1525.645325] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1525.650180] ? find_held_lock+0x35/0x130 [ 1525.654253] ? handle_mm_fault+0x322/0xb30 [ 1525.658507] ? kasan_check_read+0x11/0x20 [ 1525.662685] handle_mm_fault+0x43f/0xb30 [ 1525.666769] __do_page_fault+0x5da/0xd60 [ 1525.670851] do_page_fault+0x71/0x581 [ 1525.674662] ? page_fault+0x8/0x30 [ 1525.678210] page_fault+0x1e/0x30 [ 1525.681669] RIP: 0033:0x40d1e8 [ 1525.684872] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf bf d4 4b 00 31 c0 e8 43 47 ff ff 31 ff e8 8c 43 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 32 64 00 [ 1525.703787] RSP: 002b:00007ffee6aa56e0 EFLAGS: 00010246 [ 1525.709160] RAX: 000000001982d4d4 RBX: 00000000a2a35cfe RCX: 0000001b33120000 [ 1525.716457] RDX: 0000000000000000 RSI: 00000000000014d4 RDI: ffffffff1982d4d4 [ 1525.723734] RBP: 0000000000000010 R08: 000000001982d4d4 R09: 000000001982d4d8 03:51:44 executing program 4: timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = socket(0xa, 0x5, 0x0) sendmsg$rds(r0, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(0x0, 0x1000000000016) [ 1525.731009] R10: 00007ffee6aa5870 R11: 0000000000000246 R12: 000000000073c028 [ 1525.738285] R13: 0000000080000000 R14: 00007f3c77391008 R15: 0000000000000022 03:51:45 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x940000000000}, 0x0) 03:51:45 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x13) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) [ 1526.472869] memory: usage 307200kB, limit 307200kB, failcnt 20071 [ 1526.568081] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1526.677816] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1526.767133] Memory cgroup stats for /syz0: cache:0KB rss:96980KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97128KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1527.089471] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=6991,uid=0 03:51:46 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) [ 1527.883315] Memory cgroup out of memory: Kill process 6991 (syz-executor.0) score 1103 or sacrifice child [ 1528.095329] Killed process 6991 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB 03:51:47 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x4) 03:51:47 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x30710000000000}, 0x0) 03:51:47 executing program 4: r0 = gettid() timer_create(0x0, 0x0, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:51:47 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0xffffffffffffffff, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1f, 0x7ff}) utimes(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={{0x0, 0x7530}, {0x77359400}}) r2 = syz_open_dev$mice(&(0x7f0000000100)='/dev/input/mice\x00', 0x0, 0x80000) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r2, 0xc0305615, &(0x7f0000000140)={0x0, {0x10001, 0x5}}) 03:51:47 executing program 2: syz_emit_ethernet(0xffffffffffffffea, &(0x7f0000000000)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x7, 0x0, 0x2ce, 0x0, 0x0, 0x0, 0x29, 0x0, @rand_addr, @multicast1}, @icmp=@address_reply={0x8}}}}}, &(0x7f0000000040)={0x0, 0x3, [0x0, 0x2d9, 0x3]}) [ 1528.540275] net_ratelimit: 26 callbacks suppressed [ 1528.540283] protocol 88fb is buggy, dev hsr_slave_0 [ 1528.550380] protocol 88fb is buggy, dev hsr_slave_1 [ 1528.555563] protocol 88fb is buggy, dev hsr_slave_0 [ 1528.560661] protocol 88fb is buggy, dev hsr_slave_1 [ 1528.565778] protocol 88fb is buggy, dev hsr_slave_0 [ 1528.570880] protocol 88fb is buggy, dev hsr_slave_1 [ 1528.576000] protocol 88fb is buggy, dev hsr_slave_0 [ 1528.581096] protocol 88fb is buggy, dev hsr_slave_1 [ 1528.687534] sit: non-ECT from 0.0.0.0 with TOS=0x3 [ 1528.767492] sit: non-ECT from 0.0.0.0 with TOS=0x3 03:51:47 executing program 4: r0 = gettid() timer_create(0x0, 0x0, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) [ 1530.142556] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1530.300604] CPU: 0 PID: 1207 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1530.307756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1530.317111] Call Trace: [ 1530.319714] dump_stack+0x172/0x1f0 [ 1530.323361] dump_header+0x10f/0xb6c [ 1530.327083] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1530.332196] ? ___ratelimit+0x60/0x595 [ 1530.336097] ? do_raw_spin_unlock+0x57/0x270 [ 1530.340519] oom_kill_process.cold+0x10/0x6f5 [ 1530.345032] ? task_will_free_mem+0x139/0x6e0 [ 1530.349547] out_of_memory+0x79a/0x1280 [ 1530.353540] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1530.358655] ? oom_killer_disable+0x280/0x280 [ 1530.363160] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1530.368286] mem_cgroup_out_of_memory+0x99/0xe0 [ 1530.372965] ? memcg_memory_event+0x40/0x40 [ 1530.377302] ? _raw_spin_unlock+0x2d/0x50 [ 1530.381462] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1530.386578] try_charge+0xfec/0x1570 [ 1530.390300] ? find_held_lock+0x35/0x130 [ 1530.394373] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1530.399224] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1530.404077] ? find_held_lock+0x35/0x130 [ 1530.408151] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1530.413014] memcg_kmem_charge_memcg+0x7c/0x130 [ 1530.417695] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1530.422208] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1530.427061] memcg_kmem_charge+0x13b/0x340 [ 1530.431314] __alloc_pages_nodemask+0x437/0x710 [ 1530.435997] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1530.441034] ? __lock_acquire+0x53b/0x4700 [ 1530.445280] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1530.450834] alloc_pages_current+0x107/0x210 [ 1530.455254] pte_alloc_one+0x1b/0x1a0 [ 1530.459066] __handle_mm_fault+0x34e4/0x3f20 [ 1530.463491] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1530.468338] ? find_held_lock+0x35/0x130 [ 1530.472412] ? handle_mm_fault+0x322/0xb30 [ 1530.476668] ? kasan_check_read+0x11/0x20 [ 1530.480831] handle_mm_fault+0x43f/0xb30 [ 1530.484922] __do_page_fault+0x5da/0xd60 [ 1530.489009] do_page_fault+0x71/0x581 [ 1530.492825] ? page_fault+0x8/0x30 [ 1530.496371] page_fault+0x1e/0x30 [ 1530.499831] RIP: 0033:0x457e29 [ 1530.503044] Code: Bad RIP value. [ 1530.506416] RSP: 002b:00007f3c7558fc78 EFLAGS: 00010246 [ 1530.511786] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000457e29 [ 1530.519070] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1530.526349] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1530.533623] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1530.540910] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1531.170411] memory: usage 307200kB, limit 307200kB, failcnt 20098 [ 1531.176688] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1531.360229] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1531.366404] Memory cgroup stats for /syz0: cache:0KB rss:96964KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97100KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1532.230315] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=1199,uid=0 [ 1532.380411] Memory cgroup out of memory: Kill process 1199 (syz-executor.0) score 1106 or sacrifice child [ 1532.518772] Killed process 1207 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1532.972552] oom_reaper: reaped process 1199 (syz-executor.0), now anon-rss:0kB, file-rss:34700kB, shmem-rss:0kB [ 1534.780241] net_ratelimit: 28 callbacks suppressed [ 1534.780249] protocol 88fb is buggy, dev hsr_slave_0 [ 1534.790351] protocol 88fb is buggy, dev hsr_slave_1 [ 1534.795472] protocol 88fb is buggy, dev hsr_slave_0 [ 1534.800587] protocol 88fb is buggy, dev hsr_slave_1 [ 1534.805710] protocol 88fb is buggy, dev hsr_slave_0 [ 1534.810808] protocol 88fb is buggy, dev hsr_slave_1 [ 1534.815954] protocol 88fb is buggy, dev hsr_slave_0 [ 1534.821064] protocol 88fb is buggy, dev hsr_slave_1 [ 1535.100273] protocol 88fb is buggy, dev hsr_slave_0 [ 1535.105378] protocol 88fb is buggy, dev hsr_slave_1 03:51:55 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGETD(r0, 0x80045432, &(0x7f0000000040)) 03:51:55 executing program 4: r0 = gettid() timer_create(0x0, 0x0, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:51:55 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0xa0500000000000}, 0x0) 03:51:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000200)=0x10000003) r2 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x7f, 0x1) name_to_handle_at(r2, &(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB="5080000005000000958506538de38e5d0518810cd5bb80d376d1018b1e3eade8cf0d1551641779c9d2f936076da256273f37350c15d2f974c6c197cdec4031c2d89d4059cc789731f1a749e299a5725e3575785b612850f048929e61a97f"], &(0x7f0000000280), 0x1000) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000340)={0x0, 0x88, "07646d48ebad98de7f132e9cf8c301025bce5d6a85ed48b4a20736f7d2655a868c8188c6939bf9002751628d5b0af7247834159103e8c972f11758f8e9ecf73fb4782c4fef12dc9b27ec662ade27e6a0fc0fe9cf3dfd02e4ad7d2e81864a9b3546445ebf487d7ec774638c48deda3aa91756e6d76bc17b5f6f3c9e4a311c05e9bdc34e2becd7ce8d"}, &(0x7f00000001c0)=0x90) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000240)={r3, 0x8}, 0x8) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x3ffe) sendto$netrom(r4, &(0x7f0000000100)="1f556808cf141d42d8d8758a1dc56f024bf8bd8e2cce323c453c4e42732a1fb77a2f65ef2f6933176534977b447422193fba3e96035dc3e69964cc55b8d1e8bb163939ab6b8b5b985c3937d7732b62c6f346f1a76e0cecd72d6c6c9e6fdb8f60f598ecaf1ff2ab98d180db706f69c26fc5e5aa7cd089", 0x76, 0x4, 0x0, 0x0) 03:51:55 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) setsockopt$packet_int(r1, 0x107, 0x1f, &(0x7f0000000040)=0x8, 0x4) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x100000a, 0x32, 0xffffffffffffffff, 0x0) r2 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f00000000c0)={0x0, {0x9, 0x7, 0xba, 0x58be}}) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, 0xff67) getsockopt$sock_buf(r2, 0x1, 0x1c, &(0x7f0000000100)=""/4096, &(0x7f0000001100)=0x1c) 03:51:55 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x5) 03:51:55 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000), &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:51:55 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x4000, 0x0) ioctl$VIDIOC_G_TUNER(r2, 0xc054561d, &(0x7f0000000080)={0x7, "bffef94a3287da5425397aa96d4b64e736d1f0cd44322e98c06012c921817946", 0x0, 0x480, 0x8, 0x4ab, 0x8, 0x2, 0x2, 0x4}) ioctl$KDSKBLED(r1, 0x4b65, 0x1) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) 03:51:55 executing program 2: perf_event_open(&(0x7f00000000c0)={0x8, 0x70, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000000c0)={0x8, 0x70, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 03:51:55 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x6) 03:51:55 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00') perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[]}, 0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000000c0)={{{@in6=@mcast2, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@dev}}, &(0x7f00000001c0)=0xe8) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x80, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_user='access=user'}, {@version_u='version=9p2000.u'}, {@cache_loose='cache=loose'}, {@privport='privport'}], [{@pcr={'pcr', 0x3d, 0x3a}}, {@obj_user={'obj_user', 0x3d, 'mime_type\'cpusetself%ppp1em1.wlan0wlan0selfcgroup@,'}}, {@fsuuid={'fsuuid', 0x3d, {[0x30, 0x35, 0x31, 0x34, 0x0, 0x77, 0x32, 0x34], 0x2d, [0x37, 0x77, 0x36, 0x66], 0x2d, [0x39, 0x73, 0x77], 0x2d, [0x65, 0x77, 0x77, 0x77], 0x2d, [0x73, 0x77, 0x38, 0x7c, 0x7f, 0x32, 0x37]}}}, {@euid_eq={'euid', 0x3d, r2}}, {@subj_type={'subj_type'}}, {@audit='audit'}, {@fsuuid={'fsuuid', 0x3d, {[0x63, 0x77, 0x0, 0x7f, 0x77, 0x37, 0x65, 0x7f], 0x2d, [0x39, 0x3f, 0x3d, 0x61], 0x2d, [0x62, 0x3d, 0x73, 0x37], 0x2d, [0x7f, 0x36, 0x7f, 0x7d], 0x2d, [0x77, 0x35, 0x65, 0x73, 0x30, 0x0, 0x66, 0x76]}}}]}}) preadv(r1, &(0x7f0000000380), 0x0, 0x400000000074) 03:51:55 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0xa0700000000000}, 0x0) 03:51:55 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r0, 0x1fff) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) r2 = syz_open_dev$vcsn(&(0x7f0000000180)='/dev/vcs#\x00', 0x9, 0x18000) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f00000001c0)=""/40) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000280)={0x0, @in={{0x2, 0x4e23, @local}}, 0x0, 0x0, 0x0, 0x0, 0x54}, 0x98) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f00000000c0)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1e}}], 0x10) r4 = dup2(r1, r1) setsockopt$inet_mtu(r4, 0x0, 0xa, &(0x7f0000000140)=0x4, 0x4) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000080)={r3, 0x4}, 0x8) socket$bt_bnep(0x1f, 0x3, 0x4) 03:51:56 executing program 5: r0 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BLKTRACESTOP(r0, 0x1275, 0x0) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f00000000c0)=0x8, 0x4) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000080)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="613d48eeba5673803c8b80168e94807cbab30c3932333d942522f9512ad52ccce6aed9e9a568e61abd72181c93a2bd94efc59b6aab4ad3941916d656532b430d2cdc5cc590642f230c0062e0625f093afcd05ee6f99dff899ee3c14c8f0000682c8954a4c44f2591751e144a934f0259e189f8ae663cc4cffa00b50306bac195c5e34dd77c78b1ed487f85356462bd959678d3f4e4045ed5df70420b800d5a755996ad67e4ec56e10000000000000009d840a19e3bd72e54511c1405"], 0xbc) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000280)=0x1f) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={0x0, &(0x7f00000003c0)=""/150, 0x0, 0x96, 0x1}, 0x20) unlink(&(0x7f0000001e00)='./bus\x00') sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) mkdir(&(0x7f0000001540)='./file0\x00', 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000100)='fou\x00') syz_genetlink_get_family_id$tipc(&(0x7f00000004c0)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r1, &(0x7f00000005c0)={&(0x7f0000000480), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x1) 03:51:56 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0xffefffffff7f0000}, 0x0) [ 1537.095265] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1537.120945] CPU: 1 PID: 1273 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1537.128066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1537.137432] Call Trace: [ 1537.140043] dump_stack+0x172/0x1f0 [ 1537.143723] dump_header+0x10f/0xb6c [ 1537.147466] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1537.152586] ? ___ratelimit+0x60/0x595 [ 1537.156506] ? do_raw_spin_unlock+0x57/0x270 [ 1537.160938] oom_kill_process.cold+0x10/0x6f5 [ 1537.165467] ? task_will_free_mem+0x139/0x6e0 [ 1537.169981] out_of_memory+0x79a/0x1280 [ 1537.173986] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1537.179100] ? oom_killer_disable+0x280/0x280 [ 1537.183601] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1537.188721] mem_cgroup_out_of_memory+0x99/0xe0 [ 1537.193402] ? memcg_memory_event+0x40/0x40 [ 1537.197757] ? _raw_spin_unlock+0x2d/0x50 [ 1537.201938] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1537.207074] try_charge+0xfec/0x1570 [ 1537.210817] ? find_held_lock+0x35/0x130 [ 1537.214908] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1537.216326] sctp: [Deprecated]: syz-executor.2 (pid 1285) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1537.216326] Use struct sctp_sack_info instead [ 1537.219766] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1537.219797] ? find_held_lock+0x35/0x130 [ 1537.219816] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1537.219869] memcg_kmem_charge_memcg+0x7c/0x130 [ 1537.253471] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1537.258015] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1537.262872] memcg_kmem_charge+0x13b/0x340 [ 1537.267128] __alloc_pages_nodemask+0x437/0x710 [ 1537.271814] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1537.276841] ? save_stack+0x45/0xd0 [ 1537.280478] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1537.285596] ? __lock_acquire+0x53b/0x4700 [ 1537.289865] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1537.295440] alloc_pages_current+0x107/0x210 [ 1537.299910] pte_alloc_one+0x1b/0x1a0 [ 1537.303729] __pte_alloc+0x20/0x310 [ 1537.307371] copy_page_range+0x1529/0x1f90 [ 1537.311612] ? __lock_is_held+0xb6/0x140 [ 1537.315704] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1537.320737] ? pmd_alloc+0x180/0x180 [ 1537.324469] ? validate_mm_rb+0xa3/0xc0 [ 1537.326685] sctp: [Deprecated]: syz-executor.2 (pid 1281) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1537.326685] Use struct sctp_sack_info instead [ 1537.329256] ? __vma_link_rb+0x279/0x370 [ 1537.329284] copy_process.part.0+0x56aa/0x79a0 [ 1537.329332] ? __cleanup_sighand+0x70/0x70 [ 1537.357333] _do_fork+0x257/0xfe0 [ 1537.360808] ? fork_idle+0x1d0/0x1d0 [ 1537.364543] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1537.369350] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1537.374115] ? do_syscall_64+0x26/0x610 [ 1537.378096] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1537.383472] ? do_syscall_64+0x26/0x610 [ 1537.387505] __x64_sys_clone+0xbf/0x150 [ 1537.391490] do_syscall_64+0x103/0x610 03:51:56 executing program 2: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/mixer\x00', 0x0, 0x0) write$apparmor_exec(0xffffffffffffffff, &(0x7f0000000540)=ANY=[@ANYBLOB="72262935aef08e98ad297ee6ae69f463b8fafe65786563207508e1359521047ed26e1de7107a0457e431978eebdf4f0280a33f28df76be5ac50d5d748d6db21b9d13edeecf61884b0fb662845858987e9f5d784faef0e044291ba83eee2b8cb62bfe7c19b7aa0a733fd52c95c42bc5913351b49090b7996250312de6184e3e3733c038cca1443d15daa6643cffa10a1c5695cee340c8100400e8ae18a469d6a55ec36c7f31321362b17788334007d5b4b83faebd01f6e6f5175cf33b9910eea6fdb743961fe7edbec7d565eaf7cc2a23b32c7ddfeb039a0efa9484676cf15a30986ca58261b4c9b73cf31dc85fd802a5b1ba66b1e4f21a1afc54c29d058a1a59647a263687197af9c009de451abbe8dbbc99f77698b44fba5d059b406954b41edc0737d658f11795075b3c54bcd7be369c5e259a459cd5b52f431b851abc335b0ee31df75b83dc2be3e2a1235bcc5736c8fe3e1bb5a71df4cfb48329af0e168dbb91d4eb211b328ad13a5c87380c89"], 0x13) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000100)={0x28, 0x0, 0x0, @hyper}, 0xe850) epoll_create1(0x0) r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x1ab) getsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, &(0x7f0000000300)=0x400000000000000, &(0x7f0000000340)=0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000240)=ANY=[], &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='nfs\x00', 0x0, &(0x7f0000000000)) r2 = getegid() setfsgid(r2) clone(0x20082800, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) r3 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x0, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f0000000080)={'filter\x00'}, &(0x7f0000000100)=0x78) setsockopt$l2tp_PPPOL2TP_SO_RECVSEQ(0xffffffffffffffff, 0x111, 0x2, 0x1, 0x4) r4 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0xa00000400, 0x0, 0x8000010004}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f0000000500)) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x5, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x3f, 0x5, 0x7, 0x0, 0xfc0, 0x3, 0x0, 0x3, 0x10, 0x20}}) ioctl$VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000380)={0x0, @sliced={0x30d, [0x2, 0x3, 0x7, 0x7, 0x2, 0xee81, 0x5, 0x94, 0x529b, 0x0, 0x1, 0x400, 0x8, 0x3, 0xfffffffffffff6a7, 0x1, 0x1907, 0xf4d, 0x3a, 0x1fb, 0x8, 0x6, 0x3, 0x8, 0x6, 0x3, 0x2, 0x6, 0x7, 0x10000, 0x8, 0x7, 0x8000, 0x401, 0x9, 0x8, 0x5, 0x3, 0x5, 0x31d3, 0x4, 0x4, 0x9, 0x7, 0x4, 0x9], 0x94}}) setsockopt$sock_void(r1, 0x1, 0x0, 0x0, 0x0) mount(&(0x7f00000006c0)=ANY=[@ANYBLOB="524f6168a0e687394ed770f651218e4f6dbf0d6164c771814ef3b3c55b2f1bf7c90f28a08973283ff0b5ae7822566664346e8cf5723a95efe526f09bcd6049823e720842dda6f5ca81deab1c6b0b3eb0c29b8228c606a713c9a4717898689de6"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='nfs\x00', 0x0, &(0x7f000000a000)) r5 = dup(r4) ioctl$BLKFLSBUF(r5, 0x1261, &(0x7f00000002c0)=0x4) [ 1537.395405] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1537.400611] RIP: 0033:0x457e29 [ 1537.403839] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1537.422742] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1537.430466] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1537.437752] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1537.445029] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1537.452303] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1537.459577] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff 03:51:56 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000003, 0x10000000000}) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x80000, 0x0) ioctl$BLKPG(r2, 0x1269, &(0x7f0000000100)={0x3, 0x8b, 0x6, &(0x7f0000000080)="b247ff87185e"}) 03:51:56 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0xffffffffff600000}, 0x0) [ 1537.635944] rpcbind: RPC call returned error 22 [ 1537.760180] rpcbind: RPC call returned error 22 [ 1538.060490] memory: usage 307200kB, limit 307200kB, failcnt 20140 [ 1538.066771] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1538.125806] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1538.161759] Memory cgroup stats for /syz0: cache:0KB rss:97096KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97120KB inactive_file:4KB active_file:0KB unevictable:0KB [ 1538.287263] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=7066,uid=0 [ 1538.303542] Memory cgroup out of memory: Kill process 7066 (syz-executor.0) score 1103 or sacrifice child [ 1538.313512] Killed process 7066 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1538.366800] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1538.385468] CPU: 1 PID: 1273 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1538.392596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1538.401967] Call Trace: [ 1538.404592] dump_stack+0x172/0x1f0 [ 1538.408249] dump_header+0x10f/0xb6c [ 1538.411977] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1538.417093] ? ___ratelimit+0x60/0x595 [ 1538.420994] ? do_raw_spin_unlock+0x57/0x270 [ 1538.425425] oom_kill_process.cold+0x10/0x6f5 [ 1538.429949] ? task_will_free_mem+0x139/0x6e0 [ 1538.434470] out_of_memory+0x79a/0x1280 [ 1538.438462] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1538.443581] ? oom_killer_disable+0x280/0x280 [ 1538.448086] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1538.453206] mem_cgroup_out_of_memory+0x99/0xe0 [ 1538.457883] ? memcg_memory_event+0x40/0x40 [ 1538.462234] ? _raw_spin_unlock+0x2d/0x50 [ 1538.466388] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1538.471535] try_charge+0xfec/0x1570 [ 1538.475267] ? find_held_lock+0x35/0x130 [ 1538.479341] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1538.484207] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1538.489068] ? find_held_lock+0x35/0x130 [ 1538.493143] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1538.498005] memcg_kmem_charge_memcg+0x7c/0x130 [ 1538.502681] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1538.507189] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1538.512045] memcg_kmem_charge+0x13b/0x340 [ 1538.516294] __alloc_pages_nodemask+0x437/0x710 [ 1538.520972] ? __pud_alloc+0x1d3/0x250 [ 1538.524876] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1538.529918] ? __pud_alloc+0x1d3/0x250 [ 1538.533850] ? lock_downgrade+0x810/0x810 [ 1538.538008] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1538.543565] alloc_pages_current+0x107/0x210 [ 1538.547980] ? do_raw_spin_unlock+0x57/0x270 [ 1538.552404] __pmd_alloc+0x41/0x460 [ 1538.556052] ? pmd_val+0x100/0x100 [ 1538.559607] pmd_alloc+0x10c/0x180 [ 1538.563163] copy_page_range+0x62e/0x1f90 [ 1538.567340] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1538.572366] ? vma_compute_subtree_gap+0x158/0x230 [ 1538.577310] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1538.582165] ? pmd_alloc+0x180/0x180 [ 1538.585888] ? validate_mm_rb+0xa3/0xc0 [ 1538.589913] ? __vma_link_rb+0x279/0x370 [ 1538.594017] copy_process.part.0+0x56aa/0x79a0 [ 1538.598666] ? __cleanup_sighand+0x70/0x70 [ 1538.602947] _do_fork+0x257/0xfe0 [ 1538.606423] ? fork_idle+0x1d0/0x1d0 [ 1538.610173] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1538.614937] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1538.619701] ? do_syscall_64+0x26/0x610 [ 1538.623730] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1538.629290] ? do_syscall_64+0x26/0x610 [ 1538.633284] __x64_sys_clone+0xbf/0x150 [ 1538.637247] do_syscall_64+0x103/0x610 [ 1538.641125] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1538.646309] RIP: 0033:0x457e29 [ 1538.649490] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1538.668373] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1538.676067] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1538.683329] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1538.690592] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1538.697847] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1538.705113] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1538.717122] memory: usage 307040kB, limit 307200kB, failcnt 20173 [ 1538.730071] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1538.737232] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1538.826390] Memory cgroup stats for /syz0: cache:0KB rss:97096KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97024KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1538.853327] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=7153,uid=0 [ 1538.868092] Memory cgroup out of memory: Kill process 7153 (syz-executor.0) score 1103 or sacrifice child [ 1538.878134] Killed process 7153 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB 03:51:58 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000), &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:51:58 executing program 2: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/mixer\x00', 0x0, 0x0) write$apparmor_exec(0xffffffffffffffff, &(0x7f0000000540)=ANY=[@ANYBLOB="72262935aef08e98ad297ee6ae69f463b8fafe65786563207508e1359521047ed26e1de7107a0457e431978eebdf4f0280a33f28df76be5ac50d5d748d6db21b9d13edeecf61884b0fb662845858987e9f5d784faef0e044291ba83eee2b8cb62bfe7c19b7aa0a733fd52c95c42bc5913351b49090b7996250312de6184e3e3733c038cca1443d15daa6643cffa10a1c5695cee340c8100400e8ae18a469d6a55ec36c7f31321362b17788334007d5b4b83faebd01f6e6f5175cf33b9910eea6fdb743961fe7edbec7d565eaf7cc2a23b32c7ddfeb039a0efa9484676cf15a30986ca58261b4c9b73cf31dc85fd802a5b1ba66b1e4f21a1afc54c29d058a1a59647a263687197af9c009de451abbe8dbbc99f77698b44fba5d059b406954b41edc0737d658f11795075b3c54bcd7be369c5e259a459cd5b52f431b851abc335b0ee31df75b83dc2be3e2a1235bcc5736c8fe3e1bb5a71df4cfb48329af0e168dbb91d4eb211b328ad13a5c87380c89"], 0x13) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000100)={0x28, 0x0, 0x0, @hyper}, 0xe850) epoll_create1(0x0) r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x1ab) getsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, &(0x7f0000000300)=0x400000000000000, &(0x7f0000000340)=0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000240)=ANY=[], &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='nfs\x00', 0x0, &(0x7f0000000000)) r2 = getegid() setfsgid(r2) clone(0x20082800, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) r3 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x0, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f0000000080)={'filter\x00'}, &(0x7f0000000100)=0x78) setsockopt$l2tp_PPPOL2TP_SO_RECVSEQ(0xffffffffffffffff, 0x111, 0x2, 0x1, 0x4) r4 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0xa00000400, 0x0, 0x8000010004}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f0000000500)) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x5, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x3f, 0x5, 0x7, 0x0, 0xfc0, 0x3, 0x0, 0x3, 0x10, 0x20}}) ioctl$VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000380)={0x0, @sliced={0x30d, [0x2, 0x3, 0x7, 0x7, 0x2, 0xee81, 0x5, 0x94, 0x529b, 0x0, 0x1, 0x400, 0x8, 0x3, 0xfffffffffffff6a7, 0x1, 0x1907, 0xf4d, 0x3a, 0x1fb, 0x8, 0x6, 0x3, 0x8, 0x6, 0x3, 0x2, 0x6, 0x7, 0x10000, 0x8, 0x7, 0x8000, 0x401, 0x9, 0x8, 0x5, 0x3, 0x5, 0x31d3, 0x4, 0x4, 0x9, 0x7, 0x4, 0x9], 0x94}}) setsockopt$sock_void(r1, 0x1, 0x0, 0x0, 0x0) mount(&(0x7f00000006c0)=ANY=[@ANYBLOB="524f6168a0e687394ed770f651218e4f6dbf0d6164c771814ef3b3c55b2f1bf7c90f28a08973283ff0b5ae7822566664346e8cf5723a95efe526f09bcd6049823e720842dda6f5ca81deab1c6b0b3eb0c29b8228c606a713c9a4717898689de6"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='nfs\x00', 0x0, &(0x7f000000a000)) r5 = dup(r4) ioctl$BLKFLSBUF(r5, 0x1261, &(0x7f00000002c0)=0x4) 03:51:58 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x4000}, 0x0) 03:51:58 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) r2 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x3, 0x2) sendto$netrom(r2, &(0x7f0000000100)="22d4bfb4e06a2ee7660e25195fb5aa188019569c506bf830f81f83b100e5dde515af7fb8a57117bb7cf76ebcea97feb1672b11657d1ec89e2717606527dc09adbb07774f403a00642a9cf3b7c6c03761b1da7138bb80d33b3be7a4bec02fb437e2adf10da55d241573140581115c92dcd1d0ad8399f34ba4ea420af3c666aca0438cf91eb99fb801c66a0553653f7be9a4d0556a57dd1947ea15b041d6fbd6802b9c0f10", 0xa4, 0x20000000, &(0x7f0000000200)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x4}, [@default, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}, 0x48) r3 = syz_open_dev$usb(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0xc5, 0x101000) ioctl$TIOCNXCL(r3, 0x540d) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000080)=0x1) pipe2(&(0x7f00000002c0), 0x800) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) 03:51:58 executing program 5: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/mixer\x00', 0x0, 0x0) write$apparmor_exec(0xffffffffffffffff, &(0x7f0000000540)=ANY=[@ANYBLOB="72262935aef08e98ad297ee6ae69f463b8fafe65786563207508e1359521047ed26e1de7107a0457e431978eebdf4f0280a33f28df76be5ac50d5d748d6db21b9d13edeecf61884b0fb662845858987e9f5d784faef0e044291ba83eee2b8cb62bfe7c19b7aa0a733fd52c95c42bc5913351b49090b7996250312de6184e3e3733c038cca1443d15daa6643cffa10a1c5695cee340c8100400e8ae18a469d6a55ec36c7f31321362b17788334007d5b4b83faebd01f6e6f5175cf33b9910eea6fdb743961fe7edbec7d565eaf7cc2a23b32c7ddfeb039a0efa9484676cf15a30986ca58261b4c9b73cf31dc85fd802a5b1ba66b1e4f21a1afc54c29d058a1a59647a263687197af9c009de451abbe8dbbc99f77698b44fba5d059b406954b41edc0737d658f11795075b3c54bcd7be369c5e259a459cd5b52f431b851abc335b0ee31df75b83dc2be3e2a1235bcc5736c8fe3e1bb5a71df4cfb48329af0e168dbb91d4eb211b328ad13a5c87380c89"], 0x13) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000100)={0x28, 0x0, 0x0, @hyper}, 0xe850) epoll_create1(0x0) r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x1ab) getsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, &(0x7f0000000300)=0x400000000000000, &(0x7f0000000340)=0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000240)=ANY=[], &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='nfs\x00', 0x0, &(0x7f0000000000)) r2 = getegid() setfsgid(r2) clone(0x20082800, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) r3 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x0, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f0000000080)={'filter\x00'}, &(0x7f0000000100)=0x78) setsockopt$l2tp_PPPOL2TP_SO_RECVSEQ(0xffffffffffffffff, 0x111, 0x2, 0x1, 0x4) r4 = perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0xa00000400, 0x0, 0x8000010004}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f0000000500)) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x5, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x3f, 0x5, 0x7, 0x0, 0xfc0, 0x3, 0x0, 0x3, 0x10, 0x20}}) ioctl$VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000380)={0x0, @sliced={0x30d, [0x2, 0x3, 0x7, 0x7, 0x2, 0xee81, 0x5, 0x94, 0x529b, 0x0, 0x1, 0x400, 0x8, 0x3, 0xfffffffffffff6a7, 0x1, 0x1907, 0xf4d, 0x3a, 0x1fb, 0x8, 0x6, 0x3, 0x8, 0x6, 0x3, 0x2, 0x6, 0x7, 0x10000, 0x8, 0x7, 0x8000, 0x401, 0x9, 0x8, 0x5, 0x3, 0x5, 0x31d3, 0x4, 0x4, 0x9, 0x7, 0x4, 0x9], 0x94}}) setsockopt$sock_void(r1, 0x1, 0x0, 0x0, 0x0) mount(&(0x7f00000006c0)=ANY=[@ANYBLOB="524f6168a0e687394ed770f651218e4f6dbf0d6164c771814ef3b3c55b2f1bf7c90f28a08973283ff0b5ae7822566664346e8cf5723a95efe526f09bcd6049823e720842dda6f5ca81deab1c6b0b3eb0c29b8228c606a713c9a4717898689de6"], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='nfs\x00', 0x0, &(0x7f000000a000)) r5 = dup(r4) ioctl$BLKFLSBUF(r5, 0x1261, &(0x7f00000002c0)=0x4) 03:51:58 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x8) 03:51:59 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x60ff}, 0x0) [ 1540.128021] rpcbind: RPC call returned error 22 [ 1540.273497] rpcbind: RPC call returned error 22 03:51:59 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f00000000c0)={0x6, 0x0, 0x10001, 0x9}) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000140)={0x1, r2, 0x10000, 0x9}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MARK_BUFS(r1, 0x40206417, &(0x7f0000000180)={0xffff, 0x7fffffff, 0x5, 0x6, 0x19, 0x8001}) 03:51:59 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x4, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x404040, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000080)) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000240)={0x7fefffff, 0x4, 0x4, {0x20000000c, @win={{0x59e, 0x8, 0x0, 0xfffffffffffffff9}, 0x6, 0x40, &(0x7f00000000c0)={{0x0, 0x0, 0x696, 0xfffffffffffffffb}}, 0x1, &(0x7f0000000440)="276db30dc1d78de4b90d92225caa428c3fed8c161d7a81dfd1c266785ee38c", 0x7}}}) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000340)={0x2, @pix_mp}) ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f0000000100)={0xa, {0x0, 0x0, 0xfffffffffffffffd}}) 03:51:59 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x3ffd, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000040)={0x3f, 0x0, 0x2000000000000, 0x0, 0xfffffffffffffffd, 0x0, 0x8158}) [ 1540.451867] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1540.571575] CPU: 1 PID: 1358 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1540.578695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1540.588054] Call Trace: [ 1540.590658] dump_stack+0x172/0x1f0 [ 1540.594305] dump_header+0x10f/0xb6c [ 1540.598035] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1540.603161] ? ___ratelimit+0x60/0x595 [ 1540.607058] ? do_raw_spin_unlock+0x57/0x270 [ 1540.611508] oom_kill_process.cold+0x10/0x6f5 [ 1540.616020] ? task_will_free_mem+0x139/0x6e0 03:51:59 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f00000000c0)={0x6, 0x0, 0x10001, 0x9}) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000140)={0x1, r2, 0x10000, 0x9}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MARK_BUFS(r1, 0x40206417, &(0x7f0000000180)={0xffff, 0x7fffffff, 0x5, 0x6, 0x19, 0x8001}) [ 1540.620537] out_of_memory+0x79a/0x1280 [ 1540.624682] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1540.629787] ? oom_killer_disable+0x280/0x280 [ 1540.634294] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1540.639423] mem_cgroup_out_of_memory+0x99/0xe0 [ 1540.644108] ? memcg_memory_event+0x40/0x40 [ 1540.648468] ? _raw_spin_unlock+0x2d/0x50 [ 1540.652638] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1540.657749] try_charge+0xfec/0x1570 [ 1540.661516] ? find_held_lock+0x35/0x130 [ 1540.665616] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1540.670477] ? kasan_check_read+0x11/0x20 [ 1540.674637] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1540.679489] mem_cgroup_try_charge+0x24d/0x5e0 [ 1540.684084] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1540.689028] wp_page_copy+0x408/0x1740 [ 1540.692946] ? find_held_lock+0x35/0x130 [ 1540.697036] ? pmd_pfn+0x1d0/0x1d0 [ 1540.700585] ? lock_downgrade+0x810/0x810 [ 1540.704760] ? swp_swapcount+0x540/0x540 [ 1540.708827] ? kasan_check_read+0x11/0x20 [ 1540.712985] ? do_raw_spin_unlock+0x57/0x270 [ 1540.717667] do_wp_page+0x2ed/0x1520 [ 1540.721570] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1540.726274] __handle_mm_fault+0x22db/0x3f20 [ 1540.730698] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1540.735549] ? find_held_lock+0x35/0x130 [ 1540.739619] ? handle_mm_fault+0x322/0xb30 [ 1540.743889] ? kasan_check_read+0x11/0x20 [ 1540.748081] handle_mm_fault+0x43f/0xb30 [ 1540.752166] __do_page_fault+0x5da/0xd60 [ 1540.756262] do_page_fault+0x71/0x581 [ 1540.760533] ? page_fault+0x8/0x30 [ 1540.764082] page_fault+0x1e/0x30 [ 1540.767537] RIP: 0033:0x40fa60 [ 1540.770732] Code: ff ff 48 83 c8 01 48 89 05 6d 0a 64 00 48 8b 05 46 14 30 00 49 c7 85 c8 02 00 00 90 0e 71 00 49 89 85 c0 02 00 00 4c 89 70 08 <4c> 89 35 29 14 30 00 48 c7 05 3e 0a 64 00 00 00 00 00 f0 ff 0d 3f [ 1540.789636] RSP: 002b:00007ffee6aa56c0 EFLAGS: 00010202 [ 1540.795000] RAX: 00007f3c755909c0 RBX: 0000000000020000 RCX: 00000000ffffffe0 [ 1540.802274] RDX: 0000000000000040 RSI: 0000000000000001 RDI: 00007f3c7556f6a0 [ 1540.809546] RBP: 00007ffee6aa57a0 R08: 0000000000712800 R09: 0000000000712800 03:51:59 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x7400}, 0x0) [ 1540.816818] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffee6aa5880 [ 1540.824091] R13: 00007f3c7556f700 R14: 00007f3c7556f9c0 R15: 000000000073bfac [ 1541.020262] net_ratelimit: 26 callbacks suppressed [ 1541.020271] protocol 88fb is buggy, dev hsr_slave_0 [ 1541.030388] protocol 88fb is buggy, dev hsr_slave_1 [ 1541.035581] protocol 88fb is buggy, dev hsr_slave_0 [ 1541.040692] protocol 88fb is buggy, dev hsr_slave_1 [ 1541.045806] protocol 88fb is buggy, dev hsr_slave_0 [ 1541.050912] protocol 88fb is buggy, dev hsr_slave_1 [ 1541.056016] protocol 88fb is buggy, dev hsr_slave_0 [ 1541.061103] protocol 88fb is buggy, dev hsr_slave_1 [ 1541.187241] memory: usage 307196kB, limit 307200kB, failcnt 20206 [ 1541.230439] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1541.295282] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1541.343988] Memory cgroup stats for /syz0: cache:0KB rss:97092KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97108KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1541.508848] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=7446,uid=0 [ 1541.580227] protocol 88fb is buggy, dev hsr_slave_0 [ 1541.585352] protocol 88fb is buggy, dev hsr_slave_1 [ 1541.609847] Memory cgroup out of memory: Kill process 7446 (syz-executor.0) score 1103 or sacrifice child [ 1541.689551] Killed process 7446 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1541.775531] oom_reaper: reaped process 7446 (syz-executor.0), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 1542.026382] oom_reaper: reaped process 1364 (syz-executor.0), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 03:52:02 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f00000000c0)={0x6, 0x0, 0x10001, 0x9}) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000140)={0x1, r2, 0x10000, 0x9}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MARK_BUFS(r1, 0x40206417, &(0x7f0000000180)={0xffff, 0x7fffffff, 0x5, 0x6, 0x19, 0x8001}) 03:52:02 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000), &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:02 executing program 5: r0 = creat(&(0x7f0000000a00)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000200)=0x20) truncate(&(0x7f0000000140)='./bus\x00', 0x0) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000000)={'icmp\x00'}, &(0x7f0000000040)=0x1e) 03:52:02 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x9400}, 0x0) 03:52:02 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = accept$ax25(0xffffffffffffffff, &(0x7f0000000040)={{0x3, @rose}, [@default, @rose, @rose, @null, @bcast, @netrom, @bcast, @default]}, &(0x7f0000000100)=0x48) write$binfmt_misc(r0, &(0x7f0000000200)={'syz1', "62f956c40ac967d6982e75d7d454d7cf309ba22b2c1bd07748ec052801211c272daed6139a5f438a222b787f247b522363e691aa94040ab244a6eaa064ba5b71834c3cb4f6dc7918a57572057314a1080ab083f609e3b994d0daf508be061a34279bc84a348eaba1b65fcca6c510fa133cdbcad1477448e11703ecfded4b1ea773fa5c6d2a2b5d97112204c2e6fbd183ed1b355ee3da65c637abeac8845728f6381eb6f9ccc7dd1c464c4a212deef55f9fbc7f4afaecff12b585b0d25891613a014422cb2f305ffcef1472168cda839c8858a79e25"}, 0xd9) bind$ax25(r1, &(0x7f0000000140)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x5}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) r2 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000001c0)=0x6) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='pids.current\x00', 0x0, 0x0) r4 = syz_open_dev$dmmidi(&(0x7f0000000340)='/dev/dmmidi#\x00', 0x3, 0x45c0) ioctl$KVM_GET_API_VERSION(r4, 0xae00, 0x0) ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000380)={0x2, r4}) ioctl$TCSETSW(r2, 0x8925, &(0x7f0000000000)) socket$bt_bnep(0x1f, 0x3, 0x4) 03:52:02 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x9) 03:52:02 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socket$nl_generic(0x10, 0x3, 0x10) close(r1) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/igmp\x00') mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x11, r1, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f0000000000)="f36e02e9caffc3641448bec1d6e24be6", 0x10) 03:52:02 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x307100}, 0x0) 03:52:02 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x18) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x200) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) r2 = request_key(&(0x7f0000000080)='cifs.spnego\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)='{lo{em1:\x00', 0xfffffffffffffffb) keyctl$revoke(0x3, r2) 03:52:02 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f00000000c0)={0x6, 0x0, 0x10001, 0x9}) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000140)={0x1, r2, 0x10000, 0x9}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MARK_BUFS(r1, 0x40206417, &(0x7f0000000180)={0xffff, 0x7fffffff, 0x5, 0x6, 0x19, 0x8001}) [ 1543.847544] audit: type=1400 audit(2000001122.800:153): avc: denied { map } for pid=1459 comm="syz-executor.5" path="socket:[215154]" dev="sockfs" ino=215154 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 03:52:02 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x400000}, 0x0) 03:52:02 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) ioctl$PIO_FONTRESET(r0, 0x4b6d, 0x0) 03:52:02 executing program 5: unshare(0x8000400) r0 = mq_open(&(0x7f0000000000)='-$\x00', 0x6e93ebbbcc0884f2, 0x0, 0x0) mq_notify(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}) pread64(r0, 0x0, 0x0, 0x0) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x80000, 0x0) sendmsg$nl_netfilter(r1, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="440100000004100329bd7000fedbdf2507000006dffa657c9e8426a8067056dfefaae26c44ec1c900f37a3f8d2157f5d2b4ecb84be65fc7ba9599d89535022d3afdee479126be18bbfee4b3e0fefa704f76f561cf99aff0667408fe59de24f6389d89c97dd03b1a2cd5611748e35c000f017c9f4fd3f799ed3f54c274ca2cc0b766afc808ded31b5dd63556643368bb97014cad22364ed94c553f1877deec61cd5e55862267a87c06e40bb33105440f433780f903b21750e8bfa86bb1ce7f241286444ce5e8726449d841905e893fc10ebe69fad221b88b1dc812d23d21cfc4fa40aaef35f4ac945776a9f89e3dddb078d8d722d3a3a1f98d3f64b051abe399c00cc45d32837b3adbfe07fb0586bc811411d79626d0662110af6357daee6261b866ea905d216b653b2fea1ee340c3d00fddb37510f14419774829e11052fc3226b003368acd3f7980f256ad331d9d45969066d6592b39c990ee37377e7c677500633d407e88ddfcbc0c4195b7d9fee5c8e05b5a9dc68958098aa726e51c82b0962dab14f05ecef1ca86400340f3fed74fd3e18890d"], 0x144}, 0x1, 0x0, 0x0, 0x44}, 0x40000) [ 1544.051634] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1544.177241] CPU: 0 PID: 1425 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1544.184377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1544.193727] Call Trace: [ 1544.193751] dump_stack+0x172/0x1f0 [ 1544.193778] dump_header+0x10f/0xb6c [ 1544.203675] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1544.208786] ? ___ratelimit+0x60/0x595 [ 1544.212684] ? do_raw_spin_unlock+0x57/0x270 [ 1544.217122] oom_kill_process.cold+0x10/0x6f5 [ 1544.221642] ? task_will_free_mem+0x139/0x6e0 [ 1544.221667] out_of_memory+0x79a/0x1280 [ 1544.221701] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1544.221718] ? oom_killer_disable+0x280/0x280 [ 1544.239758] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1544.244881] mem_cgroup_out_of_memory+0x99/0xe0 [ 1544.249573] ? memcg_memory_event+0x40/0x40 [ 1544.253943] ? _raw_spin_unlock+0x2d/0x50 [ 1544.258146] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1544.263289] try_charge+0xfec/0x1570 [ 1544.267017] ? find_held_lock+0x35/0x130 [ 1544.271093] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1544.275963] ? kasan_check_read+0x11/0x20 [ 1544.280126] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1544.284989] mem_cgroup_try_charge+0x24d/0x5e0 [ 1544.289622] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1544.289642] wp_page_copy+0x408/0x1740 [ 1544.289655] ? find_held_lock+0x35/0x130 [ 1544.289675] ? pmd_pfn+0x1d0/0x1d0 [ 1544.306086] ? lock_downgrade+0x810/0x810 [ 1544.310247] ? swp_swapcount+0x540/0x540 [ 1544.314338] ? kasan_check_read+0x11/0x20 [ 1544.318514] ? do_raw_spin_unlock+0x57/0x270 [ 1544.322964] do_wp_page+0x2ed/0x1520 [ 1544.326710] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1544.331400] __handle_mm_fault+0x22db/0x3f20 [ 1544.335824] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1544.340671] ? find_held_lock+0x35/0x130 [ 1544.344739] ? handle_mm_fault+0x322/0xb30 [ 1544.349005] ? kasan_check_read+0x11/0x20 [ 1544.353166] handle_mm_fault+0x43f/0xb30 [ 1544.357246] __do_page_fault+0x5da/0xd60 [ 1544.361330] do_page_fault+0x71/0x581 [ 1544.365138] ? page_fault+0x8/0x30 [ 1544.368685] page_fault+0x1e/0x30 [ 1544.368698] RIP: 0033:0x40bba4 [ 1544.368713] Code: 33 00 89 48 24 48 89 58 18 31 c0 48 8b 8c 04 10 01 00 00 48 89 8c 02 30 bf 73 00 48 83 c0 08 48 83 f8 48 75 e6 e8 2c 72 ff ff <83> 05 59 44 53 00 01 80 7c 24 0b 00 74 0b f6 44 24 0c 01 0f 84 cd [ 1544.368722] RSP: 002b:00007ffee6aa57b0 EFLAGS: 00010217 [ 1544.368734] RAX: 0000000000000000 RBX: ffffffffffffffff RCX: 0000000000457e29 [ 1544.368745] RDX: 0000000000000000 RSI: 0000000000000081 RDI: 000000000073bfa8 [ 1544.414146] RBP: 000000000073bfa0 R08: 00007f3c7556f700 R09: 0000000000178d1c [ 1544.414155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000689 [ 1544.414164] R13: 0000000000000001 R14: 0000000000000005 R15: 000000000073bfac [ 1544.882155] memory: usage 307200kB, limit 307200kB, failcnt 20253 [ 1544.930586] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1545.005980] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1545.090606] Memory cgroup stats for /syz0: cache:0KB rss:97084KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97080KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1545.423397] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=7562,uid=0 [ 1545.516490] Memory cgroup out of memory: Kill process 7562 (syz-executor.0) score 1103 or sacrifice child [ 1545.586961] Killed process 7562 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB 03:52:05 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:05 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f00000000c0)={0x6, 0x0, 0x10001, 0x9}) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000140)={0x1, r2, 0x10000, 0x9}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:05 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x50a000}, 0x0) 03:52:05 executing program 5: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x6, 0x80000) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_NET_GET(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r1, 0x910, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/btrfs-control\x00', 0x143000, 0x0) ioctl$TIOCGETD(r0, 0x5424, &(0x7f00000001c0)) fcntl$addseals(r0, 0x409, 0x9) write$selinux_attr(r2, &(0x7f0000000200)='system_u:object_r:netutils_exec_t:s0\x00', 0x25) ioctl$BLKTRACESTART(r2, 0x1274, 0x0) ioctl$BLKIOOPT(r0, 0x1279, &(0x7f0000000240)) ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000280)={0x3, 0x0, 0x4, 0x80240000, {}, {0x7, 0x8, 0x100000000, 0x7, 0x8, 0x1, "4a07cd95"}, 0x3, 0x2, @userptr=0x1000, 0x4}) syz_open_dev$video(&(0x7f0000000300)='/dev/video#\x00', 0x3, 0x42000) ioctl$sock_ax25_SIOCADDRT(r0, 0x890b, &(0x7f0000000340)={@null, @default, 0x8, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) ioctl$CAPI_NCCI_OPENCOUNT(r2, 0x80044326, &(0x7f00000003c0)=0x45) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000400)='/dev/autofs\x00', 0x4000, 0x0) fcntl$addseals(r0, 0x409, 0xd) r4 = shmget$private(0x0, 0x2000, 0x1810, &(0x7f0000ffe000/0x2000)=nil) shmctl$SHM_STAT(r4, 0xd, &(0x7f0000000440)=""/252) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r0, 0x50, &(0x7f0000000540)}, 0x10) r5 = semget(0x1, 0x0, 0x8) semop(r5, &(0x7f0000000600)=[{0x4, 0x40, 0x1000}], 0x1) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) r6 = add_key$user(&(0x7f0000000640)='user\x00', &(0x7f0000000680)={'syz', 0x3}, &(0x7f00000006c0)="651cfa066fd186c66c53959072a47c77dc9724b704cfcee13071ed240fe542bea0792d3c48074fbca567f85c97d76e3ff9869e8f249e9a8257", 0x39, 0x0) keyctl$setperm(0x5, r6, 0x0) iopl(0x0) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r2, 0x84, 0x20, &(0x7f0000000700), &(0x7f0000000740)=0x4) openat$uhid(0xffffffffffffff9c, &(0x7f0000000780)='/dev/uhid\x00', 0x802, 0x0) kexec_load(0x520e, 0x2, &(0x7f0000000900)=[{&(0x7f00000007c0)="862c17f881ff6d3b5f0d9005d2366c58ee8becd9967abc56aeec374299fdbe29c5f88b4a3a87f2ac7037d877d87e6d7bd9762c4a956b6ca3752fd90fd0ea83c701b31c89313998685a2cc79445493dd0c062de4a0f2e9d352629a5bad9dccfd6a024182b9201a9f3ee68814c010ed15f59e2bc80add05c38bff3ac67bc523f6014b33c697dbeccc7e457bb68eecad056dc4277ffea958e71235269805ee2df48a7950572d179eff4beafd913eb431d206e45ca32353561ae566f251ea55075c2ad79117a1c9272ec16f0bc686ad0dbda832cdf", 0xd3, 0x1, 0x9}, {&(0x7f00000008c0)='-', 0x1, 0x4, 0x1}], 0x1) ioctl$FS_IOC_RESVSP(r3, 0x40305828, &(0x7f0000000940)={0x0, 0x2, 0x2, 0x4}) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f0000000980)={0x0, @in={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, &(0x7f0000000a40)=0x84) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000a80)={r7, 0x9fe4}, &(0x7f0000000ac0)=0x8) [ 1546.794742] oom_reaper: reaped process 1470 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:52:05 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0xa) 03:52:05 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0) sendmsg(r2, &(0x7f0000001600)={&(0x7f0000000140)=@l2={0x1f, 0x3, {0x7, 0x6, 0x400, 0x800, 0x4, 0x101}, 0xa0e8, 0x9}, 0x80, &(0x7f0000001580)=[{&(0x7f0000000200)="e0394aeb592fdb5a3e71038d20e25c14055c3c00fcbf24af115f4ed54d7c74a5797ade042b835124f73ff517df3bc0528ffdce13033a63f09f5bd0b1ec275b872452c0d5675f761e1940132b6279aed7f87b486b9902e41bd4e6cd74036b9f9977e2344e827a2a8aabc4fd160f8c8dfa22cf5ca2adb1bed08c58661c6a9467051f47f5937110e087f3eaa6d658e5e04147d8cfb16faca22ffa55846fe820903a6d850984216199dfca468bb5e295ea30e63b94b23c24395c097e9e529c58b58475241380fbefd817214ccdb0154d9d425291a6a79c5e8ff5d6925ead9a358e7577c6203f3234036effd40291967920f12e9160ce83519742bf9c112a90c47d1e5200315fad83ffa53ee765681dc1b19a5f2b217948904882fbce742a93e6219707f3bc7be3f968d5b3c1a81ab700f7837b5eca463aaec0fadfb059f3e267452fdb35817867b32a9824d66ea579eaeda5c23625d6f0fdf4fbaa20535cbf9b4b26cc85374976421462cbd8e64cf99a9ff128a6efa2d1f5660c89706a70a1d8da31bcd6da6d92a17bb7a7e68083ae89e221977fd780b5b85af1007c21f3695f67139dae49d0736e595b4e984556b03f0d514342885f335ae9faf64eab823ed30675e69e47e1b6b23f0d76e9343cdd275e5804968faf4de1dab70d75aea9ad9d01a5370ef89443b124bddf7e304ab029015d1f2f42bcc916eb0d1deae650077d7f4383f3d197bbc1b3a2e7b5cb3eb5b7a2900fce393a3cf3215d57b99ecf2cfa4c0a951cfffcb11570a2c2f36fddf02b42a06bfc04c38f5c999d1bc40c274ea91bd35e990fc34c1b335ac6e776ee40a1be564cc8cc779c88558aa4e6550bbf749ccddf0c227f05cc57326cadae743e1caf5083088633089af225c219ad33c86e3f196c06aa1a2522195d4c7f874aac622a6a2f8be9dea8f5921b1278976daa0a10067358553ee02cd7733213a8836c1737608ee51ae2d3578a2d411c0d48c14fd8853377900bd95ee595bef465ba0fcbcd28444240f5937483cb66dc059ed1442d7ea0f92a00bf2e68cda2b44c078f8edf497e07bf6841e6e01e1364ee186a41636ee328b4641d63f6b553a9a0c8e6f2ae657e18a50dbbf41dbd20860767976b3c18b4224f342a140a42a92569b41dca3c9f9b3cc39c5a400b463420a00a127ea1ba678b3c36f893ca98721d56a2a16e9b4965be679314e45ef2f6d71207b2bec011577e2779fa9b2e93710a4e73cc700efbf801866b0f4e4e5300e1d8425b60b3b6434083692d7170a5e76a336533c0f2bb77374de4c9e51df80ea57269b2f191069fb0035192d38eb7f1811d115798b0d33d992e453cd4278194866f681eb73e03e6c62e9025e7ba5506286807e36141012b23196200406a6e0529650693e9fd8afe1eafd2970e2b2bb2e75fb428b365c4fd777adfb8191f684ac3a8b567f6a17cf8c7d832d69a412fb758ba9e577892a6b06c87e7be075ded04fe2cde9bec679404c6f95bbffb0293a655c3e48ff6c340af43d29d1504cc18b758cf17521f6f74ad94d0074d7efeeac5656a513414dcc0e9a947064de3a0e882586d5d2021b21e3c36552254c88645a7c216c7bf554ecfe090b8636d1bf9864c10da7b6d197aa417f8fd388080f0114670bfc86d9d011eb3470313c5c60f8b6af492820f4e94505487fb9a00fc40e4e08593b20b7048ddce6c28a0dae85d339d478ddd86f4658fdf5f1834119307942e42faae84ce08c10b6cf9372b170d7c6fb45b3175227aae07d53e3f85199db6ee8d741269be532d15e8fd58c829293ea34a540abf39bad91c52b65a0c8f8d517cf34614cd9f56306212a9ab8a61c8834bc5a17bed30fec61e41776145a39c1ce169b93baa6915abd744bc8ccf42c66870abf39429bc746339d94391cb7dd26ecc04605ea53169ed7c6dfc12ed2d9d114eb37dd5929782c0e99e0d65694399f39123215350cf863136e24411177285a7ccae29ae32fb6d02f130c4e378775ea3acb6c4f845aab816e0db9457788cc72531e77ad2470f5768aaf07efca6905e81a8c09734f0ab98fa0fbc1a0f7e5fee37bcf28c4670cb829f5bf6e6223c087bce3decba594d95ef5e9066cb278260e707760685550f37844b018fd527a89bbdf4e6a31a8ef167def2e555ba0724a212ac5b60f62603fac4f3dd193a8f2b56e01bc0c15baca26f0cf7724b98f32e341021d7ec5b64cc0ba23cf690a3ce9344b7cfabb3cc84dd2e312ae938a477a1af12a24646704c25a8f314ca8616539bfb6d794fcf601c478f8171dbb3b9fcabeae61d3174b9c75547ae61b554a0d3ad2e5d54690951d54e243e332d7185cb6cc6309ef1be02bd40b8638af7303d030d19062cfc8f93b9a4f53b1c45c3cdd9e8449016fb7bcd1617b51f66aab1e3e2d577768c8a9c38aee624cf4111f1f6cbe04678e1da161eb755a3c9d43065df6fd805a596f9d2b94b9bbf9a622f145a533e368fc8df17672873c83907578e9e4ba872712d7736cff3f31056389305a39bedb72727e9782529dd85b8337ae0efbb046586f231ef1202974cd7936005b9147788897d624e9ee1a008ffec578b7fa98735c93f64d29be032d5cdaea9f0c8cee6a1c0278406e542a757dc3900287729913f66002fba58d90a78d509fdc7dfdf7cc53a11c3a3da1f5502689ec4920ec68c393c631077898766ab7710735e002a3575b2a81a0a853e064cea5d75a4d3cb6f09e31207aaf9ac2655643acfb4bd0d46d38176d7f024bc76185974f689559857bbb25c1a5cda734880a39bd3a6c3d0107288c53f0872cb4669e5b9df1e565f0e7a390a04fb6a6f87dbd400b67577f6e25dad71442280ec4709c18c93f3f8d2cb9dd93b7fa310acd32cde19e3ece517d76f98a315f20817024a7900291202492b4c39cfe880ac16d4767fc8ef95f06d1af39c42e4be3683cd19eb33894628f61cf357c7691da7eb779067905223b3010a6e3d4045ea27aa17b720cf3e7f17706aa396a7cb9e95d6a9854ac28eba309ccca3ecc16026e15cd4cf6cb22237560b365de1fbd21f507c8e62fadbe95d853cfa9d5a134f6cdc569209e86ea1162d936fec455d5ce68e626d3876d495191c747b81ab2a5878f71e541a692ec1e5075909b44dd146370c6c4cf78a3428af8501833ed8e3d1d4232fbaf6e158ef737a70ff6dc7f2cf90dec0ef859c122a65eac2263f182bc806b8aa27ea66cc31f479840fe989a901d7dc25e18226075060cde0165bb3d5b64dba2762f29289cac6cebb8e4efb23404da0ef3bd28c8bf21fdde290a42e13e6063701ba9e4ab02dce04c973bf8995159e0ad142687c1b48e49a672cacbc36dfd1461bb3b098be1ef16e5b747b9bb57615dd1abb6ef0b4d5e11a052891ca7f1ff1c7735c62b8c4a37e75340152951eb1732878a9ab63cdb8dc4bce93bfdb44497000f1858e4e526768070c72c4dcbfe5eb4c0e2b60b8915e69e514343014c964422935ba4a7276fc0d42aeb4e181dbe4b15202972a2366f6a1c5841e44c510752056626eb4954fc73675123abfa1e95a5a5b8adb320755b7ef9eafe6b116e1fc54cfe40ddae211b6fd3059cb0a5120d5c2b3dfff8c253680ee02bf58915f619a2594523d3bf71c90a6f9249bc8b7ce3191c002a8058d662f8e97de2e17143a2cb218e758208b6baa497fec5dc9ae320f5076bfdd8e9f0126a5c4e7262031cdb8968a51da04f50f0f40b6650405e73bdaef7e194792ca7bab040846ca0d1eb0a77e2cdf65356f19c7d72a46516161b3ffcc089ce9dc2aa75994ec90279e957adce7f7f69295dfed13e0d268c1eb874561f15c7781ec1ea1751a6a117ab00422a90d9564c64c2ff61076da4fb7cad7df67fa18d2bb040d01312ca90e51a0a3e202c60e26d104dc469d4dacfbe2ff3f972fc59de5c468907eac4c7370af95d2f15636b1ee94c3a0a86be4830d9b2b0f73c88bb63c1c84ae782ad372abdb7734aa98cde108f969bbe61b88470b73a562a699a791e049c77020cb16a77c6273ab89a255c07bf88a5d7cdaa9fe964bf609e3cb0a73086cf532b5d1940ba52b75f57739c8fa9ea9445bd0f69f29d4d0b0ca32a594bb6cd4010b4570dc20ccc0b8da9e889417e00bda1b954279c09795c5305efe486e67b1f1c06138a4babaea807548ba37cec23b348d58755e5d5f50b033ab18e7b93a5e0fb028d1ad48fe147d226616a70d10281aab3d92e476df8c16657a37862851d3b60104d72b7b02e1824af7d12f6d753573c9b07fa761ab61e7bf54562b3fb7d235d19523e91b3fbbbd43890830b6227313bbf8e7b359e6348b54b8dca245dc4e4c55fe1251f8b83db0f574b5f1c171878efbab856d81268d5d53195cebcf79321dd0b187e10d664f39b5d7c6f009ff95df1737564028e23b045d06e4fee09bad00df146c7858e44862d705379aee81e34f07e9b201eed7b07c95cb39eda7fa2acf7adcbff85f8266301264573ae7f9a7cb1d9ceb6900bb9478860c2f4996bfe598414b23d957eeaea9005c11172fc6883c5d6aaab891178499b3849830f6ac51db36b3fd3a46847f817eec42a338943f531fbf6887134c04fbb9fc5694c155a3f29656419b2b40ecabc70df963668e8642d0c8dc0271cd63433549c4d9cc57525f1b23456b378949f7619b3b4e22d14db122e576f651dd2b4202a57a65a8380f92b4301252c4d49638aefec572070c297e426574eca1b08315905c6ecdc47c75948f2cd82f7cd3c7303f56df6a11a17d0f636efe33dcef668fd1e59d63d5ce68265ec384cab0d8770ef5b33d95ec745f4da94bf9f085f41058d5a091eed70b0592c732bd24adc94fe4272e981bf5a164e5b596640704d227c9d6ac0be81b31c118ebe8b393e6632f40012961efc48f4943151bf52170a3e4b78dcb6685209cbcbbf12effb65ebc8c7910ec4c93ce9ff1acac2c53270f163549b32481fe0f0c954b99909c8854d304df9941906d74cc2fbe87d8d00132c0061c0ac55667cb178046a4096c96bd5c4dd88bf080929b088be0b89181a2ca873a7da37a82f58980e1fdd9f393bef5665a4da9184d8776d052bbcf4614883151ebfcb2e685eec3dac32a831991f0ee8233cd0c618cdc43f9f03f450fd439dbdeba868496811e22e3d64fa487571a7397acaa19d915548649e1231e4577deb0e564ccc6d15683723bc0b44cbb9cf2a8c3a505cc8a92525f5e9a003d4d9f3f4b3b26a3fe831a679427be34963d77716d540bdda19d9c15e8b010d84f4229dc7521678d47e627418b718f285882934e06b905bcbdc465550603ebc3a5a430ed8e0e3922454adaf48df86f6c886b25b2a9754648ad0b5e68f7b7d8b2e785f99d44e94c8bebc88a272c5a65710aaab227f0e16a06791cdd862e5454ddb04fc1fdad41f5005d2320763fede3c293b6cbc7274909b869e51dbb89c8d400bd427ba60af9611349ffad0edc19c3e91210e23fc91dfcb20aab49eb7c4a1c93f35f1b02be52c66916d03a583396590b628a7a0bc224d61c22c0e5a3f06f95f8351a7da8f79fdaae4f943fbe8c96db955431973cb2471d12ca8c445d8f9bb9031ac1a83da32bd835623b5857cfd5f22a2d167d1c12136b66f9deee2b08123722a295715460d3e4dcc23e0072e350d76e9bd40cdab4ec2f5c40847b14b6eabf3874517219421711da5d4fb33c610c95b3f562c9deb6def36051dd65cf95f2dd2502ed722985d13e1df4b9f3799ab8cfc49b9b18df0074294eb44db84eb6769d7b8cffcc22cbd599f7d1e0a1fd22ea0f460caf051fba3abb05eda9b7ef1630998feee7", 0x1000}, {&(0x7f0000001200)="5c93bcddeae32cc81e136d905acbcf7a0fd9fb55da6c22db0cd84bc1e2121400cf3a067860131502fc90c09d5ff5d85e0b2b52599763d660bf76129ce42d4493fca27996a5b66e24d26d6febc8d9720e52ec83c79c1cb58fdf51aadc69bac98d9e43d0f8507a073752c63d1dabb297c0d6f8e496ee179b51c0153739014f58facd99f0fd7bfc100fde62dbaaf9b0e5ec0d7dfdb6d89287bbc474f5b413b2bdbf18b9f62e9607ee4f769e0bf410441bdce81dde64f0a2139bfc0dd30195a11519dd81f1e36b44faf7542674627a5ee07d90aee0ba90cedb2aaa901e06c577", 0xde}, {&(0x7f0000001300)="027034dc8f43c0469ef5fe204dd3dbd09257bb3736a8010eadb4ea3c9d942ef45c0050c79e44e7859c22fb1499875125a441c73b53dbe4a0d1fbf38af710b8c79bc5c4e001987c407ee2f6730903f66ad5b32256e7416956da410f5e5da31a540c8875790da2c344", 0x68}, {&(0x7f0000001380)="68ac548e9db50b5fb4603f36f9d22bb1666fe46b7065358274abf9cf52c863bbbfa983e689504e7c423bf75154e6b99c38ad70e9873f0fb5d0474a31abcb77c2b40d127dd0e9bcb1e21eed80a4d697f627a2a784c6bccd91f6961f1e975ac8274c4f6504dd2b848272f4968a097ab8cc9c4ee746b51d7f19bd4771e98e273ae97eb1b42884437bcfd1974d0c2f77c90ad4cfbfb4626d711ebb03b12c01192cf2129f2b7a31c543f5b0f1452d7f7e1247703990eaedabf0a66f7397b496c2a317b41a53732154aede", 0xc8}, {&(0x7f0000001480)="36c5aa9f0f6e3d1e58904398fabbb5ed93b3646c960b6af885e21550127c2eb80e1abc0ae1c296d4d88f61a793c4530a2c799c", 0x33}, {&(0x7f00000014c0)="7e18ddd65af9322c6824d35dd370f1a6448ab12259", 0x15}, {&(0x7f0000001500)="e0285d496763857d36eaf3456cbb10ee978606a79d8a45ced3a9532190c9af8f583df3e214831992110c7c15d998a618a7a80aa7bd685beff9a10f1f4a8061675043bf", 0x43}], 0x7}, 0x20000000) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000100)={0x2002, 0x13000, 0x1f, 0xd207, 0x3ff}) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000080)={0x7ff, 0x1000, 0x5, 0x3, 0x3, 0x0, 0x6, 0x10001, 0x9, 0x6}, 0xb) 03:52:05 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f00000000c0)={0x6, 0x0, 0x10001, 0x9}) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000140)={0x1, r2, 0x10000, 0x9}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:05 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f023c123f3188a070") r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x8, @empty, 0x200}, 0x1c) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x301080, 0x0) ioctl$KVM_DEASSIGN_PCI_DEVICE(r3, 0x4040ae72, &(0x7f0000000140)={0x83, 0x1000, 0x0, 0x4, 0x7}) sendmsg$nl_xfrm(r2, &(0x7f000014f000)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000000780)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) fsetxattr$security_selinux(r0, &(0x7f0000000040)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:systemd_logind_var_run_t:s0\x00', 0x2e, 0x8da846c67150c722) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x32, &(0x7f0000000200)={@remote, 0xf}, 0x20) 03:52:05 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x70a000}, 0x0) [ 1547.260246] net_ratelimit: 26 callbacks suppressed [ 1547.260254] protocol 88fb is buggy, dev hsr_slave_0 [ 1547.270451] protocol 88fb is buggy, dev hsr_slave_1 [ 1547.275594] protocol 88fb is buggy, dev hsr_slave_0 [ 1547.280774] protocol 88fb is buggy, dev hsr_slave_1 [ 1547.285922] protocol 88fb is buggy, dev hsr_slave_0 [ 1547.291045] protocol 88fb is buggy, dev hsr_slave_1 [ 1547.296176] protocol 88fb is buggy, dev hsr_slave_0 [ 1547.301309] protocol 88fb is buggy, dev hsr_slave_1 03:52:06 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f00000000c0)={0x6, 0x0, 0x10001, 0x9}) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000140)={0x1, r2, 0x10000, 0x9}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:06 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x713000}, 0x0) 03:52:06 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000000180)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) syz_open_dev$sndtimer(&(0x7f0000f85ff1)='/dev/snd/timer\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = mq_open(&(0x7f0000000080)='eth0\x00', 0x0, 0x0, &(0x7f0000000000)) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/rfkill\x00', 0x0, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r3, 0x1) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, 0x0, 0x0) close(r3) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer\x00', 0x0, 0x0) r5 = accept(r1, &(0x7f00000003c0)=@pppoe, &(0x7f0000000440)=0xfffffffffffffc77) ioctl$sock_netdev_private(r5, 0x89fd, &(0x7f0000000480)="01587c450d2fd25d9c3e3d0ca5e126a33fb8797573ec768867f6fb1be6101211ff0d") getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x70, &(0x7f0000000580)={0x0, @in={{0x2, 0x4e24, @empty}}, [0x200, 0x80000000000000, 0x10001, 0x3, 0x7, 0x0, 0x40, 0x0, 0x5, 0x7ff, 0x10001, 0x21540, 0x9, 0x10000, 0x7c]}, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000380)={r6, 0x5}, 0x8) getpeername(r4, 0x0, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mkdir(&(0x7f0000000500)='./file0//ile0\x00', 0x20000000000000) setxattr$trusted_overlay_opaque(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='trusted.overlay.opaque\x00', &(0x7f0000000200)='y\x00', 0x2, 0x0) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000280)={r6, 0x5}, 0x8) write$UHID_GET_REPORT_REPLY(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x8, 0xfff}, 0xa) lstat(&(0x7f0000000980)='./file0\x00', &(0x7f00000009c0)) open$dir(&(0x7f0000000240)='./file0\x00', 0x10000, 0x0) rmdir(&(0x7f0000000340)='./file0//ile0\x00') creat(&(0x7f00000006c0)='./file0\x00', 0x0) r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x40000000040201, 0x0) r8 = syz_open_dev$sndpcmp(&(0x7f0000000700)='/dev/snd/pcmC#D#p\x00', 0x202, 0xa0002) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r7, 0x84, 0x7, &(0x7f0000000100), 0x4) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000680)='/proc/sys/net/ipv4/vs/expire_nodest_conn\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r8, 0x0, 0x0) [ 1547.820270] protocol 88fb is buggy, dev hsr_slave_0 [ 1547.825405] protocol 88fb is buggy, dev hsr_slave_1 [ 1548.512413] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1548.670759] CPU: 1 PID: 1539 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1548.677891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1548.687263] Call Trace: [ 1548.689873] dump_stack+0x172/0x1f0 [ 1548.693556] dump_header+0x10f/0xb6c [ 1548.697291] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1548.702751] ? ___ratelimit+0x60/0x595 [ 1548.706647] ? do_raw_spin_unlock+0x57/0x270 [ 1548.711074] oom_kill_process.cold+0x10/0x6f5 [ 1548.715583] ? task_will_free_mem+0x139/0x6e0 [ 1548.720099] out_of_memory+0x79a/0x1280 [ 1548.724091] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1548.729214] ? oom_killer_disable+0x280/0x280 [ 1548.733723] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1548.738843] mem_cgroup_out_of_memory+0x99/0xe0 [ 1548.743527] ? memcg_memory_event+0x40/0x40 [ 1548.747910] ? _raw_spin_unlock+0x2d/0x50 [ 1548.752065] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1548.757704] try_charge+0xfec/0x1570 [ 1548.761448] ? find_held_lock+0x35/0x130 [ 1548.765548] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1548.770436] ? kasan_check_read+0x11/0x20 [ 1548.774602] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1548.779464] mem_cgroup_try_charge+0x24d/0x5e0 [ 1548.784065] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1548.789027] __handle_mm_fault+0x1e26/0x3f20 [ 1548.793458] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1548.798307] ? find_held_lock+0x35/0x130 [ 1548.802391] ? handle_mm_fault+0x322/0xb30 [ 1548.806685] ? kasan_check_read+0x11/0x20 [ 1548.810852] handle_mm_fault+0x43f/0xb30 [ 1548.814941] __do_page_fault+0x5da/0xd60 [ 1548.819030] do_page_fault+0x71/0x581 [ 1548.822836] ? page_fault+0x8/0x30 [ 1548.826402] page_fault+0x1e/0x30 [ 1548.829903] RIP: 0033:0x45a7dd [ 1548.833105] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 e0 8e fb ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 1548.852015] RSP: 002b:00007ffee6aa5678 EFLAGS: 00010202 [ 1548.857383] RAX: ffffffffffffffea RBX: 00007f3c7554e700 RCX: 00007f3c7554e700 [ 1548.864661] RDX: 00000000003d0f00 RSI: 00007f3c7554ddb0 RDI: 000000000040ed80 [ 1548.871936] RBP: 00007ffee6aa5880 R08: 00007f3c7554e9d0 R09: 00007f3c7554e700 [ 1548.879210] R10: 00007f3c7554ddc0 R11: 0000000000000246 R12: 0000000000000000 [ 1548.886485] R13: 00007ffee6aa572f R14: 00007f3c7554e9c0 R15: 000000000073c04c 03:52:08 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:08 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f00000000c0)={0x6, 0x0, 0x10001, 0x9}) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000140)={0x1, r2, 0x10000, 0x9}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:08 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x2, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)={0x1, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x3}) r2 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r0, 0x8925, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000001}) 03:52:08 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x740000}, 0x0) [ 1549.810215] memory: usage 307200kB, limit 307200kB, failcnt 20286 [ 1549.816492] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1550.132644] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1550.292586] Memory cgroup stats for /syz0: cache:0KB rss:96952KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97076KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1551.841053] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=1539,uid=0 [ 1552.090398] Memory cgroup out of memory: Kill process 1539 (syz-executor.0) score 1106 or sacrifice child [ 1552.269292] Killed process 1539 (syz-executor.0) total-vm:72708kB, anon-rss:164kB, file-rss:35780kB, shmem-rss:0kB [ 1552.391992] oom_reaper: reaped process 1539 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 03:52:11 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0xb) 03:52:11 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lchown(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) socket$inet6_sctp(0xa, 0x20000000001, 0x84) r1 = accept4(r0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x4) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, &(0x7f0000000040)=0x8fff) r2 = socket$inet6(0xa, 0x80003, 0x2c) connect$inet6(r2, &(0x7f0000000000)={0xa, 0xfffffffffffffffd, 0x10000, @local, 0x9}, 0x1c) sendmmsg(r2, &(0x7f0000000c40)=[{{0x0, 0xc000002000000000, &(0x7f00000009c0), 0x3e8, &(0x7f00000000c0)}}], 0x40000000000026a, 0x0) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r1, 0x111, 0x4, 0x1, 0x4) 03:52:11 executing program 1: r0 = getpgrp(0x0) sched_getscheduler(r0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r2, 0x8925, &(0x7f0000000000)) 03:52:11 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f00000000c0)={0x6, 0x0, 0x10001, 0x9}) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000140)={0x1, r2, 0x10000, 0x9}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:11 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x940000}, 0x0) 03:52:11 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f00000000c0)={0x6, 0x0, 0x10001, 0x9}) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000140)={0x1, r2, 0x10000, 0x9}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:11 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:12 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0xa05000}, 0x0) [ 1553.500241] net_ratelimit: 26 callbacks suppressed [ 1553.500251] protocol 88fb is buggy, dev hsr_slave_0 [ 1553.510401] protocol 88fb is buggy, dev hsr_slave_1 [ 1553.515547] protocol 88fb is buggy, dev hsr_slave_0 [ 1553.520675] protocol 88fb is buggy, dev hsr_slave_1 [ 1553.525804] protocol 88fb is buggy, dev hsr_slave_0 [ 1553.530940] protocol 88fb is buggy, dev hsr_slave_1 [ 1553.536061] protocol 88fb is buggy, dev hsr_slave_0 [ 1553.541179] protocol 88fb is buggy, dev hsr_slave_1 03:52:12 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f00000000c0)={0x6, 0x0, 0x10001, 0x9}) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000140)={0x1, r2, 0x10000, 0x9}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:12 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) r2 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x74, 0x200000) ioctl$EVIOCGID(r2, 0x80084502, &(0x7f0000000100)=""/173) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x5) 03:52:12 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f00000000c0)={0x6, 0x0, 0x10001, 0x9}) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000140)={0x1, r1, 0x10000, 0x9}) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:13 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0xa07000}, 0x0) [ 1554.060218] protocol 88fb is buggy, dev hsr_slave_0 [ 1554.065319] protocol 88fb is buggy, dev hsr_slave_1 03:52:13 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0xf) 03:52:13 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(0x0, 0x0, 0x0) fcntl$getflags(0xffffffffffffffff, 0x401) sysinfo(&(0x7f00000007c0)=""/154) r1 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BLKPG(r0, 0x1269, &(0x7f00000006c0)={0x1, 0x0, 0x0, &(0x7f0000000800)}) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) r2 = open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000) accept$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', r3}) r4 = openat$cgroup_subtree(r2, &(0x7f00000001c0)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="2d706964732016374d8d7aa889066a9349705f20da7fdf9d24c15fd4257c698a16ffbee89cca552a216c41f0026f649f2c1ad4360d560b42fe20806fdebffcae8a48150c71606a354a5f93b42e20d25d6254441f6a38e169233f86f4c03c8683b4bcef6851400399fd6f0fc51cdc8dd1e769eff31577b353bdc6456b35e2de7ba2f41a88babf16f0194f888a2ae223e347746230a90f2c"], 0x6) socket$inet6(0xa, 0x7, 0x6) 03:52:13 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) r2 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x8, 0x0) ioctl$SIOCRSGCAUSE(r2, 0x89e0, &(0x7f0000000080)) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) 03:52:13 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f00000000c0)={0x6, 0x0, 0x10001, 0x9}) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000140)={0x1, r1, 0x10000, 0x9}) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:14 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0xff600000}, 0x0) [ 1555.104567] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1555.325495] CPU: 1 PID: 1664 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1555.332629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1555.341985] Call Trace: [ 1555.344592] dump_stack+0x172/0x1f0 [ 1555.348242] dump_header+0x10f/0xb6c [ 1555.351970] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1555.357088] ? ___ratelimit+0x60/0x595 [ 1555.360989] ? do_raw_spin_unlock+0x57/0x270 [ 1555.365428] oom_kill_process.cold+0x10/0x6f5 [ 1555.369981] ? task_will_free_mem+0x139/0x6e0 [ 1555.374516] out_of_memory+0x79a/0x1280 [ 1555.378509] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1555.383639] ? oom_killer_disable+0x280/0x280 [ 1555.388149] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1555.393280] mem_cgroup_out_of_memory+0x99/0xe0 [ 1555.397964] ? memcg_memory_event+0x40/0x40 [ 1555.402304] ? _raw_spin_unlock+0x2d/0x50 [ 1555.406466] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1555.411588] try_charge+0xfec/0x1570 [ 1555.415314] ? find_held_lock+0x35/0x130 [ 1555.419397] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1555.424258] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1555.429111] ? find_held_lock+0x35/0x130 [ 1555.433189] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1555.438060] memcg_kmem_charge_memcg+0x7c/0x130 [ 1555.442746] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1555.447259] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1555.452118] memcg_kmem_charge+0x13b/0x340 [ 1555.456367] __alloc_pages_nodemask+0x437/0x710 [ 1555.461057] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1555.466107] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1555.470703] ? trace_hardirqs_on+0x67/0x230 [ 1555.475040] ? kasan_check_read+0x11/0x20 [ 1555.479206] copy_process.part.0+0x3e0/0x79a0 [ 1555.483721] ? mark_held_locks+0x100/0x100 [ 1555.487973] ? debug_smp_processor_id+0x1c/0x20 [ 1555.492655] ? perf_trace_lock_acquire+0xf5/0x580 [ 1555.497523] ? __might_fault+0x12b/0x1e0 [ 1555.501648] ? __cleanup_sighand+0x70/0x70 [ 1555.505957] ? lock_downgrade+0x810/0x810 [ 1555.510134] _do_fork+0x257/0xfe0 [ 1555.513617] ? fork_idle+0x1d0/0x1d0 [ 1555.517354] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1555.522115] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1555.526885] ? do_syscall_64+0x26/0x610 [ 1555.530882] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1555.536264] ? do_syscall_64+0x26/0x610 [ 1555.540284] __x64_sys_clone+0xbf/0x150 [ 1555.544305] do_syscall_64+0x103/0x610 [ 1555.548211] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1555.553407] RIP: 0033:0x457e29 [ 1555.556632] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1555.575552] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1555.583271] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1555.590551] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1555.597826] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1555.605100] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1555.612379] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff 03:52:14 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x400000000000}, 0x0) [ 1555.866979] memory: usage 307200kB, limit 307200kB, failcnt 20329 [ 1555.892592] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1556.100509] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1556.119780] Memory cgroup stats for /syz0: cache:0KB rss:97072KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97128KB inactive_file:0KB active_file:0KB unevictable:0KB 03:52:15 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, 0x0, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:15 executing program 1: r0 = syz_open_pts(0xffffffffffffff9c, 0x80000) ioctl$TIOCSCTTY(r0, 0x540e, 0x5) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r2, 0x8925, &(0x7f0000000000)) 03:52:15 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f00000000c0)={0x6, 0x0, 0x10001, 0x9}) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000140)={0x1, r1, 0x10000, 0x9}) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:15 executing program 5: openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) add_key$keyring(0x0, &(0x7f0000000100)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff8) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, &(0x7f0000000200)=ANY=[]) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x0, &(0x7f0000000080)={{0x77359400}, {0x0, 0x1c9c380}}, 0x0) syz_open_dev$amidi(&(0x7f0000000240)='/dev/amidi#\x00', 0x0, 0x8c000) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0) execve(&(0x7f0000000000)='./file0\x00', &(0x7f00000002c0)=[&(0x7f0000000040)='%\x00', &(0x7f0000000180)='\x00', &(0x7f0000000280)='nodev{\xa5\x00'], &(0x7f00000003c0)=[&(0x7f0000000300)='/vboxnet1ppp1eth1\\!@L\x00', &(0x7f0000000340)='\x00', &(0x7f0000000380)='ppp0,@keyring.*vmnet0\'^-GPLwlan0\x00']) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x0) syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x31004020}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB], 0x1}, 0x1, 0x0, 0x0, 0x40}, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000000140)='nbd\x00') [ 1556.497358] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=7577,uid=0 03:52:15 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f00000000c0)={0x6, 0x0, 0x10001, 0x9}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:15 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x60ffffffffff}, 0x0) [ 1556.782043] Memory cgroup out of memory: Kill process 7577 (syz-executor.0) score 1103 or sacrifice child [ 1556.956441] Killed process 7577 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1558.226404] oom_reaper: reaped process 1663 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 03:52:17 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x10) 03:52:17 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:17 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0x74}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000909000/0x4000)=nil, 0x4000}, 0x1}) mremap(&(0x7f000090a000/0x3000)=nil, 0x3000, 0x2000, 0x0, &(0x7f0000ffc000/0x2000)=nil) ioctl$UFFDIO_COPY(r0, 0xc028aa03, 0x0) 03:52:17 executing program 1: openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/mls\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x1) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) 03:52:17 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x740000000000}, 0x0) 03:52:17 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:18 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x7fffffffefff}, 0x0) 03:52:18 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, 0x0, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:18 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TIOCCBRK(r1, 0x5428) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) 03:52:18 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:18 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f023c123f3188a070") unshare(0x2000400) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000180)='/dev/amidi#\x00', 0x0, 0x90000) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0x6}, &(0x7f00000002c0)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000380)={r2, 0x64, &(0x7f0000000580)=[@in6={0xa, 0x4e21, 0x634e, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x1}, @in6={0xa, 0x4e22, 0x219, @mcast1, 0x3f}, @in6={0xa, 0x4e22, 0x100, @local, 0x4}, @in={0x2, 0x4e20, @remote}]}, &(0x7f00000003c0)=0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x2c, 0x7e, 0x3, 0x7, 0x8}, 0x2c) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)='bpf\x00', 0x0, 0x0) syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x2, 0x10000) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x2000001000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xe, 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000000140)='syzkaller\x00', 0x70, 0x7d, &(0x7f0000000400)=""/125, 0x41000, 0x1, [], 0x0, 0xb}, 0x48) connect$x25(r1, &(0x7f0000000480)={0x9, @remote={[], 0x2}}, 0x12) ioctl$TCSETAF(r5, 0x5408, &(0x7f0000000000)) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000004c0)={&(0x7f0000000280)='./file0/file0\x00', r3}, 0x10) [ 1559.740240] net_ratelimit: 26 callbacks suppressed [ 1559.740248] protocol 88fb is buggy, dev hsr_slave_0 [ 1559.750314] protocol 88fb is buggy, dev hsr_slave_1 [ 1559.755470] protocol 88fb is buggy, dev hsr_slave_0 [ 1559.760557] protocol 88fb is buggy, dev hsr_slave_1 [ 1559.765674] protocol 88fb is buggy, dev hsr_slave_0 [ 1559.770777] protocol 88fb is buggy, dev hsr_slave_1 [ 1559.775927] protocol 88fb is buggy, dev hsr_slave_0 [ 1559.781021] protocol 88fb is buggy, dev hsr_slave_1 03:52:19 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1560.300297] protocol 88fb is buggy, dev hsr_slave_0 [ 1560.305530] protocol 88fb is buggy, dev hsr_slave_1 [ 1560.868244] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1561.060503] CPU: 1 PID: 1747 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1561.067632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1561.077001] Call Trace: [ 1561.079634] dump_stack+0x172/0x1f0 [ 1561.083277] dump_header+0x10f/0xb6c [ 1561.087007] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1561.092121] ? ___ratelimit+0x60/0x595 [ 1561.096017] ? do_raw_spin_unlock+0x57/0x270 [ 1561.100446] oom_kill_process.cold+0x10/0x6f5 [ 1561.104957] ? task_will_free_mem+0x139/0x6e0 [ 1561.109471] out_of_memory+0x79a/0x1280 [ 1561.113467] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1561.118583] ? oom_killer_disable+0x280/0x280 [ 1561.123086] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1561.128210] mem_cgroup_out_of_memory+0x99/0xe0 [ 1561.132889] ? memcg_memory_event+0x40/0x40 [ 1561.137250] ? _raw_spin_unlock+0x2d/0x50 [ 1561.141409] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1561.146546] try_charge+0xfec/0x1570 [ 1561.150267] ? find_held_lock+0x35/0x130 [ 1561.154350] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1561.159202] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1561.164054] ? find_held_lock+0x35/0x130 [ 1561.168127] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1561.172991] memcg_kmem_charge_memcg+0x7c/0x130 [ 1561.177673] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1561.182187] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1561.187039] memcg_kmem_charge+0x13b/0x340 [ 1561.191290] __alloc_pages_nodemask+0x437/0x710 [ 1561.195979] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1561.201023] copy_process.part.0+0x3e0/0x79a0 [ 1561.205537] ? psi_memstall_leave+0x11c/0x180 [ 1561.210043] ? sched_clock+0x2e/0x50 [ 1561.213767] ? psi_memstall_leave+0x12e/0x180 [ 1561.218275] ? find_held_lock+0x35/0x130 [ 1561.222353] ? __lock_acquire+0x53b/0x4700 [ 1561.226647] ? __cleanup_sighand+0x70/0x70 [ 1561.230918] ? mark_held_locks+0x100/0x100 [ 1561.235168] ? perf_trace_lock_acquire+0xf5/0x580 [ 1561.240024] ? rcu_read_lock_sched_held+0x110/0x130 [ 1561.245050] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1561.250619] _do_fork+0x257/0xfe0 [ 1561.254108] ? fork_idle+0x1d0/0x1d0 [ 1561.257838] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 1561.263209] ? lock_downgrade+0x810/0x810 [ 1561.267369] ? blkcg_exit_queue+0x30/0x30 [ 1561.271527] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1561.276294] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1561.281062] ? do_syscall_64+0x26/0x610 [ 1561.285045] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1561.290424] ? do_syscall_64+0x26/0x610 [ 1561.294423] __x64_sys_clone+0xbf/0x150 [ 1561.298413] do_syscall_64+0x103/0x610 [ 1561.302334] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1561.307541] RIP: 0033:0x45a7f9 [ 1561.310743] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1561.329665] RSP: 002b:00007ffee6aa5678 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1561.337382] RAX: ffffffffffffffda RBX: 00007f3c7554e700 RCX: 000000000045a7f9 [ 1561.344663] RDX: 00007f3c7554e9d0 RSI: 00007f3c7554ddb0 RDI: 00000000003d0f00 [ 1561.351943] RBP: 00007ffee6aa5880 R08: 00007f3c7554e700 R09: 00007f3c7554e700 [ 1561.359218] R10: 00007f3c7554e9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1561.366491] R13: 00007ffee6aa572f R14: 00007f3c7554e9c0 R15: 000000000073c04c [ 1563.380890] memory: usage 307196kB, limit 307200kB, failcnt 20352 [ 1563.387501] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1563.470412] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1563.580447] Memory cgroup stats for /syz0: cache:0KB rss:97072KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97128KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1564.300646] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=1747,uid=0 [ 1564.420495] Memory cgroup out of memory: Kill process 1747 (syz-executor.0) score 1106 or sacrifice child [ 1564.600718] Killed process 1747 (syz-executor.0) total-vm:72708kB, anon-rss:164kB, file-rss:35780kB, shmem-rss:0kB [ 1564.792389] oom_reaper: reaped process 1747 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 03:52:24 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x11) 03:52:24 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x940000000000}, 0x0) 03:52:24 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:24 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r0, 0x8925, &(0x7f0000000000)={0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1}) 03:52:24 executing program 5: getpid() r0 = creat(&(0x7f0000000180)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[], 0xffdbc2ca) open$dir(&(0x7f0000000080)='./file0/file0\x00', 0x204003, 0x20) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff) mount(&(0x7f0000000000), &(0x7f0000000240)='./file0\x00', 0x0, 0x1000, 0x0) unlink(&(0x7f0000000040)='./file0\x00') 03:52:24 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, 0x0, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:24 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:24 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x30710000000000}, 0x0) [ 1565.980321] net_ratelimit: 26 callbacks suppressed [ 1565.980329] protocol 88fb is buggy, dev hsr_slave_0 [ 1565.990550] protocol 88fb is buggy, dev hsr_slave_1 [ 1565.995683] protocol 88fb is buggy, dev hsr_slave_0 [ 1566.000796] protocol 88fb is buggy, dev hsr_slave_1 [ 1566.005923] protocol 88fb is buggy, dev hsr_slave_0 [ 1566.011049] protocol 88fb is buggy, dev hsr_slave_1 [ 1566.016153] protocol 88fb is buggy, dev hsr_slave_0 [ 1566.021274] protocol 88fb is buggy, dev hsr_slave_1 03:52:25 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:25 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0xa0500000000000}, 0x0) [ 1566.226636] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 03:52:25 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) r2 = add_key(&(0x7f0000000040)='cifs.spnego\x00', &(0x7f0000000080)={'syz', 0x1}, &(0x7f0000000100)="14ba634b0206014865623f8189fff11be0d06156d1691f1a8e0ad43c6fb8aa66ce93", 0x22, 0xfffffffffffffff8) keyctl$assume_authority(0x10, r2) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) [ 1566.423127] CPU: 0 PID: 1836 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1566.430273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1566.439625] Call Trace: [ 1566.442258] dump_stack+0x172/0x1f0 [ 1566.445913] dump_header+0x10f/0xb6c [ 1566.449644] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1566.454754] ? ___ratelimit+0x60/0x595 [ 1566.458658] ? do_raw_spin_unlock+0x57/0x270 [ 1566.463082] oom_kill_process.cold+0x10/0x6f5 [ 1566.467598] ? task_will_free_mem+0x139/0x6e0 [ 1566.472115] out_of_memory+0x79a/0x1280 [ 1566.476123] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1566.481237] ? oom_killer_disable+0x280/0x280 [ 1566.485757] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1566.490876] mem_cgroup_out_of_memory+0x99/0xe0 [ 1566.495572] ? memcg_memory_event+0x40/0x40 [ 1566.499943] ? _raw_spin_unlock+0x2d/0x50 [ 1566.504102] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1566.509217] try_charge+0xfec/0x1570 [ 1566.512944] ? find_held_lock+0x35/0x130 [ 1566.517019] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1566.521868] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1566.526750] ? find_held_lock+0x35/0x130 [ 1566.530821] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1566.535686] memcg_kmem_charge_memcg+0x7c/0x130 [ 1566.540379] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1566.544914] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1566.549774] memcg_kmem_charge+0x13b/0x340 [ 1566.554023] __alloc_pages_nodemask+0x437/0x710 [ 1566.558707] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1566.564175] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1566.568767] ? trace_hardirqs_on+0x67/0x230 [ 1566.573105] copy_process.part.0+0x3e0/0x79a0 [ 1566.577610] ? psi_memstall_leave+0x11c/0x180 [ 1566.582123] ? sched_clock+0x2e/0x50 [ 1566.585850] ? psi_memstall_leave+0x12e/0x180 [ 1566.590356] ? find_held_lock+0x35/0x130 [ 1566.594432] ? __lock_acquire+0x53b/0x4700 [ 1566.598685] ? __cleanup_sighand+0x70/0x70 [ 1566.602946] ? mark_held_locks+0x100/0x100 [ 1566.607193] ? perf_trace_lock_acquire+0xf5/0x580 [ 1566.612046] ? rcu_read_lock_sched_held+0x110/0x130 [ 1566.617097] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1566.622659] _do_fork+0x257/0xfe0 [ 1566.626623] ? fork_idle+0x1d0/0x1d0 [ 1566.630353] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 1566.635725] ? lock_downgrade+0x810/0x810 [ 1566.639886] ? blkcg_exit_queue+0x30/0x30 [ 1566.644075] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1566.648836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1566.653598] ? do_syscall_64+0x26/0x610 [ 1566.657580] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1566.657595] ? do_syscall_64+0x26/0x610 [ 1566.657616] __x64_sys_clone+0xbf/0x150 [ 1566.657635] do_syscall_64+0x103/0x610 [ 1566.674852] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1566.680046] RIP: 0033:0x45a7f9 [ 1566.683248] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1566.702160] RSP: 002b:00007ffee6aa5678 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1566.709874] RAX: ffffffffffffffda RBX: 00007f3c7554e700 RCX: 000000000045a7f9 [ 1566.717165] RDX: 00007f3c7554e9d0 RSI: 00007f3c7554ddb0 RDI: 00000000003d0f00 [ 1566.724444] RBP: 00007ffee6aa5880 R08: 00007f3c7554e700 R09: 00007f3c7554e700 [ 1566.731721] R10: 00007f3c7554e9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1566.739010] R13: 00007ffee6aa572f R14: 00007f3c7554e9c0 R15: 000000000073c04c [ 1566.746670] protocol 88fb is buggy, dev hsr_slave_0 [ 1566.751825] protocol 88fb is buggy, dev hsr_slave_1 03:52:25 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1567.070650] memory: usage 307200kB, limit 307200kB, failcnt 20375 [ 1567.080732] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1567.143366] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1567.252691] Memory cgroup stats for /syz0: cache:0KB rss:97072KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97128KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1568.640505] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=1836,uid=0 [ 1568.840646] Memory cgroup out of memory: Kill process 1836 (syz-executor.0) score 1106 or sacrifice child [ 1569.000650] Killed process 1836 (syz-executor.0) total-vm:72708kB, anon-rss:164kB, file-rss:35588kB, shmem-rss:0kB [ 1569.152011] oom_reaper: reaped process 1836 (syz-executor.0), now anon-rss:0kB, file-rss:34636kB, shmem-rss:0kB [ 1569.607868] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1569.800226] CPU: 1 PID: 1840 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1569.807353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1569.816707] Call Trace: [ 1569.819309] dump_stack+0x172/0x1f0 [ 1569.822975] dump_header+0x10f/0xb6c [ 1569.826707] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1569.831822] ? ___ratelimit+0x60/0x595 [ 1569.835726] ? do_raw_spin_unlock+0x57/0x270 [ 1569.840147] oom_kill_process.cold+0x10/0x6f5 [ 1569.844661] ? task_will_free_mem+0x139/0x6e0 [ 1569.849177] out_of_memory+0x79a/0x1280 [ 1569.853176] ? oom_killer_disable+0x280/0x280 [ 1569.857682] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1569.862808] mem_cgroup_out_of_memory+0x99/0xe0 [ 1569.867489] ? memcg_memory_event+0x40/0x40 [ 1569.871830] ? _raw_spin_unlock+0x2d/0x50 [ 1569.875984] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1569.881095] try_charge+0xb4a/0x1570 [ 1569.884814] ? find_held_lock+0x35/0x130 [ 1569.888938] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1569.893795] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1569.898646] ? find_held_lock+0x35/0x130 [ 1569.902724] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1569.907591] memcg_kmem_charge_memcg+0x7c/0x130 [ 1569.912274] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1569.916790] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1569.921648] memcg_kmem_charge+0x13b/0x340 [ 1569.925908] __alloc_pages_nodemask+0x437/0x710 [ 1569.930594] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1569.935626] ? find_held_lock+0x35/0x130 [ 1569.939701] ? percpu_ref_put_many+0x94/0x190 [ 1569.944237] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1569.949786] alloc_pages_current+0x107/0x210 [ 1569.954222] __get_free_pages+0xc/0x40 [ 1569.958125] pgd_alloc+0x8b/0x3f0 [ 1569.961591] ? pgd_page_get_mm+0x40/0x40 [ 1569.965677] ? lockdep_init_map+0x10c/0x5b0 [ 1569.970010] ? lockdep_init_map+0x10c/0x5b0 [ 1569.974350] mm_init+0x583/0x9a0 [ 1569.977732] copy_process.part.0+0x2b65/0x79a0 [ 1569.982354] ? perf_trace_lock_acquire+0xf5/0x580 [ 1569.987223] ? __cleanup_sighand+0x70/0x70 [ 1569.991485] ? lock_downgrade+0x810/0x810 [ 1569.995677] _do_fork+0x257/0xfe0 [ 1569.999147] ? fork_idle+0x1d0/0x1d0 [ 1570.002884] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1570.007665] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1570.012438] ? do_syscall_64+0x26/0x610 [ 1570.016431] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1570.021804] ? do_syscall_64+0x26/0x610 [ 1570.025790] __x64_sys_clone+0xbf/0x150 [ 1570.029784] do_syscall_64+0x103/0x610 [ 1570.033688] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1570.038882] RIP: 0033:0x457e29 [ 1570.042120] Code: Bad RIP value. [ 1570.045493] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1570.053218] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1570.060511] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1570.067800] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1570.075075] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1570.082348] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1572.220252] net_ratelimit: 26 callbacks suppressed [ 1572.220262] protocol 88fb is buggy, dev hsr_slave_0 [ 1572.230341] protocol 88fb is buggy, dev hsr_slave_1 [ 1572.235477] protocol 88fb is buggy, dev hsr_slave_0 [ 1572.240596] protocol 88fb is buggy, dev hsr_slave_1 [ 1572.245728] protocol 88fb is buggy, dev hsr_slave_0 [ 1572.250819] protocol 88fb is buggy, dev hsr_slave_1 [ 1572.255962] protocol 88fb is buggy, dev hsr_slave_0 [ 1572.261070] protocol 88fb is buggy, dev hsr_slave_1 [ 1572.370255] memory: usage 306784kB, limit 307200kB, failcnt 20375 [ 1572.376513] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1572.473375] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1572.479543] Memory cgroup stats for /syz0: cache:0KB rss:97072KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96936KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1572.810179] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=7616,uid=0 [ 1572.937507] Memory cgroup out of memory: Kill process 7616 (syz-executor.0) score 1103 or sacrifice child [ 1572.947446] protocol 88fb is buggy, dev hsr_slave_0 [ 1572.947517] protocol 88fb is buggy, dev hsr_slave_1 [ 1573.123711] Killed process 7616 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB 03:52:32 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x12) 03:52:32 executing program 5: socketpair$unix(0x1, 0x800007, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x7) ioctl$TCFLSH(r1, 0x8925, 0x73fffa) 03:52:32 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0xa0700000000000}, 0x0) 03:52:32 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:32 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x4000) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) 03:52:32 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0x0, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:32 executing program 5: fcntl$getown(0xffffffffffffffff, 0x9) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) write$9p(r0, &(0x7f00000001c0)="b1", 0x1) connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) 03:52:32 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x5, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:32 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0x0, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:32 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x2, 0x0) r1 = syz_open_pts(r0, 0x8040) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000040)={0x1, 0x80, 0x0, 0x0, 0xc, 0x9, 0x1, 0xe0, 0xda, 0x2}) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rfkill\x00', 0x600000, 0x0) ioctl$sock_inet_SIOCGIFADDR(r2, 0x8915, &(0x7f0000000100)={'dummy0\x00', {0x2, 0x4e22, @multicast1}}) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000140)) 03:52:32 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0xffefffffff7f0000}, 0x0) 03:52:33 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) write$binfmt_script(r0, &(0x7f0000002ec0)={'!! ', './file0'}, 0xfdef) socket$packet(0x11, 0x0, 0x300) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") 03:52:33 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x13) 03:52:33 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(0x0, 0x5, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:33 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0x0, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:33 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(0x0, 0x5, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:33 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x0, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:33 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0xdab83d32eb9adc06, 0x0) ioctl$DRM_IOCTL_GET_MAP(r0, 0xc0286404, &(0x7f00000000c0)={0x0, 0xffffffff, 0x3, 0x7f, &(0x7f0000ffc000/0x2000)=nil, 0xcd84}) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x1) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000040)={0x0, 0xffffffffffffd470, 0x1ff, 0x5, 0x5, 0xfffffffeffffffff, 0x4, 0x2d9a10e2, 0xffff, 0x4, 0x4, 0x7}) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) 03:52:33 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0xffffffffff600000}, 0x0) 03:52:34 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(0x0, 0x5, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:34 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x7f, 0x7, 0x5, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040), 0x0}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r0, &(0x7f0000000240), 0x0}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000400)={r0, &(0x7f0000000180), 0x0}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000240)={r0, &(0x7f0000000180)}, 0x10) 03:52:34 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x0, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:34 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0xc00, 0x0) ioctl$EVIOCGKEYCODE(r2, 0x80084504, &(0x7f0000000200)=""/255) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) 03:52:34 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r1 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r1, 0x88, 0x67, &(0x7f0000000040)=r1, 0x4) sendmsg$kcm(r1, &(0x7f0000000480)={&(0x7f0000000080)=@in6={0x2, 0x4e88, 0x0, @mcast2={0xff, 0x2, [0xe80d, 0x0, 0xa00000000000000, 0x0, 0x0, 0xf0ffffff7f0000, 0x11000000]}}, 0x80, &(0x7f0000000340), 0x2b, &(0x7f0000000180)}, 0x0) [ 1575.947337] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1576.050463] CPU: 1 PID: 1988 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1576.057580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1576.066932] Call Trace: [ 1576.069543] dump_stack+0x172/0x1f0 [ 1576.073190] dump_header+0x10f/0xb6c [ 1576.076926] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1576.082041] ? ___ratelimit+0x60/0x595 [ 1576.085941] ? do_raw_spin_unlock+0x57/0x270 [ 1576.090375] oom_kill_process.cold+0x10/0x6f5 [ 1576.094889] ? task_will_free_mem+0x139/0x6e0 [ 1576.099427] out_of_memory+0x79a/0x1280 [ 1576.103423] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1576.108554] ? oom_killer_disable+0x280/0x280 [ 1576.113058] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1576.118186] mem_cgroup_out_of_memory+0x99/0xe0 [ 1576.122871] ? memcg_memory_event+0x40/0x40 [ 1576.127253] ? _raw_spin_unlock+0x2d/0x50 [ 1576.131445] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1576.136584] try_charge+0xfec/0x1570 [ 1576.140301] ? find_held_lock+0x35/0x130 [ 1576.144400] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1576.149262] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1576.154112] ? find_held_lock+0x35/0x130 [ 1576.158182] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1576.163048] memcg_kmem_charge_memcg+0x7c/0x130 [ 1576.167739] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1576.172254] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1576.177104] memcg_kmem_charge+0x13b/0x340 [ 1576.181351] __alloc_pages_nodemask+0x437/0x710 [ 1576.186037] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1576.191086] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1576.195681] ? trace_hardirqs_on+0x67/0x230 [ 1576.200023] copy_process.part.0+0x3e0/0x79a0 [ 1576.204536] ? mark_held_locks+0x100/0x100 [ 1576.208790] ? debug_smp_processor_id+0x1c/0x20 [ 1576.213486] ? perf_trace_lock_acquire+0xf5/0x580 [ 1576.218344] ? __might_fault+0x12b/0x1e0 [ 1576.222459] ? __cleanup_sighand+0x70/0x70 [ 1576.226738] ? lock_downgrade+0x810/0x810 [ 1576.230922] _do_fork+0x257/0xfe0 [ 1576.234395] ? fork_idle+0x1d0/0x1d0 [ 1576.238141] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1576.242919] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1576.247700] ? do_syscall_64+0x26/0x610 [ 1576.251687] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1576.257058] ? do_syscall_64+0x26/0x610 [ 1576.261055] __x64_sys_clone+0xbf/0x150 [ 1576.265048] do_syscall_64+0x103/0x610 [ 1576.268962] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1576.274177] RIP: 0033:0x457e29 [ 1576.277373] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1576.296284] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1576.304011] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1576.311289] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1576.318565] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1576.325839] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1576.333112] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1577.161752] memory: usage 307196kB, limit 307200kB, failcnt 20420 [ 1577.168276] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1577.250447] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1577.339039] Memory cgroup stats for /syz0: cache:0KB rss:97060KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97128KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1577.540591] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=1983,uid=0 [ 1577.712061] Memory cgroup out of memory: Kill process 1983 (syz-executor.0) score 1106 or sacrifice child [ 1577.902501] Killed process 1983 (syz-executor.0) total-vm:72708kB, anon-rss:164kB, file-rss:35588kB, shmem-rss:0kB [ 1578.042077] oom_reaper: reaped process 1983 (syz-executor.0), now anon-rss:0kB, file-rss:34628kB, shmem-rss:0kB 03:52:37 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0xf0) 03:52:37 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) 03:52:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000003c0)={0x0, 0x5000}) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="cd"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000440)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:52:37 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:37 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x0, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:37 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TCFLSH(r0, 0x540b, 0x1) r2 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x7ff, 0x0) setsockopt$inet6_tcp_buf(r2, 0x6, 0x21, &(0x7f0000000100)="98cce8fec5d59924110cbf6db9c8443e3eba99eb07ca154093ae32e4c8b9d768b8d8a5e40d9c4eda6543a1edcb83fe468f802e59aa424b0dba276c0adbb33214fde51cd14e6b3754bfb6", 0x4a) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r1, 0x8925, &(0x7f0000000000)) ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f0000000080)={0x0, r2}) 03:52:37 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1578.460279] net_ratelimit: 26 callbacks suppressed [ 1578.460287] protocol 88fb is buggy, dev hsr_slave_0 [ 1578.470393] protocol 88fb is buggy, dev hsr_slave_1 [ 1578.475533] protocol 88fb is buggy, dev hsr_slave_0 [ 1578.480656] protocol 88fb is buggy, dev hsr_slave_1 [ 1578.485825] protocol 88fb is buggy, dev hsr_slave_0 [ 1578.490924] protocol 88fb is buggy, dev hsr_slave_1 [ 1578.496030] protocol 88fb is buggy, dev hsr_slave_0 [ 1578.501126] protocol 88fb is buggy, dev hsr_slave_1 03:52:37 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) shutdown(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) 03:52:37 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socket(0xa, 0x5, 0x0) sendmsg$rds(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:37 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x60ff}, 0x0) 03:52:37 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:38 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, 0x0, 0x0) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x200000a8) setsockopt$inet6_MCAST_LEAVE_GROUP(r1, 0x29, 0x2d, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280)='/dev/net/tun\x00', 0x0, 0x0) dup2(r2, r1) syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") ioctl$TCGETA(r1, 0x5405, &(0x7f0000000340)) mmap(&(0x7f0000000000/0xb3c000)=nil, 0xb3c000, 0x0, 0x32, 0xffffffffffffffff, 0x0) [ 1579.180235] protocol 88fb is buggy, dev hsr_slave_0 [ 1579.185348] protocol 88fb is buggy, dev hsr_slave_1 [ 1579.825720] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1579.979333] CPU: 0 PID: 2056 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1579.986492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1579.995856] Call Trace: [ 1579.998461] dump_stack+0x172/0x1f0 [ 1580.002126] dump_header+0x10f/0xb6c [ 1580.005850] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1580.010968] ? ___ratelimit+0x60/0x595 [ 1580.014869] ? do_raw_spin_unlock+0x57/0x270 [ 1580.019313] oom_kill_process.cold+0x10/0x6f5 [ 1580.023825] ? task_will_free_mem+0x139/0x6e0 [ 1580.028331] out_of_memory+0x79a/0x1280 [ 1580.032348] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1580.037463] ? oom_killer_disable+0x280/0x280 [ 1580.041968] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1580.047100] mem_cgroup_out_of_memory+0x99/0xe0 [ 1580.051787] ? memcg_memory_event+0x40/0x40 [ 1580.056136] ? _raw_spin_unlock+0x2d/0x50 [ 1580.060290] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1580.065400] try_charge+0xfec/0x1570 [ 1580.069118] ? find_held_lock+0x35/0x130 [ 1580.073197] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1580.078071] ? kasan_check_read+0x11/0x20 [ 1580.082245] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1580.087101] mem_cgroup_try_charge+0x24d/0x5e0 [ 1580.091703] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1580.096645] wp_page_copy+0x408/0x1740 [ 1580.100560] ? find_held_lock+0x35/0x130 [ 1580.104635] ? pmd_pfn+0x1d0/0x1d0 [ 1580.108191] ? lock_downgrade+0x810/0x810 [ 1580.112384] ? swp_swapcount+0x540/0x540 [ 1580.116456] ? kasan_check_read+0x11/0x20 [ 1580.120612] ? do_raw_spin_unlock+0x57/0x270 [ 1580.125037] do_wp_page+0x2ed/0x1520 [ 1580.128777] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1580.133462] __handle_mm_fault+0x22db/0x3f20 [ 1580.137890] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1580.142787] ? find_held_lock+0x35/0x130 [ 1580.146858] ? handle_mm_fault+0x322/0xb30 [ 1580.151125] ? kasan_check_read+0x11/0x20 [ 1580.155291] handle_mm_fault+0x43f/0xb30 [ 1580.159375] __do_page_fault+0x5da/0xd60 [ 1580.163458] do_page_fault+0x71/0x581 [ 1580.167268] ? page_fault+0x8/0x30 [ 1580.170822] page_fault+0x1e/0x30 [ 1580.174297] RIP: 0033:0x40d1e8 [ 1580.177498] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf bf d4 4b 00 31 c0 e8 43 47 ff ff 31 ff e8 8c 43 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 32 64 00 [ 1580.196403] RSP: 002b:00007ffee6aa56e0 EFLAGS: 00010246 [ 1580.201784] RAX: 000000001982d4d4 RBX: 00000000a2a35cfe RCX: 0000001b33120000 [ 1580.209059] RDX: 0000000000000000 RSI: 00000000000014d4 RDI: ffffffff1982d4d4 [ 1580.216335] RBP: 0000000000000010 R08: 000000001982d4d4 R09: 000000001982d4d8 [ 1580.223617] R10: 00007ffee6aa5870 R11: 0000000000000246 R12: 000000000073c028 [ 1580.230903] R13: 0000000080000000 R14: 00007f3c77391008 R15: 0000000000000022 [ 1580.440662] memory: usage 307200kB, limit 307200kB, failcnt 20451 [ 1580.447218] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1580.528346] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1580.609263] Memory cgroup stats for /syz0: cache:0KB rss:97028KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1580.798515] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=7670,uid=0 [ 1580.955986] Memory cgroup out of memory: Kill process 7670 (syz-executor.0) score 1103 or sacrifice child [ 1581.047370] Killed process 7670 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1581.327187] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1581.472665] CPU: 1 PID: 2089 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1581.479795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1581.489164] Call Trace: [ 1581.491763] dump_stack+0x172/0x1f0 [ 1581.495407] dump_header+0x10f/0xb6c [ 1581.499138] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1581.504252] ? ___ratelimit+0x60/0x595 [ 1581.508163] ? do_raw_spin_unlock+0x57/0x270 [ 1581.512583] oom_kill_process.cold+0x10/0x6f5 [ 1581.517092] ? task_will_free_mem+0x139/0x6e0 [ 1581.521604] out_of_memory+0x79a/0x1280 [ 1581.525597] ? oom_killer_disable+0x280/0x280 [ 1581.530096] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1581.535218] mem_cgroup_out_of_memory+0x99/0xe0 [ 1581.539888] ? memcg_memory_event+0x40/0x40 [ 1581.544229] ? _raw_spin_unlock+0x2d/0x50 [ 1581.548401] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1581.553518] try_charge+0xb4a/0x1570 [ 1581.557234] ? find_held_lock+0x35/0x130 [ 1581.561326] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1581.566171] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1581.571018] ? find_held_lock+0x35/0x130 [ 1581.575088] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1581.579971] memcg_kmem_charge_memcg+0x7c/0x130 [ 1581.584651] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1581.589163] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1581.594020] memcg_kmem_charge+0x13b/0x340 [ 1581.598266] __alloc_pages_nodemask+0x437/0x710 [ 1581.602948] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1581.607979] ? __lock_acquire+0x53b/0x4700 [ 1581.612224] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1581.617778] alloc_pages_current+0x107/0x210 [ 1581.622204] pte_alloc_one+0x1b/0x1a0 [ 1581.626018] __handle_mm_fault+0x34e4/0x3f20 [ 1581.630448] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1581.635299] ? find_held_lock+0x35/0x130 [ 1581.639370] ? handle_mm_fault+0x322/0xb30 [ 1581.643638] ? kasan_check_read+0x11/0x20 [ 1581.647792] handle_mm_fault+0x43f/0xb30 [ 1581.651882] __do_page_fault+0x5da/0xd60 [ 1581.655974] do_page_fault+0x71/0x581 [ 1581.659781] ? page_fault+0x8/0x30 [ 1581.663332] page_fault+0x1e/0x30 [ 1581.666809] RIP: 0033:0x457e29 [ 1581.670029] Code: Bad RIP value. [ 1581.673394] RSP: 002b:00007f3c7558fc78 EFLAGS: 00010246 [ 1581.678781] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000457e29 [ 1581.686053] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1581.693330] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1581.700788] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1581.708059] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1582.551449] memory: usage 307040kB, limit 307200kB, failcnt 20451 [ 1582.587515] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1582.651283] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1582.700514] Memory cgroup stats for /syz0: cache:0KB rss:97028KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97024KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1582.856971] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=7871,uid=0 [ 1583.111528] Memory cgroup out of memory: Kill process 7871 (syz-executor.0) score 1103 or sacrifice child [ 1583.177107] Killed process 7871 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1583.408081] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1583.730885] CPU: 0 PID: 2083 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1583.738035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1583.747400] Call Trace: [ 1583.750005] dump_stack+0x172/0x1f0 [ 1583.753649] dump_header+0x10f/0xb6c [ 1583.757390] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1583.762520] ? ___ratelimit+0x60/0x595 [ 1583.766434] ? do_raw_spin_unlock+0x57/0x270 [ 1583.770860] oom_kill_process.cold+0x10/0x6f5 [ 1583.775387] ? task_will_free_mem+0x139/0x6e0 [ 1583.779920] out_of_memory+0x79a/0x1280 [ 1583.783935] ? oom_killer_disable+0x280/0x280 [ 1583.788453] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1583.793587] mem_cgroup_out_of_memory+0x99/0xe0 [ 1583.798272] ? memcg_memory_event+0x40/0x40 [ 1583.802614] ? _raw_spin_unlock+0x2d/0x50 [ 1583.806786] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1583.811913] try_charge+0xb4a/0x1570 [ 1583.815639] ? find_held_lock+0x35/0x130 [ 1583.819720] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1583.824586] ? kasan_check_read+0x11/0x20 [ 1583.828749] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1583.833609] mem_cgroup_try_charge+0x24d/0x5e0 [ 1583.838207] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1583.843150] wp_page_copy+0x408/0x1740 [ 1583.847050] ? find_held_lock+0x35/0x130 [ 1583.851131] ? pmd_pfn+0x1d0/0x1d0 [ 1583.854684] ? lock_downgrade+0x810/0x810 [ 1583.858845] ? swp_swapcount+0x540/0x540 [ 1583.862949] ? kasan_check_read+0x11/0x20 [ 1583.867113] ? do_raw_spin_unlock+0x57/0x270 [ 1583.871536] do_wp_page+0x2ed/0x1520 [ 1583.875269] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1583.880015] __handle_mm_fault+0x22db/0x3f20 [ 1583.884444] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1583.889296] ? find_held_lock+0x35/0x130 [ 1583.893383] ? handle_mm_fault+0x322/0xb30 [ 1583.897660] ? kasan_check_read+0x11/0x20 [ 1583.901822] handle_mm_fault+0x43f/0xb30 [ 1583.905910] __do_page_fault+0x5da/0xd60 [ 1583.910004] do_page_fault+0x71/0x581 [ 1583.913810] ? page_fault+0x8/0x30 [ 1583.917376] page_fault+0x1e/0x30 [ 1583.920850] RIP: 0033:0x404478 [ 1583.924056] Code: 85 02 00 00 80 3d 1f c0 64 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 0c c0 64 00 39 45 24 0f 84 e7 01 00 00 44 8b a5 80 00 00 00 73 d8 ff ff 48 2b 05 8c 3b 33 00 8b 75 00 49 89 d8 45 89 e1 4c [ 1583.942963] RSP: 002b:00007f3c7558fc90 EFLAGS: 00010246 [ 1583.948331] RAX: 00007f3c77591000 RBX: 0000000000001faa RCX: 0000000000457e29 [ 1583.955606] RDX: 000000000003ffff RSI: 0000000000000000 RDI: 0000000000000000 [ 1583.962882] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1583.970169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1583.977443] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1584.190250] memory: usage 306476kB, limit 307200kB, failcnt 20451 [ 1584.196501] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1584.230221] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1584.236389] Memory cgroup stats for /syz0: cache:0KB rss:97028KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96852KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1584.400220] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2056,uid=0 [ 1584.484114] Memory cgroup out of memory: Kill process 2056 (syz-executor.0) score 1106 or sacrifice child [ 1584.560232] Killed process 2083 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:35596kB, shmem-rss:0kB [ 1584.631684] oom_reaper: reaped process 2083 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 1584.700238] net_ratelimit: 26 callbacks suppressed [ 1584.700251] protocol 88fb is buggy, dev hsr_slave_0 [ 1584.710280] protocol 88fb is buggy, dev hsr_slave_1 [ 1584.715389] protocol 88fb is buggy, dev hsr_slave_0 [ 1584.720524] protocol 88fb is buggy, dev hsr_slave_1 [ 1584.725643] protocol 88fb is buggy, dev hsr_slave_0 [ 1584.730747] protocol 88fb is buggy, dev hsr_slave_1 [ 1584.735871] protocol 88fb is buggy, dev hsr_slave_0 [ 1584.740994] protocol 88fb is buggy, dev hsr_slave_1 03:52:43 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)={{0x0, 0x6, 0x8, 0x115, 0x27a, 0x6, 0x49, 0x5}, "4e61dc2685356e5da2115d42c2cdf99a2074226cec006f7f72d9c2a8db3e51ff55598a47cd0e112e648e7cfeb1deaae0a06df62b8883c5a4b449cea78c2c9445132c8f9b760624a945a2384780280f169d211263fa636d0c2aa75b284504966a1f586b671b71cd200094", [[], [], [], [], [], [], [], []]}, 0x88a) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(0xffffffffffffffff, 0x8925, &(0x7f0000000000)) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0) ioctl$SG_NEXT_CMD_LEN(r1, 0x2283, &(0x7f0000000080)=0xa5) 03:52:43 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x300) 03:52:43 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socket(0xa, 0x5, 0x0) sendmsg$rds(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:43 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x7400}, 0x0) 03:52:43 executing program 5: 03:52:43 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:43 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socket(0xa, 0x5, 0x0) sendmsg$rds(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:43 executing program 5: 03:52:44 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:44 executing program 1: 03:52:44 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x9400}, 0x0) 03:52:44 executing program 5: 03:52:44 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, 0x0, 0x0) tkill(r0, 0x1000000000016) [ 1585.420341] protocol 88fb is buggy, dev hsr_slave_0 [ 1585.425543] protocol 88fb is buggy, dev hsr_slave_1 03:52:44 executing program 1: 03:52:44 executing program 5: 03:52:44 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:44 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x307100}, 0x0) 03:52:44 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x500) 03:52:44 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, 0x0, 0x0) tkill(r0, 0x1000000000016) 03:52:44 executing program 1: 03:52:44 executing program 5: 03:52:44 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, 0x0, 0x0) tkill(r0, 0x1000000000016) 03:52:45 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x400000}, 0x0) 03:52:45 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:45 executing program 5: 03:52:45 executing program 1: 03:52:45 executing program 5: 03:52:46 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:46 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x50a000}, 0x0) 03:52:46 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:46 executing program 1: 03:52:46 executing program 5: 03:52:46 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x600) 03:52:46 executing program 1: 03:52:46 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:46 executing program 5: 03:52:46 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x70a000}, 0x0) 03:52:46 executing program 5: 03:52:46 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, 0x0}, 0x0) tkill(r0, 0x1000000000016) [ 1588.016489] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1588.030321] CPU: 0 PID: 2190 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1588.037465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1588.046827] Call Trace: [ 1588.049439] dump_stack+0x172/0x1f0 [ 1588.053123] dump_header+0x10f/0xb6c [ 1588.056863] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1588.062012] ? ___ratelimit+0x60/0x595 [ 1588.065933] ? do_raw_spin_unlock+0x57/0x270 [ 1588.070374] oom_kill_process.cold+0x10/0x6f5 [ 1588.074930] ? task_will_free_mem+0x139/0x6e0 [ 1588.079477] out_of_memory+0x79a/0x1280 [ 1588.083490] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1588.088632] ? oom_killer_disable+0x280/0x280 [ 1588.093149] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1588.098335] mem_cgroup_out_of_memory+0x99/0xe0 [ 1588.103041] ? memcg_memory_event+0x40/0x40 [ 1588.107421] ? _raw_spin_unlock+0x2d/0x50 [ 1588.111592] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1588.116721] try_charge+0xfec/0x1570 [ 1588.120454] ? find_held_lock+0x35/0x130 [ 1588.124552] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1588.129416] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1588.134278] ? find_held_lock+0x35/0x130 [ 1588.138394] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1588.143279] memcg_kmem_charge_memcg+0x7c/0x130 [ 1588.147986] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1588.152513] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1588.157402] memcg_kmem_charge+0x13b/0x340 [ 1588.161699] __alloc_pages_nodemask+0x437/0x710 [ 1588.166401] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1588.171450] ? save_stack+0xa9/0xd0 [ 1588.175103] ? kmem_cache_alloc+0x11a/0x6f0 [ 1588.179448] ? anon_vma_fork+0x1ea/0x4a0 [ 1588.183532] ? copy_process.part.0+0x350f/0x79a0 [ 1588.188310] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1588.193890] alloc_pages_current+0x107/0x210 [ 1588.198348] get_zeroed_page+0x14/0x50 [ 1588.202256] __pud_alloc+0x3b/0x250 [ 1588.205942] pud_alloc+0xde/0x150 [ 1588.209421] copy_page_range+0x375/0x1f90 [ 1588.213594] ? mark_held_locks+0x100/0x100 [ 1588.217860] ? debug_smp_processor_id+0x1c/0x20 [ 1588.222570] ? perf_trace_lock_acquire+0xf5/0x580 [ 1588.227432] ? find_held_lock+0x35/0x130 [ 1588.231524] ? copy_process.part.0+0x3121/0x79a0 [ 1588.236311] ? copy_process.part.0+0x3121/0x79a0 [ 1588.241129] ? pmd_alloc+0x180/0x180 [ 1588.244860] ? vma_compute_subtree_gap+0x158/0x230 [ 1588.249824] ? validate_mm_rb+0xa3/0xc0 [ 1588.253822] ? __vma_link_rb+0x279/0x370 [ 1588.257946] copy_process.part.0+0x56aa/0x79a0 [ 1588.262613] ? __cleanup_sighand+0x70/0x70 [ 1588.266950] _do_fork+0x257/0xfe0 [ 1588.270469] ? fork_idle+0x1d0/0x1d0 [ 1588.274224] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1588.279001] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1588.283784] ? do_syscall_64+0x26/0x610 [ 1588.287776] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1588.293172] ? do_syscall_64+0x26/0x610 [ 1588.297180] __x64_sys_clone+0xbf/0x150 [ 1588.301183] do_syscall_64+0x103/0x610 [ 1588.305115] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1588.310352] RIP: 0033:0x457e29 [ 1588.313560] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1588.332472] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1588.340191] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1588.347501] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1588.354787] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1588.362070] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1588.369359] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1588.466512] memory: usage 307200kB, limit 307200kB, failcnt 20510 [ 1588.472926] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1588.479712] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1588.496952] Memory cgroup stats for /syz0: cache:0KB rss:97152KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97120KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1588.567324] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2140,uid=0 [ 1588.590388] Memory cgroup out of memory: Kill process 2140 (syz-executor.0) score 1103 or sacrifice child [ 1588.605237] Killed process 2140 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB 03:52:47 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(0x0, 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:47 executing program 1: 03:52:47 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x713000}, 0x0) 03:52:47 executing program 5: 03:52:47 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, 0x0}, 0x0) tkill(r0, 0x1000000000016) 03:52:47 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x900) 03:52:47 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(0x0, 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:47 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0xa102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000002c0)={@ipv4, 0x0, 0x0, 0x0, 0x5}, 0x20) getsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, &(0x7f0000000040)) r1 = fcntl$dupfd(r0, 0x0, r0) write$P9_RLOPEN(r1, 0x0, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, 0x0, 0x0) 03:52:47 executing program 1: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x0, 0x0) write$P9_RCLUNK(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, 0x0) dup3(r1, r0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='ip6_vti0\x00', 0x10) 03:52:47 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, 0x0}, 0x0) tkill(r0, 0x1000000000016) 03:52:47 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(0x0, 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:47 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x740000}, 0x0) 03:52:47 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) write$9p(r0, 0x0, 0x0) [ 1588.929889] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 03:52:47 executing program 1: ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) ioctl$TIOCSLCKTRMIOS(0xffffffffffffffff, 0x5457, 0x0) read$eventfd(0xffffffffffffffff, 0x0, 0x0) ioctl$KDSETKEYCODE(0xffffffffffffffff, 0x4b4d, 0x0) fsync(r0) [ 1589.020315] CPU: 1 PID: 2225 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1589.027445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1589.036801] Call Trace: [ 1589.039442] dump_stack+0x172/0x1f0 [ 1589.043110] dump_header+0x10f/0xb6c [ 1589.046871] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1589.052000] ? ___ratelimit+0x60/0x595 [ 1589.055909] ? do_raw_spin_unlock+0x57/0x270 [ 1589.060330] oom_kill_process.cold+0x10/0x6f5 [ 1589.064841] ? task_will_free_mem+0x139/0x6e0 [ 1589.069355] out_of_memory+0x79a/0x1280 [ 1589.073344] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1589.078459] ? oom_killer_disable+0x280/0x280 [ 1589.082956] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1589.088092] mem_cgroup_out_of_memory+0x99/0xe0 [ 1589.092774] ? memcg_memory_event+0x40/0x40 [ 1589.097108] ? _raw_spin_unlock+0x2d/0x50 [ 1589.101292] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1589.106397] try_charge+0xfec/0x1570 [ 1589.110117] ? find_held_lock+0x35/0x130 [ 1589.114240] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1589.119109] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1589.123961] ? find_held_lock+0x35/0x130 [ 1589.128026] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1589.132890] memcg_kmem_charge_memcg+0x7c/0x130 [ 1589.137578] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1589.142093] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1589.146976] memcg_kmem_charge+0x13b/0x340 [ 1589.151225] __alloc_pages_nodemask+0x437/0x710 [ 1589.155917] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1589.160949] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1589.165546] ? trace_hardirqs_on+0x67/0x230 03:52:48 executing program 5: setsockopt$inet_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x0, 0x2d, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000200)={0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x1000}) setxattr$trusted_overlay_redirect(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x2) r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/keycreate\x00', 0x2, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, 0x0, 0x0) r3 = getpid() r4 = fcntl$dupfd(r1, 0x0, r2) sched_setattr(r3, 0x0, 0x0) ioctl$KVM_GET_NR_MMU_PAGES(0xffffffffffffffff, 0xae45, 0x0) r5 = semget$private(0x0, 0x7, 0x120) bind$inet6(r4, 0x0, 0x0) semop(r5, 0x0, 0xf) r6 = creat(&(0x7f0000000280)='./file0\x00', 0x0) write$FUSE_NOTIFY_POLL(r0, 0x0, 0x0) faccessat(r4, &(0x7f0000000000)='./file0\x00', 0x4, 0x200) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) fallocate(r6, 0x0, 0x0, 0x8200003) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r7 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r7) getpid() write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="10efb81a8de800001b"], 0x9) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(&(0x7f0000001e00)='./bus\x00') [ 1589.169887] copy_process.part.0+0x3e0/0x79a0 [ 1589.174405] ? mark_held_locks+0x100/0x100 [ 1589.178672] ? debug_smp_processor_id+0x1c/0x20 [ 1589.183364] ? perf_trace_lock_acquire+0xf5/0x580 [ 1589.188220] ? __might_fault+0x12b/0x1e0 [ 1589.192317] ? __cleanup_sighand+0x70/0x70 [ 1589.196566] ? lock_downgrade+0x810/0x810 [ 1589.200742] _do_fork+0x257/0xfe0 [ 1589.204235] ? fork_idle+0x1d0/0x1d0 [ 1589.207973] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1589.212741] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1589.217513] ? do_syscall_64+0x26/0x610 [ 1589.221488] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1589.226852] ? do_syscall_64+0x26/0x610 [ 1589.230835] __x64_sys_clone+0xbf/0x150 [ 1589.234812] do_syscall_64+0x103/0x610 [ 1589.238703] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1589.243886] RIP: 0033:0x457e29 [ 1589.247087] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:52:48 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)}, 0x0) tkill(r0, 0x1000000000016) 03:52:48 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1589.265989] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1589.273693] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1589.280962] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1589.288227] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1589.295489] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1589.302752] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1589.424044] memory: usage 307200kB, limit 307200kB, failcnt 20543 [ 1589.445169] audit: type=1804 audit(2000001168.400:154): pid=2271 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir186871136/syzkaller.y1AeaV/2274/file0" dev="sda1" ino=18279 res=1 [ 1589.468713] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1589.491947] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1589.515446] Memory cgroup stats for /syz0: cache:0KB rss:97020KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97096KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1589.549819] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=7986,uid=0 [ 1589.571287] Memory cgroup out of memory: Kill process 7986 (syz-executor.0) score 1103 or sacrifice child [ 1589.591322] Killed process 7986 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1589.618521] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1589.647376] CPU: 0 PID: 2224 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1589.654488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1589.663842] Call Trace: [ 1589.666441] dump_stack+0x172/0x1f0 [ 1589.670092] dump_header+0x10f/0xb6c [ 1589.673818] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1589.678958] ? ___ratelimit+0x60/0x595 [ 1589.682872] ? do_raw_spin_unlock+0x57/0x270 [ 1589.687325] oom_kill_process.cold+0x10/0x6f5 [ 1589.691835] ? task_will_free_mem+0x139/0x6e0 [ 1589.696348] out_of_memory+0x79a/0x1280 [ 1589.700338] ? oom_killer_disable+0x280/0x280 [ 1589.704857] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1589.709992] mem_cgroup_out_of_memory+0x99/0xe0 [ 1589.714675] ? memcg_memory_event+0x40/0x40 [ 1589.719800] ? _raw_spin_unlock+0x2d/0x50 [ 1589.723958] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1589.729070] try_charge+0xb4a/0x1570 [ 1589.732794] ? find_held_lock+0x35/0x130 [ 1589.736868] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1589.741739] ? kasan_check_read+0x11/0x20 [ 1589.745922] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1589.750791] mem_cgroup_try_charge+0x24d/0x5e0 [ 1589.755400] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1589.760343] __handle_mm_fault+0x1e26/0x3f20 [ 1589.764769] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1589.769619] ? find_held_lock+0x35/0x130 [ 1589.773694] ? handle_mm_fault+0x322/0xb30 [ 1589.777967] ? kasan_check_read+0x11/0x20 [ 1589.782134] handle_mm_fault+0x43f/0xb30 [ 1589.786215] __do_page_fault+0x5da/0xd60 [ 1589.790297] do_page_fault+0x71/0x581 [ 1589.794109] ? page_fault+0x8/0x30 [ 1589.797659] page_fault+0x1e/0x30 [ 1589.801134] RIP: 0033:0x400590 [ 1589.804352] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 65 4b 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 1589.823254] RSP: 002b:00007ffee6aa5770 EFLAGS: 00010202 [ 1589.828621] RAX: 0000000000000002 RBX: 000000000073c900 RCX: 0000000000000000 [ 1589.835905] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000002 [ 1589.843186] RBP: 000000000073c900 R08: 0000000000000000 R09: 0000000000000000 [ 1589.850459] R10: 00007ffee6aa5870 R11: 0000000000000246 R12: fffffffffffffffe [ 1589.857731] R13: 0000000000183e73 R14: 00000000000003e8 R15: 000000000073bf0c [ 1589.875082] memory: usage 307104kB, limit 307200kB, failcnt 20543 [ 1589.883704] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1589.904762] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1589.915604] Memory cgroup stats for /syz0: cache:0KB rss:97020KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97000KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1589.940415] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=8181,uid=0 [ 1589.960979] Memory cgroup out of memory: Kill process 8181 (syz-executor.0) score 1103 or sacrifice child [ 1589.976579] Killed process 8181 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1590.037248] audit: type=1804 audit(2000001168.990:155): pid=2274 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir186871136/syzkaller.y1AeaV/2274/file0" dev="sda1" ino=18279 res=1 [ 1590.168971] syz-executor.5 (2271) used greatest stack depth: 22064 bytes left [ 1590.176432] audit: type=1804 audit(2000001169.120:156): pid=2271 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir186871136/syzkaller.y1AeaV/2274/file0" dev="sda1" ino=18279 res=1 [ 1590.186697] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1590.226293] CPU: 0 PID: 2224 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1590.233418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1590.242771] Call Trace: [ 1590.245371] dump_stack+0x172/0x1f0 [ 1590.249031] dump_header+0x10f/0xb6c [ 1590.252753] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1590.257865] ? ___ratelimit+0x60/0x595 [ 1590.261768] ? do_raw_spin_unlock+0x57/0x270 [ 1590.266193] oom_kill_process.cold+0x10/0x6f5 [ 1590.270702] ? task_will_free_mem+0x139/0x6e0 [ 1590.275210] out_of_memory+0x79a/0x1280 [ 1590.279198] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1590.284317] ? oom_killer_disable+0x280/0x280 [ 1590.288816] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1590.293959] mem_cgroup_out_of_memory+0x99/0xe0 [ 1590.298633] ? memcg_memory_event+0x40/0x40 [ 1590.302972] ? _raw_spin_unlock+0x2d/0x50 [ 1590.307133] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1590.312236] try_charge+0xfec/0x1570 [ 1590.315937] ? find_held_lock+0x35/0x130 [ 1590.319983] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1590.324829] ? kasan_check_read+0x11/0x20 [ 1590.328979] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1590.333807] mem_cgroup_try_charge+0x24d/0x5e0 [ 1590.338394] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1590.343353] wp_page_copy+0x408/0x1740 [ 1590.347219] ? find_held_lock+0x35/0x130 [ 1590.351272] ? pmd_pfn+0x1d0/0x1d0 [ 1590.354793] ? lock_downgrade+0x810/0x810 [ 1590.358962] ? swp_swapcount+0x540/0x540 [ 1590.363023] ? kasan_check_read+0x11/0x20 [ 1590.367156] ? do_raw_spin_unlock+0x57/0x270 [ 1590.371551] do_wp_page+0x2ed/0x1520 [ 1590.375248] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1590.379913] __handle_mm_fault+0x22db/0x3f20 [ 1590.384314] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1590.389140] ? find_held_lock+0x35/0x130 [ 1590.393186] ? handle_mm_fault+0x322/0xb30 [ 1590.397420] ? kasan_check_read+0x11/0x20 [ 1590.401554] handle_mm_fault+0x43f/0xb30 [ 1590.405603] __do_page_fault+0x5da/0xd60 [ 1590.409650] do_page_fault+0x71/0x581 [ 1590.413441] ? page_fault+0x8/0x30 [ 1590.416979] page_fault+0x1e/0x30 [ 1590.420416] RIP: 0033:0x40f9ba [ 1590.423609] Code: 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 c7 45 18 01 00 00 00 49 89 85 10 05 00 00 48 8b 05 ae 68 64 00 00 01 00 00 00 c7 05 ba 68 64 00 01 00 00 00 41 c7 85 1c 06 00 [ 1590.442493] RSP: 002b:00007ffee6aa56c0 EFLAGS: 00010206 [ 1590.447835] RAX: 0000000000a56748 RBX: 0000000000020000 RCX: 0000000000457e7a [ 1590.455086] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1590.462339] RBP: 00007ffee6aa57a0 R08: ffffffffffffffff R09: 0000000000000000 [ 1590.469592] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffee6aa5880 [ 1590.476841] R13: 00007f3c7554e700 R14: 0000000000000003 R15: 000000000073c04c [ 1590.486582] memory: usage 307200kB, limit 307200kB, failcnt 20583 [ 1590.494106] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1590.501191] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1590.507334] Memory cgroup stats for /syz0: cache:0KB rss:97020KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97048KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1590.527491] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2224,uid=0 [ 1590.548869] Memory cgroup out of memory: Kill process 2224 (syz-executor.0) score 1106 or sacrifice child [ 1590.567342] Killed process 2280 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1590.592814] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1590.602853] CPU: 0 PID: 2225 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1590.609961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1590.619297] Call Trace: [ 1590.621883] dump_stack+0x172/0x1f0 [ 1590.625540] dump_header+0x10f/0xb6c [ 1590.629252] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1590.634435] ? ___ratelimit+0x60/0x595 [ 1590.638307] ? do_raw_spin_unlock+0x57/0x270 [ 1590.642718] oom_kill_process.cold+0x10/0x6f5 [ 1590.647211] ? task_will_free_mem+0x139/0x6e0 [ 1590.651693] out_of_memory+0x79a/0x1280 [ 1590.655655] ? oom_killer_disable+0x280/0x280 [ 1590.660148] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1590.665270] mem_cgroup_out_of_memory+0x99/0xe0 [ 1590.669936] ? memcg_memory_event+0x40/0x40 [ 1590.674248] ? _raw_spin_unlock+0x2d/0x50 [ 1590.678376] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1590.683474] try_charge+0xb4a/0x1570 [ 1590.687193] ? find_held_lock+0x35/0x130 [ 1590.691242] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1590.696072] ? kasan_check_read+0x11/0x20 [ 1590.700228] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1590.705086] mem_cgroup_try_charge+0x24d/0x5e0 [ 1590.709707] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1590.714640] wp_page_copy+0x408/0x1740 [ 1590.718539] ? find_held_lock+0x35/0x130 [ 1590.722633] ? pmd_pfn+0x1d0/0x1d0 [ 1590.726180] ? lock_downgrade+0x810/0x810 [ 1590.730418] ? swp_swapcount+0x540/0x540 [ 1590.734468] ? kasan_check_read+0x11/0x20 [ 1590.738600] ? do_raw_spin_unlock+0x57/0x270 [ 1590.743012] do_wp_page+0x2ed/0x1520 [ 1590.746722] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1590.751379] __handle_mm_fault+0x22db/0x3f20 [ 1590.755775] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1590.760715] ? find_held_lock+0x35/0x130 [ 1590.764784] ? handle_mm_fault+0x322/0xb30 [ 1590.769026] ? kasan_check_read+0x11/0x20 [ 1590.773159] handle_mm_fault+0x43f/0xb30 [ 1590.777211] __do_page_fault+0x5da/0xd60 [ 1590.781279] do_page_fault+0x71/0x581 [ 1590.785086] ? page_fault+0x8/0x30 [ 1590.788619] page_fault+0x1e/0x30 [ 1590.792052] RIP: 0033:0x4043c9 [ 1590.795226] Code: 64 00 39 45 24 0f 84 a6 01 00 00 80 3d d7 c0 64 00 00 74 0e 48 8b 85 90 00 00 00 48 c7 00 00 00 00 00 e8 5a e5 00 00 49 89 c4 00 00 00 00 00 49 8b 46 10 48 85 c0 0f 84 3c 01 00 00 48 83 ec [ 1590.814109] RSP: 002b:00007f3c7558fc90 EFLAGS: 00010207 [ 1590.819455] RAX: 00007f3c755906d4 RBX: 0000000000000003 RCX: 0000000000000003 [ 1590.826719] RDX: 000000000014905a RSI: 0000000000000010 RDI: 00000000004bc88e [ 1590.833971] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1590.841232] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1590.848492] R13: 00000000004c6383 R14: 00000000004db6c0 R15: 00000000ffffffff [ 1590.857537] memory: usage 307000kB, limit 307200kB, failcnt 20583 [ 1590.863846] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1590.870973] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1590.877116] Memory cgroup stats for /syz0: cache:0KB rss:97020KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97004KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1590.897234] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2224,uid=0 [ 1590.911794] Memory cgroup out of memory: Kill process 2224 (syz-executor.0) score 1106 or sacrifice child [ 1590.921632] Killed process 2275 (syz-executor.0) total-vm:72576kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB 03:52:49 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0xa00) 03:52:49 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x940000}, 0x0) 03:52:49 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)}, 0x0) tkill(r0, 0x1000000000016) 03:52:49 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0xc401, 0x0) ioctl$TUNGETVNETHDRSZ(r0, 0x800454d7, &(0x7f00000005c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1d, &(0x7f0000000240)={@mcast1}, &(0x7f0000000280)=0x14) r3 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x200000, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000600)={0x4, 0x1f, 0x20000000000, 0xffffffff, 0x1, 0xffffffffffffffc0, 0x7, 0x3, 0x2, 0x8}) socket$rds(0x15, 0x5, 0x0) r4 = dup(r1) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r4, 0x402c5342, &(0x7f00000004c0)={0x100000000000, 0x40000009, 0x9, {0x0, 0x989680}, 0x40, 0x7}) ioctl$SG_SCSI_RESET(r3, 0x2284, 0x0) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_GET_NODES(r4, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1200000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r5, 0x200, 0x70bd2c, 0x25dfdbfc}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sync_file_range(r2, 0xffffffff, 0x3, 0x0) ioctl$VIDIOC_S_AUDIO(0xffffffffffffffff, 0x40345622, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000640)='/dev/ptmx\x00', 0x0, 0x0) sendmsg$TIPC_NL_MON_SET(r6, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="0b0081000000000000000000000000"], 0x1}, 0x1, 0x0, 0x0, 0x4844}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) set_tid_address(&(0x7f0000000540)) ioctl$KVM_S390_VCPU_FAULT(r3, 0x4008ae52, &(0x7f0000000140)=0x2) ioctl$CAPI_NCCI_OPENCOUNT(r4, 0x80044326, &(0x7f00000002c0)=0x5) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) readv(r7, &(0x7f0000000940)=[{&(0x7f0000000680)=""/136}, {&(0x7f0000000740)=""/108}, {&(0x7f00000007c0)=""/193}, {&(0x7f00000008c0)=""/93}, {&(0x7f0000000300)=""/55}], 0x200000000000000f) sendmsg$nl_generic(r6, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x0, 0xd}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x8, 0x11, [@generic="e2ab"]}]}, 0x1c}}, 0x0) 03:52:49 executing program 5: r0 = socket$kcm(0x2, 0x2, 0x73) listen(0xffffffffffffffff, 0x5c2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000006c0)={0x0, 0x0}, &(0x7f0000000700)=0xc) setfsuid(r2) ustat(0x5, &(0x7f0000000140)) fstat(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) unlinkat(r1, &(0x7f0000000080)='./file0/file0\x00', 0x200) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000300)={{{@in6=@remote, @in6=@local}}, {{@in=@multicast1}, 0x0, @in6=@ipv4}}, &(0x7f0000000400)=0xe8) getsockname(r1, &(0x7f0000000600)=@pptp, &(0x7f0000000680)=0x80) getsockname(r1, &(0x7f0000000240)=@pppol2tpv3, &(0x7f00000002c0)=0x80) getgroups(0x2, &(0x7f0000000340)) mkdir(&(0x7f00000004c0)='./file0\x00', 0x3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='rpc_pipefs\x00', 0x0, 0x0) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$void(r1, 0x5451) r4 = semget$private(0x0, 0x3, 0x128) semctl$IPC_INFO(r4, 0x5, 0x3, &(0x7f0000000500)=""/191) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000200)=ANY=[@ANYRES16=r3]) setsockopt$inet_sctp_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f00000005c0)={0x3, 0x100, 0x998, 0x7fc0000, 0xffffffff80000000, 0x6, 0x1, 0x101, 0x5, 0x3, 0x1}, 0xb) ioctl$KDMKTONE(r1, 0x4b30, 0x7f) connect$pptp(r1, &(0x7f0000000180)={0x18, 0x2, {0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) ustat(0x80001, 0x0) r5 = socket$packet(0x11, 0x0, 0x300) sendfile(r5, r0, &(0x7f0000000100), 0xe6d) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) 03:52:49 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1590.940282] net_ratelimit: 28 callbacks suppressed [ 1590.940290] protocol 88fb is buggy, dev hsr_slave_0 [ 1590.950406] protocol 88fb is buggy, dev hsr_slave_1 [ 1590.955594] protocol 88fb is buggy, dev hsr_slave_0 [ 1590.960737] protocol 88fb is buggy, dev hsr_slave_1 [ 1590.965880] protocol 88fb is buggy, dev hsr_slave_0 [ 1590.971046] protocol 88fb is buggy, dev hsr_slave_1 [ 1590.976176] protocol 88fb is buggy, dev hsr_slave_0 [ 1590.981290] protocol 88fb is buggy, dev hsr_slave_1 03:52:50 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)}, 0x0) tkill(r0, 0x1000000000016) 03:52:50 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0xa05000}, 0x0) 03:52:50 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:50 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{0x0}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:50 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0xa07000}, 0x0) 03:52:50 executing program 5: r0 = socket$kcm(0x2, 0x2, 0x73) listen(0xffffffffffffffff, 0x5c2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000006c0)={0x0, 0x0}, &(0x7f0000000700)=0xc) setfsuid(r2) ustat(0x5, &(0x7f0000000140)) fstat(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) unlinkat(r1, &(0x7f0000000080)='./file0/file0\x00', 0x200) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000300)={{{@in6=@remote, @in6=@local}}, {{@in=@multicast1}, 0x0, @in6=@ipv4}}, &(0x7f0000000400)=0xe8) getsockname(r1, &(0x7f0000000600)=@pptp, &(0x7f0000000680)=0x80) getsockname(r1, &(0x7f0000000240)=@pppol2tpv3, &(0x7f00000002c0)=0x80) getgroups(0x2, &(0x7f0000000340)) mkdir(&(0x7f00000004c0)='./file0\x00', 0x3) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='rpc_pipefs\x00', 0x0, 0x0) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$void(r1, 0x5451) r4 = semget$private(0x0, 0x3, 0x128) semctl$IPC_INFO(r4, 0x5, 0x3, &(0x7f0000000500)=""/191) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000200)=ANY=[@ANYRES16=r3]) setsockopt$inet_sctp_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f00000005c0)={0x3, 0x100, 0x998, 0x7fc0000, 0xffffffff80000000, 0x6, 0x1, 0x101, 0x5, 0x3, 0x1}, 0xb) ioctl$KDMKTONE(r1, 0x4b30, 0x7f) connect$pptp(r1, &(0x7f0000000180)={0x18, 0x2, {0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) ustat(0x80001, 0x0) r5 = socket$packet(0x11, 0x0, 0x300) sendfile(r5, r0, &(0x7f0000000100), 0xe6d) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) [ 1591.417059] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1591.460277] CPU: 1 PID: 2300 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1591.467387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1591.476743] Call Trace: [ 1591.479344] dump_stack+0x172/0x1f0 [ 1591.482991] dump_header+0x10f/0xb6c [ 1591.486719] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1591.491829] ? ___ratelimit+0x60/0x595 [ 1591.495738] ? do_raw_spin_unlock+0x57/0x270 [ 1591.500174] oom_kill_process.cold+0x10/0x6f5 [ 1591.504684] ? task_will_free_mem+0x139/0x6e0 [ 1591.509196] out_of_memory+0x79a/0x1280 [ 1591.509219] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1591.509237] ? oom_killer_disable+0x280/0x280 [ 1591.509252] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1591.509279] mem_cgroup_out_of_memory+0x99/0xe0 [ 1591.509296] ? memcg_memory_event+0x40/0x40 [ 1591.518361] ? _raw_spin_unlock+0x2d/0x50 [ 1591.518377] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1591.518391] try_charge+0xfec/0x1570 [ 1591.518406] ? find_held_lock+0x35/0x130 [ 1591.528013] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1591.528030] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1591.528045] ? find_held_lock+0x35/0x130 [ 1591.537010] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1591.537040] memcg_kmem_charge_memcg+0x7c/0x130 [ 1591.537055] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1591.537077] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1591.537096] memcg_kmem_charge+0x13b/0x340 [ 1591.537115] __alloc_pages_nodemask+0x437/0x710 [ 1591.572660] ? debug_smp_processor_id+0x1c/0x20 [ 1591.572680] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1591.572704] ? copy_page_range+0x125a/0x1f90 [ 1591.572722] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1591.572744] alloc_pages_current+0x107/0x210 [ 1591.572765] pte_alloc_one+0x1b/0x1a0 [ 1591.572781] __pte_alloc+0x20/0x310 [ 1591.572800] copy_page_range+0x1529/0x1f90 [ 1591.572815] ? mark_held_locks+0x100/0x100 [ 1591.572851] ? pmd_alloc+0x180/0x180 [ 1591.586804] ? vma_compute_subtree_gap+0x158/0x230 [ 1591.586824] ? validate_mm_rb+0xa3/0xc0 [ 1591.586845] ? __vma_link_rb+0x279/0x370 [ 1591.586870] copy_process.part.0+0x56aa/0x79a0 [ 1591.586928] ? __cleanup_sighand+0x70/0x70 [ 1591.595810] _do_fork+0x257/0xfe0 [ 1591.595833] ? fork_idle+0x1d0/0x1d0 [ 1591.595861] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1591.595877] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1591.595903] ? do_syscall_64+0x26/0x610 [ 1591.615473] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1591.615504] ? do_syscall_64+0x26/0x610 [ 1591.615527] __x64_sys_clone+0xbf/0x150 [ 1591.615547] do_syscall_64+0x103/0x610 [ 1591.615569] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1591.615581] RIP: 0033:0x457e29 [ 1591.615597] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1591.615608] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1591.627408] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1591.627438] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1591.627448] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1591.627458] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1591.627468] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1591.663405] protocol 88fb is buggy, dev hsr_slave_0 [ 1591.663906] protocol 88fb is buggy, dev hsr_slave_1 [ 1591.732405] memory: usage 307200kB, limit 307200kB, failcnt 20627 [ 1591.776769] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1591.807305] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1591.813804] Memory cgroup stats for /syz0: cache:0KB rss:96868KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97000KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1591.842231] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2297,uid=0 [ 1591.857392] Memory cgroup out of memory: Kill process 2297 (syz-executor.0) score 1106 or sacrifice child [ 1591.857481] Killed process 2301 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB [ 1591.889187] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1591.916068] CPU: 1 PID: 2297 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1591.923218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1591.923224] Call Trace: [ 1591.923245] dump_stack+0x172/0x1f0 [ 1591.923268] dump_header+0x10f/0xb6c [ 1591.923284] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1591.923300] ? ___ratelimit+0x60/0x595 [ 1591.923314] ? do_raw_spin_unlock+0x57/0x270 [ 1591.923334] oom_kill_process.cold+0x10/0x6f5 [ 1591.923355] ? task_will_free_mem+0x139/0x6e0 [ 1591.923379] out_of_memory+0x79a/0x1280 [ 1591.923399] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1591.923423] ? oom_killer_disable+0x280/0x280 [ 1591.923439] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1591.935370] mem_cgroup_out_of_memory+0x99/0xe0 [ 1591.935387] ? memcg_memory_event+0x40/0x40 [ 1591.935407] ? _raw_spin_unlock+0x2d/0x50 [ 1591.935429] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1591.942757] try_charge+0xfec/0x1570 [ 1591.942770] ? find_held_lock+0x35/0x130 [ 1591.942792] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1591.942819] ? kasan_check_read+0x11/0x20 [ 1591.951797] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1591.951815] mem_cgroup_try_charge+0x24d/0x5e0 [ 1591.951838] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1591.960718] __handle_mm_fault+0x1e26/0x3f20 [ 1591.960741] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1591.960755] ? find_held_lock+0x35/0x130 [ 1591.960771] ? handle_mm_fault+0x322/0xb30 [ 1591.960801] ? kasan_check_read+0x11/0x20 [ 1591.960821] handle_mm_fault+0x43f/0xb30 [ 1591.960844] __do_page_fault+0x5da/0xd60 [ 1591.974393] do_page_fault+0x71/0x581 [ 1591.974407] ? page_fault+0x8/0x30 [ 1591.974428] page_fault+0x1e/0x30 [ 1591.974439] RIP: 0033:0x40f98f [ 1591.974453] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 1591.974469] RSP: 002b:00007ffee6aa56c0 EFLAGS: 00010206 [ 1592.073796] RAX: 00007f3c7552e000 RBX: 0000000000020000 RCX: 0000000000457e7a [ 1592.073806] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1592.073814] RBP: 00007ffee6aa57a0 R08: ffffffffffffffff R09: 0000000000000000 [ 1592.073824] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffee6aa5880 [ 1592.073833] R13: 00007f3c7554e700 R14: 0000000000000003 R15: 000000000073c04c [ 1592.085213] memory: usage 307176kB, limit 307200kB, failcnt 20665 [ 1592.108162] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1592.116874] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1592.146780] Memory cgroup stats for /syz0: cache:0KB rss:96868KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96920KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1592.184937] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2297,uid=0 [ 1592.206490] Memory cgroup out of memory: Kill process 2297 (syz-executor.0) score 1106 or sacrifice child [ 1592.216934] Killed process 2326 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1592.253994] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1592.264579] CPU: 0 PID: 2300 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1592.271693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1592.281062] Call Trace: [ 1592.283652] dump_stack+0x172/0x1f0 [ 1592.287291] dump_header+0x10f/0xb6c [ 1592.291007] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1592.296094] ? ___ratelimit+0x60/0x595 [ 1592.299974] ? do_raw_spin_unlock+0x57/0x270 [ 1592.304370] oom_kill_process.cold+0x10/0x6f5 [ 1592.308854] ? task_will_free_mem+0x139/0x6e0 [ 1592.313338] out_of_memory+0x79a/0x1280 [ 1592.317303] ? oom_killer_disable+0x280/0x280 [ 1592.321784] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1592.326880] mem_cgroup_out_of_memory+0x99/0xe0 [ 1592.331544] ? memcg_memory_event+0x40/0x40 [ 1592.335855] ? _raw_spin_unlock+0x2d/0x50 [ 1592.340003] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1592.345126] try_charge+0xb4a/0x1570 [ 1592.348847] ? find_held_lock+0x35/0x130 [ 1592.352947] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1592.357812] ? kasan_check_read+0x11/0x20 [ 1592.361963] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1592.366803] mem_cgroup_try_charge+0x24d/0x5e0 [ 1592.371382] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1592.376297] wp_page_copy+0x408/0x1740 [ 1592.380171] ? find_held_lock+0x35/0x130 [ 1592.384222] ? pmd_pfn+0x1d0/0x1d0 [ 1592.387747] ? lock_downgrade+0x810/0x810 [ 1592.391880] ? swp_swapcount+0x540/0x540 [ 1592.395994] ? kasan_check_read+0x11/0x20 [ 1592.400197] ? do_raw_spin_unlock+0x57/0x270 [ 1592.404593] do_wp_page+0x2ed/0x1520 [ 1592.408292] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1592.412967] __handle_mm_fault+0x22db/0x3f20 [ 1592.417382] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1592.422209] ? find_held_lock+0x35/0x130 [ 1592.426256] ? handle_mm_fault+0x322/0xb30 [ 1592.430498] ? kasan_check_read+0x11/0x20 [ 1592.434667] handle_mm_fault+0x43f/0xb30 [ 1592.438724] __do_page_fault+0x5da/0xd60 [ 1592.442791] do_page_fault+0x71/0x581 [ 1592.446574] ? page_fault+0x8/0x30 [ 1592.450101] page_fault+0x1e/0x30 [ 1592.453550] RIP: 0033:0x404478 [ 1592.456766] Code: 85 02 00 00 80 3d 1f c0 64 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 0c c0 64 00 39 45 24 0f 84 e7 01 00 00 44 8b a5 80 00 00 00 73 d8 ff ff 48 2b 05 8c 3b 33 00 8b 75 00 49 89 d8 45 89 e1 4c [ 1592.475651] RSP: 002b:00007f3c7558fc90 EFLAGS: 00010246 [ 1592.480996] RAX: 00007f3c77591000 RBX: 0000000000001fc6 RCX: 0000000000457e29 [ 1592.488271] RDX: 000000000003ffff RSI: 0000000000000000 RDI: 0000000000000000 [ 1592.495533] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1592.502845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1592.510105] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1592.518690] memory: usage 306980kB, limit 307200kB, failcnt 20665 [ 1592.525473] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1592.532305] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1592.538458] Memory cgroup stats for /syz0: cache:0KB rss:96868KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96920KB inactive_file:0KB active_file:0KB unevictable:0KB 03:52:51 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{0x0}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:51 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, 0x0, &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:51 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0xb00) 03:52:51 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0xff600000}, 0x0) 03:52:51 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe7}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto(r0, &(0x7f0000000000)="d54ecaf3c29db19406ffeedfd0501fb88595d4cf4b3381fcc913739375b45e47ac0ccb2b877d3e516ee6fb81e43cfa584ac9ef173c28bdba17a94606286603bce6e39f1465e388a5d37c7a9c7d10ad5a14f82e018d585869fe5c81b859f3e1b7bc87dc34e2c5551210c7caca2669184dd359f71198f0696d710c7167901aba614e501c9329ed2e11b3992e06845f4b37fb7838e4b58ac5bb58c722a47e65bd97535a084d581197763224a12609514e2e1ee013422067d5bf93b8456a2f5c8b824bc684ac3be696b0", 0xc8, 0x40801, 0x0, 0x0) recvmmsg(r0, &(0x7f0000007800)=[{{0x0, 0x0, &(0x7f0000001800)=[{&(0x7f00000012c0)=""/199, 0xc7}], 0x1}}], 0x1, 0x0, 0x0) write$binfmt_elf64(r0, &(0x7f0000000300)=ANY=[], 0x173f) sendto$inet(r0, &(0x7f0000000980)="03", 0x1, 0x0, 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x0, 0x0) ioctl$VIDIOC_G_FREQUENCY(r1, 0xc02c5638, &(0x7f0000000200)={0x6, 0x5, 0x1ff}) 03:52:51 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0xc401, 0x0) ioctl$TUNGETVNETHDRSZ(r0, 0x800454d7, &(0x7f00000005c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1d, &(0x7f0000000240)={@mcast1}, &(0x7f0000000280)=0x14) r3 = openat$full(0xffffffffffffff9c, &(0x7f00000027c0)='/dev/full\x00', 0x200000, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, &(0x7f0000002800)=ANY=[], 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000600)={0x4, 0x1f, 0x20000000000, 0xffffffff, 0x1, 0xffffffffffffffc0, 0x7, 0x3, 0x2, 0x8}) socket$rds(0x15, 0x5, 0x0) r4 = dup(r1) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r4, 0x402c5342, &(0x7f00000004c0)={0x100000000000, 0x40000009, 0x9, {0x0, 0x989680}, 0x40, 0x7}) ioctl$SG_SCSI_RESET(r3, 0x2284, 0x0) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_GET_NODES(r4, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1200000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r5, 0x200, 0x70bd2c, 0x25dfdbfc}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sync_file_range(r2, 0xffffffff, 0x3, 0x0) ioctl$VIDIOC_S_AUDIO(0xffffffffffffffff, 0x40345622, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000640)='/dev/ptmx\x00', 0x0, 0x0) sendmsg$TIPC_NL_MON_SET(r6, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="0b0081000000000000000000000000"], 0x1}, 0x1, 0x0, 0x0, 0x4844}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) set_tid_address(&(0x7f0000000540)) ioctl$KVM_S390_VCPU_FAULT(r3, 0x4008ae52, &(0x7f0000000140)=0x2) ioctl$CAPI_NCCI_OPENCOUNT(r4, 0x80044326, &(0x7f00000002c0)=0x5) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) readv(r7, &(0x7f0000000940)=[{&(0x7f0000000680)=""/136}, {&(0x7f0000000740)=""/108}, {&(0x7f00000007c0)=""/193}, {&(0x7f00000008c0)=""/93}, {&(0x7f0000000300)=""/55}], 0x200000000000000f) sendmsg$nl_generic(r6, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbbf4, 0x0, 0xd}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0x8, 0x11, [@generic="e2ab"]}]}, 0x1c}}, 0x0) [ 1592.558668] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2297,uid=0 [ 1592.573255] Memory cgroup out of memory: Kill process 2297 (syz-executor.0) score 1106 or sacrifice child [ 1592.583116] Killed process 2297 (syz-executor.0) total-vm:72708kB, anon-rss:164kB, file-rss:35588kB, shmem-rss:0kB [ 1592.594771] oom_reaper: reaped process 2297 (syz-executor.0), now anon-rss:0kB, file-rss:34636kB, shmem-rss:0kB 03:52:51 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, 0x0, &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:51 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{0x0}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:52:51 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x400000000000}, 0x0) 03:52:51 executing program 4: gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = socket(0xa, 0x5, 0x0) sendmsg$rds(r0, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(0x0, 0x1000000000016) 03:52:51 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, 0x0, &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:51 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x60ffffffffff}, 0x0) [ 1592.991566] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1593.031460] CPU: 0 PID: 2346 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1593.038592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1593.047948] Call Trace: [ 1593.050548] dump_stack+0x172/0x1f0 [ 1593.054190] dump_header+0x10f/0xb6c [ 1593.057947] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1593.063062] ? ___ratelimit+0x60/0x595 [ 1593.066977] ? do_raw_spin_unlock+0x57/0x270 [ 1593.071402] oom_kill_process.cold+0x10/0x6f5 [ 1593.075945] ? task_will_free_mem+0x139/0x6e0 [ 1593.080469] out_of_memory+0x79a/0x1280 [ 1593.080506] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1593.080540] ? oom_killer_disable+0x280/0x280 [ 1593.080556] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1593.080584] mem_cgroup_out_of_memory+0x99/0xe0 [ 1593.080602] ? memcg_memory_event+0x40/0x40 [ 1593.080638] ? _raw_spin_unlock+0x2d/0x50 [ 1593.080654] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1593.080670] try_charge+0xfec/0x1570 [ 1593.080683] ? find_held_lock+0x35/0x130 [ 1593.080704] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1593.125313] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1593.125329] ? find_held_lock+0x35/0x130 [ 1593.125349] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1593.125379] memcg_kmem_charge_memcg+0x7c/0x130 [ 1593.125395] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1593.125417] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1593.125437] memcg_kmem_charge+0x13b/0x340 [ 1593.125456] __alloc_pages_nodemask+0x437/0x710 [ 1593.135123] ? find_held_lock+0x35/0x130 [ 1593.135143] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1593.135160] ? kasan_check_read+0x11/0x20 [ 1593.135179] ? lock_downgrade+0x810/0x810 [ 1593.135199] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 03:52:52 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0) [ 1593.135222] alloc_pages_current+0x107/0x210 [ 1593.135259] pte_alloc_one+0x1b/0x1a0 [ 1593.135290] __pte_alloc+0x20/0x310 [ 1593.162361] copy_page_range+0x1529/0x1f90 [ 1593.162378] ? mark_held_locks+0x100/0x100 [ 1593.162399] ? debug_smp_processor_id+0x1c/0x20 [ 1593.162438] ? copy_process.part.0+0x3121/0x79a0 [ 1593.162466] ? pmd_alloc+0x180/0x180 [ 1593.162482] ? vma_compute_subtree_gap+0x158/0x230 [ 1593.162500] ? validate_mm_rb+0xa3/0xc0 [ 1593.162519] ? __vma_link_rb+0x279/0x370 [ 1593.162562] copy_process.part.0+0x56aa/0x79a0 [ 1593.162611] ? __cleanup_sighand+0x70/0x70 [ 1593.171349] _do_fork+0x257/0xfe0 [ 1593.171373] ? fork_idle+0x1d0/0x1d0 [ 1593.171401] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1593.171417] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1593.171432] ? do_syscall_64+0x26/0x610 [ 1593.171446] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1593.171461] ? do_syscall_64+0x26/0x610 [ 1593.171481] __x64_sys_clone+0xbf/0x150 [ 1593.171508] do_syscall_64+0x103/0x610 [ 1593.180666] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1593.180679] RIP: 0033:0x457e29 [ 1593.180695] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1593.180704] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1593.180719] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1593.180729] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 03:52:52 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0xc84) [ 1593.180739] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1593.180749] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1593.180759] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1593.205874] memory: usage 307200kB, limit 307200kB, failcnt 20685 [ 1593.244222] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1593.244232] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1593.244239] Memory cgroup stats for /syz0: cache:0KB rss:96868KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97000KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1593.244334] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2345,uid=0 [ 1593.244382] Memory cgroup out of memory: Kill process 2345 (syz-executor.0) score 1106 or sacrifice child [ 1593.244456] Killed process 2353 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB 03:52:52 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x1, 0x0) mmap(&(0x7f0000013000/0x2000)=nil, 0x2000, 0xfffffffffffffffe, 0x133113, r2, 0x35) openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x2, 0x0) r3 = userfaultfd(0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000002000)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000001000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) socket$inet_smc(0x2b, 0x1, 0x0) recvfrom$unix(r1, &(0x7f0000000000)=""/123, 0x7b, 0x2002, &(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e21}, 0x6e) setsockopt$inet_mreqsrc(r2, 0x0, 0x2000000000000004, &(0x7f0000013ff4)={@remote}, 0x6) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0x8, &(0x7f0000000280)={@in6={{0xa, 0x2000, 0x0, @ipv4={[], [], @loopback}}}, 0x0, 0x0, 0x0, "15eb5a0d7690990bf6672ab83b5521efd7ab9c853969d34a4968a49773dfb95de75107aff0f0a4a26d249eb019598b726384d623d1761f6820034d8e11014d1dcf390116babd6b1921048a454abf2f11"}, 0xd8) close(r2) r4 = dup3(r0, r3, 0x0) write$FUSE_WRITE(r4, &(0x7f0000000140)={0x18, 0x0, 0x4, {0x9}}, 0x18) 03:52:52 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x740000000000}, 0x0) 03:52:52 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0) 03:52:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x400000, 0x0) ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f0000000140)) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$PPPIOCCONNECT(r1, 0x4004743a, &(0x7f0000000180)=0x2) prctl$PR_SET_TSC(0x1a, 0x1) getsockopt$inet_tcp_int(r2, 0x6, 0x1e, &(0x7f0000bfcffc), &(0x7f0000000080)=0x347) ioctl$SNDRV_TIMER_IOCTL_TREAD(r1, 0x40045402, &(0x7f00000001c0)=0x1) r3 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x20, 0xb00) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f00000000c0)={r0}) [ 1593.595133] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1593.622279] CPU: 1 PID: 2386 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1593.629392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1593.638757] Call Trace: [ 1593.641362] dump_stack+0x172/0x1f0 03:52:52 executing program 1: sysfs$2(0x2, 0x8974, &(0x7f0000000000)=""/88) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sysfs$2(0x2, 0x10000, 0x0) [ 1593.645011] dump_header+0x10f/0xb6c [ 1593.648739] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1593.653852] ? ___ratelimit+0x60/0x595 [ 1593.657752] ? do_raw_spin_unlock+0x57/0x270 [ 1593.662175] oom_kill_process.cold+0x10/0x6f5 [ 1593.666688] ? task_will_free_mem+0x139/0x6e0 [ 1593.671198] out_of_memory+0x79a/0x1280 [ 1593.675187] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1593.680305] ? oom_killer_disable+0x280/0x280 [ 1593.684803] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1593.689939] mem_cgroup_out_of_memory+0x99/0xe0 [ 1593.694626] ? memcg_memory_event+0x40/0x40 [ 1593.698968] ? _raw_spin_unlock+0x2d/0x50 [ 1593.703127] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1593.708253] try_charge+0xfec/0x1570 [ 1593.711975] ? find_held_lock+0x35/0x130 [ 1593.716053] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1593.720917] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1593.725769] ? find_held_lock+0x35/0x130 [ 1593.729840] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1593.734704] memcg_kmem_charge_memcg+0x7c/0x130 [ 1593.739378] ? memcg_kmem_put_cache+0xb0/0xb0 03:52:52 executing program 1: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0) syz_open_dev$sndseq(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0xfffffffffffffefb, &(0x7f00000004c0)=0x40000000000009) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r0, 0xc008551b, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000080000000000000000000010ac4720eda1ecbdfe61e6afba062a63c94cfe9a13774ab9dcac1564dee3ad852d"]) ioctl$BLKROGET(r0, 0x125e, &(0x7f0000000200)) setsockopt$inet6_tcp_buf(r1, 0x6, 0x1a, &(0x7f00000000c0)="64a531949c2100b97a64cd9f5a271308b3a6884c152136e87b219a8ff3937cada230628ae70a320badf9889c15bd973a69d785339c313b38d459c0316d652753930c1073949e799ad76104667d44442231db3a5a1c0f257ab0ebeb585e2ea2608f0778365f23cc448fd8a3c80dec9fba4328f007b1a59c8db60af8affd4d7ca12f6812406add35e7283a9d5d6686888ed893397f23123d3728025d94003e74bcd45538ca3d30c7d444948e96256243710241925629c88c878d1fd59758824b6ab3144367ef102754", 0xc8) getsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f00000001c0), &(0x7f0000000280)=0x4) bind$inet6(r1, &(0x7f0000000000), 0x1c) ioctl$VHOST_SET_VRING_KICK(r0, 0x3305, 0x0) [ 1593.743919] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1593.748795] memcg_kmem_charge+0x13b/0x340 [ 1593.753041] __alloc_pages_nodemask+0x437/0x710 [ 1593.757719] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1593.762740] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1593.762757] ? trace_hardirqs_on+0x67/0x230 [ 1593.762799] copy_process.part.0+0x3e0/0x79a0 [ 1593.762823] ? mark_held_locks+0x100/0x100 [ 1593.762855] ? debug_smp_processor_id+0x1c/0x20 [ 1593.785114] ? perf_trace_lock_acquire+0xf5/0x580 [ 1593.789970] ? __might_fault+0x12b/0x1e0 03:52:52 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0) [ 1593.789998] ? __cleanup_sighand+0x70/0x70 [ 1593.790031] ? lock_downgrade+0x810/0x810 [ 1593.790062] _do_fork+0x257/0xfe0 [ 1593.802502] ? fork_idle+0x1d0/0x1d0 [ 1593.802531] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1593.802547] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1593.802562] ? do_syscall_64+0x26/0x610 [ 1593.802577] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1593.802591] ? do_syscall_64+0x26/0x610 [ 1593.802612] __x64_sys_clone+0xbf/0x150 [ 1593.802631] do_syscall_64+0x103/0x610 [ 1593.802649] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1593.845592] RIP: 0033:0x457e29 [ 1593.848809] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1593.867717] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1593.875440] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1593.882769] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1593.889725] Restarting kernel threads ... 03:52:52 executing program 4: gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = socket(0xa, 0x5, 0x0) sendmsg$rds(r0, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(0x0, 0x1000000000016) [ 1593.890041] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1593.901538] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1593.906529] done. [ 1593.908807] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff 03:52:52 executing program 2 (fault-call:6 fault-nth:0): openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:52 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x7fffffffefff}, 0x0) 03:52:53 executing program 5: syz_emit_ethernet(0x36, &(0x7f0000007000)={@local, @empty, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}, @multicast1}, @tcp={{0x0, 0x0, 0x42424242, 0x42424242, 0x0, 0x0, 0x2}}}}}}, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) [ 1593.981079] Restarting kernel threads ... done. [ 1594.037700] memory: usage 307200kB, limit 307200kB, failcnt 20759 [ 1594.058689] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1594.067001] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1594.073524] Memory cgroup stats for /syz0: cache:0KB rss:97000KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:97016KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1594.098093] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=8239,uid=0 [ 1594.158284] Memory cgroup out of memory: Kill process 8239 (syz-executor.0) score 1103 or sacrifice child [ 1594.186910] Killed process 8239 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1594.198177] oom_reaper: reaped process 8239 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1594.221307] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1594.232795] CPU: 1 PID: 2386 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1594.239906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1594.249256] Call Trace: [ 1594.251865] dump_stack+0x172/0x1f0 [ 1594.255526] dump_header+0x10f/0xb6c [ 1594.259282] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1594.264383] ? ___ratelimit+0x60/0x595 [ 1594.268266] ? do_raw_spin_unlock+0x57/0x270 [ 1594.272696] oom_kill_process.cold+0x10/0x6f5 [ 1594.277205] ? task_will_free_mem+0x139/0x6e0 [ 1594.281711] out_of_memory+0x79a/0x1280 [ 1594.285673] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1594.290778] ? oom_killer_disable+0x280/0x280 [ 1594.295278] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1594.300385] mem_cgroup_out_of_memory+0x99/0xe0 [ 1594.305039] ? memcg_memory_event+0x40/0x40 [ 1594.309368] ? _raw_spin_unlock+0x2d/0x50 [ 1594.313558] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1594.318669] try_charge+0xfec/0x1570 [ 1594.322385] ? find_held_lock+0x35/0x130 [ 1594.326440] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1594.331297] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1594.336148] ? find_held_lock+0x35/0x130 [ 1594.340211] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1594.345066] memcg_kmem_charge_memcg+0x7c/0x130 [ 1594.349733] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1594.354233] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1594.359084] memcg_kmem_charge+0x13b/0x340 [ 1594.363323] __alloc_pages_nodemask+0x437/0x710 [ 1594.367985] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1594.373003] ? save_stack+0xa9/0xd0 [ 1594.376639] ? kmem_cache_alloc+0x11a/0x6f0 [ 1594.380954] ? anon_vma_fork+0x1ea/0x4a0 [ 1594.385002] ? copy_process.part.0+0x350f/0x79a0 [ 1594.389746] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1594.395285] alloc_pages_current+0x107/0x210 [ 1594.399722] get_zeroed_page+0x14/0x50 [ 1594.403634] __pud_alloc+0x3b/0x250 [ 1594.407261] pud_alloc+0xde/0x150 [ 1594.410717] copy_page_range+0x375/0x1f90 [ 1594.414883] ? mark_held_locks+0x100/0x100 [ 1594.419125] ? debug_smp_processor_id+0x1c/0x20 [ 1594.423805] ? perf_trace_lock_acquire+0xf5/0x580 [ 1594.428654] ? find_held_lock+0x35/0x130 [ 1594.432718] ? copy_process.part.0+0x3121/0x79a0 [ 1594.437484] ? copy_process.part.0+0x3121/0x79a0 [ 1594.442237] ? pmd_alloc+0x180/0x180 [ 1594.445946] ? vma_compute_subtree_gap+0x158/0x230 [ 1594.450884] ? validate_mm_rb+0xa3/0xc0 [ 1594.454884] ? __vma_link_rb+0x279/0x370 [ 1594.458981] copy_process.part.0+0x56aa/0x79a0 [ 1594.463577] ? __cleanup_sighand+0x70/0x70 [ 1594.467828] _do_fork+0x257/0xfe0 [ 1594.471287] ? fork_idle+0x1d0/0x1d0 [ 1594.475021] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1594.479829] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1594.484598] ? do_syscall_64+0x26/0x610 [ 1594.488573] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1594.493934] ? do_syscall_64+0x26/0x610 [ 1594.497928] __x64_sys_clone+0xbf/0x150 [ 1594.501918] do_syscall_64+0x103/0x610 [ 1594.505799] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1594.511011] RIP: 0033:0x457e29 [ 1594.514219] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1594.533123] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1594.540845] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1594.548118] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1594.555391] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1594.562685] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1594.569959] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1594.578670] memory: usage 307040kB, limit 307200kB, failcnt 20780 [ 1594.584990] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1594.591833] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1594.597986] Memory cgroup stats for /syz0: cache:0KB rss:96868KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96920KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1594.618185] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=8346,uid=0 [ 1594.632972] Memory cgroup out of memory: Kill process 8346 (syz-executor.0) score 1103 or sacrifice child [ 1594.642849] Killed process 8346 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1594.654754] oom_reaper: reaped process 8346 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1594.687784] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1594.699935] CPU: 1 PID: 2386 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1594.707039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1594.716372] Call Trace: [ 1594.718992] dump_stack+0x172/0x1f0 [ 1594.722635] dump_header+0x10f/0xb6c [ 1594.726341] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1594.731449] ? ___ratelimit+0x60/0x595 [ 1594.735366] ? do_raw_spin_unlock+0x57/0x270 [ 1594.739777] oom_kill_process.cold+0x10/0x6f5 [ 1594.744275] ? task_will_free_mem+0x139/0x6e0 [ 1594.748803] out_of_memory+0x79a/0x1280 [ 1594.752776] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1594.758362] ? oom_killer_disable+0x280/0x280 [ 1594.762865] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1594.767993] mem_cgroup_out_of_memory+0x99/0xe0 [ 1594.772667] ? memcg_memory_event+0x40/0x40 [ 1594.777005] ? _raw_spin_unlock+0x2d/0x50 [ 1594.781161] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1594.786270] try_charge+0xfec/0x1570 [ 1594.789997] ? find_held_lock+0x35/0x130 [ 1594.794070] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1594.794089] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1594.794105] ? find_held_lock+0x35/0x130 [ 1594.794124] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1594.794154] memcg_kmem_charge_memcg+0x7c/0x130 [ 1594.817356] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1594.821869] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1594.826728] memcg_kmem_charge+0x13b/0x340 [ 1594.830989] __alloc_pages_nodemask+0x437/0x710 [ 1594.835677] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1594.840706] ? save_stack+0x45/0xd0 [ 1594.844353] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1594.849489] ? __lock_acquire+0x53b/0x4700 [ 1594.853755] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1594.859294] alloc_pages_current+0x107/0x210 [ 1594.863705] pte_alloc_one+0x1b/0x1a0 [ 1594.867500] __pte_alloc+0x20/0x310 [ 1594.871141] copy_page_range+0x1529/0x1f90 [ 1594.875371] ? __lock_is_held+0xb6/0x140 [ 1594.879428] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1594.884494] ? pmd_alloc+0x180/0x180 [ 1594.888202] ? validate_mm_rb+0xa3/0xc0 [ 1594.892184] ? __vma_link_rb+0x279/0x370 [ 1594.896265] copy_process.part.0+0x56aa/0x79a0 [ 1594.900905] ? __cleanup_sighand+0x70/0x70 [ 1594.905171] _do_fork+0x257/0xfe0 [ 1594.908639] ? fork_idle+0x1d0/0x1d0 [ 1594.912411] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1594.917172] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1594.921969] ? do_syscall_64+0x26/0x610 [ 1594.925981] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1594.931335] ? do_syscall_64+0x26/0x610 [ 1594.935299] __x64_sys_clone+0xbf/0x150 [ 1594.939280] do_syscall_64+0x103/0x610 [ 1594.943180] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1594.948365] RIP: 0033:0x457e29 [ 1594.951545] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1594.970530] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1594.978234] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1594.985495] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1594.992759] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1595.000023] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1595.007287] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1595.015678] memory: usage 307028kB, limit 307200kB, failcnt 20818 [ 1595.021980] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1595.028729] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1595.034947] Memory cgroup stats for /syz0: cache:0KB rss:97000KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96884KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1595.055123] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2382,uid=0 [ 1595.069669] Memory cgroup out of memory: Kill process 2382 (syz-executor.0) score 1106 or sacrifice child 03:52:54 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0xf00) 03:52:54 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) dup2(r0, r1) 03:52:54 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:54 executing program 5: r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="480000000000000014010000030000000000000000000000", @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="9c00000000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[], @ANYBLOB="00000000d0254dd10000000000000006000000000000000048fc9ac99bd97a288f63660a2fa15d457769e6febddc2b7d141f557d70ee3353a4e60691ed3b1154a634e2a8fc9ec9087ec6f4bd4c"], 0x48}, 0x0) r1 = syz_open_dev$radio(&(0x7f00000004c0)='/dev/radio#\x00', 0x3, 0x2) write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f0000000680)={0xc, 0x8, 0xfa00, {&(0x7f0000000500)}}, 0x10) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000100)=""/115, 0x73}, {&(0x7f00000001c0)=""/15, 0xf}, {&(0x7f0000000200)=""/242, 0xf2}, {&(0x7f0000000300)=""/99, 0x63}, {&(0x7f0000001640)=""/4096, 0x1000}], 0x5, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ubi_ctrl\x00', 0x80, 0x0) ioctl$SNDRV_TIMER_IOCTL_START(r2, 0x54a0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r2, 0x80045301, &(0x7f0000000440)) ioctl$KDGKBMETA(r2, 0x4b62, &(0x7f0000000480)) 03:52:54 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x940000000000}, 0x0) 03:52:54 executing program 4: gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = socket(0xa, 0x5, 0x0) sendmsg$rds(r0, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(0x0, 0x1000000000016) [ 1595.079524] Killed process 2427 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1595.090876] oom_reaper: reaped process 2427 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:52:54 executing program 1: mkdir(&(0x7f0000000180)='./file0\x00', 0x43) r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/commit_pending_bools\x00', 0x1, 0x0) perf_event_open(0xffffffffffffffff, 0xffffffffffffffff, 0x10, r0, 0x1) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) syz_open_dev$dri(&(0x7f00000001c0)='/dev/dri/card#\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x1}, 0xfffffffffffffda0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_unix(&(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x1, &(0x7f0000000880)=ANY=[@ANYBLOB=',smackfstransmute=/dev/vhost-vsock\x00,dont_appraise,smackfsroot=/dev/autof']) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r2 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r2) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:fir=./file1\x00\x00\x00\x00\x00\x00\x00']) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x1fffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = add_key(&(0x7f00000002c0)='cifs.spnego\x00', &(0x7f00000003c0)={'syz', 0x1}, &(0x7f0000000400)="6c0b67e32a3d1cb64a4ca3b29b976d50ddf3dea91aba6a6f52a0cf9b047e9585f3f06236503ed4fad11559d245a9a2404c0c9ff11c90a3c252666752f5da2e3c45ceba5e91d893da80442762e83431103a69f3416895c7371f337184557fe2bad1ea30b37daf3d08494925", 0x6b, 0xfffffffffffffffa) keyctl$get_persistent(0x16, r1, r3) rmdir(&(0x7f0000000000)='./file0/file0\x00') ioctl$SNDRV_CTL_IOCTL_PCM_INFO(0xffffffffffffffff, 0xc1205531, &(0x7f0000000740)={0x7ff, 0x8, 0x0, 0x0, [], [], [], 0x1, 0x9, 0x0, 0xd4e1, "9acbda68b9e6eaf201883ed741b93e44"}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, 0x0) 03:52:54 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000008380)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1400000000000000000000000200000037000000"], 0x14}}], 0x1, 0x0) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x331, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x1, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:52:54 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) sendmsg(r1, &(0x7f00000015c0)={&(0x7f0000000140)=@pppol2tpv3in6={0x18, 0x1, {0x0, r1, 0x9, 0x3, 0x3, 0x0, {0xa, 0x4e22, 0x1, @rand_addr="b6c2f696f772cd518f87853cc3adc2a7", 0x8f0d}}}, 0x80, &(0x7f0000001380)=[{&(0x7f00000001c0)="92fbd685db49e0251abb8310c06a1259dc0b871e80ed33ff32f92f1d8c93522e263a0580539c544d8a03b05ea76e5a603994159dcc22cb3f86aa980770b4d64e3d76400d4daf4a173866191b28a12816915a643ceaa321b5e2c37a5e304e526ebfc3e6218a077f207760db2f7558bab1e61eab209ad1b672ed051bf1f0474162e9c66304be69323dbff12c7b3a5b26e56642e328e9164777661bd71455d57f80e3d9a72b91d8c510e08e1696bf397a86ed1b3b3787cb7b7b105802778d8f6e1d4d3d6198bea748d7251bfd98fafd7e778a2ba40a342e309bd57c284b25b9d633e3289bec9f1a50cc866ca892248dc3d764f5c3eb1277e3e847d435f1750fbe8a9b1eb8f8ddafbb60acd7c769213fa6190746c032b4f741aa34425c0d84e8aa020e8a83a975e752676ebfeea1572183375517d6d3e09c1e93bf93458d059c39dc3fe4b080a80ad38dda09d35e0d18c79ff3afefd976ea95c6947472cbedd3c031a7c9e53a13f69a81d411a910fa1cdd6d8d5257baa071a88b04abe3965d59b263c3e9dcd45754f0f5199946375b9a0256ee2e5cd65bb7d9397dd8731ce9ea3c9b5789128af4dc5b0666aaf2c0ec9d5ebb4d8a6aeea0d30b0b302729b2b879a8017ebdfaaee85e7818424d2a6db1b7a2dc8f3a66c36fbe117ce29a958100a9c8623517d01e7df565075765b741964b8dccbe175df0d58317fd40fad015b674b2e0d480c7e74999b9876795b2b64a05a26b1848bb440e2a049c01bc99b95ea04a8bb82c276ca6325170a704a4c9383d4dffcd6a9d39cc6c58d4f28c83378b5c854f15d2cd98c9779491601022cd134160e69ee69fd1eb9cf79df4de63a084d82c5a9bca34cb225610b08218853235ff2c9c3c2fe8652846f5cd7a032e35a44c4a04a793d2aa57f5be328eb40a8a05b8baebf8d886a8f6229377a0b2a0b6ec31e940cc2f3baa85a5cf12a097f39cbe1100cef6bcc5fc2d16923ecae109230e3f0c1d7f34abf4f620f3836b0b569f0b732b8e202add947f9fd1651e5d3f1ab5f21a8ca2f23e252da2fbd06d0e15cfdc268f2fa5193fb934c56ccb222e7a0c1716cb71a66542eec99b93f78b5691904e30fba0fc10b84eb2c514c9df690d3f46b823efa979e079eb56022ab7fe5593b7dc17d4b65c375b9bd7ce27eccf50c9830f70302768573d531c39df419b1ea7c54f34ea44d9bedf10ac60dc65950297ddd2ccfb0457df7d81a6fda374bc4784df2af134a15cfce9c2630045f2de26091ae0023b27c0d95e4d7bae648d69a485562784a01b7d66b34775887dc5d4420f273e94f9cfa8582fb3cab06d807311aecfb4d1dcefbc08b1941b6b63861262e16f7e42a798dbf6d8f3c898664f73f1033fecac9a6fd6ef4c659eabf72e4fa2b3f8bdd7ef77fcfe35e97094ebfe64959ab5b74908bafec899dc06dc79a8e12afeb919c2e7b8b7a3349690ccd37615ef66aa76d119fb1154e3c1d4a7c41eb509490af7327a5df6bfa1ad2bde561709d7bff7e995b32a103d5037fcd3e4c44c7f553d803f4dec867bb55100df258ca311e61411dc2e4884582dc16a1a7ad911b1d41b782f086b0cc00878c934c772174c4c9d7f3ee443c09beda88542fe600d76a6242ab6a961c8c8a31b13d3a74997a85e4668dfcfa6c5f9a5caa54fa1f010a12fe1dc779a72e8162f2adc07e88ee8a15651872533df6f7a44cbaa67a44ce3149586fb0e6ca723872b08a5cbee7b0b4598e09c1b7fd681411f1fe89613697da895508af0542d4281464124d139ab38daa76cb2a9cfc8fea5f5577de8349d9f1b81cc9ef71537f6a84e3fac197d109b7ee80fb9e8b8a37eb4d14b29cf96b48038fda5b793514ea7054a03b55713d0745414bd358652a43b8b3f407e90fcb456248cb2117537a668356bf333cd41f2d91b5c7bccb0e4662c40b07abdcb025306b028fde08282948a7221c85461a6d16aa2000517182b19235a73cd8d9313317f569305c16ee75e23398644abaffafdb5a12e823cff6c069824637be93ac07799602b6db7990638fd024dc20484903c0fb7667f15c6bc7331c826dc8ab86c7e917f7e281d832a8abfedfbebc94edb609468f4c0782fb0c8a40c498e08eabecca1156078e3d84240afdf8e9acd4d237c0e03ffbdd52b0cd193f5c8bcc9a2960dee4802e600ac7978202d58bf07eb69a7ae4dea359d7be7d140a83d69ab0fa08f727cee67526180939a57a79ae38f1e09a58478ea525103273df36be8aeac866372284dd19525fe4ea37075afd4698f6049f1d944fb1a30366e021271cfad75231dd8d5763db4699c0a60d74146914117436d5b9ecefa7e94e86e34f670197f5bdab4acf737917622d8c4079eabe4aa1d083f4e7c9a7498f79c747183188f74467d0bdeaec28aebf3824d75635a0fc7648980753c4ae6e18b912ac3b7dc7e5da2ede3d3dfae1e32c8333941f010522a83cbdd1cfd6602c6ea26ac96812ec7aee9d73a8d1e762191789148285c62b0345575005cc857b37e073a55aa33e96e3d331e3de5db346f9ef4e8c320a4c3b2307faf4499890c338ce9f365f90227ac374cbc43d4e6440a220b586bb0e234998bacd50b5d8a82d23801d5ba769031f6f99cb23bd402daa67e46a984348fb9e858bf3d1a94ff7b64edfcf398c8f29708062e7ccbbd783c105126dfbc41be8b4cbd11a106e88f5ef557e750dcab0010dd45c25040131232204825993372e94e83e9f3afee71e27e8a36b2ae1705862ea898004295f15ff1d21a012c0767a45059824d62da86ab5fa7f1173432c8322f5d63ce15b17e56bfcc7a6cfeb3f31818824fc744eee9eaf7da385622a707ce832483aada5ee3de6c4e61ea23acf1413128c5648a05bdca1de328299cf4c312972328ceb6a16e13615eeb7c0a8717aeb87aab4ceb84bcfba2f1e2cfbd0f9faa5d3030c1fe2e6cb60d36be4bd6ef51c251030dccb5b0034c15f5d3c617a2fab9ccf2662dc135834063c512e7e1635444dd547307a0b1f9a92de778123b7241fe3150f646073f0094abf4dd0e2a4c58d0dd01b0b47c66015bf323e292cf1d25ecce2bdc308e906d3af0de89f23ef7768f902fe6eb46c92b656436478619051c2196d4e65b1cfdc006087cd8d92323c7d9efbe09e2f21cdaec79220889033f793751c67d9f263850c45fc843fc780c740fc37175a63b70504c513d6163da32a9633198de297bf1e6217c6efd101b2a45b3b22d428ce929da7d530545fd5f943009d1a56f426f68b4805409d6aa7711581e215e88b14e2cddb8f942ea7ca6cd3ef42c151c9930be646b1ad4b91608feffb0fc87b4fc9f1b2bd3b9d321e4f86d70808affece40642ce796ea66d640e40fe5c6a0047db2e1efedaf3e2cd4c3d8b973eb31a889145868c2e18cbdb61d55b1705b062cfa68ba0c90cc838ded174234e7f7c154e6cf8514c4665152e3bfd80ff5a855ad7b13bec1bef0d28e05eacb588a78689cc98271acb050ce27cf10b4e95d609ef932475b0fc3b6bf579cc72eb165fe2f6ed85aeb09416fdcb49e74644fd05840fd81ea50ec7afbab7af94d8240c85ec0933c5e74e83836d9a63fa964c1cf7e71b8c8d17edd464abb320ab2720b0745b4b2e8422da88cc4f6e067205c639816353f3d21df614132746210bdd4044877b852d9d63cc839d8574aee82f9ae657767cdd61871aa95b46522adbbd0fcc83d580318e5a83f998211abe4591e9aea1a94f6477e9c40cec5c96d00a59d252968093cefe7c9c316039df5ed7d4543a4fb85f67731602812e1ffb9b987075067435e124ced4f757d6438783b4c0c5e6a08289e1031dfb9d623b38dc46ddf73acc4ceb8799e7be2d7eb52010c2c201fa65fcf9916d4a20c4f9ed85f4b8634c4cc62700359a647645a8304903a418cabcf36093aa69ecaf0b883adf5e18046c31cb30604066ae1348b78e43a9ee8c4eb39cb4d3f4798f12b4e7bab5217c00b36eb2ccce76a88ad7f4dce1848d43cfeef9a032642d21a1fcc602ee58f70ab17ffd8b48e0f3190a6dba74db6b429917514f08f9f02b680db419d4dae6d8891bd9fe18ef54a559526d3b26c94363450603c27fb1170c1bb834014c9d67181ddac2f37f471892d4df9d4461f63340481cb2f074f408441d2a5a552ba3235b05a512486765d5f897327a6e9c02d812a3976f2503fbe9ddc4ea00cb10aa656b7b21304570a06f6ee846ec740b09a99deb87dc54a5cd94c7b6b7e6992060826d4d4e593fae80858bd7f3d64eddc5c8e6c9147a51fd29f7a6c03b2d830ee00e1a77c8674a3909ae00a2bb39f5719d691b5b9904c6b72508127c53c90356e06ea256a414f63a26816c1c935a18c1c936a62ccb958978a15ff2ec5887135fd15a50ff2fe64ddb961feadbd13613c4ce37403d4faf84829b20ff9927d11c752b8bff1abe24d63c122cb613b79137866e3de16ed637d0e5337be2bd4626d2e7d9eaef8a65b6771ecadf9c2ef5400050bba4da1ee4134356d33aebb0cbf4b06ba7183f1e88613a6cf922a6a8eaadf7daa0520c8b9f8c69bfe3423680b1dbd6b4ef2db4d0b363f3fb832d783847e398ed2b69aafc64d0d2eec004e657ac52d9d1a2dab3f6bdd972d4389c934353e946d300be5a41a288a9f80de7f8a1d975056dd86061573f1bef87df4dc57ab89204c79564c3da3dae07ccc3eab11d9e589c30a97ab0f852d3d113a3ada2fa3b8048b876f03164579e7af233b8eeb63c58540547beef0a79185cb078d7fa56639e3044a9d5ff69caebdaad6f4189d68bddbe4ea42c5044aa807ab5e3db87adac7089aab8d5798b6971c18b0f07a545256c78f13b90bae12244ea9db3a9236d953a03b36c672dbf795f56a982f8013e2abc43efa9b2ae8b9de29f8b36c654f51d86688cd6eab1566fd86a335d258ab45c0482d1c178db27649da45814899c88eeed02a0f85272bad376e3a4138f48306c48303655438684be58501a0753d9c6f4f0b4cf04e322d0a8ae4d67dd7dbabd9da814e9f65cc40053ebf00ece067e2b1b47110846eb04f8c7641eeb70bd11af7b84a2af2c00dfe50b821fa73c31d2f7091364a5da476537d4a7799ea86a6359e0d4a1a83be33e7fbe974cfa77be8fe18c8b351ace2d880385cb1585a71f983584e7ac1153c34dc7d11424e35c6fe4440f804e5cb8bf88e9497038a0bdf657da77afc669195b2b1d9f60ace70c7b2339a03d2d4128e2bc8576abbc8cfca5967cf5a99ad40ebd675ca5c73bedc96dd4d2743e801226e9f0fd3a21643aac36607cc73afb9417d5056f7b46147c5f13384245948bf00fa2e7b25f3582d7d3f747e2afc0d5dc8ae8ddd8714a94ae83b0be3e716d99ebdb2f616b9802ae2355f203a4baa55b5ce74301ab32e21a47898325a56a9583b53b03e7638cbdaad35104863007f2fc0035fabbb85cba60a118e9f558931372cd18d6fd44b6de71e0ac22887e4ae2e407808d3d2211467cb13b3baeb64326a8a1679624e008689059e17060685792f80e7b3084c71e7452f5d26d9a51c789ae4175169e8a75d8e1e7cd0d8c829dabb1f8d668b7dbbd1a84db4e60f0925bc0683d5a4bbf83bc1953dfa0fb315f91f543740017ec359dd25c3563f7fcf91a25ed43aa0d2631487f75aa2e53435fb0328c243f762e9a7eb5d6471534e40ded50e5b36991606ee13cd1248305595eaebd85c780ca8409f64ad23681f764dc1db2734143b7a85737c8f417a785eee9fab55c429e89bbfe4d378ee5eaa9e8212a23313146999a71839c16776c133782aaed67452d172b4c003016be5ded8d741d0992f453a8b4", 0x1000}, {&(0x7f0000000000)="5e7331611962a1c44ac7119f5bbc9c06f8783385e87d6effb2e9eaa25ee6d15fad592ff6f94b5f58109ffd2b9678cbf8765e60609c7cb0689a3ff97f284c2c3c", 0x40}, {&(0x7f00000011c0)="e41c15d56a38da4255fcaa0d94801d19a005969502518b3f3ca08c8236b92d46b1b9d167fc68a32098ca7e1a0814ca9e2fddbeebc70f11a2881a7100b3580354fc2c80e0c6374007f7d4f7466c63d119129853e0fe8f44e4c760770bb656943d6d0f5bbcb4b9ff0f95af00ce8e24dea0a73ffa9cdcffaeaa3d50fbb5b3d6cfdc17735a85b88781feab144e1e72b5be847b5862277bc7822b8f87f520b1723b1b4a26af5c25b749074c0915b79818758ba555", 0xb2}, {&(0x7f0000001280)="dd76e714c98b828308eab5a4d03d34f3e51cdd308026d8c3eee223ef9f8bcf3ab025f6730af3bf4b294d6b372aa322ca5b992deb4e90", 0x36}, {&(0x7f00000012c0)="36dd549b64e1e20d4ca2e58f233576ccc863e691a36eac69d039b43885068cde78aca73db029473851b1409ab2887e742d40a11f4f787a09d1197d5fb1d2fee8f468f468fcf80f9dd0394579d2e6aa62f63bff983451e4d58a41275039e553a92b70ee4df40a8f08ad57a58249d0275430dfa59536ff92f665ad9ba21d929092a4f42d006a1c25f1144acf186b1a226dc4dad206d1efdf51ffc59673eecd11e93ac6d8118d80", 0xa6}], 0x5, &(0x7f0000001400)=[{0xf0, 0x109, 0x1f, "0895b3a007f95a2a06abf7f8876fff5713ff42d921da68baeb5289bd9c7be404043a9bfd5e416c1ec0d554ba89e11a81eeefa73429d48587b8eecdda956711d89a402b7c4eafb172572b4d3113f7535954c654fca233c85cd22ddf63134a15d6455148273a63cd3290544c3529b5f05baead00a1bd78ee4366c5640010d9c609de74730f49f10dfc36b881f7a8b2281f8d4e2b63f37478643010805817eb6140c75408af9bfcd0bd45cb5d09c256d87b489deb23cf096a737c7645165b0f8d04225f426a4a02544f8fde51456ed1e43c2a38511e36a14d2724544b"}, {0x60, 0x199, 0x7, "33742eec0cf3b790f298fef1f488e00874a125143d36f359f254b7b30329621d23c9306536f6aa1bbc0624f884ce5ad136bc018c35f57e5b14c7b942e8b78969897976685d43badea0e0394aa8"}, {0x40, 0x129, 0x93ff, "33d4e8d3a62ba38b5e11bf74001508aea8dd37a792099d894c5e1d02b67a7e9e03ee3cde146b4655ee"}], 0x190}, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='pipefs\x00', 0x0, 0x0) syz_open_dev$vcsn(&(0x7f0000001600)='/dev/vcs#\x00', 0x5, 0x80) 03:52:54 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x30710000000000}, 0x0) 03:52:54 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f0000000140)={0x6, 0x0, [{0x8000000a, 0x2, 0x6, 0x5, 0xa496}, {0x80000000, 0x80000001, 0x6, 0x8, 0x5}, {0xc000000d, 0xffffffff, 0x0, 0x200, 0x100000001}, {0x8000000d, 0x0, 0x81, 0x69f8, 0x3f75}, {0x40000007, 0x7ff, 0x0, 0x9d, 0x1}, {0x0, 0x2422, 0x1e, 0x9}]}) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1595.374019] overlayfs: missing 'workdir' [ 1595.396007] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1595.475803] CPU: 1 PID: 2449 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1595.482933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1595.492291] Call Trace: [ 1595.494889] dump_stack+0x172/0x1f0 [ 1595.498548] dump_header+0x10f/0xb6c [ 1595.502274] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1595.507389] ? ___ratelimit+0x60/0x595 [ 1595.511290] ? do_raw_spin_unlock+0x57/0x270 [ 1595.515709] oom_kill_process.cold+0x10/0x6f5 [ 1595.520222] ? task_will_free_mem+0x139/0x6e0 [ 1595.524738] out_of_memory+0x79a/0x1280 [ 1595.528734] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1595.533853] ? oom_killer_disable+0x280/0x280 [ 1595.538367] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1595.543506] mem_cgroup_out_of_memory+0x99/0xe0 [ 1595.548188] ? memcg_memory_event+0x40/0x40 [ 1595.552534] ? _raw_spin_unlock+0x2d/0x50 [ 1595.556686] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1595.561799] try_charge+0xfec/0x1570 [ 1595.565525] ? find_held_lock+0x35/0x130 [ 1595.569616] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 03:52:54 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x0, 0x0) fcntl$setpipe(r0, 0x407, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000000)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1595.574483] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1595.579333] ? find_held_lock+0x35/0x130 [ 1595.583408] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1595.588286] memcg_kmem_charge_memcg+0x7c/0x130 [ 1595.592967] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1595.597476] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1595.602342] memcg_kmem_charge+0x13b/0x340 [ 1595.606589] __alloc_pages_nodemask+0x437/0x710 [ 1595.611270] ? debug_smp_processor_id+0x1c/0x20 [ 1595.615951] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1595.620984] ? copy_page_range+0x125a/0x1f90 [ 1595.625404] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1595.630963] alloc_pages_current+0x107/0x210 [ 1595.635389] pte_alloc_one+0x1b/0x1a0 [ 1595.639204] __pte_alloc+0x20/0x310 [ 1595.642847] copy_page_range+0x1529/0x1f90 [ 1595.647096] ? mark_held_locks+0x100/0x100 [ 1595.651370] ? pmd_alloc+0x180/0x180 [ 1595.655101] ? __rb_insert_augmented+0x231/0xdf0 [ 1595.659870] ? validate_mm_rb+0xa3/0xc0 [ 1595.663870] ? __vma_link_rb+0x279/0x370 [ 1595.667955] copy_process.part.0+0x56aa/0x79a0 [ 1595.672579] ? __cleanup_sighand+0x70/0x70 [ 1595.676850] _do_fork+0x257/0xfe0 [ 1595.680324] ? fork_idle+0x1d0/0x1d0 [ 1595.684058] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1595.688823] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1595.693668] ? do_syscall_64+0x26/0x610 [ 1595.697646] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1595.703019] ? do_syscall_64+0x26/0x610 [ 1595.707009] __x64_sys_clone+0xbf/0x150 [ 1595.711001] do_syscall_64+0x103/0x610 [ 1595.714916] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1595.720115] RIP: 0033:0x457e29 [ 1595.723316] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1595.742307] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1595.750024] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1595.757301] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1595.764573] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1595.771852] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1595.779126] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1595.790721] memory: usage 307200kB, limit 307200kB, failcnt 20850 [ 1595.806411] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1595.832814] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1595.861057] overlayfs: missing 'workdir' [ 1595.865710] Memory cgroup stats for /syz0: cache:0KB rss:96860KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96920KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1595.916239] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2448,uid=0 [ 1595.936349] Memory cgroup out of memory: Kill process 2448 (syz-executor.0) score 1106 or sacrifice child [ 1595.948679] Killed process 2451 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB 03:52:55 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x1100) 03:52:55 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0xa0500000000000}, 0x0) 03:52:55 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) getsockname$netrom(r0, &(0x7f0000000140)={{0x3, @rose}, [@null, @netrom, @rose, @null, @bcast, @remote, @remote, @null]}, &(0x7f00000000c0)=0x48) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:55 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") r1 = socket$inet6(0xa, 0x3, 0x84) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0xc100) write$binfmt_aout(r1, &(0x7f0000000b00)=ANY=[@ANYBLOB="00000000000000000000000000000000170000003b12553050229a7814d31567"], 0xfe10) 03:52:55 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x0) 03:52:55 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_dev$vbi(&(0x7f0000000200)='/dev/vbi#\x00', 0x2, 0x2) setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f0000000140)=@netrom={'nr', 0x0}, 0x10) r2 = socket$packet(0x11, 0x100000000000003, 0x300) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000006ffc)=0x200, 0xfe61) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x10001, 0x0) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000280)={0x6, 0x0, [{0x690, 0x0, 0x9}, {0x296, 0x0, 0x3}, {0xa7b, 0x0, 0xfffffffffffffffd}, {0xbff, 0x0, 0xffffffff00000000}, {0x947, 0x0, 0x5}, {0xb7f, 0x0, 0x4}]}) bind$packet(r2, &(0x7f0000000640)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) name_to_handle_at(r4, &(0x7f00000000c0)='./file0\x00', &(0x7f0000001980)={0x100e, 0x100, "b8b53852471d7ec9b563c16ec7e4f625e069eb93ecf798ea5b35813571f645f734ef1f03006d5bae6073c25d1355522fd876725876e38b6f8b698768069657b14bc54b26cb49856180551b6d08afda1afd279cfba32373bced973ee5c68a75941d92be2e1b1a61f32c7c9052b2382448a68dbef6eb58f5a23cebc250bce0cba53d374398e08532691b7138677eec509db7307723f56c10ee877c162b9b3a7e2ad63fb99d54b549dd871693ab883d91dcb76b029c9d29f5a92859f45c4612b4d4d5edb3e68c11e923b30c51ed6c97672d195197dd36d362609fbf81921f8a3341f10db87207978e625980458c8a4630a1290e0a8f4e4cb9447d4a08f63c619e61ba58c6c6f418869d80d773ed51ca042fd7ae33cda709a7667e734e4ae2d054b734d1a078eca6aa44918bb96639b8207188e864aad23460dbc6331ae996d67878bdfbc1b8cb2a1a9aba725b3b556a8301922b7df709a287de9e9da186b8281f39129a333c016d46def10c48786d22edfcd5cc71f9725741dc2341b38d87e26f05fa3ef23dca9599717e3a1563bc354d59eec306a7db67c23ae143c8a65a66fff4537aada1626e05ee2a81d0bafcc1884f09d169cbe5515013796191bb3aeca49b0c58c947130610f3670485727165673245c321078b72177b10ee1da594a07a1029b81a9f5bfcc71fac1d3f952c5020a3001ff83f848a458822f79c70da13b7a5030b617fea5f03fa66e538a5d05468ee05ee18a470bce569ccefe064ff1655d6225f13bb3f9fd0848d2e8dba9b94b1d8d81f9047118451b3ca5d2ddf43cd4ae927175b5ffb419db963e574431c9ba2e11ceb77457afc391d7df50f0f0111c83bb7cb7dc414886c3d415f0b696aaf4effa3fd2e20339957a1147242b96eb21a21ecf4cf7167ce05a14fe59ec6e2da12487b6c966821550524da06a31bf914e7991e39ead1f161c9428ffdb1d1553580fd1bef7550c5d62bf285686796447155a6e1c80084e646447c8f09b343f45e344b29ca4fb59f08a94ddf295542523c0aa569885b028dbedb33ec48569c92e43e3141a1db100b6ceb4f9cc248dad0ab7af7e2babc4cf5cd68cd9fb5a225ae6bf06e1105a8fea9df092b545b417eb885283ddcb9d5a5b55adf98751ddc4dfb66446f28ba3d4a8fa1ff70440fc1ac45ced6a3e5919197de9fe7aa3310eab725746e74f831a6a9acb4851a046bdcb1a5bbfc5d39e3b16b5d0199b9f5f1e361d90641a0eaea9825cebceeeab190aaee39be6783d144761ac6dedde82ccdd87b728f23a20a509ea2a6c7a9cbd569ce349c5a52d0443c2561933cefc0973642f9857d157ac49c30f473783f67df31836afa746e92984f2b77bd0bb41cffcee1d4b9316d2a7353c172dc282267bd43963a2663632e891b08194b387a2887f48c11779f95f9687030376a4ff8bd76b5efb10392d891acee423e7e115a16d16d7c449b58fb83c84c86a29e45e0e12e3071dd115206fcc6da4cbb05b9d3701fb76d00fec06017ccd5f08793c371ee76766d274359994756c1ac8e83a4edfc6572d6c2ddd01622242809a1d080c4cbdc19718059b09109afafecff3c11ad050da9024b52872228436a66a8d555e2772fdd6400fda6d7c59f417c183e4b4683eb973fa2618b879f1791a84659ad1b49bc794ab965af99e343810cb149adebd03f3c6fbbbb829f5ecc596cb5a646430a4db8cd454261457ce0b681c7eb9bed1a482d9af6fbe32606b1c693aca114741290c66f5f1015adc98e41874f87d353591f43c42840e1c9724d5c09781538abdf9b20842a6e505d552f2a0f86265f38b43253412198339188ba288644e6838ff481223e0814aa04e07f3804c1b6f1ffdd4bc8d16ce9e2c270ebe174653b469d2fc61690ebc4af07b39a851b1fefefc521f65b004d1ef300c239dd2f56552ca7b70e0253650533a65e6ed75e7499775d55917f2ac5e38bf2c7bf43f52e2fbb4a2b762858597112da034741bbc9322e4a86bb20f73c7c08dcdf8385225149bc9e051e3d483579c50f868bd9eb9014598e7cd034f96a2786c2c5b83011d390b831717c600f5b4e695e85788efb52a6cd9d76526c26e0a1f7864e5d99071f494ceea3b7dd672f026bca681272d9d5ac81cc455606e1363eeefdd99666bcfadfaa765daabde56bf0eaad9edc1c90a6d36709ef1cc08217665e10f48c712394039ad89b71ba3e9380b955162844ac99fc13c9c603ae600dbdf2241c73300d3bad940b4a80b3811c9bc99f75274bcf2fdb243fd88fa7279793bf84e82d9126936a9c17b07677288f32e82ebd53a65140d276604977cbeb1cfacd94fa26a11721c80bc46c20f83020068136b71106c3e45e1344830add15f49fe9ea9c4a857c810f0951f8647247f710c7c029c64978d68f8c3a719e092fc7e8f6872f515aa04a1b8e4f8f639539f5dcafa92ab1cb2cf1180afd555ec1893b005f50cfe8c9d98f4f240b5d2f24b37b7f4f27b1eea15db52dce44e7e3a65eb85cc143c06ea7e18d804ed0964433448206b658f530c35957c9ae71f75fe8890761e60fd7c4ab9f60e0e4bfcac69bd2b42ee2bc091e3fb1a9c495505a635c552badc92e67a6eeb30ca912c092544436b09491467e3bb6f4367c8e5e7e98dcbdfa31d4757f1048cff99e2b819407bab7adbdf2f8391a80d3482b9e2e9f6b9ffe6d75b677233f75e559547c7a41c8b0cfacd2eccc7146ee72840aabce3457026d965c4d1f667e2796afa80d1af71d90f934e38fae0b92a686ca9f0209133142a29d4d3d6f7838c89cdddcc23298e07568a3605f53dcc1d085662da781174fa78a672597fad5a1da2486622be5019c9f7d526e2fa9d68b09c1160b5701eae1b44704c53bed2dcf2ce9932ef2deca72bd92eeccb54fc091a2a04bb40710954e74451712bee8ca7290d2b5a6330df66fede3dcad2e83862931d27f01d86a0e285fa2f2fe7bd05fc0fca7e0ab2f60b86dd5362bd82e9673beadd0ea4a97109a29bb01308f3f08a428f99c5f26663bfd5ab46d64cd99dd659cd1cae65ffc3c752178de4bb1f9cbf5897ec888e2043a9f59a9327f26cacd9f67eb0ee26d1e427def29bd8d9ff70840a1532a1f1916f64ee8d91f0860fcc246b14d5771d3e7e5a99f45288cf46777dc9db939f167b7b3808b59d1d5857bfbc21e89096f533c0ca963cb916271f5597a7dd8f24e72f214a10f7fc891e95b4e0cdb64be829aa7aef0dfb1931c3c58cbf45c078bd0205d4f655d29ac58cb8565b3764702791f69647cd4a1847ae553e5a01b31edbcda0497742a886921c7bce89a969f82eac0a4886bb8f828e43cfefd6c4f03c021a40d369933dbdb2241252cbf011eb1d4aff016435fcb8d92ec1bef041aa03b51381a2d54ce6d3e07e7e83538678251660e975d9ae5e4bcce4add70a1103b32abca1fc70311f32c0c2e6e03e9343b278c1e335e9dfcafd5e0495532738e1bf8b8f42db097c126d9521fe57544f69689a6ae77958e2ba6d351ddd67cd38f8047f59d547cec6456f3e57eeca0925d7001658f95561e208ac7468bfd9f3a3803e35eebcd7dd5593378644e3e679f68ef5dfdf940276ba47d1625de08c1cc347213678fb49fcc80d8e676acea635e9ae2d22bd3297081a700c6f9953afd9d7c1324df3c510145f13c45e5d93930a671a0981b635b1be61cb5f08fb8c1928a74ba25e516a6a5250b354b9613e6d489761019cb78a5f8184e7ae0a05e2e52fcebeab1e0c78dba8801f2ba5a483bdc80a7bbecf05849af7cc8138451c5cfb3a7c83a38f7991b8ecc88c9c16afdce639ad2e2bb3483352eef63b4e52b88ffcec3e5db1cd3bb7eeccc7332daad0fdfc8f1215f05424f04c7da53c2576891278a9e3e93f6b00cea74ef42980aa1eaba3b18a45967a7f2daca9e6542a1a5df4ae12a1025f8e469c935b0c85309ee11589d062647e6507c2e4b6dfe17c1175b577e08f3920f7614ef8e0f45c3867722a14f731a8ce3e74f755e3e11a964dbde23c60018d4d339e286aafcdb78d54c7591fd1c278582781b48fa6511839fb6db33b3ad7f64ef0a0d77fd2b66e546d9ea06ce6eee333dbf8cc49684d79f5287eedfda319001e03928c80a5541fad3ac26c3e2c943ee63d0492c098f29866c9fae2ddcf7b29477c6f4efbeda0432344b0eae6a4a464b25f89c218746c5b0aefd68fa3ab39d92035f41b9ce61cb3fd62751b5becfe297b0cbc3d2c24b9700c4c7c9fee3e3915cb03e5d7d58964791c93e51c75ff22190f905486a845ad4fe67557e5b5b4c53d70532c7b9dddb91924fd013e233166537b21717c86731609e33524344cc2c211effda7e2dc50c94d769e0fdd19b749f7d38bdeda97db9b61915634d9e74def36281813bcb62c394048ee3c77fb52471193963cf39a5ca86a2bf614a14cb36200ae36e45991e549989e7edf542d21c9ddc62e94a34e3a1a87c0a25e1acd303e0029acd742b91175dbe16fe72523d7514632cb3639949b25508f369e723605fdd68cda0224b71fbcb6f6b46d9ded44e984aafdb220fd5da8ff5c1ec0da038df056c303b9e4246927c1047c2e33d84b1c3b75e7c0439d11ddcace03555a4b1aaba947877587e5ac33e515b0c02a67f8b9f7d4c09880df921a9cce28f0e056e282c59889221d6360d2396686423e2f62e2f0e0b8867f5a9419077bdd7cfe2a619f2820b6e950394da633b4c42320b36ed8b27604fde460718cfeb40fb08886fda08952d45a76299c052c0baff1d88b619385b09745b0669c70536aa6e2da9aac5496afea32d04e96d1d9090d0bae71af17d065b609d91071c6b5aa14244734bc6afad5277d8d94429652ef32cc6301fee8fc4e9e942d36aa3c0c199f42139535549e79c0f3a0e95242b2b5468fae44087e460e0e9e81cb0827e6b2647798c8c53b28755bd531f3a3bbfd6ceacf3dc0e2712422cbd0035c61e31ce9836a1be6e15b2a4f187440f8e1317b05806f8386df5981e65c1a3620e8449aaf10a3adf9d3120164440f846e7fe53de18f13e784fb574525124b4a81dfcbed293d05f5d9593c1336e4c4236577480669e0e8c8eb189b1a24dce40584f2bdb2802164116efc74a3c65bdcc37dc4faa992992c2687a906a019b75af2cbc6ebfb915395b79d409f03d8dd12d38e2fb595406bd5161c00ffdfc81156b9536490c51e3d31186143c0f7de0d98d629d9bf4d53b9e13e0e8ea43e86a40205693fa427a9140cb3a0e1350114525b5a596ffa84fa56174d75dc46f834b6b48dfd81cc6ea8c9e7cc51b6092c8ce26820771490b66581b894ca92a3015709ff136c1e2b8cafbb058c6e0ee29ad0fa1e9914c24dc48cc0a89df348278df5854208dc2e41b0b193f2a59974a5d65be870d145edaf3b5f0cae90e2d367ccff26650ce2177f315cb269177575421a48df066fb3b990c0594770ee30f594b1faf738514533421609bf4b33e386b1d291aa64d9a1c8d7d373505bcc0a18e459645eecac658861b8d2838973191a7eaf294bc4ce639e004281e381b51a70418fbc5f5c6d6797273172bd69ff87bb291086a1718006f9985589315df4b749f6370cdbf1f947b6d8734d0442783bbf080702d12a3ba17e5bbfc7aaec98153476e5985a02c1f6c9b3552bdd30a1e9ca72f6d267970324df6ac57bb468697b79966ed286bb78a23dda4aca89d8fd41258d7838c4979365f2711acf7c2e078b46fb31397517453340ce5753cee43dc357e6a14ef9262b6b1ed106f7414246ae17cab3e4ea7a4bd97dd451afc6a577562e0bed18c45868b0ae14dc2c2be03a09e6a960000000000"}, &(0x7f0000000080), 0x0) sendto$inet6(r2, &(0x7f00000008c0)="050300000200000000000000c52cf7c21975e697b02f08066b2b2ff0dac8897c6b11876d886b6621d8d217ccd51cc5471d130a6632a88161a6fd8f24286a07d057c3be255b33142fdd95208f", 0x4c, 0x0, 0x0, 0x0) 03:52:55 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) openat$vimc0(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video0\x00', 0x2, 0x0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000002c0)={{{@in=@empty, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in=@initdev}}, &(0x7f0000000280)=0xe8) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000240)={'vcan0\x00', r2}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f00000003c0)={0x795, 0x2, 'client1\x00', 0xffffffff80000005, "9628ea96c4344bc7", "096596880d2bb1a179e1862987d3c05906fc31ae2e7e82e0083597b017310f7b", 0x7fffffff, 0x80000000}) openat$capi20(0xffffffffffffff9c, &(0x7f0000000140)='/dev/capi20\x00', 0x200, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:55 executing program 5: clone(0x4000002102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = request_key(&(0x7f000000aff5)='asymmetric\x00', &(0x7f0000001ffb)={'\x00\x00\x14', 0xffffffffffffffff, 0x4c00000000006800}, &(0x7f0000001fee)='R\trist\xe3cusgrVid:De', 0x0) request_key(&(0x7f0000000000)='rxrpc\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='%mime_typeselinuxvmnet1cpuset,/\xd6eth0eth0#\x00', r0) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20\x00', 0x0, 0x0) ioctl$CAPI_GET_FLAGS(r1, 0x80044323, &(0x7f0000000100)) ioctl$sock_bt_bnep_BNEPCONNDEL(r1, 0x400442c9, &(0x7f0000000140)={0x6, @broadcast}) 03:52:55 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0xa0700000000000}, 0x0) 03:52:55 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$P9_RREAD(r1, &(0x7f00000000c0)={0x2e, 0x75, 0x1, {0x23, "cc7126c0f04683215af99b1cdfc9a537ac2da6d31a76d40fd2a17e7e4841a8ce2fac3a"}}, 0x2e) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1596.230963] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1596.248458] CPU: 1 PID: 2511 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1596.255575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1596.264936] Call Trace: [ 1596.267542] dump_stack+0x172/0x1f0 [ 1596.271190] dump_header+0x10f/0xb6c [ 1596.274928] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 03:52:55 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$VIDIOC_S_DV_TIMINGS(r1, 0xc0845657, &(0x7f0000000140)={0x0, @reserved}) clone(0x40000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1596.280042] ? ___ratelimit+0x60/0x595 [ 1596.283955] ? do_raw_spin_unlock+0x57/0x270 [ 1596.288392] oom_kill_process.cold+0x10/0x6f5 [ 1596.292923] ? task_will_free_mem+0x139/0x6e0 [ 1596.297456] out_of_memory+0x79a/0x1280 [ 1596.301456] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1596.306571] ? oom_killer_disable+0x280/0x280 [ 1596.311078] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1596.316210] mem_cgroup_out_of_memory+0x99/0xe0 [ 1596.320918] ? memcg_memory_event+0x40/0x40 [ 1596.325255] ? _raw_spin_unlock+0x2d/0x50 [ 1596.329433] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1596.334558] try_charge+0xfec/0x1570 [ 1596.338294] ? find_held_lock+0x35/0x130 [ 1596.342369] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1596.347246] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1596.352098] ? find_held_lock+0x35/0x130 [ 1596.356171] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1596.361053] memcg_kmem_charge_memcg+0x7c/0x130 [ 1596.365728] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1596.370254] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1596.375108] memcg_kmem_charge+0x13b/0x340 [ 1596.379354] __alloc_pages_nodemask+0x437/0x710 [ 1596.384048] ? debug_smp_processor_id+0x1c/0x20 [ 1596.388728] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1596.388951] IPVS: ftp: loaded support on port[0] = 21 [ 1596.393753] ? copy_page_range+0x125a/0x1f90 [ 1596.393773] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1596.393796] alloc_pages_current+0x107/0x210 [ 1596.393818] pte_alloc_one+0x1b/0x1a0 [ 1596.393836] __pte_alloc+0x20/0x310 [ 1596.393856] copy_page_range+0x1529/0x1f90 [ 1596.393871] ? mark_held_locks+0x100/0x100 [ 1596.413446] ? pmd_alloc+0x180/0x180 [ 1596.432948] ? __rb_insert_augmented+0x231/0xdf0 [ 1596.437704] ? validate_mm_rb+0xa3/0xc0 [ 1596.441683] ? __vma_link_rb+0x279/0x370 [ 1596.445752] copy_process.part.0+0x56aa/0x79a0 [ 1596.450384] ? __cleanup_sighand+0x70/0x70 [ 1596.454644] _do_fork+0x257/0xfe0 [ 1596.458104] ? fork_idle+0x1d0/0x1d0 [ 1596.461829] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1596.466583] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1596.471340] ? do_syscall_64+0x26/0x610 [ 1596.475331] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1596.480697] ? do_syscall_64+0x26/0x610 [ 1596.484678] __x64_sys_clone+0xbf/0x150 [ 1596.488659] do_syscall_64+0x103/0x610 [ 1596.492573] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1596.497759] RIP: 0033:0x457e29 [ 1596.500954] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1596.519848] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:52:55 executing program 1: r0 = accept$ax25(0xffffffffffffffff, 0x0, &(0x7f0000000040)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = syz_open_dev$dri(&(0x7f0000000080)='/dev/dri/card#\x00', 0x1ff, 0x40) poll(&(0x7f00000000c0)=[{r0, 0x8438}, {r1, 0x1}, {r2, 0x8000}], 0x3, 0x2) r3 = socket$inet(0x10, 0x3, 0xc) sendmsg(r3, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000000300)="2400000002031f001cfffd946fa2830020200a000900010001e700000000a3a20404ff7e", 0x24}], 0x1000000000000116}, 0x0) sendmsg(r3, &(0x7f0000000000)={0x0, 0x34a, &(0x7f0000004000)=[{&(0x7f0000000640)="2400000001031f001cfffd946fa2830020200a000900010002e700000000a3a20404ff7e", 0x24}], 0x2ff}, 0x0) [ 1596.527573] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1596.534843] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1596.542118] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1596.549420] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1596.556684] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1596.578969] memory: usage 307200kB, limit 307200kB, failcnt 20870 [ 1596.586969] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1596.594992] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1596.604151] Memory cgroup stats for /syz0: cache:0KB rss:96860KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96936KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1596.650696] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1596.664437] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1596.673606] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=8370,uid=0 [ 1596.734344] Memory cgroup out of memory: Kill process 8370 (syz-executor.0) score 1103 or sacrifice child [ 1596.745260] Killed process 8370 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1596.757516] oom_reaper: reaped process 8370 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1596.826659] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1596.840743] CPU: 0 PID: 2505 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1596.847855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1596.857213] Call Trace: [ 1596.859789] dump_stack+0x172/0x1f0 [ 1596.863407] dump_header+0x10f/0xb6c [ 1596.867113] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1596.872209] ? ___ratelimit+0x60/0x595 [ 1596.876081] ? do_raw_spin_unlock+0x57/0x270 [ 1596.880491] oom_kill_process.cold+0x10/0x6f5 [ 1596.884993] ? task_will_free_mem+0x139/0x6e0 [ 1596.889490] out_of_memory+0x79a/0x1280 [ 1596.893460] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1596.898563] ? oom_killer_disable+0x280/0x280 [ 1596.903059] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1596.908173] mem_cgroup_out_of_memory+0x99/0xe0 [ 1596.912829] ? memcg_memory_event+0x40/0x40 [ 1596.917145] ? _raw_spin_unlock+0x2d/0x50 [ 1596.921294] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1596.926403] try_charge+0xfec/0x1570 [ 1596.930117] ? find_held_lock+0x35/0x130 [ 1596.934192] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1596.939037] ? kasan_check_read+0x11/0x20 [ 1596.943175] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1596.948039] mem_cgroup_try_charge+0x24d/0x5e0 [ 1596.952609] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1596.957538] wp_page_copy+0x408/0x1740 [ 1596.961433] ? find_held_lock+0x35/0x130 [ 1596.965504] ? pmd_pfn+0x1d0/0x1d0 [ 1596.969039] ? lock_downgrade+0x810/0x810 [ 1596.973187] ? swp_swapcount+0x540/0x540 [ 1596.977248] ? kasan_check_read+0x11/0x20 [ 1596.981397] ? do_raw_spin_unlock+0x57/0x270 [ 1596.985810] do_wp_page+0x2ed/0x1520 [ 1596.989540] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1596.994195] __handle_mm_fault+0x22db/0x3f20 [ 1596.998600] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1597.003440] ? find_held_lock+0x35/0x130 [ 1597.007487] ? handle_mm_fault+0x322/0xb30 [ 1597.011710] ? kasan_check_read+0x11/0x20 [ 1597.015843] handle_mm_fault+0x43f/0xb30 [ 1597.019907] __do_page_fault+0x5da/0xd60 [ 1597.023974] do_page_fault+0x71/0x581 [ 1597.027779] ? page_fault+0x8/0x30 [ 1597.031312] page_fault+0x1e/0x30 [ 1597.034762] RIP: 0033:0x42efb6 [ 1597.037940] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 16 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 ac 5f 62 00 85 c0 0f 84 [ 1597.056833] RSP: 002b:00007ffee6aa55a0 EFLAGS: 00010206 [ 1597.062182] RAX: 0000000000020491 RBX: 0000000000711640 RCX: 0000000000000121 [ 1597.069445] RDX: 0000000001ffaa50 RSI: 0000000001ffab70 RDI: 0000000000000000 [ 1597.076710] RBP: 0000000000000121 R08: ffffffffffffffff R09: 0000000000000000 [ 1597.083976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000711698 [ 1597.091225] R13: 0000000000711698 R14: 0000000000000005 R15: 0000000000002710 [ 1597.110504] memory: usage 307040kB, limit 307200kB, failcnt 20918 [ 1597.117095] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1597.129032] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1597.136771] Memory cgroup stats for /syz0: cache:0KB rss:96860KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96872KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1597.158039] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=8394,uid=0 [ 1597.173399] Memory cgroup out of memory: Kill process 8394 (syz-executor.0) score 1103 or sacrifice child [ 1597.183289] net_ratelimit: 26 callbacks suppressed [ 1597.183297] protocol 88fb is buggy, dev hsr_slave_0 [ 1597.183349] protocol 88fb is buggy, dev hsr_slave_1 [ 1597.183445] protocol 88fb is buggy, dev hsr_slave_0 [ 1597.183504] protocol 88fb is buggy, dev hsr_slave_1 [ 1597.183596] protocol 88fb is buggy, dev hsr_slave_0 [ 1597.183640] protocol 88fb is buggy, dev hsr_slave_1 [ 1597.183738] protocol 88fb is buggy, dev hsr_slave_0 [ 1597.183787] protocol 88fb is buggy, dev hsr_slave_1 [ 1597.229209] Killed process 8394 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1597.241561] oom_reaper: reaped process 8394 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1597.257682] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1597.268617] CPU: 0 PID: 2511 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1597.275724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1597.285069] Call Trace: [ 1597.287643] dump_stack+0x172/0x1f0 [ 1597.291257] dump_header+0x10f/0xb6c [ 1597.294956] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1597.300043] ? ___ratelimit+0x60/0x595 [ 1597.303934] ? do_raw_spin_unlock+0x57/0x270 [ 1597.308331] oom_kill_process.cold+0x10/0x6f5 [ 1597.312813] ? task_will_free_mem+0x139/0x6e0 [ 1597.317298] out_of_memory+0x79a/0x1280 [ 1597.321284] ? oom_killer_disable+0x280/0x280 [ 1597.325790] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1597.330885] mem_cgroup_out_of_memory+0x99/0xe0 [ 1597.335564] ? memcg_memory_event+0x40/0x40 [ 1597.339887] ? _raw_spin_unlock+0x2d/0x50 [ 1597.344047] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1597.349132] try_charge+0xb4a/0x1570 [ 1597.352827] ? find_held_lock+0x35/0x130 [ 1597.356875] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1597.361715] ? kasan_check_read+0x11/0x20 [ 1597.365867] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1597.370719] mem_cgroup_try_charge+0x24d/0x5e0 [ 1597.375288] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1597.380204] wp_page_copy+0x408/0x1740 [ 1597.384074] ? find_held_lock+0x35/0x130 [ 1597.388119] ? pmd_pfn+0x1d0/0x1d0 [ 1597.391657] ? lock_downgrade+0x810/0x810 [ 1597.395789] ? swp_swapcount+0x540/0x540 [ 1597.399835] ? kasan_check_read+0x11/0x20 [ 1597.403972] ? do_raw_spin_unlock+0x57/0x270 [ 1597.408391] do_wp_page+0x2ed/0x1520 [ 1597.412088] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1597.416775] __handle_mm_fault+0x22db/0x3f20 [ 1597.421181] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1597.426006] ? find_held_lock+0x35/0x130 [ 1597.430051] ? handle_mm_fault+0x322/0xb30 [ 1597.434272] ? kasan_check_read+0x11/0x20 [ 1597.438417] handle_mm_fault+0x43f/0xb30 [ 1597.442477] __do_page_fault+0x5da/0xd60 [ 1597.446526] do_page_fault+0x71/0x581 [ 1597.450324] ? page_fault+0x8/0x30 [ 1597.453845] page_fault+0x1e/0x30 [ 1597.457284] RIP: 0033:0x404478 [ 1597.460484] Code: 85 02 00 00 80 3d 1f c0 64 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 0c c0 64 00 39 45 24 0f 84 e7 01 00 00 44 8b a5 80 00 00 00 73 d8 ff ff 48 2b 05 8c 3b 33 00 8b 75 00 49 89 d8 45 89 e1 4c [ 1597.479366] RSP: 002b:00007f3c7558fc90 EFLAGS: 00010246 [ 1597.484808] RAX: 00007f3c77591000 RBX: 0000000000001fda RCX: 0000000000457e29 [ 1597.492067] RDX: 000000000003ffff RSI: 0000000000000000 RDI: 0000000000000000 [ 1597.499331] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1597.506583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1597.513845] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1597.523384] memory: usage 306912kB, limit 307200kB, failcnt 20918 [ 1597.529620] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1597.536449] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1597.542625] Memory cgroup stats for /syz0: cache:0KB rss:96860KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96776KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1597.562783] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=8520,uid=0 03:52:56 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x1200) 03:52:56 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000640)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000140)=ANY=[@ANYBLOB="0200000080000000ff0f000000000000ec8d617ac6e285a20300000000000000ded3ffffffffffff"]) r1 = socket(0x840000000002, 0x3, 0xff) openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/checkreqprot\x00', 0x1ffb, 0x0) connect$inet(r1, &(0x7f0000000100)={0x2, 0x4e24, @remote}, 0x10) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000240)) inotify_add_watch(r1, &(0x7f00000000c0)='./file0\x00', 0x41000020) r2 = syz_open_procfs(0x0, &(0x7f0000000200)='net\x00') setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000000)=0xa80, 0x4) sendfile(r1, r2, &(0x7f0000000180)=0xf0110, 0x100000001) r3 = memfd_create(&(0x7f00000001c0)='/dev/net/tun\x00', 0x0) write$binfmt_elf64(r3, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r2, 0x111, 0x4, 0x1, 0x4) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r3, 0x40405514, &(0x7f0000000100)={0x0, 0x5, 0x101, 0xe9a, 'syz1\x00', 0x100000001}) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0) setrlimit(0x7, &(0x7f0000a9cff8)) execveat(r3, &(0x7f0000000000)='\x00', &(0x7f0000000200), &(0x7f0000000500), 0x1000) syz_open_dev$mouse(&(0x7f00000003c0)='/dev/input/mouse#\x00', 0x0, 0x0) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) seccomp(0x1, 0xa, &(0x7f0000000340)={0x1ffffffffffffc56, &(0x7f0000000080)}) bind$bt_sco(r2, &(0x7f0000000280)={0x1f, {0x5, 0x7, 0x4, 0x930d, 0x6, 0x1}}, 0x8) 03:52:56 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0xffefffffff7f0000}, 0x0) 03:52:56 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x20, 0x0, 0x201, 0x0, 0x0, {0xa}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}]}, 0x20}}, 0x0) 03:52:56 executing program 2: r0 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000000c0)={0x0}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000180)={r2, 0x8}, 0x8) 03:52:56 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x0) [ 1597.577393] Memory cgroup out of memory: Kill process 8520 (syz-executor.0) score 1103 or sacrifice child [ 1597.587218] Killed process 8520 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1597.598797] oom_reaper: reaped process 8520 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:52:56 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) r3 = add_key(&(0x7f0000000400)='id_legacy\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x27a, r2) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in=@remote, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f00000000c0)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0, 0x0}, &(0x7f0000000300)=0xc) keyctl$chown(0x4, r3, r4, r5) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080), &(0x7f0000000340)=0xc) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0) 03:52:56 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0xffffffffff600000}, 0x0) 03:52:56 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r1) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x101, 0xffff, 0x820, 0x7, 0x8, 0x9, 0x0, 0x80000001}, &(0x7f0000000140)={0xffffffffffff8001, 0x10001, 0x3c98, 0xffffffff8ab9982f, 0xf6, 0x9, 0x9, 0x1}, &(0x7f0000000180)={0x82d, 0xfffffffffffffffe, 0x7, 0x4, 0x6, 0x784, 0x3ff, 0x707e}, &(0x7f00000001c0), &(0x7f0000000240)={&(0x7f0000000200)={0x1}, 0x8}) dup2(r0, r0) 03:52:56 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) r3 = add_key(&(0x7f0000000400)='id_legacy\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x27a, r2) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in=@remote, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f00000000c0)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0, 0x0}, &(0x7f0000000300)=0xc) keyctl$chown(0x4, r3, r4, r5) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080), &(0x7f0000000340)=0xc) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0) [ 1597.900291] protocol 88fb is buggy, dev hsr_slave_0 [ 1597.905479] protocol 88fb is buggy, dev hsr_slave_1 [ 1597.944501] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1597.972102] CPU: 1 PID: 2570 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1597.979216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1597.988566] Call Trace: [ 1597.991163] dump_stack+0x172/0x1f0 03:52:56 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:52:56 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) r3 = add_key(&(0x7f0000000400)='id_legacy\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x27a, r2) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in=@remote, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f00000000c0)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0, 0x0}, &(0x7f0000000300)=0xc) keyctl$chown(0x4, r3, r4, r5) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080), &(0x7f0000000340)=0xc) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0) [ 1597.994809] dump_header+0x10f/0xb6c [ 1597.998564] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1598.003684] ? ___ratelimit+0x60/0x595 [ 1598.007616] ? do_raw_spin_unlock+0x57/0x270 [ 1598.012039] oom_kill_process.cold+0x10/0x6f5 [ 1598.016574] ? task_will_free_mem+0x139/0x6e0 [ 1598.021086] out_of_memory+0x79a/0x1280 [ 1598.025086] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1598.030201] ? oom_killer_disable+0x280/0x280 [ 1598.034704] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1598.039826] mem_cgroup_out_of_memory+0x99/0xe0 [ 1598.044505] ? memcg_memory_event+0x40/0x40 [ 1598.048844] ? _raw_spin_unlock+0x2d/0x50 [ 1598.053001] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1598.058124] try_charge+0xfec/0x1570 [ 1598.061842] ? find_held_lock+0x35/0x130 [ 1598.065932] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1598.070787] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1598.075640] ? find_held_lock+0x35/0x130 [ 1598.079727] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1598.084596] memcg_kmem_charge_memcg+0x7c/0x130 [ 1598.089269] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1598.093769] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1598.093788] memcg_kmem_charge+0x13b/0x340 [ 1598.093810] __alloc_pages_nodemask+0x437/0x710 [ 1598.102870] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1598.102890] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1598.102917] ? trace_hardirqs_on+0x67/0x230 [ 1598.102941] copy_process.part.0+0x3e0/0x79a0 [ 1598.102959] ? psi_memstall_leave+0x11c/0x180 [ 1598.130472] ? sched_clock+0x2e/0x50 [ 1598.134171] ? psi_memstall_leave+0x12e/0x180 [ 1598.138651] ? find_held_lock+0x35/0x130 [ 1598.142696] ? __lock_acquire+0x53b/0x4700 [ 1598.146930] ? __cleanup_sighand+0x70/0x70 [ 1598.151156] ? mark_held_locks+0x100/0x100 [ 1598.155386] ? perf_trace_lock_acquire+0xf5/0x580 [ 1598.160229] ? rcu_read_lock_sched_held+0x110/0x130 [ 1598.165228] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1598.170751] _do_fork+0x257/0xfe0 [ 1598.174210] ? fork_idle+0x1d0/0x1d0 [ 1598.177921] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 1598.183277] ? lock_downgrade+0x810/0x810 [ 1598.187427] ? blkcg_exit_queue+0x30/0x30 [ 1598.191561] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1598.196299] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1598.201042] ? do_syscall_64+0x26/0x610 [ 1598.205023] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1598.210455] ? do_syscall_64+0x26/0x610 [ 1598.214422] __x64_sys_clone+0xbf/0x150 [ 1598.218385] do_syscall_64+0x103/0x610 [ 1598.222273] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1598.227473] RIP: 0033:0x45a7f9 [ 1598.230650] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1598.249532] RSP: 002b:00007ffee6aa5678 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1598.257230] RAX: ffffffffffffffda RBX: 00007f3c7554e700 RCX: 000000000045a7f9 [ 1598.264489] RDX: 00007f3c7554e9d0 RSI: 00007f3c7554ddb0 RDI: 00000000003d0f00 [ 1598.271744] RBP: 00007ffee6aa5880 R08: 00007f3c7554e700 R09: 00007f3c7554e700 [ 1598.279008] R10: 00007f3c7554e9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1598.286283] R13: 00007ffee6aa572f R14: 00007f3c7554e9c0 R15: 000000000073c04c [ 1598.304117] memory: usage 307200kB, limit 307200kB, failcnt 20944 [ 1598.310657] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1598.317581] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1598.324346] Memory cgroup stats for /syz0: cache:0KB rss:96860KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96944KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1598.344977] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2570,uid=0 [ 1598.361627] Memory cgroup out of memory: Kill process 2570 (syz-executor.0) score 1106 or sacrifice child [ 1598.371486] Killed process 2582 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB [ 1598.383278] oom_reaper: reaped process 2582 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1598.409057] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1598.423180] CPU: 0 PID: 2572 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1598.430290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1598.439634] Call Trace: [ 1598.442267] dump_stack+0x172/0x1f0 [ 1598.445939] dump_header+0x10f/0xb6c [ 1598.449672] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1598.454780] ? ___ratelimit+0x60/0x595 [ 1598.458663] ? do_raw_spin_unlock+0x57/0x270 [ 1598.463077] oom_kill_process.cold+0x10/0x6f5 [ 1598.467617] ? task_will_free_mem+0x139/0x6e0 [ 1598.472134] out_of_memory+0x79a/0x1280 [ 1598.476117] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1598.481244] ? oom_killer_disable+0x280/0x280 [ 1598.485746] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1598.490868] mem_cgroup_out_of_memory+0x99/0xe0 [ 1598.495568] ? memcg_memory_event+0x40/0x40 [ 1598.499923] ? _raw_spin_unlock+0x2d/0x50 [ 1598.504095] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1598.509203] try_charge+0xfec/0x1570 [ 1598.512940] ? find_held_lock+0x35/0x130 [ 1598.517039] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1598.521930] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1598.526796] ? find_held_lock+0x35/0x130 [ 1598.530871] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1598.535742] memcg_kmem_charge_memcg+0x7c/0x130 [ 1598.540413] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1598.544939] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1598.549809] memcg_kmem_charge+0x13b/0x340 [ 1598.554074] __alloc_pages_nodemask+0x437/0x710 [ 1598.558763] ? debug_smp_processor_id+0x1c/0x20 [ 1598.563447] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1598.568479] ? copy_page_range+0x125a/0x1f90 [ 1598.572909] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1598.578467] alloc_pages_current+0x107/0x210 [ 1598.582900] pte_alloc_one+0x1b/0x1a0 [ 1598.586723] __pte_alloc+0x20/0x310 [ 1598.590362] copy_page_range+0x1529/0x1f90 [ 1598.594608] ? mark_held_locks+0x100/0x100 [ 1598.598851] ? pmd_alloc+0x180/0x180 [ 1598.602566] ? __rb_insert_augmented+0x231/0xdf0 [ 1598.607359] ? validate_mm_rb+0xa3/0xc0 [ 1598.611334] ? __vma_link_rb+0x279/0x370 [ 1598.615413] copy_process.part.0+0x56aa/0x79a0 [ 1598.620001] ? __cleanup_sighand+0x70/0x70 [ 1598.624274] _do_fork+0x257/0xfe0 [ 1598.627745] ? fork_idle+0x1d0/0x1d0 [ 1598.631479] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1598.636228] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1598.640984] ? do_syscall_64+0x26/0x610 [ 1598.644968] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1598.650329] ? do_syscall_64+0x26/0x610 [ 1598.654332] __x64_sys_clone+0xbf/0x150 [ 1598.658319] do_syscall_64+0x103/0x610 [ 1598.662221] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1598.667404] RIP: 0033:0x457e29 [ 1598.670589] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1598.689496] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1598.697194] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1598.704456] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1598.711721] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1598.718986] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1598.726241] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1598.740271] memory: usage 307044kB, limit 307200kB, failcnt 20976 [ 1598.749930] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1598.762409] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1598.768569] Memory cgroup stats for /syz0: cache:0KB rss:96860KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96864KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1598.788996] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2570,uid=0 03:52:57 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x1300) 03:52:57 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) ioctl$EVIOCREVOKE(r1, 0x40044591, &(0x7f00000000c0)=0x5) 03:52:57 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000640)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000140)=ANY=[@ANYBLOB="0200000080000000ff0f000000000000ec8d617ac6e285a20300000000000000ded3ffffffffffff"]) r1 = socket(0x840000000002, 0x3, 0xff) openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/checkreqprot\x00', 0x1ffb, 0x0) connect$inet(r1, &(0x7f0000000100)={0x2, 0x4e24, @remote}, 0x10) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000240)) inotify_add_watch(r1, &(0x7f00000000c0)='./file0\x00', 0x41000020) r2 = syz_open_procfs(0x0, &(0x7f0000000200)='net\x00') setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000000)=0xa80, 0x4) sendfile(r1, r2, &(0x7f0000000180)=0xf0110, 0x100000001) r3 = memfd_create(&(0x7f00000001c0)='/dev/net/tun\x00', 0x0) write$binfmt_elf64(r3, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r2, 0x111, 0x4, 0x1, 0x4) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r3, 0x40405514, &(0x7f0000000100)={0x0, 0x5, 0x101, 0xe9a, 'syz1\x00', 0x100000001}) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0) setrlimit(0x7, &(0x7f0000a9cff8)) execveat(r3, &(0x7f0000000000)='\x00', &(0x7f0000000200), &(0x7f0000000500), 0x1000) syz_open_dev$mouse(&(0x7f00000003c0)='/dev/input/mouse#\x00', 0x0, 0x0) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) seccomp(0x1, 0xa, &(0x7f0000000340)={0x1ffffffffffffc56, &(0x7f0000000080)}) bind$bt_sco(r2, &(0x7f0000000280)={0x1f, {0x5, 0x7, 0x4, 0x930d, 0x6, 0x1}}, 0x8) 03:52:57 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x0) 03:52:57 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:52:57 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) r3 = add_key(&(0x7f0000000400)='id_legacy\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x27a, r2) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in=@remote, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f00000000c0)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0, 0x0}, &(0x7f0000000300)=0xc) keyctl$chown(0x4, r3, r4, r5) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080), &(0x7f0000000340)=0xc) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0) [ 1598.803571] Memory cgroup out of memory: Kill process 2570 (syz-executor.0) score 1106 or sacrifice child [ 1598.813477] Killed process 2570 (syz-executor.0) total-vm:72708kB, anon-rss:164kB, file-rss:35588kB, shmem-rss:0kB 03:52:57 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) r3 = add_key(&(0x7f0000000400)='id_legacy\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x27a, r2) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in=@remote, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f00000000c0)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0, 0x0}, &(0x7f0000000300)=0xc) keyctl$chown(0x4, r3, r4, r5) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080), &(0x7f0000000340)=0xc) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:52:57 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:52:57 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) rename(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='./file0\x00') r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @broadcast}, 0x10) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendto$inet(r1, 0x0, 0x0, 0x20000802, &(0x7f00000000c0)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r1, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x1f4, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:58 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) r3 = add_key(&(0x7f0000000400)='id_legacy\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x27a, r2) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in=@remote, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f00000000c0)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0, 0x0}, &(0x7f0000000300)=0xc) keyctl$chown(0x4, r3, r4, r5) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:52:58 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000640)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) ioctl$KVM_GET_XCRS(0xffffffffffffffff, 0x8188aea6, &(0x7f0000000140)=ANY=[@ANYBLOB="0200000080000000ff0f000000000000ec8d617ac6e285a20300000000000000ded3ffffffffffff"]) r1 = socket(0x840000000002, 0x3, 0xff) openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/checkreqprot\x00', 0x1ffb, 0x0) connect$inet(r1, &(0x7f0000000100)={0x2, 0x4e24, @remote}, 0x10) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000240)) inotify_add_watch(r1, &(0x7f00000000c0)='./file0\x00', 0x41000020) r2 = syz_open_procfs(0x0, &(0x7f0000000200)='net\x00') setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000000)=0xa80, 0x4) sendfile(r1, r2, &(0x7f0000000180)=0xf0110, 0x100000001) r3 = memfd_create(&(0x7f00000001c0)='/dev/net/tun\x00', 0x0) write$binfmt_elf64(r3, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r2, 0x111, 0x4, 0x1, 0x4) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r3, 0x40405514, &(0x7f0000000100)={0x0, 0x5, 0x101, 0xe9a, 'syz1\x00', 0x100000001}) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0) setrlimit(0x7, &(0x7f0000a9cff8)) execveat(r3, &(0x7f0000000000)='\x00', &(0x7f0000000200), &(0x7f0000000500), 0x1000) syz_open_dev$mouse(&(0x7f00000003c0)='/dev/input/mouse#\x00', 0x0, 0x0) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) seccomp(0x1, 0xa, &(0x7f0000000340)={0x1ffffffffffffc56, &(0x7f0000000080)}) bind$bt_sco(r2, &(0x7f0000000280)={0x1f, {0x5, 0x7, 0x4, 0x930d, 0x6, 0x1}}, 0x8) [ 1599.138813] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1599.180314] CPU: 0 PID: 2614 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1599.187428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1599.196779] Call Trace: [ 1599.199396] dump_stack+0x172/0x1f0 [ 1599.203043] dump_header+0x10f/0xb6c [ 1599.206767] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1599.211884] ? ___ratelimit+0x60/0x595 [ 1599.215817] ? do_raw_spin_unlock+0x57/0x270 [ 1599.220242] oom_kill_process.cold+0x10/0x6f5 [ 1599.224752] ? task_will_free_mem+0x139/0x6e0 [ 1599.229266] out_of_memory+0x79a/0x1280 [ 1599.233253] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1599.238371] ? oom_killer_disable+0x280/0x280 [ 1599.242872] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1599.248012] mem_cgroup_out_of_memory+0x99/0xe0 [ 1599.252690] ? memcg_memory_event+0x40/0x40 [ 1599.257033] ? _raw_spin_unlock+0x2d/0x50 [ 1599.261187] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1599.266300] try_charge+0xfec/0x1570 [ 1599.270021] ? find_held_lock+0x35/0x130 [ 1599.274102] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1599.278962] ? kasan_check_read+0x11/0x20 [ 1599.283155] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1599.288027] mem_cgroup_try_charge+0x24d/0x5e0 [ 1599.292624] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1599.297566] wp_page_copy+0x408/0x1740 [ 1599.301465] ? find_held_lock+0x35/0x130 [ 1599.305538] ? pmd_pfn+0x1d0/0x1d0 [ 1599.309091] ? lock_downgrade+0x810/0x810 [ 1599.313264] ? swp_swapcount+0x540/0x540 [ 1599.317338] ? kasan_check_read+0x11/0x20 [ 1599.321511] ? do_raw_spin_unlock+0x57/0x270 [ 1599.325947] do_wp_page+0x2ed/0x1520 03:52:58 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000006c0)="0af51f023c123f3188a070") ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor\x00', 0x400000, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffff9c, 0x84, 0x6f, &(0x7f00000001c0)={0x0, 0x9c, &(0x7f0000000100)=[@in6={0xa, 0x4e24, 0xecc, @remote, 0x8}, @in6={0xa, 0x4e24, 0x1f, @remote, 0x4}, @in6={0xa, 0x4e23, 0x5, @remote, 0x76}, @in={0x2, 0x4e22, @broadcast}, @in6={0xa, 0x4e21, 0x3ff, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0xffffffffffff5981}, @in6={0xa, 0x4e23, 0x2, @mcast2, 0x1000}]}, &(0x7f0000000200)=0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000240)={r2, 0x2}, &(0x7f0000000280)=0x8) unshare(0x20000002) r3 = socket$vsock_stream(0x28, 0x1, 0x0) getsockname(r3, &(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000080)=0x80) [ 1599.329673] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1599.334362] __handle_mm_fault+0x22db/0x3f20 [ 1599.338782] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1599.343626] ? find_held_lock+0x35/0x130 [ 1599.347722] ? handle_mm_fault+0x322/0xb30 [ 1599.351982] ? kasan_check_read+0x11/0x20 [ 1599.356144] handle_mm_fault+0x43f/0xb30 [ 1599.360231] __do_page_fault+0x5da/0xd60 [ 1599.364313] do_page_fault+0x71/0x581 [ 1599.368124] ? page_fault+0x8/0x30 [ 1599.371676] page_fault+0x1e/0x30 [ 1599.375129] RIP: 0033:0x40d1e8 [ 1599.378326] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf bf d4 4b 00 31 c0 e8 43 47 ff ff 31 ff e8 8c 43 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 32 64 00 [ 1599.397229] RSP: 002b:00007ffee6aa56e0 EFLAGS: 00010246 [ 1599.402591] RAX: 00000000908459a5 RBX: 0000000024436b28 RCX: 0000001b33120000 [ 1599.409842] RDX: 0000000000000000 RSI: 00000000000019a5 RDI: ffffffff908459a5 [ 1599.417102] RBP: 0000000000000000 R08: 00000000908459a5 R09: 00000000908459a9 [ 1599.424362] R10: 00007ffee6aa5870 R11: 0000000000000246 R12: 000000000073c028 [ 1599.431627] R13: 0000000080000000 R14: 00007f3c77391008 R15: 000000000000000f [ 1599.456401] memory: usage 307200kB, limit 307200kB, failcnt 21008 [ 1599.464080] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1599.471240] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1599.477413] Memory cgroup stats for /syz0: cache:0KB rss:96860KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96900KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1599.497611] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=8704,uid=0 [ 1599.516478] Memory cgroup out of memory: Kill process 8704 (syz-executor.0) score 1103 or sacrifice child [ 1599.526321] Killed process 8704 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1599.538399] oom_reaper: reaped process 8704 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1599.581471] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1599.592972] CPU: 0 PID: 2614 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1599.600069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1599.609410] Call Trace: [ 1599.612018] dump_stack+0x172/0x1f0 [ 1599.615673] dump_header+0x10f/0xb6c [ 1599.619382] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1599.624470] ? ___ratelimit+0x60/0x595 [ 1599.628343] ? do_raw_spin_unlock+0x57/0x270 [ 1599.632764] oom_kill_process.cold+0x10/0x6f5 [ 1599.637700] ? task_will_free_mem+0x139/0x6e0 [ 1599.642214] out_of_memory+0x79a/0x1280 [ 1599.646202] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1599.651326] ? oom_killer_disable+0x280/0x280 [ 1599.655844] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1599.660966] mem_cgroup_out_of_memory+0x99/0xe0 [ 1599.665653] ? memcg_memory_event+0x40/0x40 [ 1599.669990] ? _raw_spin_unlock+0x2d/0x50 [ 1599.674145] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1599.679253] try_charge+0xfec/0x1570 [ 1599.682989] ? find_held_lock+0x35/0x130 [ 1599.687065] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1599.691932] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1599.696771] ? find_held_lock+0x35/0x130 [ 1599.700849] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1599.705709] memcg_kmem_charge_memcg+0x7c/0x130 [ 1599.710382] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1599.714932] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1599.719809] memcg_kmem_charge+0x13b/0x340 [ 1599.724073] __alloc_pages_nodemask+0x437/0x710 [ 1599.728753] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1599.733780] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1599.738369] ? trace_hardirqs_on+0x67/0x230 [ 1599.742722] copy_process.part.0+0x3e0/0x79a0 [ 1599.747226] ? psi_memstall_leave+0x11c/0x180 [ 1599.751726] ? sched_clock+0x2e/0x50 [ 1599.755463] ? psi_memstall_leave+0x12e/0x180 [ 1599.759971] ? find_held_lock+0x35/0x130 [ 1599.764045] ? __lock_acquire+0x53b/0x4700 [ 1599.768305] ? __cleanup_sighand+0x70/0x70 [ 1599.772549] ? mark_held_locks+0x100/0x100 [ 1599.776799] ? perf_trace_lock_acquire+0xf5/0x580 [ 1599.781645] ? rcu_read_lock_sched_held+0x110/0x130 [ 1599.786661] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1599.792194] _do_fork+0x257/0xfe0 [ 1599.795642] ? fork_idle+0x1d0/0x1d0 [ 1599.799357] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 1599.804715] ? lock_downgrade+0x810/0x810 [ 1599.808856] ? blkcg_exit_queue+0x30/0x30 [ 1599.813027] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1599.817777] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1599.822526] ? do_syscall_64+0x26/0x610 [ 1599.826509] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1599.831878] ? do_syscall_64+0x26/0x610 [ 1599.835868] __x64_sys_clone+0xbf/0x150 [ 1599.839836] do_syscall_64+0x103/0x610 [ 1599.843742] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1599.848928] RIP: 0033:0x45a7f9 [ 1599.852126] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1599.871031] RSP: 002b:00007ffee6aa5678 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1599.878723] RAX: ffffffffffffffda RBX: 00007f3c7554e700 RCX: 000000000045a7f9 [ 1599.885984] RDX: 00007f3c7554e9d0 RSI: 00007f3c7554ddb0 RDI: 00000000003d0f00 [ 1599.893252] RBP: 00007ffee6aa5880 R08: 00007f3c7554e700 R09: 00007f3c7554e700 [ 1599.900523] R10: 00007f3c7554e9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1599.907788] R13: 00007ffee6aa572f R14: 00007f3c7554e9c0 R15: 000000000073c04c [ 1599.918335] memory: usage 307196kB, limit 307200kB, failcnt 21049 [ 1599.925371] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1599.932578] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1599.938740] Memory cgroup stats for /syz0: cache:0KB rss:96860KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96856KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1599.958909] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2614,uid=0 [ 1599.973488] Memory cgroup out of memory: Kill process 2614 (syz-executor.0) score 1106 or sacrifice child 03:52:58 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) r3 = add_key(&(0x7f0000000400)='id_legacy\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x27a, r2) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in=@remote, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f00000000c0)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0, 0x0}, &(0x7f0000000300)=0xc) keyctl$chown(0x4, r3, r4, r5) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:52:58 executing program 5: socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000640)={0x0, @in6={{0xa, 0x4e24, 0x9, @local}}, 0x2, 0x5}, &(0x7f0000000040)=0x178) setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f00000002c0)=ANY=[@ANYBLOB="01001c00f4e5d470e79fcdedec01bf"], 0x1) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe800, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000600)='./file0\x00', 0x4000, 0x0) write(r1, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r1, r2, 0x0, 0x10000) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, 0x0) 03:52:58 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x3f00) 03:52:58 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:52:58 executing program 2: r0 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) fcntl$getownex(r0, 0x10, &(0x7f00000024c0)={0x0, 0x0}) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000002500)={{{@in=@loopback, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in6=@mcast2}}, &(0x7f0000002600)=0xe8) fstat(r0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$unix(r2, &(0x7f0000002740)={&(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000002440)=[{&(0x7f0000000200)="0f78f91b27df63ccd6b4d3623f226cecd9498337cdd6554d0998f01f16400e072a799ef151efef53cb9134fb057f649804ff0d98d4f90f48170b93b347f9a55b6053bea1887d44e8664a8729b8d901ff8ac1c132bad7262b51daf0c5cba1dfae63912655fe5e03be355e1c320140da5afbf4a4d9360b3ecbcad952c2878d6e700bcfe742d2ed996829130c90f9460fd4143b789849bc52a4b0ba670f73bf43c964ffe646a3e548e9886ff6c6fe6db11c087c046bf82a600a787d0f4377ae394c4fdeffd3a7bd32721f5cdd", 0xcb}, {&(0x7f0000000300)="871bfe651233da172f4cf8a3ad5acaf003e43a19875f1596b70762960804f4d60e77243b07b09917ff0df6af85bef29ecdaf8de5fdb9419c37829e630ffc5c35f23f2d1a09d3f344bd0b41380f410d194a07a0189903968f341ee109edd5d807eb1f3c82b4d428a2ef6cb63814d7d835c8aac1e7ecf3113c28b3bef39af53fdb3260637605ec016c4fae0e93b097049e1dd73a0a60435cfe2dc954bbb7fe403c770c54fca6800f43abcaf0e520cf8030723caf741581a13f3289821f1db53ff857fefa6190bcd0dc4b7e59c9bdbae05857ef0f1c6e7bff1a073063c7578a", 0xde}, {&(0x7f0000000400)="9f580ae61439e69f52d93363b0a05842056e0e9ea5f6320ca1e1", 0x1a}, {&(0x7f0000000440)="2a1ac0cba1f42098dddc099e1e9d257ebfcb061c2d38b592fb3e375c80defeb68327e8cf9e8d74d6da4e9bff02f932186514dbc001ed2f2ea8f1f688ee3f66f7d5727c86ed704637ca59c2f843b737494dcc06b17e467d4cf36d9ce23a53c15777c2a729b0fc59f2c049dc930d6d56f8eb93f0ebd0ea4699328f9217cbea79551f82ef8b7ee94547c8b8ad263c4dd57acce9a742d95d912dcc65392562e1f6f0b9708bf720bd412d1ab24c366244dbce3e4e43a186f3edf86fff97775b24e1254ee5c9763cbc0dea7bb087499416d264aee454b752b803193914c4b1c9e0f27593e258e2b0d14e28522646580b538c222c4cef7e317f60e4723da4d4b0f66564f17bb23ef913e8d5b035fdd67a33fc0456998bcc9b8936f285774532b22b2e1ec4cf9f1a58a5d0fe4e4de3e817e8ee7176c7f04dce84d418bc2237236ef8bf30851630e33c0558275909fc6e05fd83dea50fbecb64ec43edf5fccce15421afd528d4e805169179576422ba9585e7ad8b487aa7e142375c6f8977503e2a15724bcffa0a1526d89adfb1319c88c751a96bf3ec317c707ba387e3ff3a4c894c4a32b0bf28d45ce231847289707a5e7223040904772b0fbac0d7bd4fd02d405019b3d52a6e7f243bc7169b5f6c4db06ffcba5a168f8a5d28af1e27a363463d2f0c1240e145b82d58a4048689c2d2457977f614b1b992ec1015ab267ff09a13c352cd5ea359437ad8006f281e0795bad0c6e69463b861b20f958914e3be80f698e83bfdae97852e2c4507cfd0f59efb70e60f771cbeae37c620d019557e46af6e725ab290664957b4980efe5b751157d1a86088c81b9ff2dbaa4f5a65aadda882c6adf965da5fc0858421caff9beb7f799f6ea02ef1153dcb2375969b7f3b73839d31b3304a456fb70e36bd247753385c2ed75faaba0b03550743d1a8ba8bc82d487edd6f721eedb6b36de1a6f87e04c19597feb770a71bda2f25f20e6baacd1fc99ac7b12d282768ac81219ae2de9b97490447c6153e696ad4f9a52d76373829c51b3c4aa10d73a36f78d6d5ca9f9312aad9fbe8231e15be867169bfaf25b43c6a31679fa9d94f2d3e2f5d73b652dfef91901ba245df3668d0706fbf9662ba9bf514cb5dd9f41ebff9103a9b2c5396c9fd97205165ea3e31467f1b9382bf7eeee67af1cffe6f7f86ef73f75fae8a9a3c909fa6a20e97c8b8980b4ba32f2508bd3599db3b0615b2dab05b85573c2511a5871d46843276e9f6780a980f314d17ad98643e3f4949ba0ec971c27a84972361f513f9a37e18c943cfca59f548e54bf88cb4ee908ef7115c7d604cce16bf894c0cee8d9b3bd70b30a3a96aad874c9fb397bd6ce7bc863894329347ada3f1917bab11156e93706083d836f972d80cf30de218ff52dc3c17044a862b42b63e89e195b8086ec71189162a5377112254ebde455a9824bd80014643f8fad9390e97d8407335dfcab8941005fc7e2ea0f6a2f9a267bb8a21691bfe7e6ccfdb0d47d2b656502b5be7361ccede21b49de16a83a3db3e79650a9343e336cc08de66c738f6e5fb2bab62eb80953116f3e7fac24dec09ef42ffe6896fc827c12a5238e9f6cea3cafc939db9244864c43e43d733bdf9e085cbde0a61a22efd47db8ead2dbdfdbd1081fdee8010dbdfe2c741c1340596bca8a460edd6cc6252ce26ce079fb7f458157c093080d2bcabd7c6f7acbf424ffa055468fbfb5c90526ea8059907c63f2238ec5dfcfa515c0ac82fc7e817752ead5e425fb302276eba965b70c5116922e442c2b95edf921e471b2ee5ce7e6cd26072287b8db4c83c840bf96f9026168175431109cbd85a306c36076684072d617307246208f22141922696610c3b8decfeea2ed1c88bd3eff824994613457197d1939bcc685bd98c46b5f67e3d757c2d7cd6279c831f51c9549f8bb8041b04a2274d9bd484b218bfc48e89aa3ad9b1df7d259188df1df140389780c1b4f285ece36f28d688bb791e589e606b976efcba9100d631c94892e8ad19db5e4d2c1ca477aedf806d6e07ff4fd64175cb5b709635624ab3f7b58e656e9d7255f4105ded8e3451821fe35a8317302f031cbd64ca6d418986dee4f2d49bea7dd953b0b55fa4607835a7b6081bcdcc43b35e0c796a42a702c0787d46f739148ba3561009f6d6d2d351b1703c107f94ea44a557ca78c0ee0e645298e56be6eeb981bc30d9ad3fe22bcd8f046d8cc4b4e3aa571583d9728876b8d36876fa778b986f6e00487004fd3d0b0de08f1d7623674f849c270650d90163def27204dfbdc719d32953c28715fbe41d856695c24f79c5c69bf344165c2c668d18c21ebc43bc2aa0ddd3544738afb3f1fa1b6fac07728d0886a8db3d0eca100da58957400c3c42d51a12d8f80a66e1c40c2bc8b4b6f741268623019fa359416bed03391642be3c3719487a857862303c677eb62699efaa3febde00b78ac8ee3c432bbf4856740736dab7454f391f94e78113f01c77792b0711ad726f255d66b6b792e8fe950d04e764a33513e707ef9645e098c55fe393430d04610c52dc03d1842ce7e8458b9604e8a7c47d14560960af2937da8ef35288836ffbe62b3f27c8e1607755f37bccc2cd443138b4e829bafad73090d2fb5e80d7222db2c7b79beba0fed739a40835cef06f877879548e17a62ef60fd92d573fe9aac906981ec6bd77b5d2ccc9b6fdcdf4fd674c3bbf3458af59544553a5c8652ec9d13e760a783fc5ea1394464e85d3791e7a6ed8db326be631cf0c378b79b752478faf1fa7e90116d58068406efb5d2a294a4f3a77def383adc8c7a0ecf815e8f9c5a01700414d2da8b74da75aa49dc5d7c26fe06150aab562845da8c20b7633944846266ae9dc7a69c10af7d5c65823b525214fa5cbd5beb7e1be400ad96058fad8985d9afea524aa4e3537b5d7a4a1fa92965dd5fbe72c0744181748a75469b21406079b35ee5384c422586847033de2145c5e61e6ded1fd2e4498a7dad93b3786d83b7560a701f211451c76516e8acef8ff8618680b27b07d6b23e9ae8d98692f7587dea627fd1215e4c95aea871897e9ab3166aecb2b047a86b0730d1251cd6fefc2f3929dcea9d1e0ddc313c9ae9fcece7b811858cfe36036fb96d222fa806e53703bba24ddea118dd4505ea20b14cfa4aa04c46f68ab98d0e1063597506f40a77ca005f7b6a2690c84ca8dd5e93c41fe50caf23c699d55bfbf35632b46a114d039f06ef5330da2909aea9726880b8d53ac072ef508421e770238fb4d7b2554c87b9010b8d9f7cd247c7c42f2a8d38051fb8ed66624dad1e725e2f4c283a1b21d5e4c113f12eb4f9b8d1f7f820bae014d259b83b60144a03b9b846f58b1af5239bac5179d70b9fbc3529d8f3e7c704b6edf2b0ba58799b77028afba5f73ecda4adc89e9ec380f98c3f7baed96345de744cc903e565034eda3d81be36df7147d15eb582f8f2ba35a6d027c35da57820524d8ecae8d75ff39a4db3c43ebebdb519586176cb857a61d043f3064c39181f9e8a7fe536153d4faebba2b8f484dd41a68c371c23c243b786186dfd32994b7bb7b67b1f9b5510be7bdb14d2fbc9eba7bb708c90ab7267c319b0d4408dd49c00fedac6c5b54270319d91c13a2ea6e17bbadfa960844cb89aa5ee6fe952576c6748f4059849466a1bf6d1175922beb6d7497513ddc040edb277942c980b99a4511937faff6c6a29749f85d9995b21654f428b80f78fd20c24e971162dc930dd6d1a1df859bd65452773bce2bfde8395409a808ded03050d6cfef2600535b5906823820d87116f37c28b00b9e0e56484963eedf027f92da1557450c1f1f20500b70dc76d137008d5ae7f315dd557112de5b41993893af7f8644551a2daacebae3dbd7aeee239469d51240edeebefd2cc0f780c64e25507469b9c345a5b3a8df37804bce713ced419ec228d593f224f604a77e6ff94ec85f23ebc580c516de5b6c89f7392021d99a86b32c32e066025db81480296691393f3990ed297ab6adfe3dbc65b2be0570f063598c641b95e695b66ef13046513b37d0ad43379e4a7b672c6bc462437945a1649be7aea5f5c65aae164b83eda42ad34428e3e2f5c01dbea4a7a12fe60481403e3a50d00cb058b9629f4c32f03e74cd2276f4b7101ea6bbb9a50437de45f50b22bef5d21ac2d7fd0c24e085311883014318b5cf8a2019054a97898a62b981d67a51f3c97c78d0d0a2452aa18e6fa7b9881d3990a51cd1e25d4c3a6ca4de1a4937f66c05d58c1eba942eb86197db5ba3019809fbdb84f25a1405c41105a47685610c91df2912abbc5c4c6ba4fd0168909b0cc4a50b6e49a7fc28806a1e87c3c799c7c701c4b001b9ad020f0ea6d9797fb78bf35d96a3f78456a1bb7e7cc7e50d3a244b19b9c2038219a57fd774fb2aac68c4df6b38442a9e5132d5a229fba3461e8d5e91675be935e3e4748d6cfb9fc1d3ffa82bb6823e876a9cc2b8df42cc2eed1e44f785df2e357952a137382ad00aeb9c214e6632261e2df2dfa6b684a4158c9087694a3b0a132f51f74113e354d1329b00be52d45d1c0e9fa38f7cf7ba1b4b3b754f653d376dfa724f980360d94424126256a60f85a7a14424b03c64c4f931c3ec658e8d5526eb0654193dd52ef018261c6c5930e6253ccd4e90d2aeced8cbb2a4a80931cd3cbe03e4c690977f8bdca719b1ff4a62b62d39c23cdbfe8ec2788f22a1fb7c8127023dc2b8fecd06490befe1f4ac926ae59485b0fe313a424f92f878e11b93d0b87bd6670aa4cc3b4ec6fe6af0cc61a23b026574f013623cc96e919a735e5c3b2f46cfa2cff0f15bc632e30d24a745b756bfda1d95af46952675ff318892b9e0f79beac52849188206bedb48bfad32de6bf1de05603da91b346477013ce44dc7dd8d1f2225f7f2bb74c3d0c826b4c5a3377ff4b43abb5884b86c1949a6b3192f0c325a239034a6cbfe432f1e6b0f83fbdc159ba2359d84a0177e75e26f06fec8e846ee7615eeb032e770257bfc8334490fccf03d335e32e051ae0df8372f302ef3491d527fa856af12f081822ec9233717d3488d4780116df9ddcf709529d01a05fc58da51ac83b716e0b21fc7becd5edf743ca9679718163d4078f5b781ca4cff144ce648d98ddd44e79bf353660eeee4bd40e86caf1a519d5b58de9303771eff876d0972f17cf3d8d53236a5e2a7043858c63ac056b4b9f48dfae5d1d4a9ff6458cee9c46e28c54db1685dc82c8a3d3698576941f02f26bc2b0af40182b1b4f81170b67a5b675583f944e339810fec191062c14c219b38da01226230819dfb871bf38121355a1a57b815450028f2a09aa8f41202d201d5b81d8726a34b3db8742fb6d3da606e8f8bb49fc348a22d1df6db25942d9992c6bf77f78fc5388d487961c3325116b20313ecafcc4b0c8c4d3c93edadce776271fb4e65d0e76b0190318a23e191a75956920b402517a5af77bc49210817b5717de8dacc17ae5513f34ae5c956e73cc6092f645de54fe767f089cc62ddb9f6a865a9f68b44fd85334aade7a20778032ea62e447409dddd662e4b384aaae570803f6b67f8d4322164cf06751a7f388e5cfec5e46fef91633f8f94e908cd1bfeb07757462a4a795cfc43b90dff620d0e2c7dedbb96fbc16224ecb65d8561cadc9830c31593b84196bc3e32e8b331b23d7c616bbe0e460a7538f3ba6239893167cb818f57ea9dd8b909e93c856d1d5b1b540893946547d3d629a9aa53341610837ba2f402b6dca8966a0baa15fd4b8c1f550789903f1d438bdcc4c76d15feed", 0x1000}, {&(0x7f0000001440)="6f2d365580643b987f96b67de1754261b52a6cd0df6b67dea6cc2c587e164771d507eeaf2c166e98beabc036f6c7e858ed0e56c99ae39e23c03b23fcb4191c17b83d5d95157f155b39a61fe28510a6ba552a79ba0d20bd4a1ef575ea878a712783feb50a33adf86b2ba4139c566827961f1d87bf92ff804343431f811751a59a3e3dd926705caf3ea3e1d051a6a8dcf45ff33a7db0884ae100f9f56c112860c9d845992afe398123742367f75246d07006f64c389be99af496f923738766f771ef65a3e01ab3759d4c894bfdf75a2d1932f8b5b2ca62f73f8294eeae0d8a4111339e8966c9858a22ba1b09ae7278d9ff9c38e6ef5db782831b0cd7496c27583008abf26f9fe18663e0bbef373448c4f2238473377e7305d64174a8b950e34afb7e3d50101b1d24db0d5ca006b9eda6d22675cb365159336473e43fedd0898ea7d0e59e1c01282b1884846d7413671c3004670aa8a1a2cd52ee2653ee59e882a108bbfa61260eb1eed441d60691e1e00333c324ccafe325b5b54cad2a52c8e51071eb353515a6f3ca280c9906bedd5bd4ff9c23280ed84c390b05be8a474e0e85ebeb373803e3d2f8c8a3016e7040cf8e0d4d4f76086468cd5cbfce4d68d2853bd7fecb7e5affb9a16ab1795c01e464bc555e5435435a430987555667fba7d285605c422f0ec7a5b04d82f6fcbc39082eccc9994bc9ee7141803f7cd38b0aa89c152ff128861af6b46cce3e8987e889c3ee17f1fce5d8d441c51944219f00c9534a0d224bf1875d425bae9104d4a5ebde90e38424e645c6ce2e4173b08a358f9ad5dc5173ccbb65de7a712fcb0d269017370f02e1a7deecf3869a825b1eaed28c5d3bbd8a0ddd3b4ce9a5a435649c4a37cc758cdacc8dec57bb009a551dd953b50b217350e21d7be3607583a4f23a20d31fc7b5cf18b4c9b3064c094d20daf513125c3138a8243386df2be8449aee0863af64a54458c02ef0ed3e8d88f9e168538cc257832400d093716f5b24b58f69a4595ebe5d7dda42fce48a3290aea67fa3f92f85c491f398e6ea57a6fd10d89c31789bdaf2b759a8a6aa43ee08251c03e17465f397844a12e665e837cf195b7baf9361688c11210f8cae8f42c6ef7e5a782891f70caf5a7520cb11163c7bcc1afb4cffbfecaee8c7dfd6495c9f8f16b61f7d194a4ea9716881e937f0e62863342bd3bcccaf2b4e3f80eb51ba9bf3655699c2297fa2c22e41ccaf76d2b7a3e2a1f510d0723cfd13b37cc1925ef419af98c9741c85a8f8f068fab45b075342c3ac792ad758c5aa1682efc7a063532d80e2f0b8bde4b7f744cc4e3873c01cb53c0bf97b1c05d3da757722ad3319422c1c90111faac6cc530aaf0332c4451f6ad9e59b17b08f066649b685e01e99adec9ba0db908e94d40471a56b097d91f06e097b7e401c58949dde2ca4eca8e2ee4b1e5d871db0d3ded58951714aabb15e48f4ab102ec3dcfbfbec176ea533359fa19f9752ae5edfc28bcac2793e27ec44aa543bb0d77dc63b66f364fc76217812e34d517a588e2eceb353981561cd4619d8984482e91664133c1bb3e9c1650b7bf1d100495bc4e452c92103ab4f29da42847c2844b1b325657a976f07e5f49771b76c36eb03331b63c45a550e2a5297329a048d29acf9416ceebfbf973c280c9188d25d82567c4a25810ff4fd60f76c7079be971900ba9f8b95e43752e9bbcedecb88c8683438a613b015c260c751697ede76545c86ab85935940616a04cc1a62f9be8ff1bd8a007224e22d17fb63c28be80d6ebfa3465ead88ce25abb713cbb1cb631c8ddb715501b8d1650cd0d4ec7ddc54820decc3f42b9e047a3fafd734aa40b04737d3864600fccb7f89dd0158ea2f0b43f0b16dbc5d9ccec7a60470b89aeb2af734df5d42582fffd94e541c1e88ea7f7fca153281e5275cfa435850d66b36db79b9e8ddade95e4e0118d1f83424d66c8093abc351f673d9aeb23a92efcac1def551d6a9bfd5c0f0b83a18fc30123dd16882ebc220c94c8c3a2c5887f1274850240a42f747eadd5640a9cf2c0e35f5bdfe313e222b7674c090e04f1b9360d6cf585a43805d62bad6b0e7c9bb7272c06d7dd939a775a426639183f32546822d773fc9790b547d83c23a15c60b205c25a537bac8154fab88a6d1f5b85fb6f00ccafe267d87fd56f1541c5d1f783080edd65d97a9e1442f7730f3123fea16199a6c65a1b8b28f48354d07ac04f4f79f84264c5fe8628dad4ab35160a777ae4586d0e6d47f4641c0ce4239d123956126a366a9385138f1df365ba3c5f7370a6aa748079c7ae810576f78cd44ee0aaf1e60e1eca87cc4d9a9d675bca74c0698d6c46dbf2ff28a85ddc13552ecd926d69a1efc8ecdce9ce426c824ec2e5c910f14608f4cc0111a91d31de5a19bfa9ea0cabf8dd30d21a70b8305913f010fdaa8ff06f60759f62374f597776be0092a5d17dcff14090d69e5d7f929dd96db602c2adef759810c540b39ff7b71bbd68a58e087bba0ecc2ba77423d435a763ed29da92f83288e37133bd0ba7da331ec24cf30afa3e3fee11c13923a29a70618ed57fc08b63f92d050f4f4443990ba64a968f590eec9eb4d3d45e98997b80b791e57f05d141709e9e9d4b18f78cb4cc36a039652f4908a1adef3c98ff4edf1e5ef462c8abff484a9a739aab09b68739ae4b4e7be2955f35f6f14af5beab87d1c23b5efcfa819c02ec3c5d57556ff9aa8a4f1c8e2085e709caee822ab89db565d92c1c2c416316e2a10f41325a273414b7b1af993df5961f39200b82f1728faebd00ad7a63847bceacf9169d107aa11fa43ff7e6b878ab21c4719e8cf452aa572f9f41ff6d250eab2cd3fa5c8b264f6930b736afc467944442c1e57c539a8ca42c8b1a031abc6e3e409a455997dec29a34c0793662db466b06389af904a5df34c7f84a60007fd277e3e7ecd69eb1070c18a6018698690783a45f41a58d6bd84dfab2b956dd0b742f7a1bbc9acc3ad7e17997b7c9695cfe01f39945d58606d83ab7a5b0f61501a0d111834e51eac510c6915703403e8579e66eed6b0daa4aea85db1fe4e5424cb0ea6eeb84afd6297bc7113c23a161c070122bc701089c7b6a61157ea7899c9dcdeb7dd6fb764e45affecbeb864296e4e83a71bf02b6fc8686a7856e5c1429b7cd44a04e97030fd5c17049aef6bb992e1c381c37967df8eaef618931ac3ec2ab67c3da225db1e213203cc4993131c859f1f8796f308cab4e1c087a21fd3f948078a5fd5003c3c67d4a369e392702e05b9e78bef8daae6d97efb044b4b0e896e86ab8a25592027fc2a661daa9761a514100b90641678f74682ecd1edb53e0fc2089ccd457ff396ca91930e378cb2510ebd7afd6fe4f80d063aeb51b542aa00be2306f35a0a4edafc925aa87baa0ab3444ffb2924aa6f0fc5b26afac11179ea427a28ee5ae31bea6b5e1251c6a78e3d1d0f194becd841e1b66e10dac9041f4e2d25f0ebf76d00885414791115ee3c6c2953f7bdaba6feab51d63fef32eb43241df2f82ae1c6a1c7d73c024f2c3da4eb988fdb435fb3445ae87a783aba8abf13d25210874699eebdde29579b095cfdcc4b9b532b26c5d064fa788f968e0b582a4df3c9307baa18aa3df62c3ca19cb3b353aafa1c5f8d30546461c07473bb39a975c1a4b61c585fb191ea793f04cab7961421a3f3a40e286651a29d6011c98d34f5ffc2d9cf09de2a5b3d15f74458b18588074cc9ec9c442d3f94d45bc0d8bd5e17f1a183a2c57d76f930dd375948a9d8b525d4697d099b9937efdeda2d21ab11b16bce3aa7f2135b1f3673f45ad97aff7bbbb46ee3743bf1a7ef3ebd7c5b145ff46007ba07b684048f3585aa56459bb41e0e452a7f55c661f5d8c0f36c244f8d8737640ff290c4abfd5e40555f66ee2b7cbb59e70192a045757f9ab34d7b92c8b6a635cafba9b1a7f2a5ec8cfcf4a0db1ad475ccf75723b673853baf8581f5c6a82953309add29b5bff9644d4ff234c679d19be520a719e112a86e822163de4f2f27f4fe06d0be2db07b665b63de74cb8b3942682f8338ed6087020d5ac8b6e24d915f46187f2c4a98556fe6f425e512d3158659cdd7d4930b1cc4b8171851f98c136621ca28d9ac01e2fdb8ee3107c317fe7c91114cac57f5f535298367d2185f60b0fac39d3197c39e0c89718ec6c021bdfc32501fe95add0c0861aa99e83c081788faedd70b05833bfe76492fac221c6f5e769f00c38b3f7a863bec014659d82402a034cd2fc2f350803b9e77d894dc826089ba61a08a5d67580166d85131a6a4aab3ca1c7c0ca488d1605bdcb8b0d8d0f222a23c8b68160380b5901c43ce010bbf6d3af8df77caed97509ec2ee1f1aa0e6fed799897b8bfee89738921752b971fb7cabc26ff11e14f79bbfc64e76de0a6b53b24b2ba7a729b620e623f1471e9bc089011e411617b7230c695794027ea0bc850be8e326c227ebfdf24d4f33069d450203e682118937586654cbcba5a38630c6affa7c3d0dc256717327db7d84bbb599ea70fe3d416e3439f33bfee63903535408eb04823961ff1e53ffc2bcbfe497cc3c2f4a4497f3044db95b1e714454e1749632044a9a5897bf4f078dc414bef2003b1c76bcbb1db2df8396d9fb7fac8e7faad06767b2d22bad5d49888900abbd087bcdbdc0c1d15cb3dae1d8cced5b138d28060d24fbe2454dbc6f3bad10df8af9d827411a9d9cadd6fb2bd061dd46353ec30059d54f8ae00375ed4f75567fb0d88f9c4586d9cb5448fe27be930d1259fc0f4c07e470b8c84517518e051d14d567fd64f21d4c94b5b31586fe0c1b9467b8e025d5b49c5267a88e5f1e3d2bd1d15762359ea22027753af02613c805a28266a91dc894baf8ba7aca331bfacd988436966d282db9741eba4fe8f366b7c723e51d225e5ec4447b8f02aa1d4b7898496cd335359cd7a847f343381296d1453d64a410c355615cac1c650b54aa84aa76ac9d6fde062d971085f056caa4c2914f034de7736bb1f146364756ae385b30a6511ddb672a06be5b9c3c2409aa47fcdd0e2864289accca32064cc21ee0e475550164330c9160fa588f7c6992571c6f562afa9bb2819423d79ad74185a886dfe76a0cf2c34d25d0c67e7b4d822cf8b7086a3a2f27a3ed32ccba204f596438b7c623198c58ab6c42192321cf0267d60f3677a488cc0820cc4946cf58550017db02a1b1bf9d9fa133a2056a7d7f38dd12cfa8f1ebb129a109bfaecd0778cd3a001e2e28180ee6a9b2947a4019aaf90439ec3781c115d0576f9404dd412f1201785025045e397516e751e5e696ac9cec341e5554b75bf8c4c3a53940936c18331647414b26224c8db9c301e730b0f830b47025a61aadecc9830884adccd44f5f782a3a734c24b5dae62b3a71463ce83baf84af3d215da18b05ddae9cfee1c88edec9193d72a9c08ed017ec616a336235c6eaec33697ea6e9f7b9a797092da7160f6f914670576e9e47035a30b13d0555145e913b735a751f517d24c803d782d7b5bf8438f7efe8744ae6a79cf91c47bf4b45ee2a26b0548eb28fd5935c7d124660090e9fe6a269a4cea344729fb932474d1ac5a20a95ed2a823718f2baf2d6b78eeb5f4536728bf5f551bdd58b9a86e093fd2d7b30fd7f9f72f7accbcf1ec70dd9a0e99b73df62640c22aa8bdc4e4ba76931304ad913d5c77d90df4405d3d86dbd8b808bf25a7c2039fd9560545c71bab67df15e14bbdd4547348d34032a7e91b5ea0793cf486760e73d586ca0328b16835e475cd2abe9f956752de48f91b481851c", 0x1000}], 0x5, &(0x7f00000026c0)=[@rights={0x18, 0x1, 0x1, [r1]}, @cred={0x20, 0x1, 0x2, r3, r4, r5}, @rights={0x18, 0x1, 0x1, [r2, r0]}], 0x50, 0x40004}, 0x4) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f00000000c0)=0x568, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r6 = creat(&(0x7f00000027c0)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$RTC_WKALM_RD(r6, 0x80287010, &(0x7f0000000140)) openat$udambuf(0xffffffffffffff9c, &(0x7f0000002780)='/dev/udmabuf\x00', 0x2) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:52:58 executing program 4 (fault-call:4 fault-nth:0): r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) [ 1599.983712] Killed process 2648 (syz-executor.0) total-vm:72708kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1599.995443] oom_reaper: reaped process 2648 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1600.075825] FAULT_INJECTION: forcing a failure. [ 1600.075825] name failslab, interval 1, probability 0, space 0, times 0 [ 1600.087536] CPU: 1 PID: 2659 Comm: syz-executor.4 Not tainted 5.0.0-rc8 #87 [ 1600.094640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1600.104071] Call Trace: [ 1600.106672] dump_stack+0x172/0x1f0 [ 1600.110342] should_fail.cold+0xa/0x1b [ 1600.114268] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1600.119380] ? perf_trace_lock+0x510/0x510 [ 1600.123637] ? mark_held_locks+0xb1/0x100 [ 1600.127805] __should_failslab+0x121/0x190 [ 1600.132053] should_failslab+0x9/0x14 [ 1600.135585] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1600.135857] kmem_cache_alloc+0x47/0x6f0 [ 1600.135903] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1600.154680] sctp_get_port_local+0x435/0x1670 [ 1600.159197] ? sctp_unhash+0x10/0x10 [ 1600.162925] ? perf_trace_lock+0x510/0x510 [ 1600.167173] ? mark_held_locks+0xb1/0x100 [ 1600.171336] sctp_get_port+0x101/0x180 [ 1600.175234] ? sctp_get_port_local+0x1670/0x1670 [ 1600.179999] ? __local_bh_enable_ip+0x15a/0x270 [ 1600.184679] inet_autobind+0xbf/0x1a0 [ 1600.188490] inet_sendmsg+0x40c/0x5d0 [ 1600.192293] ? ipip_gro_receive+0x100/0x100 [ 1600.196622] sock_sendmsg+0xdd/0x130 [ 1600.200351] ___sys_sendmsg+0x806/0x930 [ 1600.204338] ? copy_msghdr_from_user+0x430/0x430 [ 1600.209125] ? lock_downgrade+0x810/0x810 [ 1600.213282] ? kasan_check_read+0x11/0x20 [ 1600.217444] ? __fget+0x367/0x540 [ 1600.220919] ? iterate_fd+0x360/0x360 [ 1600.224723] ? lock_downgrade+0x810/0x810 [ 1600.228885] ? __fget_light+0x1a9/0x230 [ 1600.232905] ? __fdget+0x1b/0x20 [ 1600.236278] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1600.241826] __sys_sendmsg+0x105/0x1d0 [ 1600.245718] ? __ia32_sys_shutdown+0x80/0x80 [ 1600.250133] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1600.255674] ? fput+0x128/0x1a0 [ 1600.258981] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1600.263752] ? do_syscall_64+0x26/0x610 [ 1600.267729] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1600.273092] ? do_syscall_64+0x26/0x610 [ 1600.277097] __x64_sys_sendmsg+0x78/0xb0 [ 1600.281163] do_syscall_64+0x103/0x610 [ 1600.285056] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1600.290243] RIP: 0033:0x457e29 [ 1600.293456] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1600.312362] RSP: 002b:00007f4ff9a38c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1600.320074] RAX: ffffffffffffffda RBX: 00007f4ff9a38c90 RCX: 0000000000457e29 [ 1600.327345] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 1600.334618] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1600.341884] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4ff9a396d4 [ 1600.349165] R13: 00000000004c550c R14: 00000000004d93f8 R15: 0000000000000004 [ 1600.356459] CPU: 0 PID: 2666 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1600.363566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1600.372921] Call Trace: [ 1600.372942] dump_stack+0x172/0x1f0 [ 1600.372965] dump_header+0x10f/0xb6c [ 1600.372995] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1600.373011] ? ___ratelimit+0x60/0x595 [ 1600.373025] ? do_raw_spin_unlock+0x57/0x270 [ 1600.373048] oom_kill_process.cold+0x10/0x6f5 [ 1600.400822] ? task_will_free_mem+0x139/0x6e0 [ 1600.405334] out_of_memory+0x79a/0x1280 [ 1600.409317] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1600.414431] ? oom_killer_disable+0x280/0x280 [ 1600.418949] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1600.424077] mem_cgroup_out_of_memory+0x99/0xe0 [ 1600.428758] ? memcg_memory_event+0x40/0x40 [ 1600.433099] ? _raw_spin_unlock+0x2d/0x50 [ 1600.437254] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1600.442369] try_charge+0xfec/0x1570 [ 1600.446099] ? find_held_lock+0x35/0x130 [ 1600.450174] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1600.455033] ? kasan_check_read+0x11/0x20 [ 1600.459225] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1600.464079] mem_cgroup_try_charge+0x24d/0x5e0 [ 1600.468673] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1600.473606] wp_page_copy+0x408/0x1740 [ 1600.477549] ? find_held_lock+0x35/0x130 [ 1600.481616] ? pmd_pfn+0x1d0/0x1d0 [ 1600.485159] ? lock_downgrade+0x810/0x810 [ 1600.489309] ? swp_swapcount+0x540/0x540 [ 1600.493377] ? kasan_check_read+0x11/0x20 [ 1600.497528] ? do_raw_spin_unlock+0x57/0x270 [ 1600.501957] do_wp_page+0x2ed/0x1520 [ 1600.505690] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1600.510373] __handle_mm_fault+0x22db/0x3f20 [ 1600.514787] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1600.519628] ? find_held_lock+0x35/0x130 [ 1600.523694] ? handle_mm_fault+0x322/0xb30 [ 1600.527954] ? kasan_check_read+0x11/0x20 [ 1600.532121] handle_mm_fault+0x43f/0xb30 [ 1600.536194] __do_page_fault+0x5da/0xd60 [ 1600.540288] do_page_fault+0x71/0x581 [ 1600.544108] ? page_fault+0x8/0x30 [ 1600.547650] page_fault+0x1e/0x30 [ 1600.551099] RIP: 0033:0x4016a9 [ 1600.554301] Code: 00 48 83 ec 08 48 8b 15 0d ee 64 00 48 8b 05 fe ed 64 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 89 38 <48> 89 15 e0 ed 64 00 48 83 c4 08 c3 48 89 c6 bf d8 74 4c 00 31 c0 03:52:59 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) r3 = add_key(&(0x7f0000000400)='id_legacy\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x27a, r2) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in=@remote, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f00000000c0)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0, 0x0}, &(0x7f0000000300)=0xc) keyctl$chown(0x4, r3, r4, r5) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1600.573227] RSP: 002b:00007ffee6aa5730 EFLAGS: 00010283 [ 1600.578599] RAX: 0000001b32120138 RBX: 0000000000000003 RCX: 0000001b33120000 [ 1600.585866] RDX: 0000001b3212013c RSI: 0000000000000001 RDI: 0000000000000001 [ 1600.593135] RBP: 0000000000000000 R08: 0000000000186a52 R09: 0000000000186a52 [ 1600.600402] R10: 00007ffee6aa5870 R11: 0000000000000246 R12: 0000000000186a88 [ 1600.607670] R13: 0000000000186a5b R14: 000000000073bf00 R15: 000000000073bf0c 03:52:59 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) r3 = add_key(&(0x7f0000000400)='id_legacy\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x27a, r2) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in=@remote, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f00000000c0)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0, 0x0}, &(0x7f0000000300)=0xc) keyctl$chown(0x4, r3, r4, r5) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:52:59 executing program 4 (fault-call:4 fault-nth:1): r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) [ 1600.689400] memory: usage 307196kB, limit 307200kB, failcnt 21083 [ 1600.704078] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1600.723321] audit: type=1800 audit(2000001179.680:157): pid=2672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=18349 res=0 [ 1600.732037] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1600.760853] Memory cgroup stats for /syz0: cache:0KB rss:96860KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96852KB inactive_file:4KB active_file:4KB unevictable:0KB 03:52:59 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) [ 1600.791422] FAULT_INJECTION: forcing a failure. [ 1600.791422] name failslab, interval 1, probability 0, space 0, times 0 [ 1600.825948] CPU: 0 PID: 2683 Comm: syz-executor.4 Not tainted 5.0.0-rc8 #87 [ 1600.833089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1600.839752] audit: type=1804 audit(2000001179.730:158): pid=2673 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir186871136/syzkaller.y1AeaV/2288/file0" dev="sda1" ino=18349 res=1 [ 1600.842448] Call Trace: [ 1600.842476] dump_stack+0x172/0x1f0 [ 1600.842502] should_fail.cold+0xa/0x1b [ 1600.842539] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1600.842562] ? sctp_get_port_local+0xf09/0x1670 [ 1600.842584] ? __local_bh_enable_ip+0x15a/0x270 [ 1600.842605] __should_failslab+0x121/0x190 [ 1600.898191] should_failslab+0x9/0x14 [ 1600.901999] kmem_cache_alloc_trace+0x4b/0x760 [ 1600.906484] audit: type=1800 audit(2000001179.740:159): pid=2673 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=18349 res=0 [ 1600.906584] ? sctp_unhash+0x10/0x10 [ 1600.932831] ? kasan_check_read+0x11/0x20 [ 1600.936955] audit: type=1804 audit(2000001179.760:160): pid=2672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir186871136/syzkaller.y1AeaV/2288/file0" dev="sda1" ino=18349 res=1 [ 1600.936990] sctp_add_bind_addr+0x9f/0x3a0 [ 1600.968165] sctp_do_bind+0x301/0x5d0 [ 1600.971021] audit: type=1804 audit(2000001179.780:161): pid=2653 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir186871136/syzkaller.y1AeaV/2288/file0" dev="sda1" ino=18349 res=1 [ 1600.971981] sctp_autobind+0x16d/0x1f0 [ 1600.971997] ? mark_held_locks+0x100/0x100 [ 1600.972013] ? sctp_do_bind+0x5d0/0x5d0 [ 1600.972032] ? debug_smp_processor_id+0x1c/0x20 [ 1601.015648] ? sctp_endpoint_is_peeled_off+0xf2/0x130 [ 1601.020858] sctp_sendmsg_new_asoc+0xb7c/0xfd0 [ 1601.025460] ? mark_held_locks+0xb1/0x100 [ 1601.029621] ? sctp_autobind+0x1f0/0x1f0 [ 1601.033689] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1601.038277] ? lock_sock_nested+0x9a/0x120 03:53:00 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) r3 = add_key(&(0x7f0000000400)='id_legacy\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x27a, r2) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in=@remote, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f00000000c0)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0, 0x0}, &(0x7f0000000300)=0xc) keyctl$chown(0x4, r3, r4, r5) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1601.042522] ? trace_hardirqs_on+0x67/0x230 [ 1601.046863] ? lock_sock_nested+0x9a/0x120 [ 1601.051111] ? __local_bh_enable_ip+0x15a/0x270 [ 1601.055792] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1601.061339] ? sctp_endpoint_lookup_assoc+0x17f/0x290 [ 1601.066550] sctp_sendmsg+0x1269/0x17e0 [ 1601.070572] ? sctp_id2assoc+0x2d0/0x2d0 [ 1601.074634] ? __local_bh_enable_ip+0x15a/0x270 [ 1601.079303] ? _raw_spin_unlock_bh+0x31/0x40 [ 1601.083718] ? __local_bh_enable_ip+0x15a/0x270 [ 1601.088395] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1601.092992] ? release_sock+0x158/0x1c0 [ 1601.096978] ? _raw_spin_unlock_bh+0x31/0x40 [ 1601.101390] ? release_sock+0x158/0x1c0 [ 1601.101414] inet_sendmsg+0x147/0x5d0 [ 1601.101430] ? ipip_gro_receive+0x100/0x100 [ 1601.101448] sock_sendmsg+0xdd/0x130 [ 1601.101497] ___sys_sendmsg+0x806/0x930 [ 1601.101517] ? copy_msghdr_from_user+0x430/0x430 [ 1601.101569] ? lock_downgrade+0x810/0x810 [ 1601.101588] ? kasan_check_read+0x11/0x20 [ 1601.134410] ? __fget+0x367/0x540 [ 1601.137875] ? iterate_fd+0x360/0x360 [ 1601.141693] ? lock_downgrade+0x810/0x810 [ 1601.145861] ? __fget_light+0x1a9/0x230 [ 1601.149853] ? __fdget+0x1b/0x20 [ 1601.153232] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1601.158785] __sys_sendmsg+0x105/0x1d0 [ 1601.162688] ? __ia32_sys_shutdown+0x80/0x80 [ 1601.167108] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1601.172660] ? fput+0x128/0x1a0 [ 1601.175966] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1601.180734] ? do_syscall_64+0x26/0x610 [ 1601.184713] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe 03:53:00 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) r3 = add_key(&(0x7f0000000400)='id_legacy\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x27a, r2) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in=@remote, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f00000000c0)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0, 0x0}, &(0x7f0000000300)=0xc) keyctl$chown(0x4, r3, r4, r5) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1601.190084] ? do_syscall_64+0x26/0x610 [ 1601.194079] __x64_sys_sendmsg+0x78/0xb0 [ 1601.198149] do_syscall_64+0x103/0x610 [ 1601.202051] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1601.207242] RIP: 0033:0x457e29 [ 1601.210452] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1601.210569] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=8948,uid=0 [ 1601.229363] RSP: 002b:00007f4ff9a38c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1601.229379] RAX: ffffffffffffffda RBX: 00007f4ff9a38c90 RCX: 0000000000457e29 [ 1601.229388] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 1601.229398] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1601.229407] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4ff9a396d4 [ 1601.229416] R13: 00000000004c550c R14: 00000000004d93f8 R15: 0000000000000004 03:53:00 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) r3 = add_key(&(0x7f0000000400)='id_legacy\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x27a, r2) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in=@remote, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f00000000c0)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0, 0x0}, &(0x7f0000000300)=0xc) keyctl$chown(0x4, r3, r4, r5) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:00 executing program 5: mkdir(&(0x7f0000000000)='./control\x00', 0x0) r0 = inotify_init1(0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) inotify_add_watch(r0, &(0x7f00007a7000)='./control\x00', 0xa4000960) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000300)='fdinfo/3\x00') ioctl$DRM_IOCTL_RES_CTX(r2, 0xc0106426, &(0x7f0000000100)={0x5, &(0x7f00000000c0)=[{}, {}, {0x0}, {}, {}]}) ioctl$DRM_IOCTL_GET_CTX(r1, 0xc0086423, &(0x7f0000000140)={r3, 0x2}) preadv(r0, &(0x7f0000000100), 0xfa6, 0xfffffffffffeffff) [ 1601.295201] Memory cgroup out of memory: Kill process 8948 (syz-executor.0) score 1103 or sacrifice child [ 1601.330066] Killed process 8948 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1601.355850] oom_reaper: reaped process 8948 (syz-executor.0), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 1601.488938] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1601.499165] CPU: 0 PID: 2666 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1601.506272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1601.515625] Call Trace: [ 1601.518220] dump_stack+0x172/0x1f0 [ 1601.521865] dump_header+0x10f/0xb6c [ 1601.525608] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1601.530716] ? ___ratelimit+0x60/0x595 [ 1601.534607] ? do_raw_spin_unlock+0x57/0x270 [ 1601.539028] oom_kill_process.cold+0x10/0x6f5 [ 1601.543532] ? task_will_free_mem+0x139/0x6e0 [ 1601.548060] out_of_memory+0x79a/0x1280 [ 1601.552046] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1601.557159] ? oom_killer_disable+0x280/0x280 [ 1601.561673] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1601.566793] mem_cgroup_out_of_memory+0x99/0xe0 [ 1601.571470] ? memcg_memory_event+0x40/0x40 [ 1601.575809] ? _raw_spin_unlock+0x2d/0x50 [ 1601.579964] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1601.585074] try_charge+0xfec/0x1570 [ 1601.588789] ? find_held_lock+0x35/0x130 [ 1601.592860] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1601.597710] ? kasan_check_read+0x11/0x20 [ 1601.601857] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1601.606736] mem_cgroup_try_charge+0x24d/0x5e0 [ 1601.611324] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1601.616251] wp_page_copy+0x408/0x1740 [ 1601.620133] ? find_held_lock+0x35/0x130 [ 1601.624206] ? pmd_pfn+0x1d0/0x1d0 [ 1601.627743] ? lock_downgrade+0x810/0x810 [ 1601.631885] ? swp_swapcount+0x540/0x540 [ 1601.635955] ? kasan_check_read+0x11/0x20 [ 1601.640088] ? do_raw_spin_unlock+0x57/0x270 [ 1601.644500] do_wp_page+0x2ed/0x1520 [ 1601.648199] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1601.652858] __handle_mm_fault+0x22db/0x3f20 [ 1601.657254] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1601.662089] ? find_held_lock+0x35/0x130 [ 1601.666145] ? handle_mm_fault+0x322/0xb30 [ 1601.670391] ? kasan_check_read+0x11/0x20 [ 1601.674533] handle_mm_fault+0x43f/0xb30 [ 1601.678582] __do_page_fault+0x5da/0xd60 [ 1601.682668] do_page_fault+0x71/0x581 [ 1601.686466] ? page_fault+0x8/0x30 [ 1601.690005] page_fault+0x1e/0x30 [ 1601.693443] RIP: 0033:0x4315be [ 1601.696616] Code: 15 db 39 62 00 4c 89 c0 85 d2 0f 85 74 01 00 00 48 83 c4 08 5b 5d 41 5c 41 5d c3 90 be 01 00 00 00 83 3d 8c 51 62 00 00 74 08 0f b1 33 75 07 eb 1b 0f b1 33 74 16 48 8d 3b 48 81 ec 80 00 00 [ 1601.715497] RSP: 002b:00007ffee6aa5670 EFLAGS: 00010202 [ 1601.720846] RAX: 0000000000000000 RBX: 0000000000711640 RCX: 0000000000457e7a [ 1601.728109] RDX: 0000000000000011 RSI: 0000000000000001 RDI: 0000000000000011 [ 1601.735361] RBP: 0000000000000110 R08: ffffffffffffffff R09: 0000000000000000 [ 1601.742633] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffee6aa5880 [ 1601.749901] R13: 00007f3c7556f700 R14: 0000000000000005 R15: 000000000073bfac [ 1601.760245] memory: usage 307196kB, limit 307200kB, failcnt 21132 [ 1601.766512] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1601.779937] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1601.786206] Memory cgroup stats for /syz0: cache:0KB rss:96844KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96800KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1601.807600] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2666,uid=0 [ 1601.834701] Memory cgroup out of memory: Kill process 2666 (syz-executor.0) score 1106 or sacrifice child [ 1601.853187] Killed process 2706 (syz-executor.0) total-vm:72444kB, anon-rss:156kB, file-rss:34816kB, shmem-rss:0kB [ 1601.866607] oom_reaper: reaped process 2706 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1601.882424] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1601.894170] CPU: 1 PID: 2666 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1601.901279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1601.910629] Call Trace: [ 1601.913241] dump_stack+0x172/0x1f0 [ 1601.916868] dump_header+0x10f/0xb6c [ 1601.920583] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1601.925679] ? ___ratelimit+0x60/0x595 [ 1601.929562] ? do_raw_spin_unlock+0x57/0x270 [ 1601.933957] oom_kill_process.cold+0x10/0x6f5 [ 1601.938437] ? task_will_free_mem+0x139/0x6e0 [ 1601.942940] out_of_memory+0x79a/0x1280 [ 1601.946914] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1601.952047] ? oom_killer_disable+0x280/0x280 [ 1601.956534] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1601.961640] mem_cgroup_out_of_memory+0x99/0xe0 [ 1601.966300] ? memcg_memory_event+0x40/0x40 [ 1601.970641] ? _raw_spin_unlock+0x2d/0x50 [ 1601.974799] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1601.979885] try_charge+0xfec/0x1570 [ 1601.983601] ? find_held_lock+0x35/0x130 [ 1601.987651] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1601.992491] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1601.997329] ? find_held_lock+0x35/0x130 [ 1602.001385] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1602.006243] memcg_kmem_charge_memcg+0x7c/0x130 [ 1602.010928] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1602.015457] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1602.020295] memcg_kmem_charge+0x13b/0x340 [ 1602.024523] __alloc_pages_nodemask+0x437/0x710 [ 1602.029176] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1602.034180] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1602.038747] ? trace_hardirqs_on+0x67/0x230 [ 1602.043073] copy_process.part.0+0x3e0/0x79a0 [ 1602.047563] ? psi_memstall_leave+0x11c/0x180 [ 1602.052054] ? sched_clock+0x2e/0x50 [ 1602.055764] ? psi_memstall_leave+0x12e/0x180 [ 1602.060253] ? find_held_lock+0x35/0x130 [ 1602.064328] ? __lock_acquire+0x53b/0x4700 [ 1602.068567] ? __cleanup_sighand+0x70/0x70 [ 1602.072797] ? mark_held_locks+0x100/0x100 [ 1602.077025] ? perf_trace_lock_acquire+0xf5/0x580 [ 1602.081859] ? rcu_read_lock_sched_held+0x110/0x130 [ 1602.086865] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1602.092403] _do_fork+0x257/0xfe0 [ 1602.095857] ? fork_idle+0x1d0/0x1d0 [ 1602.099574] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 1602.104925] ? lock_downgrade+0x810/0x810 [ 1602.109058] ? blkcg_exit_queue+0x30/0x30 [ 1602.113204] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1602.117954] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1602.122706] ? do_syscall_64+0x26/0x610 [ 1602.126677] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1602.132033] ? do_syscall_64+0x26/0x610 [ 1602.136006] __x64_sys_clone+0xbf/0x150 [ 1602.139968] do_syscall_64+0x103/0x610 [ 1602.143855] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1602.149039] RIP: 0033:0x45a7f9 [ 1602.152224] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1602.171128] RSP: 002b:00007ffee6aa5678 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1602.178831] RAX: ffffffffffffffda RBX: 00007f3c7556f700 RCX: 000000000045a7f9 [ 1602.186085] RDX: 00007f3c7556f9d0 RSI: 00007f3c7556edb0 RDI: 00000000003d0f00 [ 1602.193337] RBP: 00007ffee6aa5880 R08: 00007f3c7556f700 R09: 00007f3c7556f700 [ 1602.200622] R10: 00007f3c7556f9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1602.207882] R13: 00007ffee6aa572f R14: 00007f3c7556f9c0 R15: 000000000073bfac [ 1602.215606] memory: usage 307036kB, limit 307200kB, failcnt 21147 [ 1602.221978] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1602.228730] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1602.234940] Memory cgroup stats for /syz0: cache:0KB rss:96844KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96836KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1602.255092] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2666,uid=0 [ 1602.269631] Memory cgroup out of memory: Kill process 2666 (syz-executor.0) score 1106 or sacrifice child [ 1602.279439] Killed process 2668 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB 03:53:01 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x840c) 03:53:01 executing program 4 (fault-call:4 fault-nth:2): r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:01 executing program 5: mkdir(&(0x7f0000000000)='./control\x00', 0x0) r0 = inotify_init1(0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) inotify_add_watch(r0, &(0x7f00007a7000)='./control\x00', 0xa4000960) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000300)='fdinfo/3\x00') ioctl$DRM_IOCTL_RES_CTX(r2, 0xc0106426, &(0x7f0000000100)={0x5, &(0x7f00000000c0)=[{}, {}, {0x0}, {}, {}]}) ioctl$DRM_IOCTL_GET_CTX(r1, 0xc0086423, &(0x7f0000000140)={r3, 0x2}) preadv(r0, &(0x7f0000000100), 0xfa6, 0xfffffffffffeffff) 03:53:01 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:53:01 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) add_key(&(0x7f0000000400)='id_legacy\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x27a, r2) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in=@remote, @in=@local}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f00000000c0)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000002c0), &(0x7f0000000300)=0xc) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:01 executing program 2: r0 = syz_open_dev$vcsn(&(0x7f00000001c0)='/dev/vcs#\x00', 0xa55, 0x1) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f0000000200)={'raw\x00', 0x67, "378d7c687b86f8483f112eb827b86557bbbdf001b26675e7eb8dc0f8268e6cd960bec2b0720d2fefd33ea7b716bad3db6ac1b996187cce36f4d743514572677cff2fae53f202e0dc6526a90be2f0e779b5086a82fb5dc43eb1eb3d667d6c3c1cfb85dfe7cb9dd8"}, &(0x7f00000002c0)=0x8b) openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1602.291147] oom_reaper: reaped process 2668 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1602.366768] FAULT_INJECTION: forcing a failure. [ 1602.366768] name failslab, interval 1, probability 0, space 0, times 0 [ 1602.381379] CPU: 0 PID: 2719 Comm: syz-executor.4 Not tainted 5.0.0-rc8 #87 [ 1602.388495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1602.397848] Call Trace: [ 1602.400456] dump_stack+0x172/0x1f0 [ 1602.404112] should_fail.cold+0xa/0x1b [ 1602.408018] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1602.413131] ? lock_downgrade+0x810/0x810 [ 1602.417292] ? ___might_sleep+0x163/0x280 [ 1602.421452] __should_failslab+0x121/0x190 [ 1602.425697] should_failslab+0x9/0x14 [ 1602.429506] kmem_cache_alloc_trace+0x2d1/0x760 [ 1602.434186] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1602.439727] ? selinux_sctp_bind_connect+0x13b/0x2b0 [ 1602.439752] sctp_association_new+0x93/0x2030 [ 1602.439769] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1602.454884] sctp_sendmsg_new_asoc+0x397/0xfd0 [ 1602.459491] ? mark_held_locks+0xb1/0x100 [ 1602.463652] ? sctp_autobind+0x1f0/0x1f0 [ 1602.467719] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1602.472312] ? lock_sock_nested+0x9a/0x120 [ 1602.476549] ? trace_hardirqs_on+0x67/0x230 [ 1602.480889] ? lock_sock_nested+0x9a/0x120 [ 1602.485163] ? __local_bh_enable_ip+0x15a/0x270 [ 1602.489841] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1602.495388] ? sctp_endpoint_lookup_assoc+0x17f/0x290 [ 1602.500605] sctp_sendmsg+0x1269/0x17e0 [ 1602.500632] ? sctp_id2assoc+0x2d0/0x2d0 [ 1602.500649] ? __local_bh_enable_ip+0x15a/0x270 [ 1602.508671] ? _raw_spin_unlock_bh+0x31/0x40 [ 1602.517722] ? __local_bh_enable_ip+0x15a/0x270 [ 1602.522403] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1602.527007] ? release_sock+0x158/0x1c0 [ 1602.531001] ? _raw_spin_unlock_bh+0x31/0x40 [ 1602.535413] ? release_sock+0x158/0x1c0 [ 1602.539400] inet_sendmsg+0x147/0x5d0 [ 1602.543216] ? ipip_gro_receive+0x100/0x100 [ 1602.547552] sock_sendmsg+0xdd/0x130 [ 1602.551281] ___sys_sendmsg+0x806/0x930 [ 1602.555275] ? copy_msghdr_from_user+0x430/0x430 [ 1602.560040] ? lock_downgrade+0x810/0x810 [ 1602.564204] ? kasan_check_read+0x11/0x20 [ 1602.568368] ? __fget+0x367/0x540 [ 1602.571851] ? iterate_fd+0x360/0x360 [ 1602.575683] ? lock_downgrade+0x810/0x810 [ 1602.579852] ? __fget_light+0x1a9/0x230 [ 1602.583853] ? __fdget+0x1b/0x20 [ 1602.587227] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1602.592782] __sys_sendmsg+0x105/0x1d0 [ 1602.596679] ? __ia32_sys_shutdown+0x80/0x80 [ 1602.601095] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1602.606644] ? fput+0x128/0x1a0 [ 1602.609988] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1602.614752] ? do_syscall_64+0x26/0x610 [ 1602.618736] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1602.624105] ? do_syscall_64+0x26/0x610 [ 1602.628535] __x64_sys_sendmsg+0x78/0xb0 [ 1602.632634] do_syscall_64+0x103/0x610 [ 1602.636537] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1602.641730] RIP: 0033:0x457e29 [ 1602.644938] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:53:01 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) add_key(&(0x7f0000000400)='id_legacy\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x27a, r2) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000480)={{{@in=@remote, @in=@local}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f00000000c0)=0xe8) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:01 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) 03:53:01 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCINQ(0xffffffffffffff9c, 0x541b, &(0x7f0000000240)) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f3188b070") r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000040)='team\x00') prctl$PR_MCE_KILL(0x21, 0x0, 0x0) write$ppp(r1, &(0x7f00000002c0)="ec1dc643859035559dc4bd0d8718629f49923f73e97eb29c59c021d9e3c0ed9f73403f468a76455735c4fb54c29f430092b182ca0a5ffef75bc2dc8561369f52f7f765bca2902c3802f5b6750e5752eee58415f62099d5546b42d3dfbe158e4175a37fb4edcb67ab13dc9f976f3bd6ff9d470e3ec2c024556e9b6341a8cfa7ddcb13bf27334225a0fcc4f9694cfa154a459e35885638b85cdf4d642c24f84771dc0e5d5378e032e0100d09bf8e4fc8251c49f773d405e87b43c5f51707b4d7ee304429bd9ff949314fbbd7e6ca55b5047ff26a938ed3800f6dff35", 0xdb) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000180)={'team0\x00'}) r3 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000280)='SEG6\x00') sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f0000000200)={&(0x7f0000000000), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r3, 0x208, 0x70bd25, 0x25dfdbfb, {}, [@SEG6_ATTR_SECRET={0x8, 0x4, [0x9]}, @SEG6_ATTR_SECRETLEN={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x4804) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f000000e640)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="20000000305c57ef792823b47281e9a58b9aa8ba3d1a1e99b8da2f", @ANYRES16=r2, @ANYBLOB="0501000000000000000003000000"], 0xfffffffffffffebb}}, 0x0) [ 1602.646495] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1602.663845] RSP: 002b:00007f4ff9a38c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1602.663860] RAX: ffffffffffffffda RBX: 00007f4ff9a38c90 RCX: 0000000000457e29 [ 1602.663868] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 1602.663877] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1602.663886] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4ff9a396d4 [ 1602.663904] R13: 00000000004c550c R14: 00000000004d93f8 R15: 0000000000000004 03:53:01 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:53:01 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) add_key(&(0x7f0000000400)='id_legacy\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x27a, r2) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:01 executing program 4 (fault-call:4 fault-nth:3): r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) [ 1602.904144] FAULT_INJECTION: forcing a failure. [ 1602.904144] name failslab, interval 1, probability 0, space 0, times 0 [ 1602.917723] CPU: 1 PID: 2750 Comm: syz-executor.4 Not tainted 5.0.0-rc8 #87 [ 1602.924851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1602.934218] Call Trace: [ 1602.934247] dump_stack+0x172/0x1f0 [ 1602.934272] should_fail.cold+0xa/0x1b [ 1602.934294] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1602.949467] ? lock_downgrade+0x810/0x810 [ 1602.953639] ? ___might_sleep+0x163/0x280 [ 1602.953660] __should_failslab+0x121/0x190 [ 1602.953694] should_failslab+0x9/0x14 [ 1602.953709] kmem_cache_alloc_trace+0x2d1/0x760 [ 1602.953721] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1602.953737] ? trace_hardirqs_on+0x67/0x230 [ 1602.953750] ? kasan_check_read+0x11/0x20 [ 1602.953771] flex_array_alloc+0xd9/0x2d0 [ 1602.953806] fa_alloc+0x24/0x70 [ 1602.953820] sctp_stream_alloc_out+0x33/0x450 [ 1602.953839] sctp_stream_init+0xf5/0x400 [ 1602.953861] sctp_association_new+0x11b7/0x2030 [ 1603.004166] sctp_sendmsg_new_asoc+0x397/0xfd0 [ 1603.008767] ? mark_held_locks+0xb1/0x100 [ 1603.012932] ? sctp_autobind+0x1f0/0x1f0 [ 1603.016994] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1603.021584] ? lock_sock_nested+0x9a/0x120 [ 1603.025828] ? trace_hardirqs_on+0x67/0x230 [ 1603.030152] ? lock_sock_nested+0x9a/0x120 [ 1603.034398] ? __local_bh_enable_ip+0x15a/0x270 [ 1603.039077] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1603.044617] ? sctp_endpoint_lookup_assoc+0x17f/0x290 [ 1603.049834] sctp_sendmsg+0x1269/0x17e0 [ 1603.053824] ? sctp_id2assoc+0x2d0/0x2d0 [ 1603.057903] ? __local_bh_enable_ip+0x15a/0x270 [ 1603.062577] ? _raw_spin_unlock_bh+0x31/0x40 [ 1603.066999] ? __local_bh_enable_ip+0x15a/0x270 [ 1603.071701] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1603.076317] ? release_sock+0x158/0x1c0 [ 1603.080314] ? _raw_spin_unlock_bh+0x31/0x40 [ 1603.084738] ? release_sock+0x158/0x1c0 [ 1603.088724] inet_sendmsg+0x147/0x5d0 [ 1603.092530] ? ipip_gro_receive+0x100/0x100 [ 1603.096861] sock_sendmsg+0xdd/0x130 [ 1603.100595] ___sys_sendmsg+0x806/0x930 [ 1603.104592] ? copy_msghdr_from_user+0x430/0x430 [ 1603.109393] ? lock_downgrade+0x810/0x810 [ 1603.113557] ? kasan_check_read+0x11/0x20 [ 1603.117714] ? __fget+0x367/0x540 [ 1603.121178] ? iterate_fd+0x360/0x360 [ 1603.124983] ? lock_downgrade+0x810/0x810 [ 1603.129145] ? __fget_light+0x1a9/0x230 [ 1603.133129] ? __fdget+0x1b/0x20 [ 1603.136500] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1603.142062] __sys_sendmsg+0x105/0x1d0 [ 1603.145957] ? __ia32_sys_shutdown+0x80/0x80 [ 1603.150373] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1603.155947] ? fput+0x128/0x1a0 [ 1603.159247] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1603.164011] ? do_syscall_64+0x26/0x610 [ 1603.168010] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1603.173375] ? do_syscall_64+0x26/0x610 [ 1603.177391] __x64_sys_sendmsg+0x78/0xb0 [ 1603.181467] do_syscall_64+0x103/0x610 [ 1603.185368] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1603.190559] RIP: 0033:0x457e29 [ 1603.193757] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1603.212665] RSP: 002b:00007f4ff9a38c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1603.220375] RAX: ffffffffffffffda RBX: 00007f4ff9a38c90 RCX: 0000000000457e29 [ 1603.227647] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 1603.234923] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1603.242193] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4ff9a396d4 [ 1603.249461] R13: 00000000004c550c R14: 00000000004d93f8 R15: 0000000000000004 [ 1603.256761] CPU: 0 PID: 2731 Comm: syz-executor.2 Not tainted 5.0.0-rc8 #87 [ 1603.263887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1603.273277] Call Trace: [ 1603.275875] dump_stack+0x172/0x1f0 [ 1603.279528] dump_header+0x10f/0xb6c [ 1603.283246] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1603.288355] ? ___ratelimit+0x60/0x595 [ 1603.292253] ? do_raw_spin_unlock+0x57/0x270 [ 1603.296674] oom_kill_process.cold+0x10/0x6f5 [ 1603.301187] ? task_will_free_mem+0x139/0x6e0 [ 1603.305718] out_of_memory+0x79a/0x1280 [ 1603.309713] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1603.314821] ? oom_killer_disable+0x280/0x280 [ 1603.314850] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1603.314901] mem_cgroup_out_of_memory+0x99/0xe0 [ 1603.314959] ? memcg_memory_event+0x40/0x40 [ 1603.314980] ? _raw_spin_unlock+0x2d/0x50 [ 1603.337666] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1603.342779] try_charge+0xfec/0x1570 [ 1603.346510] ? find_held_lock+0x35/0x130 [ 1603.350565] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1603.355404] ? kasan_check_read+0x11/0x20 [ 1603.359539] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1603.364369] mem_cgroup_try_charge+0x24d/0x5e0 [ 1603.368942] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1603.373856] wp_page_copy+0x408/0x1740 [ 1603.377726] ? find_held_lock+0x35/0x130 [ 1603.381776] ? pmd_pfn+0x1d0/0x1d0 [ 1603.385301] ? lock_downgrade+0x810/0x810 [ 1603.389433] ? __pte_alloc_kernel+0x220/0x220 [ 1603.393935] ? kasan_check_read+0x11/0x20 [ 1603.398066] ? do_raw_spin_unlock+0x57/0x270 [ 1603.402461] do_wp_page+0x2ed/0x1520 [ 1603.406158] ? rwlock_bug.part.0+0x90/0x90 [ 1603.410373] ? lock_acquire+0x16f/0x3f0 [ 1603.414330] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1603.418982] ? add_mm_counter_fast.part.0+0x40/0x40 [ 1603.420285] net_ratelimit: 26 callbacks suppressed [ 1603.420293] protocol 88fb is buggy, dev hsr_slave_0 [ 1603.423994] __handle_mm_fault+0x22db/0x3f20 [ 1603.428963] protocol 88fb is buggy, dev hsr_slave_1 [ 1603.433941] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1603.433956] ? find_held_lock+0x35/0x130 [ 1603.433971] ? handle_mm_fault+0x322/0xb30 [ 1603.433999] ? kasan_check_read+0x11/0x20 [ 1603.438488] protocol 88fb is buggy, dev hsr_slave_0 [ 1603.443389] handle_mm_fault+0x43f/0xb30 [ 1603.443413] __do_page_fault+0x5da/0xd60 [ 1603.443439] do_page_fault+0x71/0x581 [ 1603.448293] protocol 88fb is buggy, dev hsr_slave_1 [ 1603.452311] ? page_fault+0x8/0x30 [ 1603.452327] page_fault+0x1e/0x30 [ 1603.452340] RIP: 0033:0x40d1e8 [ 1603.456632] protocol 88fb is buggy, dev hsr_slave_0 [ 1603.460695] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf bf d4 4b 00 31 c0 e8 43 47 ff ff 31 ff e8 8c 43 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 32 64 00 [ 1603.460704] RSP: 002b:00007ffda87d9f60 EFLAGS: 00010246 [ 1603.460716] RAX: 0000000068d8f9eb RBX: 0000000050971b26 RCX: 0000001b33720000 [ 1603.460727] RDX: 0000000000000000 RSI: 00000000000019eb RDI: ffffffff68d8f9eb [ 1603.465754] protocol 88fb is buggy, dev hsr_slave_1 [ 1603.469771] RBP: 0000000000000010 R08: 0000000068d8f9eb R09: 0000000068d8f9ef [ 1603.469782] R10: 00007ffda87da0f0 R11: 0000000000000246 R12: 000000000073bf88 [ 1603.473932] protocol 88fb is buggy, dev hsr_slave_0 [ 1603.477608] R13: 0000000080000000 R14: 00007f388e288008 R15: 0000000000000010 [ 1603.480844] memory: usage 306900kB, limit 307200kB, failcnt 3406 [ 1603.482686] protocol 88fb is buggy, dev hsr_slave_1 [ 1603.486706] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1603.587166] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1603.595148] Memory cgroup stats for /syz2: cache:56KB rss:252188KB rss_huge:223232KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:12KB active_anon:252156KB inactive_file:12KB active_file:0KB unevictable:40KB [ 1603.616588] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=22442,uid=0 [ 1603.633271] Memory cgroup out of memory: Kill process 22442 (syz-executor.2) score 1113 or sacrifice child [ 1603.643428] Killed process 22442 (syz-executor.2) total-vm:72708kB, anon-rss:2208kB, file-rss:35788kB, shmem-rss:0kB [ 1603.656402] oom_reaper: reaped process 22442 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 1603.662103] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1603.686358] CPU: 1 PID: 2733 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1603.693461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1603.702797] Call Trace: [ 1603.705374] dump_stack+0x172/0x1f0 [ 1603.708989] dump_header+0x10f/0xb6c [ 1603.712690] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1603.717793] ? ___ratelimit+0x60/0x595 [ 1603.721676] ? do_raw_spin_unlock+0x57/0x270 [ 1603.726080] oom_kill_process.cold+0x10/0x6f5 [ 1603.730562] ? task_will_free_mem+0x139/0x6e0 [ 1603.735064] out_of_memory+0x79a/0x1280 [ 1603.739047] ? oom_killer_disable+0x280/0x280 [ 1603.743557] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1603.748655] mem_cgroup_out_of_memory+0x99/0xe0 [ 1603.753312] ? memcg_memory_event+0x40/0x40 [ 1603.757624] ? _raw_spin_unlock+0x2d/0x50 [ 1603.761756] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1603.766843] try_charge+0xfec/0x1570 [ 1603.770541] ? find_held_lock+0x35/0x130 [ 1603.774594] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1603.779427] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1603.784257] ? find_held_lock+0x35/0x130 [ 1603.788305] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1603.793140] memcg_kmem_charge_memcg+0x7c/0x130 [ 1603.797795] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1603.802295] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1603.807124] memcg_kmem_charge+0x13b/0x340 [ 1603.811348] __alloc_pages_nodemask+0x437/0x710 [ 1603.816017] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1603.821020] ? save_stack+0x45/0xd0 [ 1603.824628] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1603.829731] ? __lock_acquire+0x53b/0x4700 [ 1603.833963] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1603.839513] alloc_pages_current+0x107/0x210 [ 1603.843930] pte_alloc_one+0x1b/0x1a0 [ 1603.847715] __pte_alloc+0x20/0x310 [ 1603.851329] copy_page_range+0x1529/0x1f90 [ 1603.855547] ? __lock_is_held+0xb6/0x140 [ 1603.859616] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1603.864632] ? pmd_alloc+0x180/0x180 [ 1603.868333] ? validate_mm_rb+0xa3/0xc0 [ 1603.872295] ? __vma_link_rb+0x279/0x370 [ 1603.876345] copy_process.part.0+0x56aa/0x79a0 [ 1603.880952] ? __cleanup_sighand+0x70/0x70 [ 1603.885184] _do_fork+0x257/0xfe0 [ 1603.888622] ? fork_idle+0x1d0/0x1d0 [ 1603.892327] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1603.897064] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1603.901818] ? do_syscall_64+0x26/0x610 [ 1603.905792] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1603.911152] ? do_syscall_64+0x26/0x610 [ 1603.915111] __x64_sys_clone+0xbf/0x150 [ 1603.919074] do_syscall_64+0x103/0x610 [ 1603.922952] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1603.928124] RIP: 0033:0x457e29 [ 1603.931320] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1603.950218] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1603.957909] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1603.965160] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1603.972427] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1603.979676] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1603.986927] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1603.996601] memory: usage 307200kB, limit 307200kB, failcnt 21174 [ 1604.005774] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1604.017039] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1604.024204] Memory cgroup stats for /syz0: cache:0KB rss:96708KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96840KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1604.044626] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2721,uid=0 [ 1604.059598] Memory cgroup out of memory: Kill process 2721 (syz-executor.0) score 1106 or sacrifice child [ 1604.069435] Killed process 2738 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB [ 1604.080773] oom_reaper: reaped process 2738 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1604.105849] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1604.117285] CPU: 0 PID: 2733 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1604.124378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1604.133722] Call Trace: [ 1604.136335] dump_stack+0x172/0x1f0 [ 1604.139965] dump_header+0x10f/0xb6c [ 1604.143666] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1604.148754] ? ___ratelimit+0x60/0x595 [ 1604.152644] ? do_raw_spin_unlock+0x57/0x270 [ 1604.157050] oom_kill_process.cold+0x10/0x6f5 [ 1604.161539] ? task_will_free_mem+0x139/0x6e0 [ 1604.166040] out_of_memory+0x79a/0x1280 [ 1604.170001] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1604.175130] ? oom_killer_disable+0x280/0x280 [ 1604.179619] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1604.184711] mem_cgroup_out_of_memory+0x99/0xe0 [ 1604.189376] ? memcg_memory_event+0x40/0x40 [ 1604.193714] ? _raw_spin_unlock+0x2d/0x50 [ 1604.197867] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1604.202992] try_charge+0xfec/0x1570 [ 1604.206709] ? find_held_lock+0x35/0x130 [ 1604.210787] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1604.215633] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1604.220469] ? find_held_lock+0x35/0x130 [ 1604.224515] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1604.229362] memcg_kmem_charge_memcg+0x7c/0x130 [ 1604.234027] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1604.238524] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1604.243354] memcg_kmem_charge+0x13b/0x340 [ 1604.247577] __alloc_pages_nodemask+0x437/0x710 [ 1604.252245] ? debug_smp_processor_id+0x1c/0x20 [ 1604.256938] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1604.261974] ? copy_page_range+0x125a/0x1f90 [ 1604.266371] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1604.271922] alloc_pages_current+0x107/0x210 [ 1604.276345] pte_alloc_one+0x1b/0x1a0 [ 1604.280158] __pte_alloc+0x20/0x310 [ 1604.283773] copy_page_range+0x1529/0x1f90 [ 1604.287997] ? mark_held_locks+0x100/0x100 [ 1604.292254] ? pmd_alloc+0x180/0x180 [ 1604.296017] ? __rb_insert_augmented+0x231/0xdf0 [ 1604.300771] ? validate_mm_rb+0xa3/0xc0 [ 1604.304737] ? __vma_link_rb+0x279/0x370 [ 1604.308789] copy_process.part.0+0x56aa/0x79a0 [ 1604.313453] ? __cleanup_sighand+0x70/0x70 [ 1604.317718] _do_fork+0x257/0xfe0 [ 1604.321171] ? fork_idle+0x1d0/0x1d0 [ 1604.324885] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1604.329638] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1604.334405] ? do_syscall_64+0x26/0x610 [ 1604.338374] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1604.343728] ? do_syscall_64+0x26/0x610 [ 1604.347692] __x64_sys_clone+0xbf/0x150 [ 1604.351666] do_syscall_64+0x103/0x610 [ 1604.355562] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1604.360743] RIP: 0033:0x457e29 [ 1604.363931] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1604.382834] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1604.390545] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1604.397813] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1604.405078] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1604.412348] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1604.419612] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1604.427055] protocol 88fb is buggy, dev hsr_slave_0 [ 1604.432137] protocol 88fb is buggy, dev hsr_slave_1 [ 1604.437882] memory: usage 307044kB, limit 307200kB, failcnt 21208 [ 1604.444220] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1604.451037] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1604.457173] Memory cgroup stats for /syz0: cache:0KB rss:96708KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96760KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1604.477466] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2721,uid=0 [ 1604.492292] Memory cgroup out of memory: Kill process 2721 (syz-executor.0) score 1106 or sacrifice child 03:53:03 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) add_key(&(0x7f0000000400)='id_legacy\x00', &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x27a, r2) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:03 executing program 5: r0 = memfd_create(&(0x7f0000000080)='m\x815\x1e9\xcf\xe3(\xa4\xc6r\x00', 0x6) memfd_create(&(0x7f0000000000)='vmnet0\x00', 0x6) lseek(r0, 0xffffffffffffffff, 0x0) 03:53:03 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0xf000) 03:53:03 executing program 4 (fault-call:4 fault-nth:4): r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:03 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:53:03 executing program 2: r0 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/checkreqprot\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x9) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$nfc_llcp(r0, &(0x7f0000000140)={0x27, 0x0, 0x0, 0x6, 0x4, 0x7, "70b7f08a1fee91edc82548baaba39cca442a67112a8ab82a993bfd49ce02599220218cca93b29d9d1d0fc7a7018013a1dda109088fd9166ccdcaa9f12ed174", 0x15}, 0x60) r3 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) readahead(r3, 0x3, 0x7cc1) r4 = creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) fstat(r4, &(0x7f00000001c0)) [ 1604.502139] Killed process 2721 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:35588kB, shmem-rss:0kB 03:53:03 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:03 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) preadv(r1, &(0x7f0000000540)=[{&(0x7f0000000140)=""/77, 0x4d}, {&(0x7f00000001c0)=""/105, 0x69}, {&(0x7f00000000c0)=""/42, 0x2a}, {&(0x7f0000000240)=""/30, 0x1e}, {&(0x7f0000000280)=""/225, 0xe1}, {&(0x7f0000000380)=""/39, 0x27}, {&(0x7f00000003c0)=""/81, 0x51}, {&(0x7f0000000440)=""/117, 0x75}, {&(0x7f00000004c0)=""/125, 0x7d}], 0x9, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1604.591661] FAULT_INJECTION: forcing a failure. [ 1604.591661] name failslab, interval 1, probability 0, space 0, times 0 [ 1604.660884] CPU: 0 PID: 2768 Comm: syz-executor.4 Not tainted 5.0.0-rc8 #87 [ 1604.668039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1604.677413] Call Trace: [ 1604.680028] dump_stack+0x172/0x1f0 [ 1604.683687] should_fail.cold+0xa/0x1b [ 1604.687619] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1604.692747] ? lock_downgrade+0x810/0x810 [ 1604.696926] ? ___might_sleep+0x163/0x280 [ 1604.701094] __should_failslab+0x121/0x190 [ 1604.705348] should_failslab+0x9/0x14 [ 1604.709160] kmem_cache_alloc_trace+0x2d1/0x760 [ 1604.713836] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1604.719385] ? fa_zero+0x95/0xb0 [ 1604.722771] sctp_auth_shkey_create+0x87/0x1b0 [ 1604.727374] sctp_auth_asoc_copy_shkeys+0x1fb/0x2c0 [ 1604.732429] sctp_association_new+0x1602/0x2030 [ 1604.737122] sctp_sendmsg_new_asoc+0x397/0xfd0 [ 1604.741714] ? mark_held_locks+0xb1/0x100 [ 1604.745880] ? sctp_autobind+0x1f0/0x1f0 [ 1604.749969] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1604.754561] ? lock_sock_nested+0x9a/0x120 [ 1604.758974] ? trace_hardirqs_on+0x67/0x230 [ 1604.763334] ? lock_sock_nested+0x9a/0x120 [ 1604.767580] ? __local_bh_enable_ip+0x15a/0x270 [ 1604.772258] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1604.777824] ? sctp_endpoint_lookup_assoc+0x17f/0x290 [ 1604.783028] sctp_sendmsg+0x1269/0x17e0 [ 1604.787038] ? sctp_id2assoc+0x2d0/0x2d0 [ 1604.791127] ? __local_bh_enable_ip+0x15a/0x270 [ 1604.795800] ? _raw_spin_unlock_bh+0x31/0x40 [ 1604.800214] ? __local_bh_enable_ip+0x15a/0x270 [ 1604.804925] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1604.809551] ? release_sock+0x158/0x1c0 [ 1604.813534] ? _raw_spin_unlock_bh+0x31/0x40 [ 1604.817959] ? release_sock+0x158/0x1c0 [ 1604.821953] inet_sendmsg+0x147/0x5d0 [ 1604.825769] ? ipip_gro_receive+0x100/0x100 [ 1604.830018] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1604.830096] sock_sendmsg+0xdd/0x130 [ 1604.845153] ___sys_sendmsg+0x806/0x930 [ 1604.849140] ? copy_msghdr_from_user+0x430/0x430 [ 1604.853930] ? lock_downgrade+0x810/0x810 [ 1604.858101] ? kasan_check_read+0x11/0x20 [ 1604.862279] ? __fget+0x367/0x540 [ 1604.865766] ? iterate_fd+0x360/0x360 [ 1604.869588] ? lock_downgrade+0x810/0x810 [ 1604.873754] ? __fget_light+0x1a9/0x230 [ 1604.877736] ? __fdget+0x1b/0x20 [ 1604.881105] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1604.886653] __sys_sendmsg+0x105/0x1d0 [ 1604.890564] ? __ia32_sys_shutdown+0x80/0x80 [ 1604.894981] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1604.900521] ? fput+0x128/0x1a0 [ 1604.903818] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1604.908592] ? do_syscall_64+0x26/0x610 [ 1604.912572] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1604.917949] ? do_syscall_64+0x26/0x610 [ 1604.921954] __x64_sys_sendmsg+0x78/0xb0 [ 1604.926023] do_syscall_64+0x103/0x610 [ 1604.929937] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1604.935135] RIP: 0033:0x457e29 [ 1604.938329] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:53:03 executing program 5: ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f00000035c0)=0x0) timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x3, @tid=r0}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000f7a000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r1, 0x7fff) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000003340)=0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r2, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syslog(0x2, &(0x7f0000003500)=""/89, 0x59) keyctl$set_reqkey_keyring(0xe, 0x7) openat$ptmx(0xffffffffffffff9c, &(0x7f0000f40000)='/dev/ptmx\x00', 0x200000000101002, 0x0) getpgid(0x0) sendmsg$tipc(r1, &(0x7f0000000040)={&(0x7f0000000000)=@name={0x1e, 0x2, 0x3, {{0x42, 0x2}}}, 0x10, &(0x7f0000003240)=[{&(0x7f0000002240)="951871a4e2c7a999fb09944d1b23bd5a1ecd062ab03c7a3d467bb918369c9041f30924cb9824e26d3f326b022f851cf7b1d99121459caa20111e5388bf1e58f421c685a605e37bf8ba3549cd733de69152b990dbca4560cfc0e4402cbd03a80397512dec2ee122c76c7d0ea2f0899d1f9b4e27936ed9215720850968163e24d16abf0a7a530f08d4e3fa9b6cc2a71039d8ceb9299f73c6bff7ecbb02b728f3ba4a44e4a3b009584a51a83ec59cc9e7ef22ef0ac95037d6f246ed534fe51657632ed10df7681b46e07ad333622755e266a2958249592c5122427f9f5e21b02ab4639a80aa96596a1994d786c989adab806780f18566f868cb2c4d43822f7c368b81b8040ea47727c6d7102497fff90f3b751d74de0e65631134221c39e38c1f675972a0926df0d82969026dc45528b270a25eb614cbb3192c9c5ae32bfe01044b5b9323117ce950b5e51e789f87b54f3c15bcaefdc7d319df9ffbeccd5b939b67c56e85c5617cf0d34e1a9d95a4e81176dcdbb3d9448eff33cc4c1e42932cc9b707105227f5521d4501459ab0d5a190cb60fe8a8ebd5839b72667681d1e0390df5f3e745f8bc9372e68aaae7f4d7ca5dfeca2b4da68d3f220fb2deb79c963b0f8cc75e29f5dabfc818a25367e6a1d2f8177499cff2600426a7355675ae0a3a0924957c2fe0d1c284eeec0a5b67c48b6797954679c3194d8e6b60550024db69ce0aff11ee015946d5a3c3bdf8a7313d463e872f9bb433cf7864a180186b1254659057f139671ed4a1197797fbe1fde2d37e18f75d46c6c01a7674089fa825756626667981a92ac23693d6a0d7e4013d64d0089b9d6ffa59b49ac87052ae5da51e455866190c5716c14e9344808f118eeba35cc983502dcb9364f0833d3313529047f00a64cfd26fb3e66384f4dc8b0247a90983198c3a0732e6354ce59ce2d95b292e5a490723850f4ed7034dc5a0495e298f01a3fa5eb98f813a9d76b83f57f3c31198fe3bc8b9a5e9d09d0db0266834b47f30850787f021d07948d4cbc8fee994082c4ef0e2ed426640fc22a01f0dd796103806172d3dc1f3aaac35ddf6f0300be5df717a689de298ff5caeccb34a6bed0baba6f18ec86b4488f8bc5a0ca770335f66962d78a1d71597d7b29dc938be9ee87c86dc3c3108c9136d7a06e499390d161390c2dd785967fed0a13a82dd8bee258edff12fb7850b680ec3cfb769e580505985e4d276c7359d01e0424f415c702c96470f52882a036066d2c95117f472cd55f0626da062238bccc88fce4a5cc63361571001753979949634e4ecdfc7f0eb4aaae811355584ddbf4550f1d6aaa6e40e36c638b18efefda3e9070f66c5b501db57cbb95bfe712b03f7b53946c5c17e5f2d371bbbf67abbc4c6408cc1e8a5c9a1afda395c40462a14463ee4d5a4e98cb10814748e6fb8dcd2ce12e92cf3cb8d5630b2aa90245cae92a10d9844fefa3733860eb98aad9567a6e93507b2d7234b259181a146e10da7f0df6e2d04bee4dd2f68f631af491c7c1d85bcc7d26d540b086d58aeb11fe4c36ed54e825c30de539fe6ba005bd3c9bcfef57ca440e87af013803938056b48c960a6050cfda87caffc1dc9b45adb78c5b57d02a6b4d1a461560d65d3f3a1a1ab5c48d0ac24861d6a2aacb7227826d63c2b74fe052460c34fb50a71e23819002a7c7a362251afd09c88aa9541d5d02df5206da2f6002c030d0d1a9ddcf9f012437e230a85eb0a127e953b75874cb0eef468470b07d98ec5cbd31f0fa6dfa259ffb0914142c47af238e32de9e16c4275830fb129083ffec343c5b83ba973cd36bc2aa86e6c374682cd31408f7c3a216eea155ad0659c080093256f4eb85f748e3275571fad3c774663c03d2971d3275a467ccca85d0698b7011c104be374058a08aecda4ca9f687d8c112f8a9660b4ca91094ccc4ec26816bdc51a4f57e2f4c3166bbbb8c7003de42697150ef19349e44175bab2ac7d3107e33629866b8b6073508843364b5543ca20e83239a6dcccb51f25633d79e531ac310aed7a2f8be015b6dd55f7db810286422fa63a396743810efe4c219017d2002a126d8d0c090b7d2fe572acf442804899540c6d16070d6089264774128a6dd7786f079925e9703cbbccf8054554afb23712f31084d04936f024958e111ab5563cd3cb4f2f36e12034c850a30fb2e6e2d18a8be0ed3872cadaa521a7c521fc586e24fcf9db6aab5c72e1ca94172b5d865fc06c7b0aaeda205308b5d3d185d230e803aa6685b219417e9caba18e01f02578193094da532ce26cc6b1a6c1be6af5d3ccd3da2acabd535d3216e5013dbc9f5a33c3c3d9f5885c69ffa0b36b9e337919b818c655d290e1d520e3d7b76b620e274c3c5b35a497ec90d6351b08a8b95ed29e40d0eab6c19023e463e589aab3853c17b4edd60345ad04bc5a0a38c40c02a9c258de3f94b00ce1b4f3492f489481fc37ec21d7e781d1229ce81961d5f6e1ae96c9d060c7a8b8ccc1f6e3a8a8a7d7f215263a114ccfac5820cafd39a627ff773194e558ade073b37a5ab7efc0eb51eee7691d150f54e650927b46b32bb5f3efec1868eaed5ac6390dafb792df446aeda99a74469c59afb4b9ecd26da5f129697ec0034aacf8c9d0e44a08a84c880b1415fd8bc2d837ac512fc5b3d17cc543eb2044ea08a799e91d05351dee08412827144c40044c29a768a8127c71193e5fc4b9828c234e83cac1c11f5dffe2e4974946e19a998d3ce76e91c940ee5022632a47982fdf4b2e908b5e7b0faa612645700218d7319f81529960a0b2b7e1c1615a56671cd0cac65c08c065110a76b822a9bed14a717978f1829c679fc6605077c825ce47ad486ad25975d3337eb59027d9d0d060ad2d8cb7de2fff60d8da44d8d2ef9f55b5f1528689be18a68e4c3c6a1f2d7bde4cac2eef61ffabfadfb1c115745c647526207c84dbc34f6f9933645f57fc593e6ff84dd3ec8081b241f0a6bcc9e532c06dc6c9157caccf32371d68284c6c8f54e393e3f8ee76726b236da2b4deef551cc2b3f87c74a1d2c576c86fa6de771132128b62648e4ead0a4fda50bf4d141e27babf989c89334c29a7de9f9e1021348d2afd7ed6c387a4e0e3c213dcaae3bd675cb2ceab741a334742de759a8c6adc62730c3d9b673d053cbe1556fa0243dc4391fef2de94a045b1e074811ba52e1a31026927305ba983d0bf4dffc1eac275372d126b5e1276742efb287e77b3f47103ec4524fba89e80dbdc280472b61aa1bb277ebda0ac4215891b9c5f80e097dd65590b9e6732d3b8516a8a5ee63c67fbab630ca900a45548db436433bd5d507e3c6ca7f1af21c3ecb135802502e611ccca0618a10aa5e3642a6ae9c8a8d1f01f541d3d63213647a9f8e85f0cdf69e141e7f2c407a763493e522c1ebf81ac47fc7a1c27aa491eeff885e13cbc5f92e6e00c1f6d41ab723e063fd984354e58e78864b4046f4d567615b9df9908090ce0348f3a23c74fcb1d804d3d6bdd37e2986f704f946f2fdb39de14c4182260bac144e50a0ce54a909c5ae3450f3d7e1e4e93e08fcb966b86a72cc6db2ec445d527aa4d8f9623f8f16b0773c393d53918cc5d1eb459f9d9efebb7527f2d8b98bf4c14504f1ae5b05a239e3b3d026d8474def1e35aa8d157115cf4cd7adcfdb9e747a4be302f67a727a7f4c2d812bcf8a50db27d24ebfe3bad1bf50f3b93dbfbe31b982b84d77a4b14f4f75b66d5b80ed3c68279f782d07f2a95444d04afc2ab986145d5557fb3fcef5eee284524b92bfcd5bf9e8421b379970f440e13ed2423de10cd229a98ac761c6e4f91c9558c044bec255ff45d413e2bf3e0482080410f339ba7f62b7d19ebfa15b84cc737c144659c3528232e1ca5c63d78a3aae010bc2737b532343800d3d1ae0f54dd23bef0e7dbf367706c7173993da69acda5be8a923c664e9018682f9ec2d0d4a56abcd47709b4c53afe6ce770a65beb45e760701cc633b9d182f57de42332fa30f4b808039bbe875c7ca64ced5f505c4093fc7fc8511293e24d876607670ed531fbe892d7f188b717576fc350ab88a400c7e497bb1a44df8f804a00b2113af027aa0b9ff0542f7460a9d322d995d0d3836b486e198581a9e8b5237cb1302e5fd96430a33365d6aee0e3d6f6c0a7b048b2940ae583f871229b3d2267cedfda876247aa81744c4d39ca9c47de3a091f8511fe58722608b62b689567e711902e5b31f929230f52efc5239eae5023a41e90abd4172b25a77437fc3ac58ffef49fa4c25a61cd0413b1d159de811fc3ca33e081997341e7c7d812d4b207e3b19f7d702f02e407621a912a530f65bea5a48ca07dad63b9b4bb98eef8f24e27f500e39947131f43188c46734e30a2c0b7c237f702536572d94870b89441c736e94842a55b7e121abe6c31925f88a90e0d242de9f3f641cdca724f084d3b40612e581f4c37e5f10d541838f929796a29fc6963ba1db342cadc04b46e9f565a2d4667d10dd5f0ffcd4d1b78dc42ba0c44d9b5fd993cd71e17fae81416ce489b0eaeb57a886b6f9cbff34665a61e9978cf73c3ef161b3e438d9d0c77c20144e75cd33164765ad9fd3c38a882adbe4914928c65dd22fb0494c19445283534e78b9dbf01dc63c554f003f0e545f869bfa46c9f32f2a381e67e4fddd1464c7a0654ad8e136bfd461d9dcf3e0d17cc7015f033e7a1d7ae00600217931a10bca77ceb6fd45df143e83ef1d945f9e3bc1d15a804657db48e7967df368acdbe8aab4f14746eb717152ac1544d4edcaff12505c550749fe3004b19f8a44724bad1bab7a847d0edf8d354b0cab8d77f4779f6ba22c1078a33652398561dd397c20a8c2ef74e5d2f53a4aec5bb46668a9c00eb35a3478ca6b411a1d260b81e5faf5b29da2003abe88b3f952579e61973af3b6e3e0bebaa27598b50500747ca3815e536589a2ae0beb406b026de33e1cc80d87be467c0f2a404e7e1934806c1ba526b52e1b5d5c2aab5a6973ba7c8276ae409290bde4c356f5a8ef7d04a840c7207d1358c17734c69ba54fb3c67e29c2b0b00e8b1d49ea69d988deb9e8fc3c7e4388061d7fd01c405fd19973993016a82df445b45dd0f03e2fe9d27ff5a1770ca31dff6d295a709051276e8eb24d35a3caf18693c6ed84e92a798aeae033c1516ef84b33cf976eff21002032f116aced84f0dd120764dfc5d8e7670c87a8f74606e307c44e227c1eb138a8832eb7eaa2a0b004b2eefaf00952666080438949ee7433042a27c9c9fcf4c1f8fc3ed2f245ff1fed3d2e83d37d9c28f25d6e33468687bfc76be9f3a43c9639161516d5b5003314f6e908296845478c1b9f2f1aa48962b102ed601be38c3b1dae8d16085223a9695255f269f8bc043f28da553a2b04b71b251b40a7d01aff7c5fe94804dca6218266aae5b9b372b8fd5933eca04ff03fd1c55c00eb7c01b13e357d8dac86c4a81e6c9766a89679138f81e2bfb275692b8042bd6d38c10d056b3f218035b0cb6c29b8f9b4f24d9fba8a46d672b02b49089191ebde9fcebaa9feda64c6d41493cd35f9aa360d118c79010721546b474df94f68abc804aabfda176a56291c089582c7b46245947a586798ce25779664c68a4b65f6fa35e6627aa41275c5177713ed868361802e12c72cf872988682443df21bcb68c2ab91b30ad174ff09fbaa3afe272a6997f96b4772e8729c77f3", 0xfc0}], 0x1, 0x0, 0x0, 0x1}, 0x10) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='mounts\x00') openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$x86(r4, r5, &(0x7f000001e000/0x18000)=nil, &(0x7f0000000840)=[@text64={0x40, &(0x7f00000007c0)="b9800000c00f3235000100000f300f01c83e0ff382610000008f68e4a20f0cf3abf044804304f4450f01cab900010040b8245cb3bcba08bfe5370f300f986706b9800000c00f3235000100000f30", 0x4e}], 0x1, 0x0, 0x0, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 1604.957236] RSP: 002b:00007f4ff9a38c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1604.964958] RAX: ffffffffffffffda RBX: 00007f4ff9a38c90 RCX: 0000000000457e29 [ 1604.972230] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 1604.979496] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1604.986766] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4ff9a396d4 [ 1604.994040] R13: 00000000004c550c R14: 00000000004d93f8 R15: 0000000000000004 [ 1605.001337] CPU: 1 PID: 2777 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1605.008446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1605.017796] Call Trace: [ 1605.020430] dump_stack+0x172/0x1f0 [ 1605.024078] dump_header+0x10f/0xb6c [ 1605.027802] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1605.032926] ? ___ratelimit+0x60/0x595 [ 1605.036823] ? do_raw_spin_unlock+0x57/0x270 [ 1605.041280] oom_kill_process.cold+0x10/0x6f5 [ 1605.045791] ? task_will_free_mem+0x139/0x6e0 [ 1605.050307] out_of_memory+0x79a/0x1280 [ 1605.054296] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1605.059413] ? oom_killer_disable+0x280/0x280 [ 1605.063933] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1605.069062] mem_cgroup_out_of_memory+0x99/0xe0 [ 1605.073741] ? memcg_memory_event+0x40/0x40 [ 1605.078091] ? _raw_spin_unlock+0x2d/0x50 [ 1605.082263] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1605.087414] try_charge+0xfec/0x1570 [ 1605.091172] ? find_held_lock+0x35/0x130 [ 1605.095254] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1605.100123] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1605.104976] ? find_held_lock+0x35/0x130 [ 1605.109062] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1605.113931] memcg_kmem_charge_memcg+0x7c/0x130 [ 1605.118624] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1605.123131] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1605.127987] memcg_kmem_charge+0x13b/0x340 [ 1605.132230] __alloc_pages_nodemask+0x437/0x710 [ 1605.136957] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1605.142006] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1605.146598] ? trace_hardirqs_on+0x67/0x230 [ 1605.150948] copy_process.part.0+0x3e0/0x79a0 [ 1605.155463] ? mark_held_locks+0x100/0x100 [ 1605.159724] ? debug_smp_processor_id+0x1c/0x20 [ 1605.164396] ? perf_trace_lock_acquire+0xf5/0x580 [ 1605.169258] ? __schedule+0x81f/0x1cc0 [ 1605.173156] ? __might_fault+0x12b/0x1e0 [ 1605.177243] ? __cleanup_sighand+0x70/0x70 [ 1605.181499] ? lock_downgrade+0x810/0x810 [ 1605.185699] _do_fork+0x257/0xfe0 [ 1605.189167] ? fork_idle+0x1d0/0x1d0 [ 1605.192909] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1605.197676] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1605.202453] ? do_syscall_64+0x26/0x610 [ 1605.206446] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1605.211831] ? do_syscall_64+0x26/0x610 [ 1605.215845] __x64_sys_clone+0xbf/0x150 [ 1605.219826] do_syscall_64+0x103/0x610 [ 1605.223722] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1605.228933] RIP: 0033:0x457e29 [ 1605.232132] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1605.251033] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:53:04 executing program 4 (fault-call:4 fault-nth:5): r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:04 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) [ 1605.258743] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1605.266015] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1605.273290] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1605.280575] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1605.287842] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1605.340006] FAULT_INJECTION: forcing a failure. [ 1605.340006] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1605.351823] CPU: 0 PID: 2787 Comm: syz-executor.4 Not tainted 5.0.0-rc8 #87 [ 1605.358933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1605.368289] Call Trace: [ 1605.370884] dump_stack+0x172/0x1f0 [ 1605.374547] should_fail.cold+0xa/0x1b [ 1605.378449] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1605.383588] should_fail_alloc_page+0x50/0x60 [ 1605.388091] __alloc_pages_nodemask+0x1a1/0x710 [ 1605.392772] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1605.397818] cache_grow_begin+0x9c/0x8c0 [ 1605.401889] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1605.407462] ? check_preemption_disabled+0x48/0x290 [ 1605.412508] kmem_cache_alloc_trace+0x67f/0x760 [ 1605.417183] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1605.421788] flex_array_alloc+0xd9/0x2d0 [ 1605.425866] fa_alloc+0x24/0x70 [ 1605.429166] sctp_stream_alloc_out+0x33/0x450 [ 1605.433680] sctp_stream_init+0xf5/0x400 [ 1605.437757] sctp_association_new+0x11b7/0x2030 [ 1605.442450] sctp_sendmsg_new_asoc+0x397/0xfd0 [ 1605.447038] ? mark_held_locks+0xb1/0x100 [ 1605.451196] ? sctp_autobind+0x1f0/0x1f0 [ 1605.455259] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1605.459844] ? lock_sock_nested+0x9a/0x120 [ 1605.464085] ? trace_hardirqs_on+0x67/0x230 [ 1605.468412] ? lock_sock_nested+0x9a/0x120 [ 1605.472658] ? __local_bh_enable_ip+0x15a/0x270 [ 1605.477337] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1605.482885] ? sctp_endpoint_lookup_assoc+0x17f/0x290 [ 1605.488111] sctp_sendmsg+0x1269/0x17e0 [ 1605.492105] ? sctp_id2assoc+0x2d0/0x2d0 [ 1605.496178] ? __local_bh_enable_ip+0x15a/0x270 [ 1605.500856] ? _raw_spin_unlock_bh+0x31/0x40 [ 1605.505270] ? __local_bh_enable_ip+0x15a/0x270 [ 1605.509950] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1605.514541] ? release_sock+0x158/0x1c0 [ 1605.518549] ? _raw_spin_unlock_bh+0x31/0x40 [ 1605.522968] ? release_sock+0x158/0x1c0 [ 1605.526975] inet_sendmsg+0x147/0x5d0 [ 1605.530784] ? ipip_gro_receive+0x100/0x100 [ 1605.535119] sock_sendmsg+0xdd/0x130 [ 1605.538841] ___sys_sendmsg+0x806/0x930 [ 1605.542826] ? copy_msghdr_from_user+0x430/0x430 [ 1605.547608] ? lock_downgrade+0x810/0x810 [ 1605.551801] ? kasan_check_read+0x11/0x20 [ 1605.555984] ? __fget+0x367/0x540 [ 1605.559453] ? iterate_fd+0x360/0x360 [ 1605.563262] ? lock_downgrade+0x810/0x810 [ 1605.567429] ? __fget_light+0x1a9/0x230 [ 1605.571430] ? __fdget+0x1b/0x20 [ 1605.574799] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1605.580349] __sys_sendmsg+0x105/0x1d0 [ 1605.584246] ? __ia32_sys_shutdown+0x80/0x80 [ 1605.588665] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1605.594220] ? fput+0x128/0x1a0 [ 1605.597524] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1605.602287] ? do_syscall_64+0x26/0x610 [ 1605.606269] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1605.611640] ? do_syscall_64+0x26/0x610 [ 1605.615627] __x64_sys_sendmsg+0x78/0xb0 [ 1605.619698] do_syscall_64+0x103/0x610 [ 1605.623603] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1605.628797] RIP: 0033:0x457e29 [ 1605.631995] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1605.650925] RSP: 002b:00007f4ff9a38c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1605.658639] RAX: ffffffffffffffda RBX: 00007f4ff9a38c90 RCX: 0000000000457e29 [ 1605.665926] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 1605.673198] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1605.680471] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4ff9a396d4 03:53:04 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1605.687748] R13: 00000000004c550c R14: 00000000004d93f8 R15: 0000000000000004 03:53:04 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:04 executing program 4 (fault-call:4 fault-nth:6): r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) [ 1605.831715] memory: usage 307200kB, limit 307200kB, failcnt 21244 [ 1605.857069] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1605.899226] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1605.939983] Memory cgroup stats for /syz0: cache:0KB rss:96708KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96840KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1605.974100] FAULT_INJECTION: forcing a failure. [ 1605.974100] name failslab, interval 1, probability 0, space 0, times 0 [ 1605.989974] CPU: 1 PID: 2803 Comm: syz-executor.4 Not tainted 5.0.0-rc8 #87 [ 1605.997088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1606.006445] Call Trace: [ 1606.009048] dump_stack+0x172/0x1f0 [ 1606.012687] should_fail.cold+0xa/0x1b [ 1606.016586] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1606.021696] ? lock_downgrade+0x810/0x810 [ 1606.025857] ? ___might_sleep+0x163/0x280 [ 1606.030019] __should_failslab+0x121/0x190 [ 1606.034268] should_failslab+0x9/0x14 [ 1606.038084] kmem_cache_alloc_trace+0x2d1/0x760 [ 1606.042757] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1606.048306] ? fa_zero+0x95/0xb0 [ 1606.051715] sctp_auth_shkey_create+0x87/0x1b0 [ 1606.056308] sctp_auth_asoc_copy_shkeys+0x1fb/0x2c0 [ 1606.061340] sctp_association_new+0x1602/0x2030 [ 1606.066029] sctp_sendmsg_new_asoc+0x397/0xfd0 [ 1606.070631] ? mark_held_locks+0xb1/0x100 [ 1606.074794] ? sctp_autobind+0x1f0/0x1f0 [ 1606.078867] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1606.083466] ? lock_sock_nested+0x9a/0x120 [ 1606.087722] ? trace_hardirqs_on+0x67/0x230 [ 1606.092071] ? lock_sock_nested+0x9a/0x120 [ 1606.096324] ? __local_bh_enable_ip+0x15a/0x270 [ 1606.101006] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1606.106567] ? sctp_endpoint_lookup_assoc+0x17f/0x290 [ 1606.111774] sctp_sendmsg+0x1269/0x17e0 [ 1606.115768] ? sctp_id2assoc+0x2d0/0x2d0 [ 1606.119838] ? __local_bh_enable_ip+0x15a/0x270 [ 1606.124519] ? _raw_spin_unlock_bh+0x31/0x40 [ 1606.128939] ? __local_bh_enable_ip+0x15a/0x270 [ 1606.133618] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1606.138213] ? release_sock+0x158/0x1c0 [ 1606.142203] ? _raw_spin_unlock_bh+0x31/0x40 [ 1606.146643] ? release_sock+0x158/0x1c0 [ 1606.150650] inet_sendmsg+0x147/0x5d0 [ 1606.154479] ? ipip_gro_receive+0x100/0x100 [ 1606.158811] sock_sendmsg+0xdd/0x130 [ 1606.162542] ___sys_sendmsg+0x806/0x930 [ 1606.166528] ? copy_msghdr_from_user+0x430/0x430 [ 1606.171298] ? lock_downgrade+0x810/0x810 [ 1606.175478] ? kasan_check_read+0x11/0x20 [ 1606.179636] ? __fget+0x367/0x540 [ 1606.183105] ? iterate_fd+0x360/0x360 [ 1606.186920] ? lock_downgrade+0x810/0x810 [ 1606.191086] ? __fget_light+0x1a9/0x230 [ 1606.195074] ? __fdget+0x1b/0x20 [ 1606.198452] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1606.204004] __sys_sendmsg+0x105/0x1d0 [ 1606.207912] ? __ia32_sys_shutdown+0x80/0x80 [ 1606.212332] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1606.217876] ? fput+0x128/0x1a0 [ 1606.221188] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1606.225955] ? do_syscall_64+0x26/0x610 [ 1606.229965] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1606.235334] ? do_syscall_64+0x26/0x610 [ 1606.239324] __x64_sys_sendmsg+0x78/0xb0 [ 1606.243413] do_syscall_64+0x103/0x610 [ 1606.247317] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1606.252511] RIP: 0033:0x457e29 [ 1606.255738] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1606.274653] RSP: 002b:00007f4ff9a38c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1606.282380] RAX: ffffffffffffffda RBX: 00007f4ff9a38c90 RCX: 0000000000457e29 [ 1606.289650] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 1606.296931] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1606.304204] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4ff9a396d4 [ 1606.311487] R13: 00000000004c550c R14: 00000000004d93f8 R15: 0000000000000004 [ 1606.333213] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2771,uid=0 [ 1606.352637] Memory cgroup out of memory: Kill process 2771 (syz-executor.0) score 1106 or sacrifice child [ 1606.366819] Killed process 2780 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB [ 1606.420024] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1606.436603] CPU: 1 PID: 2771 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1606.443711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1606.453066] Call Trace: [ 1606.455664] dump_stack+0x172/0x1f0 [ 1606.459314] dump_header+0x10f/0xb6c [ 1606.463040] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1606.468151] ? ___ratelimit+0x60/0x595 [ 1606.472053] ? do_raw_spin_unlock+0x57/0x270 [ 1606.476476] oom_kill_process.cold+0x10/0x6f5 [ 1606.480989] ? task_will_free_mem+0x139/0x6e0 [ 1606.485502] out_of_memory+0x79a/0x1280 [ 1606.489497] ? oom_killer_disable+0x280/0x280 [ 1606.494005] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1606.499133] mem_cgroup_out_of_memory+0x99/0xe0 [ 1606.503814] ? memcg_memory_event+0x40/0x40 [ 1606.508159] ? _raw_spin_unlock+0x2d/0x50 [ 1606.512322] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1606.517464] try_charge+0xb4a/0x1570 [ 1606.521217] ? find_held_lock+0x35/0x130 [ 1606.525301] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1606.530168] ? kasan_check_read+0x11/0x20 [ 1606.534335] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1606.539193] mem_cgroup_try_charge+0x24d/0x5e0 [ 1606.543796] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1606.548742] __handle_mm_fault+0x1e26/0x3f20 [ 1606.553170] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1606.558028] ? find_held_lock+0x35/0x130 [ 1606.562107] ? handle_mm_fault+0x322/0xb30 [ 1606.566374] ? kasan_check_read+0x11/0x20 [ 1606.570542] handle_mm_fault+0x43f/0xb30 [ 1606.574629] __do_page_fault+0x5da/0xd60 [ 1606.578721] do_page_fault+0x71/0x581 [ 1606.582534] ? page_fault+0x8/0x30 [ 1606.586092] page_fault+0x1e/0x30 [ 1606.589554] RIP: 0033:0x40f98f [ 1606.592762] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 1606.611677] RSP: 002b:00007ffee6aa56c0 EFLAGS: 00010206 [ 1606.617055] RAX: 00007f3c7552e000 RBX: 0000000000020000 RCX: 0000000000457e7a [ 1606.624340] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1606.631782] RBP: 00007ffee6aa57a0 R08: ffffffffffffffff R09: 0000000000000000 [ 1606.639064] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffee6aa5880 [ 1606.646371] R13: 00007f3c7554e700 R14: 0000000000000003 R15: 000000000073c04c [ 1606.663387] memory: usage 307000kB, limit 307200kB, failcnt 21244 [ 1606.686685] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1606.711112] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1606.717280] Memory cgroup stats for /syz0: cache:0KB rss:96708KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96760KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1606.801429] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2771,uid=0 [ 1606.823330] Memory cgroup out of memory: Kill process 2771 (syz-executor.0) score 1106 or sacrifice child [ 1606.837075] Killed process 2771 (syz-executor.0) total-vm:72708kB, anon-rss:160kB, file-rss:35600kB, shmem-rss:0kB [ 1606.856006] oom_reaper: reaped process 2771 (syz-executor.0), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1606.870709] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1606.888786] CPU: 1 PID: 2783 Comm: syz-executor.2 Not tainted 5.0.0-rc8 #87 [ 1606.895929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1606.905295] Call Trace: [ 1606.907928] dump_stack+0x172/0x1f0 [ 1606.911587] dump_header+0x10f/0xb6c [ 1606.915322] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1606.920462] ? ___ratelimit+0x60/0x595 [ 1606.924368] ? do_raw_spin_unlock+0x57/0x270 [ 1606.928802] oom_kill_process.cold+0x10/0x6f5 [ 1606.933320] ? task_will_free_mem+0x139/0x6e0 [ 1606.937847] out_of_memory+0x79a/0x1280 [ 1606.941848] ? oom_killer_disable+0x280/0x280 [ 1606.946359] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1606.951491] mem_cgroup_out_of_memory+0x99/0xe0 [ 1606.956180] ? memcg_memory_event+0x40/0x40 [ 1606.960524] ? _raw_spin_unlock+0x2d/0x50 [ 1606.964689] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1606.969809] try_charge+0xfec/0x1570 [ 1606.973542] ? find_held_lock+0x35/0x130 [ 1606.977630] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1606.982500] ? kasan_check_read+0x11/0x20 [ 1606.986679] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1606.991546] mem_cgroup_try_charge+0x24d/0x5e0 [ 1606.996154] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1607.001110] wp_page_copy+0x408/0x1740 [ 1607.005012] ? find_held_lock+0x35/0x130 [ 1607.009096] ? pmd_pfn+0x1d0/0x1d0 [ 1607.012657] ? lock_downgrade+0x810/0x810 [ 1607.016829] ? swp_swapcount+0x540/0x540 [ 1607.020935] ? kasan_check_read+0x11/0x20 [ 1607.025101] ? do_raw_spin_unlock+0x57/0x270 [ 1607.029535] do_wp_page+0x2ed/0x1520 [ 1607.033277] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1607.037975] __handle_mm_fault+0x22db/0x3f20 [ 1607.042405] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1607.047284] ? find_held_lock+0x35/0x130 [ 1607.051363] ? handle_mm_fault+0x322/0xb30 [ 1607.055633] ? kasan_check_read+0x11/0x20 [ 1607.059806] handle_mm_fault+0x43f/0xb30 [ 1607.063916] __do_page_fault+0x5da/0xd60 [ 1607.068015] do_page_fault+0x71/0x581 [ 1607.071831] ? page_fault+0x8/0x30 [ 1607.075389] page_fault+0x1e/0x30 [ 1607.078862] RIP: 0033:0x45b354 [ 1607.082098] Code: 88 00 00 00 00 00 00 00 0f 84 88 00 00 00 48 8d 6e ff 49 89 fc 48 89 e3 45 31 c0 31 c9 ba ff ff ff ff be 00 80 00 00 48 89 df 17 d0 fc ff 45 85 ff 48 c7 84 24 d8 00 00 00 80 31 4f 00 41 c6 [ 1607.101016] RSP: 002b:00007ffda87d9f80 EFLAGS: 00010246 03:53:06 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x30000) 03:53:06 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:53:06 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:06 executing program 4 (fault-call:4 fault-nth:7): r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) [ 1607.106396] RAX: 00007ffda87da110 RBX: 00007ffda87d9f80 RCX: 0000000000000000 [ 1607.113684] RDX: 00000000ffffffff RSI: 0000000000008000 RDI: 00007ffda87d9f80 [ 1607.120969] RBP: 000000000000003f R08: 0000000000000000 R09: 00007ffda87da0f8 [ 1607.128251] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffda87da230 [ 1607.135534] R13: 00000000004bcff2 R14: 00007ffda87da0f8 R15: 0000000000000001 [ 1607.222317] FAULT_INJECTION: forcing a failure. [ 1607.222317] name failslab, interval 1, probability 0, space 0, times 0 [ 1607.260363] memory: usage 307200kB, limit 307200kB, failcnt 3442 [ 1607.264384] CPU: 1 PID: 2813 Comm: syz-executor.4 Not tainted 5.0.0-rc8 #87 [ 1607.267944] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1607.273636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1607.273643] Call Trace: [ 1607.273668] dump_stack+0x172/0x1f0 [ 1607.273694] should_fail.cold+0xa/0x1b [ 1607.273712] ? perf_trace_lock_acquire+0xf5/0x580 [ 1607.273734] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1607.273754] ? sctp_bind_addr_state+0x1ae/0x340 [ 1607.273771] ? find_held_lock+0x35/0x130 [ 1607.318681] __should_failslab+0x121/0x190 [ 1607.322961] should_failslab+0x9/0x14 [ 1607.323119] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1607.326779] kmem_cache_alloc_trace+0x4b/0x760 [ 1607.326800] ? kasan_check_read+0x11/0x20 [ 1607.326824] sctp_add_bind_addr+0x9f/0x3a0 [ 1607.326849] sctp_copy_local_addr_list+0x385/0x530 [ 1607.326870] ? sctp_defaults_init+0xbf0/0xbf0 [ 1607.355439] ? _get_random_bytes+0x197/0x400 [ 1607.359869] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1607.365099] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1607.367557] Memory cgroup stats for /syz2: cache:56KB rss:252108KB rss_huge:223232KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:12KB active_anon:252212KB inactive_file:4KB active_file:4KB unevictable:40KB [ 1607.370657] sctp_copy_one_addr+0x5f/0x170 [ 1607.370674] ? sctp_copy_one_addr+0x5f/0x170 [ 1607.370697] sctp_bind_addr_copy+0xfc/0x2c8 [ 1607.370724] sctp_assoc_set_bind_addr_from_ep+0x168/0x1c0 [ 1607.370747] sctp_sendmsg_new_asoc+0x3bd/0xfd0 [ 1607.370763] ? mark_held_locks+0xb1/0x100 [ 1607.370787] ? sctp_autobind+0x1f0/0x1f0 [ 1607.423020] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1607.427621] ? lock_sock_nested+0x9a/0x120 [ 1607.431876] ? trace_hardirqs_on+0x67/0x230 [ 1607.436241] ? lock_sock_nested+0x9a/0x120 [ 1607.440496] ? __local_bh_enable_ip+0x15a/0x270 [ 1607.445196] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1607.450755] ? sctp_endpoint_lookup_assoc+0x17f/0x290 [ 1607.455970] sctp_sendmsg+0x1269/0x17e0 [ 1607.459979] ? sctp_id2assoc+0x2d0/0x2d0 [ 1607.464057] ? __local_bh_enable_ip+0x15a/0x270 [ 1607.464942] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=22529,uid=0 [ 1607.468739] ? _raw_spin_unlock_bh+0x31/0x40 [ 1607.468755] ? __local_bh_enable_ip+0x15a/0x270 [ 1607.468771] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1607.468790] ? release_sock+0x158/0x1c0 [ 1607.468810] ? _raw_spin_unlock_bh+0x31/0x40 [ 1607.468825] ? release_sock+0x158/0x1c0 [ 1607.484088] Memory cgroup out of memory: Kill process 22529 (syz-executor.2) score 1113 or sacrifice child [ 1607.487928] inet_sendmsg+0x147/0x5d0 [ 1607.487947] ? ipip_gro_receive+0x100/0x100 [ 1607.487965] sock_sendmsg+0xdd/0x130 [ 1607.487984] ___sys_sendmsg+0x806/0x930 [ 1607.488004] ? copy_msghdr_from_user+0x430/0x430 [ 1607.488023] ? lock_downgrade+0x810/0x810 [ 1607.493318] Killed process 22529 (syz-executor.2) total-vm:72708kB, anon-rss:2208kB, file-rss:35788kB, shmem-rss:0kB [ 1607.497344] ? kasan_check_read+0x11/0x20 [ 1607.497365] ? __fget+0x367/0x540 [ 1607.497387] ? iterate_fd+0x360/0x360 [ 1607.497400] ? lock_downgrade+0x810/0x810 [ 1607.497432] ? __fget_light+0x1a9/0x230 [ 1607.542021] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1607.544251] ? __fdget+0x1b/0x20 [ 1607.544267] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1607.544288] __sys_sendmsg+0x105/0x1d0 [ 1607.544305] ? __ia32_sys_shutdown+0x80/0x80 [ 1607.601398] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1607.606968] ? fput+0x128/0x1a0 [ 1607.610284] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1607.615057] ? do_syscall_64+0x26/0x610 [ 1607.619051] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe 03:53:06 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$TIOCGETD(r1, 0x5424, &(0x7f00000000c0)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:06 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1607.624440] ? do_syscall_64+0x26/0x610 [ 1607.628447] __x64_sys_sendmsg+0x78/0xb0 [ 1607.632533] do_syscall_64+0x103/0x610 [ 1607.636449] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1607.641655] RIP: 0033:0x457e29 [ 1607.644864] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1607.663802] RSP: 002b:00007f4ff9a38c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1607.671524] RAX: ffffffffffffffda RBX: 00007f4ff9a38c90 RCX: 0000000000457e29 [ 1607.678807] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 1607.686087] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1607.693369] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4ff9a396d4 [ 1607.700649] R13: 00000000004c550c R14: 00000000004d93f8 R15: 0000000000000004 [ 1607.707975] CPU: 0 PID: 2816 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1607.715098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1607.724460] Call Trace: [ 1607.727060] dump_stack+0x172/0x1f0 [ 1607.730710] dump_header+0x10f/0xb6c [ 1607.734439] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1607.739554] ? ___ratelimit+0x60/0x595 [ 1607.743456] ? do_raw_spin_unlock+0x57/0x270 [ 1607.747880] oom_kill_process.cold+0x10/0x6f5 [ 1607.752432] ? task_will_free_mem+0x139/0x6e0 [ 1607.756962] out_of_memory+0x79a/0x1280 [ 1607.760975] ? oom_killer_disable+0x280/0x280 [ 1607.765482] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1607.770614] mem_cgroup_out_of_memory+0x99/0xe0 [ 1607.775295] ? memcg_memory_event+0x40/0x40 [ 1607.779640] ? _raw_spin_unlock+0x2d/0x50 [ 1607.783802] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1607.788944] try_charge+0xfec/0x1570 [ 1607.792669] ? find_held_lock+0x35/0x130 [ 1607.796752] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1607.801618] ? kasan_check_read+0x11/0x20 [ 1607.805789] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1607.810649] mem_cgroup_try_charge+0x24d/0x5e0 [ 1607.815248] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1607.820198] wp_page_copy+0x408/0x1740 [ 1607.824096] ? find_held_lock+0x35/0x130 [ 1607.828178] ? pmd_pfn+0x1d0/0x1d0 [ 1607.831729] ? lock_downgrade+0x810/0x810 [ 1607.835912] ? swp_swapcount+0x540/0x540 [ 1607.839996] ? kasan_check_read+0x11/0x20 [ 1607.844156] ? do_raw_spin_unlock+0x57/0x270 [ 1607.848579] do_wp_page+0x2ed/0x1520 [ 1607.852313] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1607.857005] __handle_mm_fault+0x22db/0x3f20 [ 1607.861431] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1607.866284] ? find_held_lock+0x35/0x130 [ 1607.870359] ? handle_mm_fault+0x322/0xb30 [ 1607.874620] ? kasan_check_read+0x11/0x20 [ 1607.878785] handle_mm_fault+0x43f/0xb30 [ 1607.882868] __do_page_fault+0x5da/0xd60 [ 1607.886977] do_page_fault+0x71/0x581 [ 1607.890791] ? page_fault+0x8/0x30 [ 1607.894343] page_fault+0x1e/0x30 [ 1607.897806] RIP: 0033:0x404478 [ 1607.901013] Code: 85 02 00 00 80 3d 1f c0 64 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 0c c0 64 00 39 45 24 0f 84 e7 01 00 00 44 8b a5 80 00 00 00 73 d8 ff ff 48 2b 05 8c 3b 33 00 8b 75 00 49 89 d8 45 89 e1 4c [ 1607.919943] RSP: 002b:00007f3c7558fc90 EFLAGS: 00010246 [ 1607.925317] RAX: 00007f3c77591000 RBX: 0000000000001ff7 RCX: 0000000000457e29 [ 1607.932600] RDX: 000000000003ffff RSI: 0000000000000000 RDI: 0000000000000000 [ 1607.939881] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1607.947181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1607.954458] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1607.969974] memory: usage 307128kB, limit 307200kB, failcnt 21276 [ 1608.006082] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1608.050694] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1608.066541] Memory cgroup stats for /syz0: cache:0KB rss:96708KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96764KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1608.130520] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=9088,uid=0 [ 1608.146623] Memory cgroup out of memory: Kill process 9088 (syz-executor.0) score 1103 or sacrifice child [ 1608.156683] Killed process 9088 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1608.168450] oom_reaper: reaped process 9088 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1608.198384] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1608.200637] oom_reaper: reaped process 2779 (syz-executor.5), now anon-rss:0kB, file-rss:34840kB, shmem-rss:6348kB [ 1608.220033] CPU: 0 PID: 2817 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1608.227381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1608.236755] Call Trace: [ 1608.239366] dump_stack+0x172/0x1f0 [ 1608.243021] dump_header+0x10f/0xb6c [ 1608.246754] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1608.251875] ? ___ratelimit+0x60/0x595 [ 1608.255809] ? do_raw_spin_unlock+0x57/0x270 [ 1608.260239] oom_kill_process.cold+0x10/0x6f5 [ 1608.264753] ? task_will_free_mem+0x139/0x6e0 [ 1608.269275] out_of_memory+0x79a/0x1280 [ 1608.273279] ? oom_killer_disable+0x280/0x280 [ 1608.277792] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1608.282949] mem_cgroup_out_of_memory+0x99/0xe0 [ 1608.287639] ? memcg_memory_event+0x40/0x40 [ 1608.291984] ? _raw_spin_unlock+0x2d/0x50 [ 1608.296145] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1608.301267] try_charge+0xb4a/0x1570 [ 1608.305000] ? find_held_lock+0x35/0x130 [ 1608.309083] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1608.313955] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1608.318816] ? find_held_lock+0x35/0x130 [ 1608.322914] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1608.327793] memcg_kmem_charge_memcg+0x7c/0x130 [ 1608.332476] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1608.336995] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1608.341855] memcg_kmem_charge+0x13b/0x340 [ 1608.346113] __alloc_pages_nodemask+0x437/0x710 [ 1608.350799] ? find_held_lock+0x35/0x130 [ 1608.354879] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1608.359965] ? __lock_acquire+0x53b/0x4700 [ 1608.364219] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1608.369778] alloc_pages_current+0x107/0x210 [ 1608.374206] pte_alloc_one+0x1b/0x1a0 [ 1608.378030] __handle_mm_fault+0x34e4/0x3f20 [ 1608.382460] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1608.387315] ? find_held_lock+0x35/0x130 [ 1608.391394] ? handle_mm_fault+0x322/0xb30 [ 1608.395659] ? kasan_check_read+0x11/0x20 [ 1608.399826] handle_mm_fault+0x43f/0xb30 [ 1608.403937] __do_page_fault+0x5da/0xd60 [ 1608.408025] do_page_fault+0x71/0x581 [ 1608.411838] ? page_fault+0x8/0x30 [ 1608.415395] page_fault+0x1e/0x30 [ 1608.418863] RIP: 0033:0x457e29 [ 1608.422118] Code: Bad RIP value. [ 1608.425494] RSP: 002b:00007f3c7558fc78 EFLAGS: 00010246 [ 1608.430866] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000457e29 [ 1608.438175] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1608.445458] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1608.452772] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1608.460052] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1608.470361] memory: usage 307040kB, limit 307200kB, failcnt 21285 [ 1608.476851] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1608.484490] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1608.491230] Memory cgroup stats for /syz0: cache:0KB rss:96708KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96748KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1608.512169] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2810,uid=0 [ 1608.527338] Memory cgroup out of memory: Kill process 2810 (syz-executor.0) score 1106 or sacrifice child [ 1608.540235] net_ratelimit: 22 callbacks suppressed [ 1608.540243] protocol 88fb is buggy, dev hsr_slave_0 [ 1608.550296] protocol 88fb is buggy, dev hsr_slave_1 [ 1608.555441] protocol 88fb is buggy, dev hsr_slave_0 [ 1608.560540] protocol 88fb is buggy, dev hsr_slave_1 [ 1608.566426] Killed process 2817 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB [ 1608.578523] oom_reaper: reaped process 2817 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:53:07 executing program 5: r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x5, 0x240000) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000340)="c14a05c73477ce3a61e3e9dbcf0d295c", 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r0, 0x28, &(0x7f0000000100)}, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f00000002c0)={0x9, &(0x7f0000000240)=[{0x0}, {}, {}, {}, {}, {}, {}, {}, {}]}) ioctl$DRM_IOCTL_SWITCH_CTX(r0, 0x40086424, &(0x7f0000000300)={r2, 0x2}) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c12a41d88b070") r3 = memfd_create(&(0x7f0000000200)='system_u:object_r:dhcpd_initrc_exec_t:s0\x00', 0x8) ioctl$VT_OPENQRY(r0, 0x5600, &(0x7f0000000380)) r4 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x1) write$P9_RMKNOD(r4, &(0x7f0000000080)={0x14, 0x13, 0x2, {0x20, 0x3, 0x8}}, 0x14) fsetxattr$security_selinux(r3, &(0x7f00000001c0)='security.selinux\x00', &(0x7f0000000180)='system_u:object_r:dhcpd_initrc_exec_t:s0\x00', 0x25, 0x0) socket$bt_cmtp(0x1f, 0x3, 0x5) 03:53:07 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:53:07 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x0, 0x0) r1 = msgget$private(0x0, 0x102) msgctl$MSG_STAT(r1, 0xb, &(0x7f0000000140)=""/4096) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:07 executing program 4 (fault-call:4 fault-nth:8): r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:07 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(0xffffffffffffffff, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1608.596218] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1608.614631] CPU: 1 PID: 2816 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1608.621748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1608.631286] Call Trace: [ 1608.633920] dump_stack+0x172/0x1f0 [ 1608.637578] dump_header+0x10f/0xb6c [ 1608.641372] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1608.646495] ? ___ratelimit+0x60/0x595 03:53:07 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r1, 0xc10c5541, &(0x7f00000001c0)={0x1, 0x23c, 0x1000, 0x0, 0x0, [], [], [], 0x8, 0x5}) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='pipefs\x00\x9e5\x97\xf3<\xb9j\x0e?a+\x80a\x97i', 0x0, 0x0) futimesat(r2, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={{0x77359400}}) [ 1608.650402] ? do_raw_spin_unlock+0x57/0x270 [ 1608.654838] oom_kill_process.cold+0x10/0x6f5 [ 1608.659359] ? task_will_free_mem+0x139/0x6e0 [ 1608.663887] out_of_memory+0x79a/0x1280 [ 1608.667945] ? oom_killer_disable+0x280/0x280 [ 1608.672461] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1608.677597] mem_cgroup_out_of_memory+0x99/0xe0 [ 1608.682290] ? memcg_memory_event+0x40/0x40 [ 1608.686641] ? _raw_spin_unlock+0x2d/0x50 [ 1608.690813] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1608.696026] try_charge+0xfec/0x1570 [ 1608.699885] ? find_held_lock+0x35/0x130 [ 1608.704008] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1608.708872] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1608.713757] ? find_held_lock+0x35/0x130 [ 1608.717838] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1608.722718] memcg_kmem_charge_memcg+0x7c/0x130 [ 1608.727410] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1608.731964] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1608.736830] memcg_kmem_charge+0x13b/0x340 [ 1608.741091] __alloc_pages_nodemask+0x437/0x710 [ 1608.745781] ? __pud_alloc+0x1d3/0x250 [ 1608.749686] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1608.754729] ? __pud_alloc+0x1d3/0x250 [ 1608.759140] ? lock_downgrade+0x810/0x810 [ 1608.763310] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1608.768880] alloc_pages_current+0x107/0x210 [ 1608.773333] ? do_raw_spin_unlock+0x57/0x270 [ 1608.777766] __pmd_alloc+0x41/0x460 [ 1608.781412] ? pmd_val+0x100/0x100 [ 1608.784981] pmd_alloc+0x10c/0x180 [ 1608.788543] copy_page_range+0x62e/0x1f90 [ 1608.792715] ? mark_held_locks+0x100/0x100 [ 1608.796973] ? debug_smp_processor_id+0x1c/0x20 [ 1608.801675] ? copy_process.part.0+0x3121/0x79a0 [ 1608.805122] FAULT_INJECTION: forcing a failure. [ 1608.805122] name failslab, interval 1, probability 0, space 0, times 0 [ 1608.806460] ? copy_process.part.0+0x3121/0x79a0 [ 1608.806483] ? pmd_alloc+0x180/0x180 [ 1608.806498] ? vma_compute_subtree_gap+0x158/0x230 [ 1608.806517] ? validate_mm_rb+0xa3/0xc0 [ 1608.835071] ? __vma_link_rb+0x279/0x370 [ 1608.839158] copy_process.part.0+0x56aa/0x79a0 [ 1608.843791] ? __cleanup_sighand+0x70/0x70 [ 1608.848067] _do_fork+0x257/0xfe0 [ 1608.851556] ? fork_idle+0x1d0/0x1d0 [ 1608.855304] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1608.860133] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1608.864933] ? do_syscall_64+0x26/0x610 [ 1608.868952] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1608.874333] ? do_syscall_64+0x26/0x610 [ 1608.878329] __x64_sys_clone+0xbf/0x150 [ 1608.882327] do_syscall_64+0x103/0x610 [ 1608.886242] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1608.891445] RIP: 0033:0x457e29 [ 1608.894653] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1608.913568] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1608.921292] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1608.928581] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1608.935864] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1608.943167] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1608.950447] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1608.959835] CPU: 0 PID: 2847 Comm: syz-executor.4 Not tainted 5.0.0-rc8 #87 [ 1608.966969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1608.976328] Call Trace: [ 1608.978956] dump_stack+0x172/0x1f0 [ 1608.982602] should_fail.cold+0xa/0x1b [ 1608.982842] memory: usage 306804kB, limit 307200kB, failcnt 21285 [ 1608.986502] ? perf_trace_lock_acquire+0xf5/0x580 [ 1608.986521] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 1608.986544] ? sctp_bind_addr_state+0x1ae/0x340 [ 1608.993034] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1608.997614] ? find_held_lock+0x35/0x130 [ 1608.997635] __should_failslab+0x121/0x190 [ 1608.997654] should_failslab+0x9/0x14 [ 1609.003020] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1609.007418] kmem_cache_alloc_trace+0x4b/0x760 [ 1609.007438] ? kasan_check_read+0x11/0x20 [ 1609.007458] sctp_add_bind_addr+0x9f/0x3a0 [ 1609.014440] Memory cgroup stats for /syz0: cache:0KB rss:96708KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96668KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1609.018275] sctp_copy_local_addr_list+0x385/0x530 [ 1609.018299] ? sctp_defaults_init+0xbf0/0xbf0 [ 1609.022763] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2810,uid=0 [ 1609.026339] ? _get_random_bytes+0x197/0x400 [ 1609.026355] ? __sanitizer_cov_trace_switch+0x49/0x80 03:53:08 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x34000) 03:53:08 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e24}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, 0x0) ppoll(&(0x7f0000000000)=[{r0, 0x41a}], 0x1, &(0x7f0000000200), 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) llistxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=""/209, 0xd1) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 03:53:08 executing program 2: r0 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x8000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000140)) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x80010, r2, 0x29) socket$bt_bnep(0x1f, 0x3, 0x4) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f00000000c0)={0x4, 0x100000}) [ 1609.026371] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1609.032746] Memory cgroup out of memory: Kill process 2810 (syz-executor.0) score 1106 or sacrifice child [ 1609.037105] sctp_copy_one_addr+0x5f/0x170 [ 1609.037121] ? sctp_copy_one_addr+0x5f/0x170 [ 1609.037141] sctp_bind_addr_copy+0xfc/0x2c8 [ 1609.041604] Killed process 2810 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:35588kB, shmem-rss:0kB [ 1609.045532] sctp_assoc_set_bind_addr_from_ep+0x168/0x1c0 [ 1609.045556] sctp_sendmsg_new_asoc+0x3bd/0xfd0 [ 1609.089488] ? mark_held_locks+0xb1/0x100 [ 1609.099116] ? sctp_autobind+0x1f0/0x1f0 [ 1609.156140] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1609.160742] ? lock_sock_nested+0x9a/0x120 [ 1609.164994] ? trace_hardirqs_on+0x67/0x230 [ 1609.169335] ? lock_sock_nested+0x9a/0x120 [ 1609.173836] ? __local_bh_enable_ip+0x15a/0x270 [ 1609.178524] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1609.184084] ? sctp_endpoint_lookup_assoc+0x17f/0x290 [ 1609.189296] sctp_sendmsg+0x1269/0x17e0 [ 1609.193303] ? sctp_id2assoc+0x2d0/0x2d0 [ 1609.197384] ? __local_bh_enable_ip+0x15a/0x270 [ 1609.202074] ? _raw_spin_unlock_bh+0x31/0x40 [ 1609.206499] ? __local_bh_enable_ip+0x15a/0x270 [ 1609.211190] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1609.215792] ? release_sock+0x158/0x1c0 [ 1609.219788] ? _raw_spin_unlock_bh+0x31/0x40 [ 1609.224212] ? release_sock+0x158/0x1c0 [ 1609.228212] inet_sendmsg+0x147/0x5d0 [ 1609.232030] ? ipip_gro_receive+0x100/0x100 [ 1609.236371] sock_sendmsg+0xdd/0x130 [ 1609.240108] ___sys_sendmsg+0x806/0x930 [ 1609.244114] ? copy_msghdr_from_user+0x430/0x430 [ 1609.248922] ? lock_downgrade+0x810/0x810 [ 1609.253095] ? kasan_check_read+0x11/0x20 [ 1609.257269] ? __fget+0x367/0x540 [ 1609.260749] ? iterate_fd+0x360/0x360 [ 1609.264571] ? lock_downgrade+0x810/0x810 [ 1609.268747] ? __fget_light+0x1a9/0x230 [ 1609.272741] ? __fdget+0x1b/0x20 [ 1609.276128] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1609.281689] __sys_sendmsg+0x105/0x1d0 [ 1609.285598] ? __ia32_sys_shutdown+0x80/0x80 [ 1609.290025] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1609.295581] ? fput+0x128/0x1a0 [ 1609.298922] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1609.303699] ? do_syscall_64+0x26/0x610 [ 1609.307693] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1609.313074] ? do_syscall_64+0x26/0x610 [ 1609.317076] __x64_sys_sendmsg+0x78/0xb0 [ 1609.321159] do_syscall_64+0x103/0x610 [ 1609.325072] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1609.330281] RIP: 0033:0x457e29 [ 1609.333489] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:53:08 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(0xffffffffffffffff, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1609.352407] RSP: 002b:00007f4ff9a38c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1609.360132] RAX: ffffffffffffffda RBX: 00007f4ff9a38c90 RCX: 0000000000457e29 [ 1609.367415] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 1609.374703] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1609.381995] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4ff9a396d4 [ 1609.389276] R13: 00000000004c550c R14: 00000000004d93f8 R15: 0000000000000004 03:53:08 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:08 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(0xffffffffffffffff, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:08 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x80000, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1609.601302] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1609.652346] CPU: 0 PID: 2856 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1609.659498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1609.668969] Call Trace: [ 1609.671588] dump_stack+0x172/0x1f0 [ 1609.675265] dump_header+0x10f/0xb6c [ 1609.679013] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1609.684160] ? ___ratelimit+0x60/0x595 [ 1609.688076] ? do_raw_spin_unlock+0x57/0x270 [ 1609.692529] oom_kill_process.cold+0x10/0x6f5 [ 1609.697070] ? task_will_free_mem+0x139/0x6e0 [ 1609.701613] out_of_memory+0x79a/0x1280 [ 1609.705626] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1609.710764] ? oom_killer_disable+0x280/0x280 [ 1609.715290] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1609.720444] mem_cgroup_out_of_memory+0x99/0xe0 [ 1609.725144] ? memcg_memory_event+0x40/0x40 [ 1609.729510] ? _raw_spin_unlock+0x2d/0x50 [ 1609.733693] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1609.738829] try_charge+0xfec/0x1570 [ 1609.742591] ? find_held_lock+0x35/0x130 [ 1609.746703] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1609.751580] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1609.756453] ? find_held_lock+0x35/0x130 [ 1609.760567] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1609.765465] memcg_kmem_charge_memcg+0x7c/0x130 [ 1609.770168] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1609.774703] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1609.779587] memcg_kmem_charge+0x13b/0x340 [ 1609.783863] __alloc_pages_nodemask+0x437/0x710 [ 1609.788591] ? perf_trace_lock_acquire+0x380/0x580 [ 1609.793564] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1609.798625] ? copy_page_range+0x125a/0x1f90 [ 1609.803067] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1609.808646] alloc_pages_current+0x107/0x210 [ 1609.813095] pte_alloc_one+0x1b/0x1a0 [ 1609.816953] __pte_alloc+0x20/0x310 [ 1609.820619] copy_page_range+0x1529/0x1f90 [ 1609.824888] ? mark_held_locks+0x100/0x100 [ 1609.829234] ? pmd_alloc+0x180/0x180 [ 1609.832984] ? __rb_insert_augmented+0x231/0xdf0 [ 1609.837776] ? validate_mm_rb+0xa3/0xc0 [ 1609.841788] ? __vma_link_rb+0x279/0x370 [ 1609.845924] copy_process.part.0+0x56aa/0x79a0 [ 1609.850599] ? __cleanup_sighand+0x70/0x70 [ 1609.854943] _do_fork+0x257/0xfe0 [ 1609.858441] ? fork_idle+0x1d0/0x1d0 [ 1609.862206] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1609.866997] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1609.871850] ? do_syscall_64+0x26/0x610 [ 1609.875879] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1609.881303] ? do_syscall_64+0x26/0x610 [ 1609.885324] __x64_sys_clone+0xbf/0x150 [ 1609.889338] do_syscall_64+0x103/0x610 [ 1609.893265] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1609.898479] RIP: 0033:0x457e29 [ 1609.901701] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1609.920627] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1609.928360] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1609.935651] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1609.942962] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1609.950260] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1609.957555] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1609.980245] protocol 88fb is buggy, dev hsr_slave_0 [ 1609.985337] protocol 88fb is buggy, dev hsr_slave_1 [ 1609.990531] protocol 88fb is buggy, dev hsr_slave_0 [ 1609.995708] protocol 88fb is buggy, dev hsr_slave_1 [ 1610.000887] protocol 88fb is buggy, dev hsr_slave_0 [ 1610.006021] protocol 88fb is buggy, dev hsr_slave_1 [ 1610.069147] memory: usage 307192kB, limit 307200kB, failcnt 21298 03:53:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r0, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:09 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:53:09 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x5) ioctl$VIDIOC_TRY_ENCODER_CMD(r1, 0xc028564e, &(0x7f00000000c0)={0x3, 0x1, [0x0, 0x9, 0x1, 0x7, 0x100, 0xd85a, 0x3ff, 0x101]}) creat(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:09 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) [ 1610.120971] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1610.127760] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:53:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r0, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1610.195857] Memory cgroup stats for /syz0: cache:0KB rss:96708KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96748KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1610.229961] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2852,uid=0 [ 1610.313143] Memory cgroup out of memory: Kill process 2852 (syz-executor.0) score 1106 or sacrifice child [ 1610.356624] Killed process 2860 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB [ 1610.375693] oom_reaper: reaped process 2860 (syz-executor.0), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 1610.428979] syz-executor.0 invoked oom-killer: gfp_mask=0x6040c0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=1000 [ 1610.439828] CPU: 0 PID: 2852 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1610.446949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1610.456298] Call Trace: [ 1610.458935] dump_stack+0x172/0x1f0 [ 1610.462578] dump_header+0x10f/0xb6c [ 1610.466291] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1610.471438] ? ___ratelimit+0x60/0x595 [ 1610.475322] ? do_raw_spin_unlock+0x57/0x270 [ 1610.479739] oom_kill_process.cold+0x10/0x6f5 [ 1610.484243] ? task_will_free_mem+0x139/0x6e0 [ 1610.488752] out_of_memory+0x79a/0x1280 [ 1610.492754] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1610.497877] ? oom_killer_disable+0x280/0x280 [ 1610.502405] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1610.507516] mem_cgroup_out_of_memory+0x99/0xe0 [ 1610.512192] ? memcg_memory_event+0x40/0x40 [ 1610.516527] ? _raw_spin_unlock+0x2d/0x50 [ 1610.520673] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1610.525770] try_charge+0xfec/0x1570 [ 1610.529485] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1610.534338] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 1610.539795] ? rcu_read_lock_sched_held+0x110/0x130 [ 1610.544815] ? __alloc_pages_nodemask+0x5e9/0x710 [ 1610.549664] ? perf_trace_lock_acquire+0xf5/0x580 [ 1610.554506] memcg_kmem_charge_memcg+0x7c/0x130 [ 1610.559177] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1610.563673] ? cache_grow_begin+0x5a2/0x8c0 [ 1610.568003] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1610.572638] ? trace_hardirqs_on+0x67/0x230 [ 1610.576956] cache_grow_begin+0x25f/0x8c0 [ 1610.581113] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1610.586654] ? __cpuset_node_allowed+0x136/0x540 [ 1610.591415] fallback_alloc+0x1fd/0x2d0 [ 1610.595419] ____cache_alloc_node+0x1be/0x1e0 [ 1610.599946] kmem_cache_alloc_node+0xe3/0x710 [ 1610.604442] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1610.609029] ? trace_hardirqs_on+0x67/0x230 [ 1610.613351] copy_process.part.0+0x1d08/0x79a0 [ 1610.617950] ? psi_memstall_leave+0x11c/0x180 [ 1610.622443] ? sched_clock+0x2e/0x50 [ 1610.626155] ? psi_memstall_leave+0x12e/0x180 [ 1610.630760] ? find_held_lock+0x35/0x130 [ 1610.635050] ? __lock_acquire+0x53b/0x4700 [ 1610.639332] ? __cleanup_sighand+0x70/0x70 [ 1610.643578] ? mark_held_locks+0x100/0x100 [ 1610.647820] ? perf_trace_lock_acquire+0xf5/0x580 [ 1610.652664] ? rcu_read_lock_sched_held+0x110/0x130 [ 1610.657685] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1610.663227] _do_fork+0x257/0xfe0 [ 1610.666683] ? fork_idle+0x1d0/0x1d0 [ 1610.670438] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 1610.675797] ? lock_downgrade+0x810/0x810 [ 1610.679965] ? blkcg_exit_queue+0x30/0x30 [ 1610.684130] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1610.688887] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1610.693668] ? do_syscall_64+0x26/0x610 [ 1610.697683] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1610.703084] ? do_syscall_64+0x26/0x610 [ 1610.707056] __x64_sys_clone+0xbf/0x150 [ 1610.711030] do_syscall_64+0x103/0x610 [ 1610.714941] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1610.720131] RIP: 0033:0x45a7f9 [ 1610.723330] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1610.742229] RSP: 002b:00007ffee6aa5678 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1610.749947] RAX: ffffffffffffffda RBX: 00007f3c7554e700 RCX: 000000000045a7f9 [ 1610.757428] RDX: 00007f3c7554e9d0 RSI: 00007f3c7554ddb0 RDI: 00000000003d0f00 [ 1610.764694] RBP: 00007ffee6aa5880 R08: 00007f3c7554e700 R09: 00007f3c7554e700 [ 1610.771958] R10: 00007f3c7554e9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1610.779221] R13: 00007ffee6aa572f R14: 00007f3c7554e9c0 R15: 000000000073c04c [ 1610.795693] memory: usage 307168kB, limit 307200kB, failcnt 21336 [ 1610.803357] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1610.810477] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1610.816632] Memory cgroup stats for /syz0: cache:0KB rss:96708KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96728KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1610.836783] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2852,uid=0 [ 1610.851376] Memory cgroup out of memory: Kill process 2852 (syz-executor.0) score 1106 or sacrifice child [ 1610.861245] Killed process 2899 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB 03:53:09 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x400300) 03:53:09 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x3, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:09 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) recvfrom$unix(r1, &(0x7f0000000140)=""/93, 0x5d, 0x2142, &(0x7f00000001c0)=@abs={0x1, 0x0, 0x4e23}, 0x6e) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:09 executing program 5: r0 = open(&(0x7f0000000080)='.\x00', 0x0, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000240)='cpuset.memory_pressure\x00', 0x275a, 0x0) mmap(&(0x7f0000dfe000/0x200000)=nil, 0x200000, 0x4, 0x100010, r1, 0x0) r2 = creat(&(0x7f0000000140)='./file0\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x2000002) fallocate(r0, 0x0, 0x0, 0x2) rseq(&(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x1, 0x7f, 0x8, 0x57}, 0x1}, 0x20, 0x1, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000000)={0x8, 0x3, 0xc8e, 0x0, 0x800, 0x1}) ioctl$KDSKBSENT(r2, 0x4b49, &(0x7f00000000c0)="c34a1d4fed385d8729b036684491c3b2c6a1ee5abb1f5fe95461afe1543d82baad452e78d1d485334a24113749b94c5031cb55c795f6d2bb1d8e7f90cce0e77364ae14e8f1ca57153f365eeec43afaa4d80be3") ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0x0, r2}) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0}) r4 = getuid() sendmsg$nl_route(r1, &(0x7f00000013c0)={&(0x7f0000000200), 0xc, &(0x7f0000001380)={&(0x7f00000002c0)=@can_delroute={0x38, 0x19, 0x100, 0x70bd28, 0x25dfdbff, {}, [@CGW_FILTER={0xc, 0xb, {0x8}}, @CGW_LIM_HOPS={0x8, 0xd, 0x7}, @CGW_MOD_UID={0x8, 0xe, r3}, @CGW_MOD_UID={0x8, 0xe, r4}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000080}, 0x800) read$FUSE(r1, &(0x7f0000000300), 0x1000) 03:53:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r0, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:09 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) [ 1610.872886] oom_reaper: reaped process 2899 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:53:09 executing program 2: openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x20000, 0x0) openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000140)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f00000000c0)='./file0\x00', 0x20) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:09 executing program 1: r0 = syz_open_dev$dri(0x0, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:09 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x4, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:10 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f0000000600)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x8c\xbd\x97\x8f\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iqv\xdf%l\x05-ZU\xeb\x83P\x06\x1a\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5\xd1bD\x8b\x81\x02\x89\xc3\x8b\xbf\xd4\x1b\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x00\x00\x00\x00\x00\x00\x00\xae\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.g\x10H\xa8\xc9\x1f\xfc\x1e\xdfF\x16K\a@\x8c7\x1d!\xfd\xb0\xefW\x8f\xb8\x19\x8dS\xcer\x00SE\xdcD\xd2\x98\fy\x8dQ?7m\x9a\xe3\xca\xb0~\xdb*\xa7\xbf\xeftV\xa1\x94\x911\xa7\x8cYiY\xd2\xecF\xec\xb4/\xca\x97~^o\xd74\x11\'\xe1\x91 \xe1\xcbV\xfd\xaa\x19\xd3\x14\xad\xea=\x7f\xf2\x15g\xa9\xca\xa7\xc6\xd6\xaa\x86\xcc\x03\xcfD\xfe\x0f\xd4\xa7\x9f\xd8\n\x13T\x83\xdb\x19}\xf1\xa9\xac\x9eV\xb9\x15\x852\xfd\xaea\xff\xcb\x86d:\n\x85\x807]\x96\xb4\x96\xbc\xa6\xe6\x86\x80Gy\xfe\x8c\x1aV\xce\xb2h\xfd\xee*\xf0\xb3\xc38o\xac\x96Y\xa6\x81~\x8e\x8b@k\x7f\x88\xdd<}\x91\x83\xb0[\xff\xe3\xb9\xc6P\xd7\xc9\x87 \xef\xc9M\xa7\xbc\x1c\xa4~\x9b\xee\x94\x02&', 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000200)=',', 0x1}], 0x1, 0x4081806) sendfile(r0, r1, 0x0, 0x5) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f00000001c0)={0x0}, &(0x7f0000000240)=0xc) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000380)={{{@in6=@empty, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in6=@ipv4={[], [], @multicast1}}}, &(0x7f0000000280)=0xe8) lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r6 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000001480)={{{@in6=@remote, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@initdev}}, &(0x7f0000001580)=0xe8) fstat(r1, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socket$nl_generic(0x10, 0x3, 0x10) r9 = getpgrp(0xffffffffffffffff) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000880)={{{@in=@multicast1, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@mcast2}}, &(0x7f0000000980)=0xe8) getresgid(&(0x7f00000009c0)=0x0, &(0x7f0000000a00), &(0x7f0000000a40)) r12 = gettid() getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000a80)={0x0, 0x0}, &(0x7f0000000ac0)=0xc) lstat(&(0x7f0000000b00)='./file0\x00', &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r15 = gettid() getresuid(&(0x7f0000000bc0)=0x0, &(0x7f0000000c00), &(0x7f0000000c40)) getresgid(&(0x7f0000000c80), &(0x7f0000000cc0)=0x0, &(0x7f0000000d00)) ioctl$DRM_IOCTL_MODESET_CTL(r2, 0x40086408, &(0x7f0000001300)={0x800, 0x3ff}) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000d40)={0x0}, &(0x7f0000000d80)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000dc0)={{{@in=@remote, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@dev}}, &(0x7f0000000ec0)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000f00)={0x0, 0x0, 0x0}, &(0x7f0000000f40)=0xc) sendmmsg$unix(r2, &(0x7f0000001280)=[{&(0x7f0000000040)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000000180)=[{&(0x7f00000000c0)="1e739055f11d2d126e7856c03d6ab92f8d2192ff30f11e33bf90ec627e071af3", 0x20}, {&(0x7f0000000100)="62fe2fcb406ee6361b582f1f72e8570c70ce1d9cf8ebd9c5252441560a25aae21eb35b47f896be96231f121e337fb4d8d6a08d2ce19db92fcaf33a3d6d96656be4dcaef25c772e9f51d44c88777d7dc6b0d860e6b20bcc50ae92d879e9f32a68ee1a62b6818c49d3ac0e67112871920d9213", 0x72}], 0x2, &(0x7f0000000f80)=[@cred={0x20, 0x1, 0x2, r3, r4, r5}, @cred={0x20, 0x1, 0x2, r6, r7, r8}, @cred={0x20, 0x1, 0x2, r9, r10, r11}, @cred={0x20, 0x1, 0x2, r12, r13, r14}, @rights={0x18, 0x1, 0x1, [r0]}, @rights={0x18, 0x1, 0x1, [r1]}, @cred={0x20, 0x1, 0x2, r15, r16, r17}, @cred={0x20, 0x1, 0x2, r18, r19, r20}], 0xf0, 0x4}, {&(0x7f0000001080)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000001240)=[{&(0x7f0000001100)="db0cd59d6b0144aa42458f75f08cab830d1634c08c58b54f223dba78f89fb4e701722a51794c14f5c2455d2fdaf4aa78e694e10eb3096a941bd9d387a708134100c76f8a148193d304ef7c80403d928f62b403f26d835a7ea823fb1c427390e96217b73c4f64f210ffc4be5b", 0x6c}, {&(0x7f0000001180)="708d9d30d52d607383dc3a595c6665f00d7fd42c2c5adcc46f89d335e9b23c46099fd1c1e835edb6bed0c9a8cffd4c583a8ca5e41437de44982da481a37e4c011d9893b20a347e25ff7450c40d1d7473078895c4f0967b610e63fadab2b119ae104013ae8d04017988a2ffb855413115c685dddff226a1d92dbaf6831cd6c328014f9d3789433ee02967", 0x8a}], 0x2, 0x0, 0x0, 0x4000}], 0x2, 0x0) ftruncate(r1, 0xb269) 03:53:10 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:53:10 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x4) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) ioctl$SIOCAX25CTLCON(r1, 0x89e8, &(0x7f0000000140)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, 0x0, 0xfa, 0x1, [@bcast, @default, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @default]}) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000100)={0x2, r0}) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000004c0)={&(0x7f0000000240)={0x24c, r2, 0x8, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_NET={0x28, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x400}]}, @TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x100}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER={0x70, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xc1}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1000}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}]}]}, @TIPC_NLA_MON={0x24, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8001}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x400}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9ba}]}, @TIPC_NLA_BEARER={0x94, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6f}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @remote}}, {0x14, 0x2, @in={0x2, 0x4e20, @loopback}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x6, @remote, 0x4}}, {0x14, 0x2, @in={0x2, 0x4e21, @empty}}}}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3967}]}]}, @TIPC_NLA_MON={0x24, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}, @TIPC_NLA_NODE={0x28, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}]}, @TIPC_NLA_LINK={0x64, 0x4, [@TIPC_NLA_LINK_PROP={0x4c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x881}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6b4c}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}]}, 0x24c}}, 0x0) [ 1611.153860] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1611.216075] CPU: 0 PID: 2921 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1611.223208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1611.232570] Call Trace: [ 1611.235181] dump_stack+0x172/0x1f0 [ 1611.238837] dump_header+0x10f/0xb6c [ 1611.242575] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1611.247700] ? ___ratelimit+0x60/0x595 [ 1611.251616] ? do_raw_spin_unlock+0x57/0x270 [ 1611.256052] oom_kill_process.cold+0x10/0x6f5 [ 1611.260580] ? task_will_free_mem+0x139/0x6e0 [ 1611.265103] out_of_memory+0x79a/0x1280 [ 1611.269109] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1611.274233] ? oom_killer_disable+0x280/0x280 [ 1611.278739] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1611.283870] mem_cgroup_out_of_memory+0x99/0xe0 [ 1611.288593] ? memcg_memory_event+0x40/0x40 [ 1611.292968] ? _raw_spin_unlock+0x2d/0x50 [ 1611.297138] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1611.302252] try_charge+0xfec/0x1570 [ 1611.305964] ? find_held_lock+0x35/0x130 [ 1611.310024] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1611.314865] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1611.319705] ? find_held_lock+0x35/0x130 [ 1611.323763] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1611.328610] memcg_kmem_charge_memcg+0x7c/0x130 [ 1611.333274] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1611.337766] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1611.342606] memcg_kmem_charge+0x13b/0x340 [ 1611.346838] __alloc_pages_nodemask+0x437/0x710 [ 1611.351503] ? __pud_alloc+0x1d3/0x250 [ 1611.355388] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1611.360398] ? __pud_alloc+0x1d3/0x250 [ 1611.364287] ? lock_downgrade+0x810/0x810 [ 1611.368431] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1611.373969] alloc_pages_current+0x107/0x210 [ 1611.378381] ? do_raw_spin_unlock+0x57/0x270 [ 1611.382795] __pmd_alloc+0x41/0x460 [ 1611.386420] ? pmd_val+0x100/0x100 [ 1611.389959] pmd_alloc+0x10c/0x180 [ 1611.393497] copy_page_range+0x62e/0x1f90 [ 1611.397641] ? __lock_is_held+0xb6/0x140 [ 1611.401707] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1611.406719] ? vma_compute_subtree_gap+0x158/0x230 [ 1611.411649] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1611.416485] ? pmd_alloc+0x180/0x180 [ 1611.420212] ? validate_mm_rb+0xa3/0xc0 [ 1611.424196] ? __vma_link_rb+0x279/0x370 [ 1611.428263] copy_process.part.0+0x56aa/0x79a0 [ 1611.432858] ? __cleanup_sighand+0x70/0x70 [ 1611.437141] _do_fork+0x257/0xfe0 [ 1611.440597] ? fork_idle+0x1d0/0x1d0 [ 1611.444357] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1611.449111] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1611.453866] ? do_syscall_64+0x26/0x610 [ 1611.457837] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1611.463195] ? do_syscall_64+0x26/0x610 [ 1611.467165] __x64_sys_clone+0xbf/0x150 [ 1611.471139] do_syscall_64+0x103/0x610 [ 1611.475025] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1611.480214] RIP: 0033:0x457e29 [ 1611.483417] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1611.502327] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1611.510034] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1611.517297] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1611.524571] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1611.531843] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1611.539106] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1611.548012] memory: usage 307200kB, limit 307200kB, failcnt 21363 [ 1611.554354] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1611.561239] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1611.567399] Memory cgroup stats for /syz0: cache:0KB rss:96704KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96748KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1611.587640] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2918,uid=0 [ 1611.602291] Memory cgroup out of memory: Kill process 2918 (syz-executor.0) score 1106 or sacrifice child [ 1611.612156] Killed process 2923 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB [ 1611.623584] oom_reaper: reaped process 2923 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1611.648131] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1611.659641] CPU: 0 PID: 2921 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1611.666750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1611.676096] Call Trace: [ 1611.678683] dump_stack+0x172/0x1f0 [ 1611.682313] dump_header+0x10f/0xb6c [ 1611.686026] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1611.691142] ? ___ratelimit+0x60/0x595 [ 1611.695047] ? do_raw_spin_unlock+0x57/0x270 [ 1611.699477] oom_kill_process.cold+0x10/0x6f5 [ 1611.703997] ? task_will_free_mem+0x139/0x6e0 [ 1611.708507] out_of_memory+0x79a/0x1280 [ 1611.712494] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1611.717605] ? oom_killer_disable+0x280/0x280 [ 1611.722095] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1611.727201] mem_cgroup_out_of_memory+0x99/0xe0 [ 1611.731877] ? memcg_memory_event+0x40/0x40 [ 1611.736234] ? _raw_spin_unlock+0x2d/0x50 [ 1611.740392] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1611.745512] try_charge+0xfec/0x1570 [ 1611.749231] ? find_held_lock+0x35/0x130 [ 1611.753319] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1611.758189] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1611.763040] ? find_held_lock+0x35/0x130 [ 1611.767098] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1611.771975] memcg_kmem_charge_memcg+0x7c/0x130 [ 1611.776658] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1611.781178] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1611.786027] memcg_kmem_charge+0x13b/0x340 [ 1611.790273] __alloc_pages_nodemask+0x437/0x710 [ 1611.794960] ? __pud_alloc+0x1d3/0x250 [ 1611.798850] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1611.803857] ? __pud_alloc+0x1d3/0x250 [ 1611.807739] ? lock_downgrade+0x810/0x810 [ 1611.811891] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1611.817452] alloc_pages_current+0x107/0x210 [ 1611.821859] ? do_raw_spin_unlock+0x57/0x270 [ 1611.826290] __pmd_alloc+0x41/0x460 [ 1611.829924] ? pmd_val+0x100/0x100 [ 1611.833464] pmd_alloc+0x10c/0x180 [ 1611.837002] copy_page_range+0x62e/0x1f90 [ 1611.841753] ? __lock_is_held+0xb6/0x140 [ 1611.845814] ? pmd_alloc+0x180/0x180 [ 1611.849512] ? vma_compute_subtree_gap+0x158/0x230 [ 1611.854444] ? validate_mm_rb+0xa3/0xc0 [ 1611.858416] ? __vma_link_rb+0x279/0x370 [ 1611.862961] copy_process.part.0+0x56aa/0x79a0 [ 1611.867561] ? __cleanup_sighand+0x70/0x70 [ 1611.871819] _do_fork+0x257/0xfe0 [ 1611.875288] ? fork_idle+0x1d0/0x1d0 [ 1611.879005] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1611.883746] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1611.888485] ? do_syscall_64+0x26/0x610 [ 1611.892455] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1611.897811] ? do_syscall_64+0x26/0x610 [ 1611.901792] __x64_sys_clone+0xbf/0x150 [ 1611.905766] do_syscall_64+0x103/0x610 [ 1611.909642] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1611.914826] RIP: 0033:0x457e29 [ 1611.918024] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1611.936928] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1611.944622] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1611.951883] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1611.959166] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1611.966430] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1611.973693] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1611.982868] memory: usage 307044kB, limit 307200kB, failcnt 21397 [ 1611.990995] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1611.997770] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1612.003981] Memory cgroup stats for /syz0: cache:0KB rss:96704KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96668KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1612.024143] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2918,uid=0 [ 1612.038689] Memory cgroup out of memory: Kill process 2918 (syz-executor.0) score 1106 or sacrifice child [ 1612.048466] Killed process 2918 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:35588kB, shmem-rss:0kB 03:53:11 executing program 1: r0 = syz_open_dev$dri(0x0, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:11 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x5, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:11 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0xf0ffff) 03:53:11 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_ax25_SIOCDELRT(r1, 0x890c, &(0x7f0000000140)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:11 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) unshare(0x400) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='configfs\x00', 0x0, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f00000006c0)='/dev/snd/pcmC#D#p\x00', 0x9, 0x28800) ioctl$PIO_FONT(r1, 0x4b61, &(0x7f0000000700)="d1e67d9e7b7bf2de5e1d510692aeff75212417ccd8c5810f8ec4ebf15024a1fd7a244f3951ef0197c910c3cb28072cc684bc93e2ea05d748fa0207fcb71266ec4d796d5cc16afb8443451e7bdef5fa6ed206985f563dfdff01d5b63b561f8cb1cbdf9729c75a2e0c4e1671fc2523385c48b6d6a9cc38acc9af66b550b6afb59c1de47a9df741b59af42d33d3a57128bb0e43d7cb817de6ad1d5124a3dfecec52d56ca4c379420ce34b9a911816706619") r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) syz_mount_image$bfs(&(0x7f0000000180)='bfs\x00', &(0x7f00000001c0)='./file0\x00', 0x80, 0x6, &(0x7f00000005c0)=[{&(0x7f0000000200)="5fcd", 0x2, 0xfe}, {&(0x7f0000000240)='Z&', 0x2, 0x7f}, {&(0x7f0000000280)="710705e07f3d1799e258586914d865dbbccdd7835eb996770f8cbffb8ae59240f6c8af0f79c5e540f26985b206d5f478901b81ea85a7551180be7ed80319de1664388aaa32b5acfe254d1066557460cc1a057334ccf0d8d4fd32906cc523a0fdadaf6cb552055dcf001cd016267db0981f8413126fded8591ba8efd80b73bb72d9f46e4c10ffe3c1825962929910f144686bb70663bdeb7c1c4e4daaba6be6e08b99692b917a58a05c4e395552ef1661419f7eddaecdaaf4b96acd206bdf779d1a8b", 0xc2, 0x3}, {&(0x7f0000000380)="d4ac04283e4fb76e4ed4761c172a89d8bf161f2f1acc8054d89aeff5460bb5cc1d61574e22d2e78f2d7eaf5ae261cc56ec91d4be81b37c6219f915325a0f760a545ce276223885c4e331575acb510d5b27b588430982dec150afe53667232b93e95f46a293f9d340", 0x68, 0x6}, {&(0x7f0000000400)="45e1e606f3446883da451f74580802d3baa4b99b1a77a9c8797cefc7fa97a7bcfee90c6c1692ffd059b73648612d635cb0388bedd22a14ad7d81db98102ec9cc59d452bac863c4ba38f045fc475d95962ae451bed657ccf6ff7fd98283ef447cee26db0510e6110fddfb1ec23be1e2eaf06c125ac72fdeed68215d5ac10cdb66045629eb066b9e26a2544d0ce1af473396b92222629cf43d22f76b1696541b833e5e57c9dbeb6651070c855dba5bf853f1518bc3702df1c218", 0xb9, 0x80000000}, {&(0x7f00000004c0)="ad629ad909f365896dd2019dba4604c612bf04ded8523aad9ec43c2a97a0751fef8e880d12c1b94eced9269ac83e63041f1f846facbf2f20ce851d5260a8226544bf171d471a7c52ad1956450fffbca4afda0eed986b492feb21ce7ff0197623223c1eb8391bcf7e5c6f0412318915575320447c6dbb9e303b9402f8a573e86f3416d3656b0b762c91555df66fbb36de86598fbddb54d5b9dbcaa39d6e1655a8bc54d7b56d312e8a2a0b372fee69c9ff8d307a71b22c14512febb214b6e01d81d9d87e682d8b9cd5d7b05f1edbdc83d56c4f69b604bdabb667bdebba0962db86922e961d0fce329044", 0xe9, 0x3}], 0x2000000, 0x0) socket$nl_crypto(0x10, 0x3, 0x15) epoll_create(0x8) lseek(r2, 0x10000000001, 0x0) syz_open_dev$sndtimer(&(0x7f0000000680)='/dev/snd/timer\x00', 0x0, 0x0) 03:53:11 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) [ 1612.061633] oom_reaper: reaped process 2918 (syz-executor.0), now anon-rss:0kB, file-rss:34636kB, shmem-rss:0kB 03:53:11 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x8, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:11 executing program 1: r0 = syz_open_dev$dri(0x0, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:11 executing program 5: timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) r3 = gettid() recvmmsg(r0, &(0x7f0000003c00)=[{{0x0, 0x1f6, 0x0}}], 0x1, 0x0, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r3, 0x1004000000013) 03:53:11 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bind(r1, &(0x7f0000000140)=@ax25={{0x3, @null, 0x2}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x80) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setxattr$trusted_overlay_origin(&(0x7f00000000c0)='./file1\x00', &(0x7f00000001c0)='trusted.overlay.origin\x00', &(0x7f0000000200)='y\x00', 0x2, 0x1) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:11 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:53:11 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:11 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x9, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:11 executing program 2: r0 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$sock_TIOCOUTQ(r0, 0x5411, &(0x7f00000000c0)) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000180)='ecryptfs\x00', 0x0, 0x0) [ 1612.438540] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1612.469536] CPU: 1 PID: 2962 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1612.476646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1612.477305] Error parsing options; rc = [-22] [ 1612.486082] Call Trace: [ 1612.486107] dump_stack+0x172/0x1f0 [ 1612.486132] dump_header+0x10f/0xb6c [ 1612.486150] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1612.486167] ? ___ratelimit+0x60/0x595 [ 1612.486184] ? do_raw_spin_unlock+0x57/0x270 [ 1612.486203] oom_kill_process.cold+0x10/0x6f5 [ 1612.518400] ? task_will_free_mem+0x139/0x6e0 [ 1612.522889] out_of_memory+0x79a/0x1280 [ 1612.526859] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1612.531947] ? oom_killer_disable+0x280/0x280 [ 1612.536432] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1612.541524] mem_cgroup_out_of_memory+0x99/0xe0 [ 1612.546175] ? memcg_memory_event+0x40/0x40 [ 1612.550516] ? _raw_spin_unlock+0x2d/0x50 [ 1612.554643] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1612.559731] try_charge+0xfec/0x1570 [ 1612.563432] ? find_held_lock+0x35/0x130 [ 1612.567481] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1612.572309] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1612.577139] ? find_held_lock+0x35/0x130 [ 1612.581186] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1612.586016] memcg_kmem_charge_memcg+0x7c/0x130 [ 1612.590667] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1612.595146] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1612.599971] memcg_kmem_charge+0x13b/0x340 [ 1612.604208] __alloc_pages_nodemask+0x437/0x710 [ 1612.608863] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1612.613863] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1612.618448] ? trace_hardirqs_on+0x67/0x230 [ 1612.622758] copy_process.part.0+0x3e0/0x79a0 [ 1612.627389] ? mark_held_locks+0x100/0x100 [ 1612.631609] ? debug_smp_processor_id+0x1c/0x20 [ 1612.636257] ? perf_trace_lock_acquire+0xf5/0x580 [ 1612.641086] ? __might_fault+0x12b/0x1e0 [ 1612.645138] ? __cleanup_sighand+0x70/0x70 [ 1612.649357] ? lock_downgrade+0x810/0x810 [ 1612.653494] _do_fork+0x257/0xfe0 [ 1612.656938] ? fork_idle+0x1d0/0x1d0 [ 1612.660659] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1612.665397] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1612.670162] ? do_syscall_64+0x26/0x610 [ 1612.674126] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1612.679470] ? do_syscall_64+0x26/0x610 [ 1612.683435] __x64_sys_clone+0xbf/0x150 [ 1612.687395] do_syscall_64+0x103/0x610 [ 1612.691272] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1612.696440] RIP: 0033:0x457e29 [ 1612.699617] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1612.718501] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1612.726205] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1612.733457] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1612.740706] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1612.747957] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1612.755205] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1612.764714] memory: usage 307192kB, limit 307200kB, failcnt 21436 [ 1612.779030] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1612.786378] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1612.804744] Memory cgroup stats for /syz0: cache:0KB rss:96704KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96756KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1612.833190] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2960,uid=0 [ 1612.858629] Memory cgroup out of memory: Kill process 2960 (syz-executor.0) score 1106 or sacrifice child [ 1612.873987] Killed process 2967 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB [ 1612.895285] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1612.907130] CPU: 1 PID: 2960 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1612.914241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1612.923578] Call Trace: [ 1612.926155] dump_stack+0x172/0x1f0 [ 1612.929770] dump_header+0x10f/0xb6c [ 1612.933481] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1612.938578] ? ___ratelimit+0x60/0x595 [ 1612.942463] ? do_raw_spin_unlock+0x57/0x270 [ 1612.946870] oom_kill_process.cold+0x10/0x6f5 [ 1612.951366] ? task_will_free_mem+0x139/0x6e0 [ 1612.955867] out_of_memory+0x79a/0x1280 [ 1612.959830] ? oom_killer_disable+0x280/0x280 [ 1612.964325] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1612.969423] mem_cgroup_out_of_memory+0x99/0xe0 [ 1612.974078] ? memcg_memory_event+0x40/0x40 [ 1612.978387] ? _raw_spin_unlock+0x2d/0x50 [ 1612.982532] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1612.987634] try_charge+0xb4a/0x1570 [ 1612.991338] ? find_held_lock+0x35/0x130 [ 1612.995388] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1613.000222] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1613.005063] ? find_held_lock+0x35/0x130 [ 1613.009136] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1613.013981] memcg_kmem_charge_memcg+0x7c/0x130 [ 1613.018647] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1613.023145] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1613.027979] memcg_kmem_charge+0x13b/0x340 [ 1613.032207] __alloc_pages_nodemask+0x437/0x710 [ 1613.036873] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1613.041907] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1613.046476] ? trace_hardirqs_on+0x67/0x230 [ 1613.050786] copy_process.part.0+0x3e0/0x79a0 [ 1613.055268] ? psi_memstall_leave+0x11c/0x180 [ 1613.059750] ? sched_clock+0x2e/0x50 [ 1613.063448] ? psi_memstall_leave+0x12e/0x180 [ 1613.067944] ? find_held_lock+0x35/0x130 [ 1613.071997] ? __lock_acquire+0x53b/0x4700 [ 1613.076221] ? __cleanup_sighand+0x70/0x70 [ 1613.080459] ? mark_held_locks+0x100/0x100 [ 1613.084691] ? perf_trace_lock_acquire+0xf5/0x580 [ 1613.089515] ? rcu_read_lock_sched_held+0x110/0x130 [ 1613.094512] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1613.100047] _do_fork+0x257/0xfe0 [ 1613.103502] ? fork_idle+0x1d0/0x1d0 [ 1613.107208] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 1613.112550] ? lock_downgrade+0x810/0x810 [ 1613.116683] ? blkcg_exit_queue+0x30/0x30 [ 1613.120818] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1613.125553] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1613.130290] ? do_syscall_64+0x26/0x610 [ 1613.134245] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1613.139606] ? do_syscall_64+0x26/0x610 [ 1613.143566] __x64_sys_clone+0xbf/0x150 [ 1613.147523] do_syscall_64+0x103/0x610 [ 1613.151393] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1613.156564] RIP: 0033:0x45a7f9 [ 1613.159749] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1613.178648] RSP: 002b:00007ffee6aa5678 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1613.186355] RAX: ffffffffffffffda RBX: 00007f3c7554e700 RCX: 000000000045a7f9 [ 1613.193616] RDX: 00007f3c7554e9d0 RSI: 00007f3c7554ddb0 RDI: 00000000003d0f00 [ 1613.200866] RBP: 00007ffee6aa5880 R08: 00007f3c7554e700 R09: 00007f3c7554e700 [ 1613.208117] R10: 00007f3c7554e9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1613.215410] R13: 00007ffee6aa572f R14: 00007f3c7554e9c0 R15: 000000000073c04c [ 1613.223262] memory: usage 307044kB, limit 307200kB, failcnt 21458 [ 1613.229771] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1613.236935] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1613.243427] Memory cgroup stats for /syz0: cache:0KB rss:96704KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96676KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1613.263767] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2960,uid=0 [ 1613.278344] Memory cgroup out of memory: Kill process 2960 (syz-executor.0) score 1106 or sacrifice child 03:53:12 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x1000000) 03:53:12 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:53:12 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) getsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f00000000c0), &(0x7f0000000140)=0x4) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:12 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:12 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0xa, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:12 executing program 5: r0 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x2, 0x541001) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000100)="34354b9f"}, 0x20) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x440000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0e0b2bbd7000b108000001000000000000000741000000140018000000087564703a73797a3100000010"], 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) [ 1613.288208] Killed process 2960 (syz-executor.0) total-vm:72708kB, anon-rss:164kB, file-rss:35588kB, shmem-rss:0kB 03:53:12 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$VHOST_SET_VRING_ENDIAN(r1, 0x4008af13, &(0x7f0000000140)={0x0, 0xfffffffffffffffd}) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x3, 0x1) 03:53:12 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0xb, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:12 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(&(0x7f0000000040)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:12 executing program 5: getpid() socket$packet(0x11, 0x0, 0x300) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) socket$bt_hidp(0x1f, 0x3, 0x6) quotactl(0x80000101, 0x0, 0x0, &(0x7f00000001c0)) r1 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) r2 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x100002, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x17) write$uinput_user_dev(r3, &(0x7f0000000d00)={'syz0\x00'}, 0x45c) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$UI_SET_RELBIT(r3, 0x40045566, 0x8) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140)='TIPC\x00') sendmsg$TIPC_CMD_SET_NODE_ADDR(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, r4, 0x100, 0x70bd2c, 0x25dfdbfc, {{}, 0x0, 0x8001, 0x0, {0x8, 0x11, 0x2}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x44000}, 0x10) openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x412000) ioctl$UI_SET_EVBIT(r3, 0x40045564, 0xffffffffffffffff) ioctl$UI_DEV_SETUP(r3, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r2, 0x5502) 03:53:12 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:53:12 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x10, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) [ 1613.548092] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1613.662658] CPU: 0 PID: 3017 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1613.669783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1613.679139] Call Trace: [ 1613.681737] dump_stack+0x172/0x1f0 [ 1613.685428] dump_header+0x10f/0xb6c [ 1613.689150] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1613.694266] ? ___ratelimit+0x60/0x595 [ 1613.698163] ? do_raw_spin_unlock+0x57/0x270 [ 1613.702587] oom_kill_process.cold+0x10/0x6f5 [ 1613.707100] ? task_will_free_mem+0x139/0x6e0 [ 1613.711609] out_of_memory+0x79a/0x1280 [ 1613.715613] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1613.720728] ? oom_killer_disable+0x280/0x280 [ 1613.725233] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1613.730362] mem_cgroup_out_of_memory+0x99/0xe0 [ 1613.735039] ? memcg_memory_event+0x40/0x40 [ 1613.739392] ? _raw_spin_unlock+0x2d/0x50 [ 1613.743578] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1613.748715] try_charge+0xfec/0x1570 [ 1613.752431] ? find_held_lock+0x35/0x130 [ 1613.756519] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1613.761367] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1613.766217] ? find_held_lock+0x35/0x130 [ 1613.770295] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1613.775155] memcg_kmem_charge_memcg+0x7c/0x130 [ 1613.779831] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1613.784341] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1613.789194] memcg_kmem_charge+0x13b/0x340 [ 1613.793469] __alloc_pages_nodemask+0x437/0x710 [ 1613.798154] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1613.803184] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1613.807776] ? trace_hardirqs_on+0x67/0x230 [ 1613.812130] copy_process.part.0+0x3e0/0x79a0 [ 1613.816644] ? psi_memstall_leave+0x11c/0x180 [ 1613.821165] ? sched_clock+0x2e/0x50 [ 1613.824887] ? psi_memstall_leave+0x12e/0x180 [ 1613.829402] ? find_held_lock+0x35/0x130 [ 1613.833472] ? __lock_acquire+0x53b/0x4700 [ 1613.837723] ? __cleanup_sighand+0x70/0x70 [ 1613.841966] ? mark_held_locks+0x100/0x100 [ 1613.846209] ? perf_trace_lock_acquire+0xf5/0x580 [ 1613.851059] ? rcu_read_lock_sched_held+0x110/0x130 [ 1613.856080] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1613.861643] _do_fork+0x257/0xfe0 [ 1613.865138] ? fork_idle+0x1d0/0x1d0 [ 1613.868856] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 1613.874227] ? lock_downgrade+0x810/0x810 [ 1613.878383] ? blkcg_exit_queue+0x30/0x30 [ 1613.882559] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1613.887323] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1613.892086] ? do_syscall_64+0x26/0x610 [ 1613.896063] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1613.901456] ? do_syscall_64+0x26/0x610 [ 1613.905441] __x64_sys_clone+0xbf/0x150 [ 1613.909421] do_syscall_64+0x103/0x610 [ 1613.913330] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1613.918537] RIP: 0033:0x45a7f9 [ 1613.921736] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1613.940638] RSP: 002b:00007ffee6aa5678 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1613.940653] RAX: ffffffffffffffda RBX: 00007f3c7556f700 RCX: 000000000045a7f9 [ 1613.940662] RDX: 00007f3c7556f9d0 RSI: 00007f3c7556edb0 RDI: 00000000003d0f00 [ 1613.940670] RBP: 00007ffee6aa5880 R08: 00007f3c7556f700 R09: 00007f3c7556f700 [ 1613.940679] R10: 00007f3c7556f9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1613.940688] R13: 00007ffee6aa572f R14: 00007f3c7556f9c0 R15: 000000000073bfac [ 1613.954491] memory: usage 307172kB, limit 307200kB, failcnt 21490 [ 1613.974846] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1614.018921] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1614.026840] Memory cgroup stats for /syz0: cache:0KB rss:96560KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96704KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1614.048177] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=9275,uid=0 [ 1614.062788] Memory cgroup out of memory: Kill process 9275 (syz-executor.0) score 1103 or sacrifice child [ 1614.072630] Killed process 9275 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1614.084542] oom_reaper: reaped process 9275 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1614.106575] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1614.118011] CPU: 1 PID: 3021 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1614.125149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1614.134503] Call Trace: [ 1614.137128] dump_stack+0x172/0x1f0 [ 1614.140773] dump_header+0x10f/0xb6c [ 1614.144475] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1614.149562] ? ___ratelimit+0x60/0x595 [ 1614.153435] ? do_raw_spin_unlock+0x57/0x270 [ 1614.157830] oom_kill_process.cold+0x10/0x6f5 [ 1614.162315] ? task_will_free_mem+0x139/0x6e0 [ 1614.166801] out_of_memory+0x79a/0x1280 [ 1614.170789] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1614.175877] ? oom_killer_disable+0x280/0x280 [ 1614.180363] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1614.185455] mem_cgroup_out_of_memory+0x99/0xe0 [ 1614.190107] ? memcg_memory_event+0x40/0x40 [ 1614.194432] ? _raw_spin_unlock+0x2d/0x50 [ 1614.198589] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1614.203698] try_charge+0xfec/0x1570 [ 1614.207427] ? find_held_lock+0x35/0x130 [ 1614.211487] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1614.216357] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1614.221196] ? find_held_lock+0x35/0x130 [ 1614.225250] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1614.230095] memcg_kmem_charge_memcg+0x7c/0x130 [ 1614.234755] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1614.239264] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1614.244123] memcg_kmem_charge+0x13b/0x340 [ 1614.248359] __alloc_pages_nodemask+0x437/0x710 [ 1614.253019] ? __pud_alloc+0x1d3/0x250 [ 1614.256891] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1614.261904] ? __pud_alloc+0x1d3/0x250 [ 1614.265783] ? lock_downgrade+0x810/0x810 [ 1614.269945] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1614.275529] alloc_pages_current+0x107/0x210 [ 1614.279926] ? do_raw_spin_unlock+0x57/0x270 [ 1614.284327] __pmd_alloc+0x41/0x460 [ 1614.287948] ? pmd_val+0x100/0x100 [ 1614.291485] pmd_alloc+0x10c/0x180 [ 1614.295010] copy_page_range+0x62e/0x1f90 [ 1614.299156] ? mark_held_locks+0x100/0x100 [ 1614.303380] ? debug_smp_processor_id+0x1c/0x20 [ 1614.308054] ? copy_process.part.0+0x3121/0x79a0 [ 1614.312796] ? copy_process.part.0+0x3121/0x79a0 [ 1614.317545] ? pmd_alloc+0x180/0x180 [ 1614.321255] ? vma_compute_subtree_gap+0x158/0x230 [ 1614.326198] ? validate_mm_rb+0xa3/0xc0 [ 1614.330191] ? __vma_link_rb+0x279/0x370 [ 1614.334252] copy_process.part.0+0x56aa/0x79a0 [ 1614.338836] ? __cleanup_sighand+0x70/0x70 [ 1614.343074] _do_fork+0x257/0xfe0 [ 1614.346526] ? fork_idle+0x1d0/0x1d0 [ 1614.350244] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1614.354983] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1614.359722] ? do_syscall_64+0x26/0x610 [ 1614.363681] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1614.369026] ? do_syscall_64+0x26/0x610 [ 1614.372989] __x64_sys_clone+0xbf/0x150 [ 1614.376950] do_syscall_64+0x103/0x610 [ 1614.380823] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1614.385995] RIP: 0033:0x457e29 [ 1614.389169] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1614.408054] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1614.415747] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1614.423001] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1614.430274] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1614.437542] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1614.444811] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1614.452224] net_ratelimit: 18 callbacks suppressed [ 1614.452234] protocol 88fb is buggy, dev hsr_slave_0 [ 1614.462316] protocol 88fb is buggy, dev hsr_slave_1 [ 1614.467472] protocol 88fb is buggy, dev hsr_slave_0 [ 1614.472632] protocol 88fb is buggy, dev hsr_slave_1 [ 1614.477737] protocol 88fb is buggy, dev hsr_slave_0 [ 1614.482850] protocol 88fb is buggy, dev hsr_slave_1 [ 1614.488309] protocol 88fb is buggy, dev hsr_slave_0 [ 1614.493464] protocol 88fb is buggy, dev hsr_slave_1 [ 1614.499825] memory: usage 307040kB, limit 307200kB, failcnt 21515 [ 1614.506201] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1614.513120] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1614.519318] Memory cgroup stats for /syz0: cache:0KB rss:96560KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96608KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1614.540215] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3017,uid=0 [ 1614.555026] Memory cgroup out of memory: Kill process 3017 (syz-executor.0) score 1106 or sacrifice child 03:53:13 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x2000000) 03:53:13 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:13 executing program 2: r0 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000140)=0x400) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chdir(&(0x7f00000000c0)='./file0\x00') mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:13 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x14, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:13 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x2000001000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/enforce\x00', 0x4280, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000240)=0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000280)=0x0) sendmsg$nl_netfilter(r1, &(0x7f0000000700)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800008}, 0xc, &(0x7f00000006c0)={&(0x7f00000002c0)={0x3ec, 0x6, 0x1, 0x200, 0x70bd2d, 0x25dfdbfe, {0xa, 0x0, 0x9}, [@typed={0x8, 0x7c, @pid=r2}, @generic="51e92172", @nested={0x68, 0x24, [@generic="8d182ba298e14b75693d68f93a6cc8f5573afb70ae8394069edc03d54abaaebf018a662a62eb2f2ec58c2ebbbff38d4ebec5cc3402e58ba07f07251dfe4654eece6beb8aa86f8ae62954bb01d2989854743908a836714ec8d26e", @typed={0x8, 0x4d, @pid=r3}]}, @typed={0x8, 0x20, @ipv4=@multicast1}, @nested={0xf0, 0x4e, [@generic="23b6f6d71e545f9e9f5dcb8995ca5a34eab8f9c830b0017ec5730dc6a2b9d3b854", @generic="e7cd2aa491daa8be2cb95376aab8cd039b4f3ac1c8ac56611acc233d1f787b5f412f5391dbc2adf6e6a18c24690e4a1a67", @generic="1e818d03803ff8b2cc1634431d3b23bd8efbbdb352b41fdb4c9e9bda4260eb9bba2ae345169570f6ac9ab596fc3bf98cde49d3e8f857b80690ab414da659b85d4866532eea42572a0a686cac5d7347b5ba5c5408", @typed={0x14, 0x21, @ipv6=@mcast1}, @generic="c083ab345095b1a842cdc00cef4b05b5e57ffaedb144782f004628682f46b2a4f45aa169", @typed={0xc, 0x56, @u64=0x7}]}, @nested={0x1a0, 0x5b, [@typed={0x7c, 0x1b, @binary="3e7961903981bd708f00b7f18b971b3b4a9d4ec9fe35362699b040177f9f08b1b1a1d696642ae67d05237c7224f2a1c6510488c977d90ad5aceda45913d98a1be11d1dd0c44f692a3613cc41daf2ecb78843f5ff05af1c0387553791f39487a95a185af6ff19dd05f9507d37f85ecc37ea1a0279be28a3"}, @typed={0x58, 0x6b, @binary="3ae93f4ded42d28e93e589bd8b2116ddd096d31b1b95179cd22dbe4516fa18ff49ce244527833a974a75412171761d99ebb3a2e72e9d0144f3fae495670f467a82bcd2260d8ded89abe4c4d59555c21fca"}, @generic="863f52cce4642fd98806dce610104bbc91a59740ec10bc4ff8a39450d7641bdcf01b1473a1480e178467c2c1a19d943f0204a8d6ee1d72be7f3d0aad6376c5223d78b41eb537df85eaa73528f638891b5f7a55b212af17f37ceaba4a0c07b3f2b9ebb55aa7210d051e724acbafbc7a9f7fe3c0e5b64ea018ff49488911f8496022f7838970d3d8a80dda3e3acc1d5a0fbba3e520c026bdeebc9313122326af1b5ccb6d5d43d9b231858c9fed33618c5347e2fa1810e55e53a6aa3a3954d6387a0fb5ee29f0aeb2ad"]}, @typed={0x8, 0x2, @ipv4=@multicast2}, @generic="93b8cf4b6980096219b00a619a4605c79acbb439d33d8d51dd09efc5a4bc98bef845ae0470b3ade255c51cbec2c7b7d1cec27935cb42f078b6c6d49a55658826b4ddbbe8df18b11d33b76a0419da0beb6fd6531479030c01fd34d76292ab78687c332e013f0b563dfa5193d63533ebcc9672c9a70e14efb2ef3037d211887e6a043432cd362e1f64283d61f14aa62dfaa66d50808c5d139bd1e35af303584143b900a4ea61b5b2fc30c1f9f2199912ebca260f175678aad9c392b5b9f023af741408ef14"]}, 0x3ec}, 0x1, 0x0, 0x0, 0x4040}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1, 0x8c}]}, &(0x7f0000000000)='GPL\x00', 0x1, 0x9e, &(0x7f00001a7f05)=""/251}, 0x48) 03:53:13 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) [ 1614.566617] Killed process 3025 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB 03:53:13 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1614.695480] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 1614.750695] CPU: 0 PID: 3057 Comm: syz-executor.2 Not tainted 5.0.0-rc8 #87 [ 1614.757979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1614.767330] Call Trace: [ 1614.769947] dump_stack+0x172/0x1f0 [ 1614.773610] dump_header+0x10f/0xb6c [ 1614.777326] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1614.782463] ? ___ratelimit+0x60/0x595 [ 1614.786360] ? do_raw_spin_unlock+0x57/0x270 [ 1614.790777] oom_kill_process.cold+0x10/0x6f5 [ 1614.795312] ? task_will_free_mem+0x139/0x6e0 [ 1614.799823] out_of_memory+0x79a/0x1280 [ 1614.803838] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1614.808961] ? oom_killer_disable+0x280/0x280 [ 1614.813458] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1614.813484] mem_cgroup_out_of_memory+0x99/0xe0 [ 1614.813499] ? memcg_memory_event+0x40/0x40 [ 1614.823274] ? _raw_spin_unlock+0x2d/0x50 [ 1614.823290] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1614.823304] try_charge+0xfec/0x1570 [ 1614.823319] ? find_held_lock+0x35/0x130 [ 1614.844612] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1614.849464] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1614.854317] ? find_held_lock+0x35/0x130 [ 1614.858390] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1614.863253] memcg_kmem_charge_memcg+0x7c/0x130 [ 1614.867943] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1614.872465] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1614.877334] memcg_kmem_charge+0x13b/0x340 [ 1614.881601] __alloc_pages_nodemask+0x437/0x710 [ 1614.886280] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1614.891305] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1614.895910] ? trace_hardirqs_on+0x67/0x230 [ 1614.900256] copy_process.part.0+0x3e0/0x79a0 [ 1614.904776] ? psi_memstall_leave+0x11c/0x180 [ 1614.909272] ? sched_clock+0x2e/0x50 [ 1614.912989] ? psi_memstall_leave+0x12e/0x180 [ 1614.917481] ? find_held_lock+0x35/0x130 [ 1614.921546] ? __lock_acquire+0x53b/0x4700 [ 1614.925789] ? __cleanup_sighand+0x70/0x70 [ 1614.930027] ? mark_held_locks+0x100/0x100 [ 1614.934262] ? perf_trace_lock_acquire+0xf5/0x580 [ 1614.939101] ? rcu_read_lock_sched_held+0x110/0x130 [ 1614.944127] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1614.949690] _do_fork+0x257/0xfe0 [ 1614.953193] ? fork_idle+0x1d0/0x1d0 [ 1614.956913] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 1614.962278] ? lock_downgrade+0x810/0x810 [ 1614.966426] ? blkcg_exit_queue+0x30/0x30 [ 1614.970600] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1614.975351] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1614.980102] ? do_syscall_64+0x26/0x610 [ 1614.984075] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1614.989432] ? do_syscall_64+0x26/0x610 [ 1614.993428] __x64_sys_clone+0xbf/0x150 [ 1614.997409] do_syscall_64+0x103/0x610 [ 1615.001326] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1615.006509] RIP: 0033:0x45a7f9 [ 1615.009715] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1615.028614] RSP: 002b:00007ffda87d9ef8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1615.036317] RAX: ffffffffffffffda RBX: 00007f388c266700 RCX: 000000000045a7f9 [ 1615.043586] RDX: 00007f388c2669d0 RSI: 00007f388c265db0 RDI: 00000000003d0f00 03:53:13 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0xe0, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) [ 1615.050852] RBP: 00007ffda87da100 R08: 00007f388c266700 R09: 00007f388c266700 [ 1615.058120] R10: 00007f388c2669d0 R11: 0000000000000202 R12: 0000000000000000 [ 1615.065390] R13: 00007ffda87d9faf R14: 00007f388c2669c0 R15: 000000000073bfac [ 1615.072966] protocol 88fb is buggy, dev hsr_slave_0 [ 1615.078059] protocol 88fb is buggy, dev hsr_slave_1 03:53:14 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, 0x0, 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1615.096664] memory: usage 307112kB, limit 307200kB, failcnt 3482 [ 1615.109733] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1615.118706] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:53:14 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0xffe0, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:14 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:53:14 executing program 5: openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/status\x00', 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') chdir(&(0x7f0000000000)='./file0\x00') clone(0x3102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) semget(0x2, 0x3, 0x80) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0xe) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x20000000, 0x57}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1615.194355] Memory cgroup stats for /syz2: cache:56KB rss:250352KB rss_huge:221184KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:12KB active_anon:250352KB inactive_file:8KB active_file:0KB unevictable:40KB [ 1615.242813] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9504,uid=0 [ 1615.262851] Memory cgroup out of memory: Kill process 9504 (syz-executor.2) score 1113 or sacrifice child [ 1615.295625] Killed process 9504 (syz-executor.2) total-vm:72576kB, anon-rss:2192kB, file-rss:35800kB, shmem-rss:0kB [ 1615.320826] oom_reaper: reaped process 9504 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 1615.346906] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1615.386208] CPU: 0 PID: 3075 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1615.393337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1615.402703] Call Trace: [ 1615.405319] dump_stack+0x172/0x1f0 [ 1615.408955] dump_header+0x10f/0xb6c [ 1615.412685] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1615.417773] ? ___ratelimit+0x60/0x595 [ 1615.421641] ? do_raw_spin_unlock+0x57/0x270 [ 1615.426036] oom_kill_process.cold+0x10/0x6f5 [ 1615.430514] ? task_will_free_mem+0x139/0x6e0 [ 1615.434994] out_of_memory+0x79a/0x1280 [ 1615.438953] ? oom_killer_disable+0x280/0x280 [ 1615.443434] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1615.448531] mem_cgroup_out_of_memory+0x99/0xe0 [ 1615.453183] ? memcg_memory_event+0x40/0x40 [ 1615.457487] ? _raw_spin_unlock+0x2d/0x50 [ 1615.461614] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1615.466711] try_charge+0xfec/0x1570 [ 1615.470404] ? find_held_lock+0x35/0x130 [ 1615.474454] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1615.479294] ? kasan_check_read+0x11/0x20 [ 1615.483429] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1615.488259] mem_cgroup_try_charge+0x24d/0x5e0 [ 1615.492827] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1615.497738] __handle_mm_fault+0x1e26/0x3f20 [ 1615.502131] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1615.506954] ? find_held_lock+0x35/0x130 [ 1615.511001] ? handle_mm_fault+0x322/0xb30 [ 1615.515224] ? kasan_check_read+0x11/0x20 [ 1615.519358] handle_mm_fault+0x43f/0xb30 [ 1615.523410] __do_page_fault+0x5da/0xd60 [ 1615.527476] do_page_fault+0x71/0x581 [ 1615.531274] ? page_fault+0x8/0x30 [ 1615.534795] page_fault+0x1e/0x30 [ 1615.538229] RIP: 0033:0x45a7dd [ 1615.541401] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 e0 8e fb ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 1615.560309] RSP: 002b:00007ffee6aa5678 EFLAGS: 00010202 [ 1615.565666] RAX: ffffffffffffffea RBX: 00007f3c7554e700 RCX: 00007f3c7554e700 [ 1615.572950] RDX: 00000000003d0f00 RSI: 00007f3c7554ddb0 RDI: 000000000040ed80 [ 1615.580201] RBP: 00007ffee6aa5880 R08: 00007f3c7554e9d0 R09: 00007f3c7554e700 [ 1615.587466] R10: 00007f3c7554ddc0 R11: 0000000000000246 R12: 0000000000000000 [ 1615.594716] R13: 00007ffee6aa572f R14: 00007f3c7554e9c0 R15: 000000000073c04c [ 1615.605626] memory: usage 307144kB, limit 307200kB, failcnt 21558 [ 1615.612043] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1615.618798] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1615.625011] Memory cgroup stats for /syz0: cache:0KB rss:96692KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96688KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1615.645179] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=9312,uid=0 [ 1615.660438] Memory cgroup out of memory: Kill process 9312 (syz-executor.0) score 1103 or sacrifice child [ 1615.670295] Killed process 9312 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1615.704555] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1615.716056] CPU: 0 PID: 3076 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1615.723161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1615.732508] Call Trace: [ 1615.735092] dump_stack+0x172/0x1f0 [ 1615.738856] dump_header+0x10f/0xb6c [ 1615.742570] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1615.747678] ? ___ratelimit+0x60/0x595 [ 1615.751550] ? do_raw_spin_unlock+0x57/0x270 [ 1615.755949] oom_kill_process.cold+0x10/0x6f5 [ 1615.760436] ? task_will_free_mem+0x139/0x6e0 [ 1615.764968] out_of_memory+0x79a/0x1280 [ 1615.768945] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1615.774032] ? oom_killer_disable+0x280/0x280 [ 1615.778514] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1615.783621] mem_cgroup_out_of_memory+0x99/0xe0 [ 1615.788280] ? memcg_memory_event+0x40/0x40 [ 1615.792638] ? _raw_spin_unlock+0x2d/0x50 [ 1615.796780] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1615.801914] try_charge+0xfec/0x1570 [ 1615.805632] ? find_held_lock+0x35/0x130 [ 1615.809721] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1615.814560] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1615.819400] ? find_held_lock+0x35/0x130 [ 1615.823452] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1615.828286] memcg_kmem_charge_memcg+0x7c/0x130 [ 1615.832945] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1615.837435] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1615.842281] memcg_kmem_charge+0x13b/0x340 [ 1615.846528] __alloc_pages_nodemask+0x437/0x710 [ 1615.851192] ? __pud_alloc+0x1d3/0x250 [ 1615.855065] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1615.860065] ? __pud_alloc+0x1d3/0x250 [ 1615.863961] ? lock_downgrade+0x810/0x810 [ 1615.868107] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1615.873652] alloc_pages_current+0x107/0x210 [ 1615.878053] ? do_raw_spin_unlock+0x57/0x270 [ 1615.882491] __pmd_alloc+0x41/0x460 [ 1615.886118] ? pmd_val+0x100/0x100 [ 1615.889655] pmd_alloc+0x10c/0x180 [ 1615.893222] copy_page_range+0x62e/0x1f90 [ 1615.897385] ? __lock_is_held+0xb6/0x140 [ 1615.901441] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1615.906452] ? vma_compute_subtree_gap+0x158/0x230 [ 1615.911413] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1615.916251] ? pmd_alloc+0x180/0x180 [ 1615.919954] ? validate_mm_rb+0xa3/0xc0 [ 1615.923928] ? __vma_link_rb+0x279/0x370 [ 1615.927993] copy_process.part.0+0x56aa/0x79a0 [ 1615.932588] ? __cleanup_sighand+0x70/0x70 [ 1615.936817] _do_fork+0x257/0xfe0 [ 1615.940260] ? fork_idle+0x1d0/0x1d0 [ 1615.943986] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1615.948738] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1615.953476] ? do_syscall_64+0x26/0x610 [ 1615.957439] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1615.962785] ? do_syscall_64+0x26/0x610 [ 1615.966749] __x64_sys_clone+0xbf/0x150 [ 1615.970728] do_syscall_64+0x103/0x610 [ 1615.974614] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1615.979799] RIP: 0033:0x457e29 [ 1615.982999] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1616.001902] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1616.009595] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1616.016850] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1616.024101] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1616.031354] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1616.038609] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1616.047061] memory: usage 307040kB, limit 307200kB, failcnt 21596 [ 1616.053391] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1616.060207] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1616.066352] Memory cgroup stats for /syz0: cache:0KB rss:96692KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96592KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1616.086496] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=9387,uid=0 03:53:15 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x3000000) 03:53:15 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, 0x0, 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:15 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0xffffffe0, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:15 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:53:15 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') ioctl$EVIOCSMASK(r1, 0x40104593, &(0x7f00000000c0)={0x17, 0xf4, &(0x7f0000000140)="50538f5a747193f4f38629a4d3ccb99dee1e80135fe5fbadf7454c72cb4d7eb559b8761e2722b02c40ed58e6828ccb9a05f64c47ec81a3c9836389760f3fbd9cef234add6b47647e7a51d6e56d3a4a837116537d643c69f360f8d130bca5ca1d6c5fea97e2fc2846f3a4560ea5805719af38055dddede7fc32c53fa5fa1f40df5df4a03f1c9acfb1daa18413a5238bbe9a62025c0d774e3a2f8f126fe79dc3d72605a2c964309d1cca8915b448dd30e1ec273c05c66dfd8968f4ae517a934e12e6479dccea626da79e4a685f217f9eff55f8e4833a80bb9a09822756c4f74de346a2b57acfd78cc367f52ee5b9a697c4f98452b4"}) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1616.101046] Memory cgroup out of memory: Kill process 9387 (syz-executor.0) score 1103 or sacrifice child [ 1616.110879] Killed process 9387 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1616.122485] oom_reaper: reaped process 9387 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:53:15 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:15 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, 0x0, 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:15 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:53:15 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0xffffffffffffffe0, 0x0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:15 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(0xffffffffffffffff, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:15 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x2, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) [ 1616.455107] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 1616.506966] CPU: 0 PID: 3142 Comm: syz-executor.2 Not tainted 5.0.0-rc8 #87 [ 1616.514076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1616.523427] Call Trace: [ 1616.526027] dump_stack+0x172/0x1f0 [ 1616.529669] dump_header+0x10f/0xb6c [ 1616.533393] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1616.538491] ? ___ratelimit+0x60/0x595 [ 1616.542375] ? do_raw_spin_unlock+0x57/0x270 [ 1616.546795] oom_kill_process.cold+0x10/0x6f5 [ 1616.551312] ? task_will_free_mem+0x139/0x6e0 [ 1616.555826] out_of_memory+0x79a/0x1280 [ 1616.559808] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1616.564938] ? oom_killer_disable+0x280/0x280 [ 1616.569451] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1616.574592] mem_cgroup_out_of_memory+0x99/0xe0 [ 1616.579266] ? memcg_memory_event+0x40/0x40 [ 1616.583605] ? _raw_spin_unlock+0x2d/0x50 [ 1616.587760] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1616.592875] try_charge+0xfec/0x1570 [ 1616.596606] ? find_held_lock+0x35/0x130 [ 1616.596630] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1616.596646] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1616.605539] ? find_held_lock+0x35/0x130 [ 1616.605559] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1616.605585] memcg_kmem_charge_memcg+0x7c/0x130 [ 1616.623978] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1616.628983] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1616.633870] memcg_kmem_charge+0x13b/0x340 [ 1616.638132] __alloc_pages_nodemask+0x437/0x710 [ 1616.642814] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1616.647847] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1616.652435] ? trace_hardirqs_on+0x67/0x230 [ 1616.656764] copy_process.part.0+0x3e0/0x79a0 [ 1616.661250] ? psi_memstall_leave+0x11c/0x180 [ 1616.665740] ? sched_clock+0x2e/0x50 [ 1616.669441] ? psi_memstall_leave+0x12e/0x180 [ 1616.673932] ? find_held_lock+0x35/0x130 [ 1616.678007] ? __lock_acquire+0x53b/0x4700 [ 1616.682245] ? __cleanup_sighand+0x70/0x70 [ 1616.686464] ? mark_held_locks+0x100/0x100 [ 1616.690696] ? perf_trace_lock_acquire+0xf5/0x580 [ 1616.695533] ? rcu_read_lock_sched_held+0x110/0x130 [ 1616.700537] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1616.706064] _do_fork+0x257/0xfe0 [ 1616.709508] ? fork_idle+0x1d0/0x1d0 [ 1616.713224] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 1616.718592] ? lock_downgrade+0x810/0x810 [ 1616.722741] ? blkcg_exit_queue+0x30/0x30 [ 1616.726874] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1616.731623] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1616.736364] ? do_syscall_64+0x26/0x610 [ 1616.740331] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1616.745695] ? do_syscall_64+0x26/0x610 [ 1616.749659] __x64_sys_clone+0xbf/0x150 [ 1616.753636] do_syscall_64+0x103/0x610 [ 1616.757704] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1616.762904] RIP: 0033:0x45a7f9 [ 1616.766112] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1616.785064] RSP: 002b:00007ffda87d9ef8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1616.792775] RAX: ffffffffffffffda RBX: 00007f388c287700 RCX: 000000000045a7f9 [ 1616.800038] RDX: 00007f388c2879d0 RSI: 00007f388c286db0 RDI: 00000000003d0f00 [ 1616.807291] RBP: 00007ffda87da100 R08: 00007f388c287700 R09: 00007f388c287700 [ 1616.814567] R10: 00007f388c2879d0 R11: 0000000000000202 R12: 0000000000000000 [ 1616.821829] R13: 00007ffda87d9faf R14: 00007f388c2879c0 R15: 000000000073bf0c [ 1616.831634] memory: usage 307200kB, limit 307200kB, failcnt 3512 [ 1616.837798] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1616.845123] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1616.851615] Memory cgroup stats for /syz2: cache:56KB rss:250244KB rss_huge:221184KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:12KB active_anon:250284KB inactive_file:8KB active_file:4KB unevictable:40KB [ 1616.875536] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9543,uid=0 [ 1616.890508] Memory cgroup out of memory: Kill process 9543 (syz-executor.2) score 1113 or sacrifice child [ 1616.900592] Killed process 9543 (syz-executor.2) total-vm:72576kB, anon-rss:2192kB, file-rss:35800kB, shmem-rss:0kB [ 1616.913475] oom_reaper: reaped process 9543 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 1616.932006] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1616.947548] CPU: 0 PID: 3136 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1616.954657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1616.964003] Call Trace: [ 1616.966576] dump_stack+0x172/0x1f0 [ 1616.970192] dump_header+0x10f/0xb6c [ 1616.973891] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1616.978988] ? ___ratelimit+0x60/0x595 [ 1616.982858] ? do_raw_spin_unlock+0x57/0x270 [ 1616.987251] oom_kill_process.cold+0x10/0x6f5 [ 1616.991732] ? task_will_free_mem+0x139/0x6e0 [ 1616.996214] out_of_memory+0x79a/0x1280 [ 1617.000181] ? oom_killer_disable+0x280/0x280 [ 1617.004659] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1617.009749] mem_cgroup_out_of_memory+0x99/0xe0 [ 1617.014430] ? memcg_memory_event+0x40/0x40 [ 1617.018737] ? _raw_spin_unlock+0x2d/0x50 [ 1617.022881] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1617.027973] try_charge+0xfec/0x1570 [ 1617.031669] ? find_held_lock+0x35/0x130 [ 1617.035718] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1617.040549] ? kasan_check_read+0x11/0x20 [ 1617.044682] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1617.049520] mem_cgroup_try_charge+0x24d/0x5e0 [ 1617.054090] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1617.059006] __handle_mm_fault+0x1e26/0x3f20 [ 1617.063400] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1617.068225] ? find_held_lock+0x35/0x130 [ 1617.072268] ? handle_mm_fault+0x322/0xb30 [ 1617.076491] ? kasan_check_read+0x11/0x20 [ 1617.080627] handle_mm_fault+0x43f/0xb30 [ 1617.084678] __do_page_fault+0x5da/0xd60 [ 1617.088748] do_page_fault+0x71/0x581 [ 1617.092531] ? page_fault+0x8/0x30 [ 1617.096052] page_fault+0x1e/0x30 [ 1617.099483] RIP: 0033:0x40f98f [ 1617.102656] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 1617.121540] RSP: 002b:00007ffee6aa56c0 EFLAGS: 00010206 [ 1617.126882] RAX: 00007f3c7552e000 RBX: 0000000000020000 RCX: 0000000000457e7a [ 1617.134136] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1617.141387] RBP: 00007ffee6aa57a0 R08: ffffffffffffffff R09: 0000000000000000 [ 1617.148638] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffee6aa5880 [ 1617.155907] R13: 00007f3c7554e700 R14: 0000000000000003 R15: 000000000073c04c [ 1617.164780] memory: usage 307200kB, limit 307200kB, failcnt 21631 [ 1617.171715] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1617.178550] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1617.185515] Memory cgroup stats for /syz0: cache:0KB rss:96684KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96692KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1617.206061] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3136,uid=0 [ 1617.220990] Memory cgroup out of memory: Kill process 3136 (syz-executor.0) score 1106 or sacrifice child [ 1617.231040] Killed process 3143 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB [ 1617.242548] oom_reaper: reaped process 3143 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1617.258613] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1617.270750] CPU: 1 PID: 3139 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1617.277861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1617.287215] Call Trace: [ 1617.289799] dump_stack+0x172/0x1f0 [ 1617.293414] dump_header+0x10f/0xb6c [ 1617.297119] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1617.302222] ? ___ratelimit+0x60/0x595 [ 1617.306118] ? do_raw_spin_unlock+0x57/0x270 [ 1617.310542] oom_kill_process.cold+0x10/0x6f5 [ 1617.315036] ? task_will_free_mem+0x139/0x6e0 [ 1617.319535] out_of_memory+0x79a/0x1280 [ 1617.323520] ? oom_killer_disable+0x280/0x280 [ 1617.328023] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1617.333116] mem_cgroup_out_of_memory+0x99/0xe0 [ 1617.337771] ? memcg_memory_event+0x40/0x40 [ 1617.342109] ? _raw_spin_unlock+0x2d/0x50 [ 1617.346261] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1617.351368] try_charge+0xb4a/0x1570 [ 1617.355083] ? find_held_lock+0x35/0x130 [ 1617.359149] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1617.363992] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1617.368830] ? find_held_lock+0x35/0x130 [ 1617.372902] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1617.377749] memcg_kmem_charge_memcg+0x7c/0x130 [ 1617.382412] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1617.386921] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1617.391750] memcg_kmem_charge+0x13b/0x340 [ 1617.395971] __alloc_pages_nodemask+0x437/0x710 [ 1617.400641] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1617.405667] ? find_held_lock+0x35/0x130 [ 1617.409719] ? percpu_ref_put_many+0x94/0x190 [ 1617.414213] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1617.419736] alloc_pages_current+0x107/0x210 [ 1617.424142] __get_free_pages+0xc/0x40 [ 1617.428022] pgd_alloc+0x8b/0x3f0 [ 1617.431474] ? pgd_page_get_mm+0x40/0x40 [ 1617.435543] ? lockdep_init_map+0x10c/0x5b0 [ 1617.439847] ? lockdep_init_map+0x10c/0x5b0 [ 1617.444169] mm_init+0x583/0x9a0 [ 1617.447535] copy_process.part.0+0x2b65/0x79a0 [ 1617.452101] ? check_preemption_disabled+0x48/0x290 [ 1617.457116] ? __cleanup_sighand+0x70/0x70 [ 1617.461356] ? lock_downgrade+0x810/0x810 [ 1617.465539] _do_fork+0x257/0xfe0 [ 1617.468989] ? fork_idle+0x1d0/0x1d0 [ 1617.472712] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1617.477451] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1617.482222] ? do_syscall_64+0x26/0x610 [ 1617.486201] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1617.491573] ? do_syscall_64+0x26/0x610 [ 1617.495549] __x64_sys_clone+0xbf/0x150 [ 1617.499511] do_syscall_64+0x103/0x610 [ 1617.503420] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1617.508623] RIP: 0033:0x457e29 [ 1617.511831] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1617.530724] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1617.538434] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1617.545696] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1617.552959] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1617.560222] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1617.567503] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1617.575589] memory: usage 306912kB, limit 307200kB, failcnt 21633 [ 1617.581974] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1617.588736] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1617.595075] Memory cgroup stats for /syz0: cache:0KB rss:96684KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96612KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1617.615271] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3136,uid=0 [ 1617.629830] Memory cgroup out of memory: Kill process 3136 (syz-executor.0) score 1106 or sacrifice child [ 1617.639635] Killed process 3139 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:35600kB, shmem-rss:0kB [ 1617.651436] oom_reaper: reaped process 3139 (syz-executor.0), now anon-rss:0kB, file-rss:34640kB, shmem-rss:0kB 03:53:17 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(0xffffffffffffffff, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:17 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x4, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:17 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:53:17 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x1) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_CONNECT(r1, &(0x7f0000000180)={0x6, 0x118, 0xfa00, {{0x6, 0x401, "bb98d8d84b3faeae0ec602524039a9850f6893b393d34348d174ac576cf1d339e4d21210fb65360950f9708c9918e5d3a00a7e9e8e15a5d3d42c1c9ed4b59df0ad1ff3b6e73a29aaafd899ee849e8984e183494380b5d834e2b3f30d9dff2314082cbe2887104130fd2e8b202800d9d9ae1525739ca794477800880ee655d1ce0f08ab937770b4d4bed55efaa35d2810d61b58cef8dc8bfa15deb14c00b2841ef9a683088210fe4d35340c3e24aeca969b0f6d81ae402c50036a7df0d75957d1b2d590360d8f38f5657bc086a642e52c0128744a6fa11080634e1a983ab201dbf032482c3a9060bed9fffbf1ae3fbc3e04430cfadf1c0edaeb426fe9d2f37102", 0x77, 0x5, 0x5, 0x6, 0x10, 0x3, 0x9, 0x1}, r2}}, 0x120) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:17 executing program 5: r0 = socket$packet(0x11, 0x2000000003, 0x300) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x40, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000002180)=0x100, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bridge0\x00\x00\x00\x00\x00\x00\xae\'\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14) sendto$inet6(r0, &(0x7f0000001740)="030300000300600000000000fff55b4202938207d9fb3780398d5375000000007929301ee616d5c01843e06590080053c0e385472da7222a2bb401000000c3b50035110f118d0000f5cfe606f6925cbf34658ea132797b1abc5dc62600009b000000faffffff00000000aeb4", 0x6c, 0x0, 0x0, 0x0) 03:53:17 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x4000000) 03:53:17 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(0xffffffffffffffff, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:17 executing program 2: getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000180)={{{@in=@initdev, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@broadcast}}, &(0x7f0000000280)=0xe8) lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@empty}}, &(0x7f0000000480)=0xe8) r3 = geteuid() getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@loopback, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}}}, &(0x7f00000005c0)=0xe8) getgroups(0x2, &(0x7f0000000600)=[0xffffffffffffffff, 0x0]) getresgid(&(0x7f0000000640), &(0x7f0000000680)=0x0, &(0x7f00000006c0)) r7 = getegid() r8 = getegid() r9 = getegid() lstat(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fstat(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r12 = getegid() lsetxattr$system_posix_acl(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='system.posix_acl_default\x00', &(0x7f0000000840)={{}, {0x1, 0x2}, [{0x2, 0x4, r0}, {0x2, 0x7, r1}, {0x2, 0x0, r2}, {0x2, 0x2, r3}, {0x2, 0x6, r4}], {0x4, 0x1}, [{0x8, 0x0, r5}, {0x8, 0x4, r6}, {0x8, 0x1, r7}, {0x8, 0x1, r8}, {0x8, 0x7, r9}, {0x8, 0x4, r10}, {0x8, 0x0, r11}, {0x8, 0x2, r12}], {0x10, 0x4}, {0x20, 0x7}}, 0x8c, 0x2) openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r13 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r13, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:17 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x6, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:17 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0, 0x1, 0x0, 0x0, 0x0}, 0x0) 03:53:17 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x0, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1618.507808] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1618.528073] CPU: 0 PID: 3187 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1618.535199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1618.544591] Call Trace: [ 1618.547222] dump_stack+0x172/0x1f0 [ 1618.550885] dump_header+0x10f/0xb6c 03:53:17 executing program 5: r0 = epoll_create1(0x7fffd) fcntl$lock(r0, 0x7, &(0x7f00000000c0)={0x2}) 03:53:17 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r1, 0x80845663, &(0x7f0000000140)) getsockopt$inet6_mreq(r1, 0x29, 0x14, &(0x7f00000002c0)={@loopback, 0x0}, &(0x7f0000000300)=0x14) getresuid(&(0x7f0000000340), &(0x7f0000000380)=0x0, &(0x7f00000003c0)) setsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000400)={{{@in=@broadcast, @in6=@remote, 0x4e23, 0x0, 0x4e24, 0x101, 0xa, 0xa0, 0x0, 0x1, r2, r3}, {0x5, 0x5, 0x3, 0x9, 0x2e, 0x4, 0x9, 0x200}, {0x7f, 0x7, 0x8, 0x8001}, 0x3, 0x6e6bb9, 0x1, 0x0, 0x1, 0x3}, {{@in6=@mcast1, 0x4d3, 0x6c}, 0xa, @in=@remote, 0x0, 0x0, 0x0, 0x2, 0x9, 0xd505, 0x80000001}}, 0xe8) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1618.554640] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1618.559767] ? ___ratelimit+0x60/0x595 [ 1618.563680] ? do_raw_spin_unlock+0x57/0x270 [ 1618.568125] oom_kill_process.cold+0x10/0x6f5 [ 1618.572656] ? task_will_free_mem+0x139/0x6e0 [ 1618.577197] out_of_memory+0x79a/0x1280 [ 1618.581204] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1618.586338] ? oom_killer_disable+0x280/0x280 [ 1618.590855] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1618.596009] mem_cgroup_out_of_memory+0x99/0xe0 [ 1618.600708] ? memcg_memory_event+0x40/0x40 03:53:17 executing program 5: r0 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000140)="66b9800000c00f326635000800000f30660f062e81b90000058cba610066b8bec8c96766ef65f30f320f01d7660fd92b66b93c0b00000f32660f6a210f2d1a", 0x3f}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000000)=0xf4254) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 1618.605069] ? _raw_spin_unlock+0x2d/0x50 [ 1618.609233] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1618.614355] try_charge+0xfec/0x1570 [ 1618.618088] ? find_held_lock+0x35/0x130 [ 1618.622190] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1618.627509] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1618.632378] ? find_held_lock+0x35/0x130 [ 1618.636467] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1618.641358] memcg_kmem_charge_memcg+0x7c/0x130 [ 1618.646046] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1618.650602] ? get_mem_cgroup_from_mm+0x128/0x2b0 03:53:17 executing program 2: r0 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = syz_open_dev$sndpcmc(&(0x7f0000000640)='/dev/snd/pcmC#D#c\x00', 0x4000000, 0x800) write$P9_RSYMLINK(r2, &(0x7f0000000680)={0x14, 0x11, 0x1, {0x4, 0x4, 0x6}}, 0x14) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r3 = creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fstat(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000380)={{{@in6=@empty, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6=@remote}}, &(0x7f0000000480)=0xe8) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000200)='9p\x00', 0x240000, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@fscache='fscache'}, {@msize={'msize', 0x3d, 0x7}}, {@cache_fscache='cache=fscache'}, {@cache_mmap='cache=mmap'}, {@version_u='version=9p2000.u'}, {@debug={'debug', 0x3d, 0x8}}], [{@smackfsfloor={'smackfsfloor', 0x3d, 'nodevkeyring'}}, {@smackfsroot={'smackfsroot'}}, {@fsmagic={'fsmagic'}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'pipefs\x00'}}, {@fowner_gt={'fowner>', r4}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'pipefs\x00'}}, {@subj_type={'subj_type'}}, {@fowner_gt={'fowner>', r5}}, {@uid_eq={'uid', 0x3d, r6}}]}}) getsockopt$inet6_tcp_buf(r3, 0x6, 0xe, &(0x7f0000000140)=""/148, &(0x7f00000000c0)=0x94) fallocate(r3, 0x10, 0x7, 0x2) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1618.655494] memcg_kmem_charge+0x13b/0x340 [ 1618.659776] __alloc_pages_nodemask+0x437/0x710 [ 1618.664487] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1618.669533] ? perf_trace_run_bpf_submit+0x131/0x190 [ 1618.674668] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1618.680242] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1618.685813] alloc_pages_current+0x107/0x210 [ 1618.690266] get_zeroed_page+0x14/0x50 [ 1618.694185] __pud_alloc+0x3b/0x250 [ 1618.697869] pud_alloc+0xde/0x150 [ 1618.701435] copy_page_range+0x375/0x1f90 03:53:17 executing program 5: unshare(0x40000000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x8000, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000000)={'mangle\x00', 0x2, [{}, {}]}, 0x48) [ 1618.705611] ? mark_held_locks+0x100/0x100 [ 1618.709865] ? perf_trace_lock_acquire+0x380/0x580 [ 1618.714935] ? find_held_lock+0x35/0x130 [ 1618.719030] ? copy_process.part.0+0x3121/0x79a0 [ 1618.723828] ? copy_process.part.0+0x3121/0x79a0 [ 1618.728643] ? pmd_alloc+0x180/0x180 [ 1618.732376] ? vma_compute_subtree_gap+0x158/0x230 [ 1618.737328] ? validate_mm_rb+0xa3/0xc0 [ 1618.741326] ? __vma_link_rb+0x279/0x370 [ 1618.745436] copy_process.part.0+0x56aa/0x79a0 [ 1618.750107] ? __cleanup_sighand+0x70/0x70 [ 1618.754434] _do_fork+0x257/0xfe0 [ 1618.758145] ? fork_idle+0x1d0/0x1d0 [ 1618.761914] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1618.766697] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1618.770926] IPVS: ftp: loaded support on port[0] = 21 [ 1618.771471] ? do_syscall_64+0x26/0x610 [ 1618.771490] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1618.771507] ? do_syscall_64+0x26/0x610 [ 1618.771536] __x64_sys_clone+0xbf/0x150 [ 1618.771574] do_syscall_64+0x103/0x610 [ 1618.797923] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1618.803131] RIP: 0033:0x457e29 03:53:17 executing program 2: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000001500)='/dev/zero\x00', 0x40000, 0x0) setsockopt$CAIFSO_LINK_SELECT(r0, 0x116, 0x7f, &(0x7f0000001540)=0x9, 0x4) openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000001580)='/dev/v4l-subdev#\x00', 0x7f9, 0x4000) r2 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) setsockopt$CAIFSO_LINK_SELECT(r2, 0x116, 0x7f, &(0x7f00000014c0)=0x800, 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x3ce5) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000143, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) stat(&(0x7f00000012c0)='./file1\x00', &(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0}) accept4(r0, &(0x7f00000015c0)=@rc, &(0x7f0000001440)=0x80, 0x800) syz_mount_image$erofs(&(0x7f00000000c0)='erofs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000001280)=[{&(0x7f0000000180)="d93f6a3996eed72b100f8e188893a15bdcc232856d881b0b32d9e1d5faa6463ddd8cdd5e72a53e59e3acb9ae1b47a72433d594d9d4364d3032d27b9f6fdc26962348bed444cbb685645b00c08b8a493b86b136255460ee0642d77b4f498efc1ec9c0b854167f0737c1c53d69831978a312fa075f5b92225a46b80c723fc029c26406054c4519e987f848d977f9d1dd964eb8284a723c13d8810b2069192315120c0afc33cf5bc2371bad4c7cf720e0fdea771e007d3571760bf4aafbea8d9e4777bb8aa3d7df0333aadcd37ed25e56876de82817cbbf66f5c97a12d799f648d87ea97d9fe88d00f1e4f59e21accdb5c3344ed68c985bcd8ee8053530b72f09ec7bf4504d6733ec0dc11f106a9a907ea502d2a8be94677fdbec8168942c4cfddd4d26d7a5099e406838bcd3dfb34afa50132d8a18349169edd2ea6673f708f66fdea5b184a97b7a4315f18785e76ad7567bf9eaa6a1c3491e5a69d1ad44eec37a030aff0542673ddb285f3198224d2cf7430054c534fac77828fd4e2c1aa0b1037e2ab831ac0d820053456ed295f03544e3da6c631b5ac7e8736f232d6b5d05892a90890b0a30618c28ac91cea817f84db65f5942a501226f6fa6093f6c99631a32238b7ced58f87b4005b7aa132a914c39622b28c24a140a883a4f9778db8d0645a6df0b3be85a2c63c9b7ab41b7b1fec3006fb8db4855cd47c87e99a4936810838a4ae3fda3b73b95282064e34847df141abfafc4c7e39aef7ff24eb03b245770a4f5e22e23432ced32b711aa18e8f1db027ca0bd2caa7f174fc2b64c9736412d8a5463d142584e9b9fd5306b2b3443a519d680182e504297bf4b7bb5d5feb196e632819578ef592de8815a41e549a03c36906c8e5e736fb50a352b3f688b0a84205fc76b7354ab25e2ac6a73c2c4e5d813048d67f93db4d2cfe4ddaebc86598da2aeb12fd2df2b43742faeb7b4998b3b61b5dd6cf936a364a4fbda5ca436c10d6eb470c1ad38e434ad108d59e53c76143a82e70e0fb33f344c77f66b3cecf5523faf7041acd10d5262b249685671dbbe6df052484ec1dc388432d1cf57c9bd09c0343e149e80717b934576ba85915388a18bc8196e1ac3303f230bf18290bf9b9ebd968fc7fa8e76c2fec5ad07c3923f98bcc1a195190da6ff0a5107f3f0679b59a2642ebd1d8e74b6706e83025b6a8f0416ecbe9fd14154d0d08d5f7417b037f6663eb3043b1162a729e60b337a01843fa4c7e91453dcdb967dada63ec397c714db990bcec6ab2c88eae8763ab89f380e389458d56027958b55a3726932a38a8a98ad08e23c53a55a55cb48861202537849507478f03a941522739c7b2f9d963a66f845a9d45f02953d1e28899c79c26234e86b892661e283d92b2d0ae8bba0cd6c2ef4910f0684a21f0de7a081d0d0bfa2caca0894457c768f1da76ee09c6b4879fb82aadbe988c952dae9c7a5801d6302da3f360def1884d3b1101d9fc376141e782011ea5ac8e8ea363582cec921c6c780e1a4d183c8c65977a03a0e08391ea4f7aafbc27cd65eab4b08b9f2b3680a117dad848b6557f3501402ec12def5d9e7139076db66697434b4d5a6542ccaf7a62a05969e2a9155f6da21308beba57921d3ea2d41410e93a728c58f2f9e9943b598c6b54edefaee3e3780ad7ce6298c710ad6b123fbc66bbbc0cea7add8bc610ab0db5824d312f1d50aa14637a9e985fadec864d21e23166f6358e61b6bd326a7f556b8198a6a37c17d86b4932099222aa05bbf354b438eed4ceef1efc1cfa45ad3273245e2d5687fcdc96dfa0f737e70d29caa34d8b9ab2546d241fa1bfd2126e5f4b94d408d84a4af7f1f89b2efd2d3c387781a429c28112c974d93b4fef9fb2c87d4511ea73fdf557322782109d036082cb2b224e57a10c2cd1215cd762970ed466bd7fa0008307aa3d177fc739c48261b2df507f89c6a0a9a933f9a8080a10082ab390ca68c7f26376566f0cb878e35f2002514ec8f1aa3e1e4c3cb84613bc268043ae84018e4af1bb5f6caf83ca7e356e344c3946b5dc239db170bea407930aaa8f277cb97f81a35e658e5ce239fbdb4176a877a3bd8e13e1c48bce88d4de3f31c40adb5a0c315a11b7de280aec0b2c41d644512542038b73f53cc2ed2b68275bce6cad6983160b620947a4b675163b56485eb3c2a34c754db704d88bccfe54a8de4c8eddb1fc1c201df905564196c8fc91850d5cba2cd381b994c1524ba3f4daddafcc576543f377f0933826a27f0bd97dad5c1c64cc6f6f5f248e1ac9b0011c1f82e9b7498b731adae8115ef24f397215460c452e31a424852955f7676885c291d0e8ccc4e7a273a57b5ae9ef8c2126d0501f591c3b5a9052f87b692076fdac484eedb4607bbdeefedfce92858e5bd2a801146ec64ed690d695ed40aba5468e2499bb6e4805fae4bba0de5d25309a6850e5cec004ccec18a1323dc744ea5545242fbdc7115f911ca07ed3609613810345d4f415dc989a4d1ba16253547866812fc5f34508ba0e533257d58a0dd8d3499b7ad369259000864f851dc55172dbbda3797dd1135d50e8c8459d3829b974a1cab07de5c3f78a7dd6db2b7fc597024a853838897482981cc3b336e40c416fe82f91d8bb3c342302641d8d8dc3e4f23037ab03e40941634f00466c7517e38ab4599b1dac0bb6af92bc9aca23cd519ace561e2e468016239cbfb4167333afe01776bba369df8e5c8bbef56aeaacb8096638cad41d4e636d721273958ed9b34228ce96969eb09d5cdf4bd63255a169f509525801a776708bfe009ddfb1d30d5825eea423820ee1af3ede63a8e87d3d6b4df91b5e96c268334277adeab6aaa40a67a672f8bf715f6ded5958c4f71ccca3c4b1c9e67260ce43f9b9cb253cd199e6aacd590ca9112c57cfd3f10bdd1d08735261183452fad8ee76149c6747c13cb452662b2d3b5f274f256486de721658eb48aca61a8a272e19425c0ed6178af1d8d88ee66d8a9cf0068d5986a0524c33ad3e54dd0b5bc147962c5a18c40293ff4b3a9efb6db7208e8f2a43e8c239637c8c58f0e878df9827d6cd8bc1e10bca865e3c53537ad87353a7dd2171166227287acdb7430308bdd2f65d1ee71c1d69b891871394d748e9bdd2bca6a08e5f3eeadf61abb84de01a33a837c75d2534a4eadc0a5f5e9d3fd91a9501176695372a58cff9f6c760e869b16544aa395d9874ae643bae18746ac21d08964af3071b3da84042b68427592b2f3e6ccd17fb4a8578af5bd5c638acc1376f2a8fa71bc0d228181b3488c754bf0c111360a25e211db760c4482fe8391fe6f18fa84263ac221681e87213f23e8af043ef9447e76485976c311d90cbe712b16b24e3be622a9ff173089e822b66449b5348d52f10be2b1f7d48a9384620ebd1ddd5a167de25857fbcfeb41cdc81048177476fe110ebe2e81e57197ece4cc722a5bd98b741b692ccd0d3748bdcef6b0b706b90686512a397109a6f8ffe3f3cd0e56a6aac64eff26be8d9221778e08a4d0cd3031315a642c99f28fcc95449a6c9c664c28180f2964fa922288da52d460cb754b53dd9d8d71a7046a59a314076c63d144a1523fa407e14acf68225b2de3f9f2b09d081e0de7fc11ed95d12d7f6780e7a32ff7d9cb47a71f1a3d77dbf2d4d257fc86f58fece3a4df6cf580ad6366e4aef77199adb6e790569ef96b6aaa14329792d92f91e402c8e285b6ad3638df8ed9d48593f0431296c1e0b04132cb566bb14f018fb43b4869c3061ab2b3c929c6b2739e10c2db6ae71de50ed8b3109da47e27218af9f6249d22319d1482bb853a6dbde4e532744de20cb0d2408f56ad064f1cc6ececca87ba56fc9d21669ef6188d9f240bab14650c575676aebcf86c30d3f833ebf08df3da677c49fdea96f196750bbc54c8912cf12901175a8fc618d875226b39d4b78e47c0c85a3661870fde9e8d5db90010141d82799a892ef136d134c0b56229db2e2052831cdcb0f70a0ec45cb883fb0cbadd17cc7173d2d0b9eafd5d7682422878084d150311756c9b25e4cd66d9673579e2444ce20407487aba2e528d4b20f79c2b4b382540188c7a9d9646c34ae26b6907f34bc82c40e92bc65aaa533a3c47cd07531e443b0e45414914abc1be9cd6bdc91d0c928ffea48a3afdbd9981219e52772ba0e4926ab27fb59e024d5c4d1b5e42254470c0fc32c0c434b23c5b2d8cea10f4e6bc90b2bb6c60558b03e996ece1b7443e1e5385b0532aa6df902fee5c0b3997eadbd9bd79154a8bea7615434889c2c6a84a110d32ae660d731dcb12f6131263c1edfb2701f073b1009786a200849c7e0986292c113f1597a413aee439811ec37b797e7dfbff8d78df8603615099bbb274faabe554c8d73ef58e12e727a6ad6de361b60d3f6d2037257585aba6230b2bd5ef56e6d537117137ab0367d8dc7e4c9deff70b73ab4bffcfa5cdf027d8e7fab35a816dfb866c4e344ee158ca687af4881cf6aba869136a89a22d0583efed2291961f2de31898459aa150ab7f7b9c36138d40f3648839326f564737092ea915250c4e3d7fe416487831df414fe441c8dbf1a6f9dcc09998ba462c9e4022acf1a428ef5c08261eb0571ab725de55a5be5ef1d21dae77069e44ef530b5944291fa5c38fe95a1e9371ac75700c67e6abf463bccccd936d1b24f1594f405fd81fc336017c51d5083f9078ed84512abada981b2aedc7222accb5bcafbec24945d8753a2a3576ea2cd385abca7791552b0138fb71e442d6eb3de3fb4956a41419cfae853df17d2517e243a25e4a3d3aede3d4850b51ddf5b3d59ecef0ab137cf65ff7e7271de94244e00bb432cea81e472b6a17900b79770a4ac906b74aee13a77f4666fcefc765926770e00ce4557e8c3c0226a20b8bc809fc66ab7408852562bfe9181794886d1fb78bbfba763ed4347ae13b6524dbb71d7b5d0bc2144aaa56d88c9108319025a21a44ebf582746b4876cb35df37359d523aca7115b68ee2a873b251eeef77a7e974c337c611f25dd06fc903382d416910bc95bf09c28c6baa0bef6424b9ff8d57a2cd604c86db2b70cd067fc6b338be355dca9362837033e2ff19b76faf9e1a4cd1ac46eb9e1bce82dcc35013e7af8c34b7bdfbc10dc01a18f1a9820d7f17f03df8b100c75c4db7267c909c8065f36d99c9e2da29014ac2d66ced5aae37631d0b4b7ab27cd5e5959abadb7066a519e8cfbdbf92b7931e41d9fa9f65c27560414f494057199e7294c11562a81d0a2e3485ca8ce566b88a788ab711f27c88e0c3d97a3411afdbe161a3ae5dd810220734b91e87308daa9e17bb2f2d3bbdd32061246bb0aced1bdeb3254b61a987b4d9f9380ca4e618fa0663586a0761540c1a4d3597d56bc1c036097fde873f91e25300e01be3197efd1a2006e695d65275ac26805834c79e4a1170ac72e7e10b1d95bf27ef5c148deac7fed861712e6f22bc5edce6b4e54a8762c5d8a05d0a898c5e1520eb159c99f6f75ff7a28286dffd42cd1fa664326ccd74a6c60c54664fdb12850b61e90a5008bb25d7e9b39219d13afbad2942d05e7a2c059d6e88174776598de9c00729713f1e2b6e0ff405a6dc8f45bc5569890948e94a4212f61149044c4b7f33458aaebeb28b64709aa0999a304517c86ceb2fa4f2785c5e3c1d44597d9499784925bdc358d8c19b9684f6f9644c14c4d2b9ff35c8e6432646be47374b2aacee7267f7db2e86326bb25d984f196c60a8edb1cb6e7992a05b90a96de0d5234a9b434a7447e598c968f79ed3195072b86bdb9e90bd", 0x1000, 0x7}, {&(0x7f0000001180)="2d2dcaa2dd64f7dce9f568493903ef139c4338da6bdb519601560f74a3965165a4c00e99a757ca9bd8690b398bf24cf900344789e422dcad8c54c7cfc1a5bbb42066538ab5656df5f8381eb1b67178204e686a28d9c136912c332cf3dd6979455190705978bda453cead0e04b625f8c7e591a65e9506f3c88c0da108316007ed5569c3fd7a512b96ca63013bec95039061f4894331340ce6fb76d908f40c1a058c08c90ffaa395ed7a66c9e449b9eb54a77788e0132ac5faa258f2929c0cfc2a10e13409d3568a4d1e77a2e0e28b0933a7799a73ec458c066970f09b9514cf68c6839f36ed8e546955e6044ab24e0c314ea4af9e7eadf22556a8", 0xfa, 0x63}], 0x10001, &(0x7f0000001380)={[{@noacl='noacl'}, {@fault_injection={'fault_injection', 0x3d, 0x1}}, {@user_xattr='user_xattr'}], [{@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@obj_role={'obj_role', 0x3d, '/dev/usbmon#\x00'}}, {@euid_lt={'euid<', r3}}, {@subj_user={'subj_user', 0x3d, 'pipefs\x00'}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/usbmon#\x00'}}]}) ioctl$VIDIOC_TRY_ENCODER_CMD(r2, 0xc028564e, &(0x7f0000001480)={0x0, 0x1, [0x8, 0x2, 0x1, 0x8001, 0x7, 0x7, 0xfffffffffffffff7, 0x8]}) [ 1618.806352] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1618.825260] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1618.825278] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1618.825289] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1618.825301] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1618.825312] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1618.825328] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1618.873729] memory: usage 307200kB, limit 307200kB, failcnt 21665 [ 1618.880577] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1618.910376] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1618.916815] Memory cgroup stats for /syz0: cache:0KB rss:96684KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96668KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1618.949938] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3117,uid=0 [ 1618.978889] Memory cgroup out of memory: Kill process 3117 (syz-executor.0) score 1103 or sacrifice child [ 1618.989279] Killed process 3117 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB [ 1619.021167] oom_reaper: reaped process 3117 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1619.058191] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1619.080439] CPU: 0 PID: 3187 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1619.087551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1619.087560] Call Trace: [ 1619.087586] dump_stack+0x172/0x1f0 [ 1619.087616] dump_header+0x10f/0xb6c [ 1619.106855] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1619.106876] ? ___ratelimit+0x60/0x595 [ 1619.106905] ? do_raw_spin_unlock+0x57/0x270 [ 1619.115914] oom_kill_process.cold+0x10/0x6f5 [ 1619.115949] ? task_will_free_mem+0x139/0x6e0 [ 1619.129324] out_of_memory+0x79a/0x1280 [ 1619.129366] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1619.138435] ? oom_killer_disable+0x280/0x280 [ 1619.138455] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1619.138493] mem_cgroup_out_of_memory+0x99/0xe0 [ 1619.148077] ? memcg_memory_event+0x40/0x40 [ 1619.157062] ? _raw_spin_unlock+0x2d/0x50 [ 1619.157081] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1619.166318] try_charge+0xfec/0x1570 [ 1619.170037] ? find_held_lock+0x35/0x130 [ 1619.170072] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1619.178979] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1619.179000] ? find_held_lock+0x35/0x130 [ 1619.179022] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1619.192790] memcg_kmem_charge_memcg+0x7c/0x130 [ 1619.192810] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1619.192839] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1619.192864] memcg_kmem_charge+0x13b/0x340 [ 1619.206856] __alloc_pages_nodemask+0x437/0x710 [ 1619.206878] ? find_held_lock+0x35/0x130 [ 1619.219858] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1619.224921] ? kasan_check_read+0x11/0x20 [ 1619.229099] ? lock_downgrade+0x810/0x810 [ 1619.233271] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1619.238837] alloc_pages_current+0x107/0x210 [ 1619.243273] pte_alloc_one+0x1b/0x1a0 [ 1619.247108] __pte_alloc+0x20/0x310 [ 1619.250766] copy_page_range+0x1529/0x1f90 [ 1619.255015] ? __lock_is_held+0xb6/0x140 [ 1619.259134] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1619.264187] ? pmd_alloc+0x180/0x180 [ 1619.267944] ? validate_mm_rb+0xa3/0xc0 [ 1619.272019] ? __vma_link_rb+0x279/0x370 [ 1619.276119] copy_process.part.0+0x56aa/0x79a0 [ 1619.280783] ? __cleanup_sighand+0x70/0x70 [ 1619.285102] _do_fork+0x257/0xfe0 [ 1619.288577] ? fork_idle+0x1d0/0x1d0 [ 1619.292336] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1619.297117] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1619.301908] ? do_syscall_64+0x26/0x610 [ 1619.305910] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1619.311287] ? do_syscall_64+0x26/0x610 [ 1619.315285] __x64_sys_clone+0xbf/0x150 [ 1619.319309] do_syscall_64+0x103/0x610 [ 1619.323217] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1619.328412] RIP: 0033:0x457e29 [ 1619.331631] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1619.350538] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1619.358254] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1619.365533] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1619.372821] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1619.380100] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1619.387375] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1619.400355] memory: usage 307040kB, limit 307200kB, failcnt 21703 [ 1619.406615] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1619.419681] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1619.427064] Memory cgroup stats for /syz0: cache:0KB rss:96548KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96548KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1619.447430] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=9487,uid=0 [ 1619.462189] Memory cgroup out of memory: Kill process 9487 (syz-executor.0) score 1103 or sacrifice child [ 1619.472104] Killed process 9487 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1619.486659] syz-executor.5 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1619.499933] CPU: 0 PID: 3237 Comm: syz-executor.5 Not tainted 5.0.0-rc8 #87 [ 1619.507058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1619.516416] Call Trace: [ 1619.519036] dump_stack+0x172/0x1f0 [ 1619.522692] dump_header+0x10f/0xb6c [ 1619.526415] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1619.531527] ? ___ratelimit+0x60/0x595 03:53:18 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x5000000) 03:53:18 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x0, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:18 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x7, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:18 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x4000) 03:53:18 executing program 2: prctl$PR_MCE_KILL_GET(0x22) openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1619.535433] ? do_raw_spin_unlock+0x57/0x270 [ 1619.539853] oom_kill_process.cold+0x10/0x6f5 [ 1619.544364] ? task_will_free_mem+0x139/0x6e0 [ 1619.548881] out_of_memory+0x79a/0x1280 [ 1619.552935] ? oom_killer_disable+0x280/0x280 [ 1619.557442] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1619.562562] mem_cgroup_out_of_memory+0x99/0xe0 [ 1619.567243] ? memcg_memory_event+0x40/0x40 [ 1619.571578] ? _raw_spin_unlock+0x2d/0x50 [ 1619.575734] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1619.580856] try_charge+0xfec/0x1570 [ 1619.584574] ? find_held_lock+0x35/0x130 [ 1619.588653] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1619.593517] ? kasan_check_read+0x11/0x20 [ 1619.597684] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1619.602555] mem_cgroup_try_charge+0x24d/0x5e0 [ 1619.607155] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1619.612104] shmem_getpage_gfp+0x69b/0x3520 [ 1619.616457] ? shmem_add_to_page_cache+0x1200/0x1200 [ 1619.621574] ? lock_downgrade+0x810/0x810 [ 1619.625735] shmem_fault+0x22d/0x760 [ 1619.629482] ? __handle_mm_fault+0x349d/0x3f20 03:53:18 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x2, 0x10000) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1619.634075] ? shmem_read_mapping_page_gfp+0x1a0/0x1a0 [ 1619.639368] ? lock_downgrade+0x810/0x810 [ 1619.643540] __do_fault+0x116/0x4e0 [ 1619.647214] __handle_mm_fault+0x2cbd/0x3f20 [ 1619.651643] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1619.656501] ? find_held_lock+0x35/0x130 [ 1619.660568] ? handle_mm_fault+0x322/0xb30 [ 1619.664833] ? kasan_check_read+0x11/0x20 [ 1619.668990] handle_mm_fault+0x43f/0xb30 [ 1619.673067] __get_user_pages+0x7b6/0x1a40 [ 1619.677329] ? follow_page_mask+0x19a0/0x19a0 [ 1619.681842] ? memset+0x32/0x40 [ 1619.685134] populate_vma_page_range+0x20d/0x2a0 [ 1619.689914] __mm_populate+0x204/0x380 [ 1619.693840] ? populate_vma_page_range+0x2a0/0x2a0 [ 1619.698810] vm_mmap_pgoff+0x213/0x230 [ 1619.702716] ? vma_is_stack_for_current+0xd0/0xd0 [ 1619.707573] ? kasan_check_read+0x11/0x20 [ 1619.711732] ? _copy_to_user+0xc9/0x120 [ 1619.715722] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1619.722238] ksys_mmap_pgoff+0xf7/0x630 [ 1619.726226] ? find_mergeable_anon_vma+0x2e0/0x2e0 [ 1619.731180] ? trace_hardirqs_on_thunk+0x1a/0x1c 03:53:18 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x0, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1619.735964] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1619.740728] ? do_syscall_64+0x26/0x610 [ 1619.744714] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1619.750089] __x64_sys_mmap+0xe9/0x1b0 [ 1619.753993] do_syscall_64+0x103/0x610 [ 1619.757909] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1619.763120] RIP: 0033:0x457e29 [ 1619.766326] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1619.785245] RSP: 002b:00007f082abddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1619.792963] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457e29 [ 1619.800234] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000 [ 1619.807508] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 1619.814810] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f082abde6d4 [ 1619.814822] R13: 00000000004c3b88 R14: 00000000004d6d40 R15: 00000000ffffffff 03:53:18 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:18 executing program 2: r0 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_G_AUDOUT(r0, 0x80345631, &(0x7f00000000c0)) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_SET(r1, &(0x7f0000000480)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000440)={&(0x7f00000001c0)={0x250, r3, 0x31, 0x70bd26, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0x44, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffffffffe32a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfa}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_LINK={0x34, 0x4, [@TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}]}, @TIPC_NLA_LINK={0x54, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x800}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}]}, @TIPC_NLA_LINK={0x64, 0x4, [@TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffffffffbff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fff}, @TIPC_NLA_PROP_MTU={0x8}]}]}, @TIPC_NLA_BEARER={0x10c, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'dummy0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @loopback}}, {0x14, 0x2, @in={0x2, 0x4e24, @loopback}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x40}, @TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'ib', 0x3a, 'nr0\x00'}}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x14}}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x9, @mcast1}}}}, @TIPC_NLA_BEARER_NAME={0x18, 0x1, @l2={'eth', 0x3a, 'veth0_to_bridge\x00'}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}]}]}, 0x250}, 0x1, 0x0, 0x0, 0x8040}, 0x4000044) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$RTC_ALM_SET(r2, 0x40247007, &(0x7f00000004c0)={0x14, 0x21, 0xd, 0x5, 0x7, 0x7, 0x3, 0x88, 0xffffffffffffffff}) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1619.881154] memory: usage 307200kB, limit 307200kB, failcnt 5672 [ 1619.894190] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:53:18 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x8, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) [ 1619.928370] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1620.011039] Memory cgroup stats for /syz5: cache:5376KB rss:197884KB rss_huge:145408KB shmem:5420KB mapped_file:5412KB dirty:0KB writeback:0KB swap:0KB inactive_anon:5488KB active_anon:197864KB inactive_file:8KB active_file:4KB unevictable:0KB [ 1620.039351] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=21190,uid=0 [ 1620.070579] Memory cgroup out of memory: Kill process 21190 (syz-executor.5) score 1113 or sacrifice child [ 1620.080924] Killed process 21190 (syz-executor.5) total-vm:72444kB, anon-rss:2200kB, file-rss:35824kB, shmem-rss:0kB [ 1620.095822] oom_reaper: reaped process 21190 (syz-executor.5), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 1620.103028] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1620.150272] CPU: 1 PID: 3269 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1620.157382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1620.166740] Call Trace: [ 1620.169339] dump_stack+0x172/0x1f0 [ 1620.172986] dump_header+0x10f/0xb6c [ 1620.176726] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1620.181852] ? ___ratelimit+0x60/0x595 [ 1620.185745] ? do_raw_spin_unlock+0x57/0x270 [ 1620.190163] oom_kill_process.cold+0x10/0x6f5 [ 1620.194673] ? task_will_free_mem+0x139/0x6e0 [ 1620.199177] out_of_memory+0x79a/0x1280 [ 1620.203179] ? oom_killer_disable+0x280/0x280 [ 1620.207704] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1620.212824] mem_cgroup_out_of_memory+0x99/0xe0 [ 1620.217502] ? memcg_memory_event+0x40/0x40 [ 1620.221836] ? _raw_spin_unlock+0x2d/0x50 [ 1620.225984] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1620.231087] try_charge+0xfec/0x1570 [ 1620.234813] ? find_held_lock+0x35/0x130 [ 1620.238910] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1620.243766] ? kasan_check_read+0x11/0x20 [ 1620.247957] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1620.252804] mem_cgroup_try_charge+0x24d/0x5e0 [ 1620.257409] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1620.262353] wp_page_copy+0x408/0x1740 [ 1620.266244] ? find_held_lock+0x35/0x130 [ 1620.270310] ? pmd_pfn+0x1d0/0x1d0 [ 1620.273868] ? lock_downgrade+0x810/0x810 [ 1620.278042] ? swp_swapcount+0x540/0x540 [ 1620.282106] ? kasan_check_read+0x11/0x20 [ 1620.286251] ? do_raw_spin_unlock+0x57/0x270 [ 1620.290665] do_wp_page+0x2ed/0x1520 [ 1620.294381] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1620.299060] __handle_mm_fault+0x22db/0x3f20 [ 1620.303493] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1620.308347] ? find_held_lock+0x35/0x130 [ 1620.312409] ? handle_mm_fault+0x322/0xb30 [ 1620.316681] ? kasan_check_read+0x11/0x20 [ 1620.320837] handle_mm_fault+0x43f/0xb30 [ 1620.324918] __do_page_fault+0x5da/0xd60 [ 1620.328999] do_page_fault+0x71/0x581 [ 1620.332803] ? page_fault+0x8/0x30 [ 1620.336341] page_fault+0x1e/0x30 [ 1620.339786] RIP: 0033:0x404478 [ 1620.342991] Code: 85 02 00 00 80 3d 1f c0 64 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 0c c0 64 00 39 45 24 0f 84 e7 01 00 00 44 8b a5 80 00 00 00 73 d8 ff ff 48 2b 05 8c 3b 33 00 8b 75 00 49 89 d8 45 89 e1 4c [ 1620.361915] RSP: 002b:00007f3c7558fc90 EFLAGS: 00010246 [ 1620.367274] RAX: 00007f3c77591000 RBX: 0000000000002020 RCX: 0000000000457e29 [ 1620.374538] RDX: 000000000003ffff RSI: 0000000000000000 RDI: 0000000000000000 [ 1620.381807] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1620.389071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1620.396335] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1620.422905] memory: usage 307200kB, limit 307200kB, failcnt 21745 [ 1620.429400] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1620.437534] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1620.443993] Memory cgroup stats for /syz0: cache:0KB rss:96548KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96624KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1620.464261] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=9591,uid=0 [ 1620.478889] Memory cgroup out of memory: Kill process 9591 (syz-executor.0) score 1103 or sacrifice child [ 1620.488794] Killed process 9591 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1620.500547] oom_reaper: reaped process 9591 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1620.515263] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1620.533689] CPU: 0 PID: 3279 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1620.540793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1620.550134] Call Trace: [ 1620.552716] dump_stack+0x172/0x1f0 [ 1620.556331] dump_header+0x10f/0xb6c [ 1620.560030] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1620.565141] ? ___ratelimit+0x60/0x595 [ 1620.569033] ? do_raw_spin_unlock+0x57/0x270 [ 1620.573463] oom_kill_process.cold+0x10/0x6f5 [ 1620.577967] ? task_will_free_mem+0x139/0x6e0 [ 1620.582464] out_of_memory+0x79a/0x1280 [ 1620.586428] ? oom_killer_disable+0x280/0x280 [ 1620.590931] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1620.596053] mem_cgroup_out_of_memory+0x99/0xe0 [ 1620.600718] ? memcg_memory_event+0x40/0x40 [ 1620.605029] ? _raw_spin_unlock+0x2d/0x50 [ 1620.609172] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1620.614271] try_charge+0xb4a/0x1570 [ 1620.617965] ? find_held_lock+0x35/0x130 [ 1620.622015] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1620.626855] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1620.631679] ? find_held_lock+0x35/0x130 [ 1620.635728] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1620.640573] memcg_kmem_charge_memcg+0x7c/0x130 [ 1620.645262] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1620.649753] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1620.654595] memcg_kmem_charge+0x13b/0x340 [ 1620.658827] __alloc_pages_nodemask+0x437/0x710 [ 1620.663484] ? find_held_lock+0x35/0x130 [ 1620.667543] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1620.672589] ? __lock_acquire+0x53b/0x4700 [ 1620.676810] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1620.682351] alloc_pages_current+0x107/0x210 [ 1620.686761] pte_alloc_one+0x1b/0x1a0 [ 1620.690550] __handle_mm_fault+0x34e4/0x3f20 [ 1620.694975] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1620.699815] ? find_held_lock+0x35/0x130 [ 1620.703865] ? handle_mm_fault+0x322/0xb30 [ 1620.708092] ? kasan_check_read+0x11/0x20 [ 1620.712246] handle_mm_fault+0x43f/0xb30 [ 1620.716330] __do_page_fault+0x5da/0xd60 [ 1620.720402] do_page_fault+0x71/0x581 [ 1620.724188] ? page_fault+0x8/0x30 [ 1620.727724] page_fault+0x1e/0x30 [ 1620.731170] RIP: 0033:0x457e29 [ 1620.734366] Code: Bad RIP value. [ 1620.737720] RSP: 002b:00007f3c7558fc78 EFLAGS: 00010246 [ 1620.743067] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000457e29 [ 1620.750318] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1620.757763] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1620.765049] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1620.772316] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1620.785171] memory: usage 306948kB, limit 307200kB, failcnt 21745 [ 1620.791770] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1620.798524] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1620.804745] Memory cgroup stats for /syz0: cache:0KB rss:96548KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96532KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1620.824931] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=9652,uid=0 [ 1620.839523] Memory cgroup out of memory: Kill process 9652 (syz-executor.0) score 1103 or sacrifice child [ 1620.849352] Killed process 9652 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1620.860891] oom_reaper: reaped process 9652 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1620.877428] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1620.887288] CPU: 1 PID: 3265 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1620.894394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1620.903763] Call Trace: [ 1620.906343] dump_stack+0x172/0x1f0 [ 1620.909971] dump_header+0x10f/0xb6c [ 1620.913679] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1620.918793] ? ___ratelimit+0x60/0x595 [ 1620.922674] ? do_raw_spin_unlock+0x57/0x270 [ 1620.927072] oom_kill_process.cold+0x10/0x6f5 [ 1620.931569] ? task_will_free_mem+0x139/0x6e0 [ 1620.936076] out_of_memory+0x79a/0x1280 [ 1620.940062] ? oom_killer_disable+0x280/0x280 [ 1620.944549] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1620.949696] mem_cgroup_out_of_memory+0x99/0xe0 [ 1620.954363] ? memcg_memory_event+0x40/0x40 [ 1620.958684] ? _raw_spin_unlock+0x2d/0x50 [ 1620.962841] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1620.968000] try_charge+0xb4a/0x1570 [ 1620.971711] ? find_held_lock+0x35/0x130 [ 1620.975777] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1620.980610] ? kasan_check_read+0x11/0x20 [ 1620.984750] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1620.989584] mem_cgroup_try_charge+0x24d/0x5e0 [ 1620.994164] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1620.999079] wp_page_copy+0x408/0x1740 [ 1621.002949] ? find_held_lock+0x35/0x130 [ 1621.007026] ? pmd_pfn+0x1d0/0x1d0 [ 1621.010578] ? lock_downgrade+0x810/0x810 [ 1621.014725] ? swp_swapcount+0x540/0x540 [ 1621.018789] ? kasan_check_read+0x11/0x20 [ 1621.022934] ? do_raw_spin_unlock+0x57/0x270 [ 1621.027360] do_wp_page+0x2ed/0x1520 [ 1621.031076] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1621.035766] __handle_mm_fault+0x22db/0x3f20 [ 1621.040191] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1621.045040] ? find_held_lock+0x35/0x130 [ 1621.049099] ? handle_mm_fault+0x322/0xb30 [ 1621.053352] ? kasan_check_read+0x11/0x20 [ 1621.057534] handle_mm_fault+0x43f/0xb30 [ 1621.061596] __do_page_fault+0x5da/0xd60 [ 1621.065662] do_page_fault+0x71/0x581 [ 1621.069454] ? page_fault+0x8/0x30 [ 1621.072983] page_fault+0x1e/0x30 [ 1621.076425] RIP: 0033:0x40d1e8 [ 1621.079613] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf bf d4 4b 00 31 c0 e8 43 47 ff ff 31 ff e8 8c 43 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 32 64 00 [ 1621.098512] RSP: 002b:00007ffee6aa56e0 EFLAGS: 00010246 [ 1621.103858] RAX: 000000006698ea66 RBX: 00000000b3d216fe RCX: 0000001b33120000 [ 1621.111119] RDX: 0000000000000000 RSI: 0000000000000a66 RDI: ffffffff6698ea66 [ 1621.118374] RBP: 0000000000000005 R08: 000000006698ea66 R09: 000000006698ea6a [ 1621.125625] R10: 00007ffee6aa5870 R11: 0000000000000246 R12: 000000000073c028 [ 1621.132884] R13: 0000000080000000 R14: 00007f3c77391008 R15: 0000000000000014 [ 1621.140450] net_ratelimit: 26 callbacks suppressed [ 1621.140474] protocol 88fb is buggy, dev hsr_slave_0 [ 1621.150548] protocol 88fb is buggy, dev hsr_slave_1 [ 1621.155709] protocol 88fb is buggy, dev hsr_slave_0 [ 1621.160808] protocol 88fb is buggy, dev hsr_slave_1 [ 1621.165904] protocol 88fb is buggy, dev hsr_slave_0 [ 1621.171002] protocol 88fb is buggy, dev hsr_slave_1 [ 1621.176071] protocol 88fb is buggy, dev hsr_slave_0 [ 1621.181199] protocol 88fb is buggy, dev hsr_slave_1 [ 1621.186545] memory: usage 306692kB, limit 307200kB, failcnt 21745 [ 1621.192838] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1621.199609] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1621.205808] Memory cgroup stats for /syz0: cache:0KB rss:96412KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96436KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1621.226064] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=9753,uid=0 [ 1621.240676] Memory cgroup out of memory: Kill process 9753 (syz-executor.0) score 1103 or sacrifice child [ 1621.250543] Killed process 9753 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1621.273945] syz-executor.5 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1621.286361] CPU: 0 PID: 3237 Comm: syz-executor.5 Not tainted 5.0.0-rc8 #87 [ 1621.293474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1621.302824] Call Trace: [ 1621.305419] dump_stack+0x172/0x1f0 [ 1621.309068] dump_header+0x10f/0xb6c [ 1621.312778] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1621.317875] ? ___ratelimit+0x60/0x595 [ 1621.321752] ? do_raw_spin_unlock+0x57/0x270 [ 1621.326145] oom_kill_process.cold+0x10/0x6f5 [ 1621.330644] ? task_will_free_mem+0x139/0x6e0 [ 1621.335151] out_of_memory+0x79a/0x1280 [ 1621.339126] ? oom_killer_disable+0x280/0x280 [ 1621.343620] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1621.348711] mem_cgroup_out_of_memory+0x99/0xe0 [ 1621.353375] ? memcg_memory_event+0x40/0x40 [ 1621.357692] ? _raw_spin_unlock+0x2d/0x50 [ 1621.361826] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1621.366933] try_charge+0xfec/0x1570 [ 1621.370659] ? find_held_lock+0x35/0x130 [ 1621.374744] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1621.379602] ? kasan_check_read+0x11/0x20 [ 1621.383739] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1621.388576] mem_cgroup_try_charge+0x24d/0x5e0 [ 1621.393172] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1621.398113] shmem_getpage_gfp+0x69b/0x3520 [ 1621.402436] ? shmem_add_to_page_cache+0x1200/0x1200 [ 1621.407537] ? lock_downgrade+0x810/0x810 [ 1621.411687] shmem_fault+0x22d/0x760 [ 1621.415402] ? __handle_mm_fault+0x349d/0x3f20 [ 1621.420025] ? shmem_read_mapping_page_gfp+0x1a0/0x1a0 [ 1621.425292] ? lock_downgrade+0x810/0x810 [ 1621.429443] __do_fault+0x116/0x4e0 [ 1621.433088] __handle_mm_fault+0x2cbd/0x3f20 [ 1621.437494] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1621.442318] ? find_held_lock+0x35/0x130 [ 1621.446362] ? handle_mm_fault+0x322/0xb30 [ 1621.450622] ? kasan_check_read+0x11/0x20 [ 1621.454786] handle_mm_fault+0x43f/0xb30 [ 1621.458841] __get_user_pages+0x7b6/0x1a40 [ 1621.463067] ? follow_page_mask+0x19a0/0x19a0 [ 1621.467548] ? memset+0x32/0x40 [ 1621.470830] populate_vma_page_range+0x20d/0x2a0 [ 1621.475594] __mm_populate+0x204/0x380 [ 1621.479474] ? populate_vma_page_range+0x2a0/0x2a0 [ 1621.484394] vm_mmap_pgoff+0x213/0x230 [ 1621.488277] ? vma_is_stack_for_current+0xd0/0xd0 [ 1621.493112] ? kasan_check_read+0x11/0x20 [ 1621.497255] ? _copy_to_user+0xc9/0x120 [ 1621.501214] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1621.506745] ksys_mmap_pgoff+0xf7/0x630 [ 1621.510723] ? find_mergeable_anon_vma+0x2e0/0x2e0 [ 1621.515652] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1621.520410] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1621.525166] ? do_syscall_64+0x26/0x610 [ 1621.529121] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1621.534596] __x64_sys_mmap+0xe9/0x1b0 [ 1621.538482] do_syscall_64+0x103/0x610 [ 1621.542359] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1621.547528] RIP: 0033:0x457e29 [ 1621.550709] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1621.569599] RSP: 002b:00007f082abddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1621.577300] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457e29 [ 1621.584552] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000 [ 1621.591830] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 1621.599087] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f082abde6d4 [ 1621.606337] R13: 00000000004c3b88 R14: 00000000004d6d40 R15: 00000000ffffffff [ 1621.613820] protocol 88fb is buggy, dev hsr_slave_0 [ 1621.618891] protocol 88fb is buggy, dev hsr_slave_1 [ 1621.627592] memory: usage 307196kB, limit 307200kB, failcnt 5705 [ 1621.633995] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1621.640816] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1621.646960] Memory cgroup stats for /syz5: cache:7620KB rss:195716KB rss_huge:143360KB shmem:7664KB mapped_file:7788KB dirty:0KB writeback:0KB swap:0KB inactive_anon:7804KB active_anon:195716KB inactive_file:4KB active_file:0KB unevictable:0KB [ 1621.669000] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19655,uid=0 [ 1621.683679] Memory cgroup out of memory: Kill process 19655 (syz-executor.5) score 1113 or sacrifice child [ 1621.693614] Killed process 19655 (syz-executor.5) total-vm:72576kB, anon-rss:2196kB, file-rss:35788kB, shmem-rss:0kB [ 1621.706100] oom_reaper: reaped process 19655 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 1621.739237] syz-executor.5 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1621.749657] CPU: 0 PID: 3237 Comm: syz-executor.5 Not tainted 5.0.0-rc8 #87 [ 1621.756751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1621.766086] Call Trace: [ 1621.768659] dump_stack+0x172/0x1f0 [ 1621.772292] dump_header+0x10f/0xb6c [ 1621.776014] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1621.781127] ? ___ratelimit+0x60/0x595 [ 1621.785028] ? do_raw_spin_unlock+0x57/0x270 [ 1621.789428] oom_kill_process.cold+0x10/0x6f5 [ 1621.793932] ? task_will_free_mem+0x139/0x6e0 [ 1621.798418] out_of_memory+0x79a/0x1280 [ 1621.802393] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1621.807493] ? oom_killer_disable+0x280/0x280 [ 1621.811983] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1621.817084] mem_cgroup_out_of_memory+0x99/0xe0 [ 1621.821753] ? memcg_memory_event+0x40/0x40 [ 1621.826073] ? _raw_spin_unlock+0x2d/0x50 [ 1621.830220] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1621.835320] try_charge+0xfec/0x1570 [ 1621.839015] ? find_held_lock+0x35/0x130 [ 1621.843077] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1621.847928] ? kasan_check_read+0x11/0x20 [ 1621.852081] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1621.856943] mem_cgroup_try_charge+0x24d/0x5e0 [ 1621.861544] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1621.866482] shmem_getpage_gfp+0x69b/0x3520 [ 1621.870831] ? shmem_add_to_page_cache+0x1200/0x1200 [ 1621.875947] ? lock_downgrade+0x810/0x810 [ 1621.880096] shmem_fault+0x22d/0x760 [ 1621.883799] ? __handle_mm_fault+0x349d/0x3f20 [ 1621.888366] ? shmem_read_mapping_page_gfp+0x1a0/0x1a0 [ 1621.893642] ? lock_downgrade+0x810/0x810 [ 1621.897802] __do_fault+0x116/0x4e0 [ 1621.901426] __handle_mm_fault+0x2cbd/0x3f20 [ 1621.905830] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1621.910666] ? find_held_lock+0x35/0x130 [ 1621.914718] ? handle_mm_fault+0x322/0xb30 [ 1621.918943] ? kasan_check_read+0x11/0x20 [ 1621.923095] handle_mm_fault+0x43f/0xb30 [ 1621.927194] __get_user_pages+0x7b6/0x1a40 [ 1621.931436] ? follow_page_mask+0x19a0/0x19a0 [ 1621.935949] ? memset+0x32/0x40 [ 1621.939215] populate_vma_page_range+0x20d/0x2a0 [ 1621.943975] __mm_populate+0x204/0x380 [ 1621.947846] ? populate_vma_page_range+0x2a0/0x2a0 [ 1621.952779] vm_mmap_pgoff+0x213/0x230 [ 1621.956664] ? vma_is_stack_for_current+0xd0/0xd0 [ 1621.961498] ? kasan_check_read+0x11/0x20 [ 1621.965639] ? _copy_to_user+0xc9/0x120 [ 1621.969599] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1621.975120] ksys_mmap_pgoff+0xf7/0x630 [ 1621.979082] ? find_mergeable_anon_vma+0x2e0/0x2e0 [ 1621.983999] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1621.988736] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1621.993477] ? do_syscall_64+0x26/0x610 [ 1621.997434] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1622.002795] __x64_sys_mmap+0xe9/0x1b0 [ 1622.006698] do_syscall_64+0x103/0x610 [ 1622.010583] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1622.015766] RIP: 0033:0x457e29 [ 1622.018940] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1622.037820] RSP: 002b:00007f082abddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1622.045535] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457e29 [ 1622.052796] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000 [ 1622.060061] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 1622.067312] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f082abde6d4 [ 1622.074562] R13: 00000000004c3b88 R14: 00000000004d6d40 R15: 00000000ffffffff [ 1622.082986] memory: usage 306976kB, limit 307200kB, failcnt 5744 [ 1622.089148] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1622.095967] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1622.102211] Memory cgroup stats for /syz5: cache:9864KB rss:193576KB rss_huge:141312KB shmem:9908KB mapped_file:9900KB dirty:0KB writeback:0KB swap:0KB inactive_anon:9968KB active_anon:193556KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1622.124039] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=20364,uid=0 03:53:21 executing program 2: r0 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) setsockopt$inet_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000140)={0x8}, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$VIDIOC_G_OUTPUT(r0, 0x8004562e, &(0x7f00000000c0)) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCGIFDSTADDR(r2, 0x8917, &(0x7f0000000180)={'bcsf0\x00', {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0xf}}}) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:21 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000080)='./bus\x00', 0x1fe, 0x0) r3 = accept$inet(r0, 0x0, &(0x7f0000000180)) write$binfmt_aout(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="0daeda84e42c7c68d8f8091b227e7613781c57e220c10e8ae1ef786abf075f9bdfcd67837abec356fbab9e"], 0x2b) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000004c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000000280)={0x3, &(0x7f0000000240)=[{0x0, 0x7}, {0x7fffffff}, {0x0, 0x8000}]}) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f00000000c0)=0xf2) unlink(&(0x7f0000001e00)='./bus\x00') ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, 0x0) sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) getpeername$packet(r3, 0x0, &(0x7f0000000340)) mkdir(&(0x7f0000001540)='./file0\x00', 0x0) ioctl$sock_inet6_SIOCDIFADDR(r1, 0x8936, 0x0) mlockall(0x0) 03:53:21 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x60ff) 03:53:21 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:21 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0xa, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:21 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x6000000) [ 1622.138705] Memory cgroup out of memory: Kill process 20364 (syz-executor.5) score 1113 or sacrifice child [ 1622.148599] Killed process 20364 (syz-executor.5) total-vm:72576kB, anon-rss:2196kB, file-rss:35788kB, shmem-rss:0kB [ 1622.160804] oom_reaper: reaped process 20364 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 03:53:21 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:21 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x7400) 03:53:21 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000140)={&(0x7f00000000c0)=[0x20, 0x1f, 0x4, 0xb5ef, 0x9, 0x8, 0x1, 0x20, 0x200, 0x4], 0xa, 0x0, 0x68, 0x7fffffff, 0x7, 0xfffffffffffffffa, {0x3, 0x3, 0x6, 0x100000000, 0x1, 0x4, 0x8, 0x0, 0x2, 0x1, 0x3, 0x7, 0xffffffff, 0x6, "3922cf253a84f01d0bb92ca35506637ddd07093e1fbb831604c6260234d18694"}}) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1622.349297] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1622.407651] CPU: 1 PID: 3309 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1622.414779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1622.424137] Call Trace: [ 1622.426755] dump_stack+0x172/0x1f0 [ 1622.430400] dump_header+0x10f/0xb6c [ 1622.434160] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1622.439279] ? ___ratelimit+0x60/0x595 [ 1622.443174] ? do_raw_spin_unlock+0x57/0x270 [ 1622.447601] oom_kill_process.cold+0x10/0x6f5 [ 1622.452115] ? task_will_free_mem+0x139/0x6e0 [ 1622.456631] out_of_memory+0x79a/0x1280 [ 1622.460620] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1622.465735] ? oom_killer_disable+0x280/0x280 [ 1622.470241] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1622.475377] mem_cgroup_out_of_memory+0x99/0xe0 [ 1622.480065] ? memcg_memory_event+0x40/0x40 [ 1622.484414] ? _raw_spin_unlock+0x2d/0x50 [ 1622.488576] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1622.493685] try_charge+0xfec/0x1570 [ 1622.497404] ? find_held_lock+0x35/0x130 [ 1622.501511] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1622.506363] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1622.511253] ? find_held_lock+0x35/0x130 [ 1622.515341] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1622.520207] memcg_kmem_charge_memcg+0x7c/0x130 [ 1622.524889] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1622.529407] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1622.534268] memcg_kmem_charge+0x13b/0x340 [ 1622.538532] __alloc_pages_nodemask+0x437/0x710 [ 1622.543213] ? debug_smp_processor_id+0x1c/0x20 [ 1622.547912] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1622.552947] ? copy_page_range+0x125a/0x1f90 [ 1622.557365] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1622.562957] alloc_pages_current+0x107/0x210 [ 1622.567383] pte_alloc_one+0x1b/0x1a0 [ 1622.571198] __pte_alloc+0x20/0x310 [ 1622.574840] copy_page_range+0x1529/0x1f90 [ 1622.579099] ? mark_held_locks+0x100/0x100 [ 1622.583385] ? pmd_alloc+0x180/0x180 [ 1622.587115] ? __rb_insert_augmented+0x231/0xdf0 [ 1622.591886] ? validate_mm_rb+0xa3/0xc0 [ 1622.595884] ? __vma_link_rb+0x279/0x370 [ 1622.599975] copy_process.part.0+0x56aa/0x79a0 [ 1622.604598] ? __cleanup_sighand+0x70/0x70 [ 1622.608862] _do_fork+0x257/0xfe0 [ 1622.612338] ? fork_idle+0x1d0/0x1d0 [ 1622.616070] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1622.620832] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1622.625936] ? do_syscall_64+0x26/0x610 [ 1622.629929] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1622.635305] ? do_syscall_64+0x26/0x610 [ 1622.639298] __x64_sys_clone+0xbf/0x150 [ 1622.643305] do_syscall_64+0x103/0x610 [ 1622.647204] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1622.652401] RIP: 0033:0x457e29 [ 1622.655605] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1622.674514] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1622.682231] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1622.689521] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1622.696806] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 03:53:21 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0xb, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) [ 1622.704084] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1622.711375] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff 03:53:21 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:21 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x9400) [ 1622.790486] memory: usage 307200kB, limit 307200kB, failcnt 21762 [ 1622.818208] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:53:21 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) setsockopt$RDS_FREE_MR(r1, 0x114, 0x3, &(0x7f0000000140)={{0x8, 0x80000000}, 0x1}, 0x10) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor\x00', 0x201, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1622.848924] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1622.858700] Memory cgroup stats for /syz0: cache:0KB rss:96412KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96548KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1622.956090] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3304,uid=0 [ 1622.998286] Memory cgroup out of memory: Kill process 3304 (syz-executor.0) score 1106 or sacrifice child [ 1623.046464] Killed process 3319 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB 03:53:22 executing program 5: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000140)={&(0x7f00000000c0)=[0x20, 0x1f, 0x4, 0xb5ef, 0x9, 0x8, 0x1, 0x20, 0x200, 0x4], 0xa, 0x0, 0x68, 0x7fffffff, 0x7, 0xfffffffffffffffa, {0x3, 0x3, 0x6, 0x100000000, 0x1, 0x4, 0x8, 0x0, 0x2, 0x1, 0x3, 0x7, 0xffffffff, 0x6, "3922cf253a84f01d0bb92ca35506637ddd07093e1fbb831604c6260234d18694"}}) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:22 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0xe, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:22 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:22 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x307100) 03:53:22 executing program 2: r0 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) fstat(r2, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='overlay\x00', 0x20000, &(0x7f0000000200)={[{@lowerdir={'lowerdir', 0x3d, './file1'}}, {@metacopy_off='metacopy=off'}], [{@fowner_eq={'fowner', 0x3d, r3}}, {@dont_hash='dont_hash'}, {@seclabel='seclabel'}]}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000380)='/dev/video35\x00', 0x2, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)='trusted.overlay.upper\x00', &(0x7f0000000300)={0x0, 0xfb, 0x57, 0x5, 0x400, "3f64780df3ade419636bb551e1eb1253", "b7ad9cb8845acc65a3f02a4afc3b2d3a7170bdc6ce4c9321c58d6e01217199b792449af3839728247a2a4f5c3744c0319d733f6f708a58cff184aef79e85f23cc81e"}, 0x57, 0x1) fchdir(r0) 03:53:22 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x8000000) 03:53:22 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1623.351574] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 03:53:22 executing program 5: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000140)={&(0x7f00000000c0)=[0x20, 0x1f, 0x4, 0xb5ef, 0x9, 0x8, 0x1, 0x20, 0x200, 0x4], 0xa, 0x0, 0x68, 0x7fffffff, 0x7, 0xfffffffffffffffa, {0x3, 0x3, 0x6, 0x100000000, 0x1, 0x4, 0x8, 0x0, 0x2, 0x1, 0x3, 0x7, 0xffffffff, 0x6, "3922cf253a84f01d0bb92ca35506637ddd07093e1fbb831604c6260234d18694"}}) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:22 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x400000) 03:53:22 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0xf, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) [ 1623.431881] CPU: 0 PID: 3364 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1623.439017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1623.448374] Call Trace: [ 1623.450991] dump_stack+0x172/0x1f0 [ 1623.454650] dump_header+0x10f/0xb6c [ 1623.458404] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1623.463548] ? ___ratelimit+0x60/0x595 [ 1623.467447] ? do_raw_spin_unlock+0x57/0x270 [ 1623.471875] oom_kill_process.cold+0x10/0x6f5 [ 1623.476406] ? task_will_free_mem+0x139/0x6e0 [ 1623.480936] out_of_memory+0x79a/0x1280 [ 1623.480959] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1623.480979] ? oom_killer_disable+0x280/0x280 [ 1623.480994] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1623.481024] mem_cgroup_out_of_memory+0x99/0xe0 [ 1623.490088] ? memcg_memory_event+0x40/0x40 [ 1623.490114] ? _raw_spin_unlock+0x2d/0x50 [ 1623.490130] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1623.490146] try_charge+0xfec/0x1570 [ 1623.490159] ? find_held_lock+0x35/0x130 [ 1623.490184] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1623.490202] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1623.490219] ? find_held_lock+0x35/0x130 [ 1623.539537] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1623.544402] memcg_kmem_charge_memcg+0x7c/0x130 [ 1623.549084] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1623.553605] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1623.558467] memcg_kmem_charge+0x13b/0x340 [ 1623.562731] __alloc_pages_nodemask+0x437/0x710 [ 1623.567410] ? __pud_alloc+0x1d3/0x250 [ 1623.571312] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1623.576337] ? __pud_alloc+0x1d3/0x250 [ 1623.580249] ? lock_downgrade+0x810/0x810 [ 1623.584409] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1623.589963] alloc_pages_current+0x107/0x210 [ 1623.594379] ? do_raw_spin_unlock+0x57/0x270 [ 1623.598807] __pmd_alloc+0x41/0x460 [ 1623.602441] ? pmd_val+0x100/0x100 [ 1623.605993] pmd_alloc+0x10c/0x180 [ 1623.609545] copy_page_range+0x62e/0x1f90 [ 1623.613699] ? __lock_is_held+0xb6/0x140 [ 1623.617787] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1623.622815] ? vma_compute_subtree_gap+0x158/0x230 [ 1623.627755] ? vma_gap_callbacks_rotate+0x62/0x80 03:53:22 executing program 5: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000140)={&(0x7f00000000c0)=[0x20, 0x1f, 0x4, 0xb5ef, 0x9, 0x8, 0x1, 0x20, 0x200, 0x4], 0xa, 0x0, 0x68, 0x7fffffff, 0x7, 0xfffffffffffffffa, {0x3, 0x3, 0x6, 0x100000000, 0x1, 0x4, 0x8, 0x0, 0x2, 0x1, 0x3, 0x7, 0xffffffff, 0x6, "3922cf253a84f01d0bb92ca35506637ddd07093e1fbb831604c6260234d18694"}}) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1623.632603] ? pmd_alloc+0x180/0x180 [ 1623.636332] ? validate_mm_rb+0xa3/0xc0 [ 1623.640319] ? __vma_link_rb+0x279/0x370 [ 1623.644398] copy_process.part.0+0x56aa/0x79a0 [ 1623.649026] ? __cleanup_sighand+0x70/0x70 [ 1623.653309] _do_fork+0x257/0xfe0 [ 1623.656799] ? fork_idle+0x1d0/0x1d0 [ 1623.660536] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1623.665344] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1623.670141] ? do_syscall_64+0x26/0x610 [ 1623.674122] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1623.679506] ? do_syscall_64+0x26/0x610 [ 1623.683507] __x64_sys_clone+0xbf/0x150 [ 1623.687510] do_syscall_64+0x103/0x610 [ 1623.691417] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1623.696627] RIP: 0033:0x457e29 [ 1623.699859] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1623.718766] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:53:22 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x10, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) [ 1623.726480] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1623.733769] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1623.741046] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1623.748350] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1623.755623] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff 03:53:22 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000400)='/proc/capi/capi20\x00', 0x201, 0x0) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000100)=0x7, &(0x7f0000000140)=0x1) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) exit_group(0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x22100}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x30, r1, 0x200, 0x70bd25, 0x25dfdbff, {{}, 0x0, 0x4107, 0x0, {0x14, 0x18, {0x2e, @bearer=@udp='udp:syz0\x00'}}}, ["", "", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0xc0}, 0x4) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000001540)={0x3, 0x10000, 0x9, {0xc, @sliced={0x0, [0x0, 0x0, 0x0, 0x9, 0x7ff, 0x6, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x3f, 0x6, 0xafa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x101, 0x400, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3, 0x80, 0x0, 0x88, 0x9, 0xc0dd, 0x6, 0x1293ba14, 0x3]}}}) r2 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_NODELAY(r2, 0x84, 0x3, &(0x7f0000000040), &(0x7f00000000c0)=0x4) syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_GET_LOW_DMA(0xffffffffffffffff, 0x227a, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, 0x0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) 03:53:22 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1623.841929] memory: usage 307196kB, limit 307200kB, failcnt 21792 [ 1623.848722] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1623.877513] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:53:22 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x50a000) [ 1623.888276] Memory cgroup stats for /syz0: cache:0KB rss:96412KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96564KB inactive_file:4KB active_file:0KB unevictable:0KB [ 1623.910278] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=9800,uid=0 03:53:22 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1623.954664] Memory cgroup out of memory: Kill process 9800 (syz-executor.0) score 1103 or sacrifice child [ 1623.974981] Killed process 9800 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1624.061593] syz-executor.2 invoked oom-killer: gfp_mask=0x6040c0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 1624.089142] CPU: 1 PID: 3361 Comm: syz-executor.2 Not tainted 5.0.0-rc8 #87 [ 1624.096255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1624.105604] Call Trace: [ 1624.108202] dump_stack+0x172/0x1f0 [ 1624.111845] dump_header+0x10f/0xb6c [ 1624.115568] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1624.120674] ? ___ratelimit+0x60/0x595 [ 1624.124567] ? do_raw_spin_unlock+0x57/0x270 [ 1624.128989] oom_kill_process.cold+0x10/0x6f5 [ 1624.133505] ? task_will_free_mem+0x139/0x6e0 [ 1624.138013] out_of_memory+0x79a/0x1280 [ 1624.142001] ? oom_killer_disable+0x280/0x280 [ 1624.146499] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1624.151613] mem_cgroup_out_of_memory+0x99/0xe0 [ 1624.156287] ? memcg_memory_event+0x40/0x40 [ 1624.160621] ? _raw_spin_unlock+0x2d/0x50 [ 1624.164769] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1624.169872] try_charge+0xfec/0x1570 [ 1624.173596] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1624.179139] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1624.183985] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 1624.189440] ? rcu_read_lock_sched_held+0x110/0x130 [ 1624.194459] ? __alloc_pages_nodemask+0x5e9/0x710 [ 1624.199305] ? perf_trace_lock_acquire+0xf5/0x580 [ 1624.204160] memcg_kmem_charge_memcg+0x7c/0x130 [ 1624.208832] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1624.213355] ? cache_grow_begin+0x5a2/0x8c0 [ 1624.217673] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1624.222255] ? trace_hardirqs_on+0x67/0x230 [ 1624.226582] cache_grow_begin+0x25f/0x8c0 [ 1624.230750] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1624.236289] ? __cpuset_node_allowed+0x136/0x540 [ 1624.241051] fallback_alloc+0x1fd/0x2d0 [ 1624.245034] ____cache_alloc_node+0x1be/0x1e0 [ 1624.249536] kmem_cache_alloc+0x1e8/0x6f0 [ 1624.253686] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1624.258706] ? vma_merge+0x4b9/0xe60 [ 1624.262439] vm_area_dup+0x21/0x170 [ 1624.266088] __split_vma+0xad/0x570 [ 1624.269734] split_vma+0xa6/0xf0 [ 1624.273118] mprotect_fixup+0x826/0xa70 [ 1624.277100] ? change_protection+0x2620/0x2620 [ 1624.281678] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1624.287242] ? file_map_prot_check+0x1f7/0x390 [ 1624.291834] ? selinux_file_mprotect+0xf7/0x620 [ 1624.296518] ? vmacache_find+0x65/0x310 [ 1624.300508] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1624.306050] ? security_file_mprotect+0x93/0xc0 [ 1624.310722] do_mprotect_pkey+0x594/0xa30 [ 1624.314870] ? lock_downgrade+0x810/0x810 [ 1624.319034] ? mprotect_fixup+0xa70/0xa70 [ 1624.323215] ? do_syscall_64+0x26/0x610 [ 1624.327193] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1624.332553] ? do_syscall_64+0x26/0x610 [ 1624.336530] __x64_sys_mprotect+0x78/0xb0 [ 1624.340681] do_syscall_64+0x103/0x610 [ 1624.344585] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1624.349772] RIP: 0033:0x457f27 [ 1624.352982] Code: 00 00 00 b8 0b 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1624.371881] RSP: 002b:00007ffda87d9f38 EFLAGS: 00000246 ORIG_RAX: 000000000000000a [ 1624.379596] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 0000000000457f27 [ 1624.386859] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 00007f388c246000 [ 1624.394127] RBP: 00007ffda87da020 R08: 0000000000712800 R09: 0000000000712800 [ 1624.401412] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffda87da100 [ 1624.408680] R13: 00007f388c266700 R14: 00007f388c2669c0 R15: 000000000073bfac [ 1624.507141] memory: usage 307200kB, limit 307200kB, failcnt 3558 [ 1624.513958] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1624.528370] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1624.535123] Memory cgroup stats for /syz2: cache:56KB rss:248408KB rss_huge:219136KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:12KB active_anon:248500KB inactive_file:8KB active_file:0KB unevictable:40KB [ 1624.563597] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13612,uid=0 [ 1624.585718] Memory cgroup out of memory: Kill process 13612 (syz-executor.2) score 1113 or sacrifice child [ 1624.597054] Killed process 13612 (syz-executor.2) total-vm:72444kB, anon-rss:2192kB, file-rss:35800kB, shmem-rss:0kB 03:53:23 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20ncci\x00', 0x40, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, &(0x7f0000000140)) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000180)='/dev/usbmon#\x00', 0x20000000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, &(0x7f0000000080)) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1624.617103] oom_reaper: reaped process 13612 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 1624.636549] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1624.681544] CPU: 0 PID: 3364 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1624.688652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1624.697998] Call Trace: [ 1624.700601] dump_stack+0x172/0x1f0 [ 1624.704278] dump_header+0x10f/0xb6c [ 1624.708001] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1624.713106] ? ___ratelimit+0x60/0x595 [ 1624.717001] ? do_raw_spin_unlock+0x57/0x270 [ 1624.721421] oom_kill_process.cold+0x10/0x6f5 [ 1624.725950] ? task_will_free_mem+0x139/0x6e0 [ 1624.730474] out_of_memory+0x79a/0x1280 [ 1624.734484] ? oom_killer_disable+0x280/0x280 [ 1624.738984] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1624.744105] mem_cgroup_out_of_memory+0x99/0xe0 [ 1624.748798] ? memcg_memory_event+0x40/0x40 [ 1624.753131] ? _raw_spin_unlock+0x2d/0x50 [ 1624.757418] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1624.762542] try_charge+0xfec/0x1570 [ 1624.766276] ? find_held_lock+0x35/0x130 [ 1624.770379] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1624.775225] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1624.780065] ? find_held_lock+0x35/0x130 [ 1624.784137] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1624.789027] memcg_kmem_charge_memcg+0x7c/0x130 [ 1624.793696] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1624.798198] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1624.803050] memcg_kmem_charge+0x13b/0x340 [ 1624.807295] __alloc_pages_nodemask+0x437/0x710 [ 1624.811975] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1624.817039] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1624.821627] ? trace_hardirqs_on+0x67/0x230 [ 1624.825960] copy_process.part.0+0x3e0/0x79a0 [ 1624.830464] ? mark_held_locks+0x100/0x100 [ 1624.834712] ? debug_smp_processor_id+0x1c/0x20 [ 1624.839386] ? perf_trace_lock_acquire+0xf5/0x580 [ 1624.844236] ? __might_fault+0x12b/0x1e0 [ 1624.848312] ? __cleanup_sighand+0x70/0x70 [ 1624.852554] ? lock_downgrade+0x810/0x810 [ 1624.856730] _do_fork+0x257/0xfe0 [ 1624.860193] ? fork_idle+0x1d0/0x1d0 [ 1624.863940] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1624.868705] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1624.873470] ? do_syscall_64+0x26/0x610 [ 1624.877446] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1624.882813] ? do_syscall_64+0x26/0x610 [ 1624.886793] __x64_sys_clone+0xbf/0x150 [ 1624.890780] do_syscall_64+0x103/0x610 [ 1624.894673] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1624.899861] RIP: 0033:0x457e29 [ 1624.903064] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1624.921964] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1624.929683] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1624.936953] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1624.944237] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1624.951510] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1624.958783] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1624.970226] memory: usage 307196kB, limit 307200kB, failcnt 21821 [ 1624.977765] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1624.992809] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1625.008042] Memory cgroup stats for /syz0: cache:0KB rss:96544KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96572KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1625.035577] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3363,uid=0 [ 1625.057611] Memory cgroup out of memory: Kill process 3363 (syz-executor.0) score 1106 or sacrifice child [ 1625.068135] Killed process 3411 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB [ 1625.118478] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1625.147463] CPU: 0 PID: 3363 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1625.154575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1625.163929] Call Trace: [ 1625.166518] dump_stack+0x172/0x1f0 [ 1625.170171] dump_header+0x10f/0xb6c [ 1625.173883] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1625.178974] ? ___ratelimit+0x60/0x595 [ 1625.182845] ? do_raw_spin_unlock+0x57/0x270 [ 1625.187240] oom_kill_process.cold+0x10/0x6f5 [ 1625.191724] ? task_will_free_mem+0x139/0x6e0 [ 1625.196209] out_of_memory+0x79a/0x1280 [ 1625.200183] ? oom_killer_disable+0x280/0x280 [ 1625.204665] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1625.209868] mem_cgroup_out_of_memory+0x99/0xe0 [ 1625.214522] ? memcg_memory_event+0x40/0x40 [ 1625.218845] ? _raw_spin_unlock+0x2d/0x50 [ 1625.222991] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1625.228075] try_charge+0xb4a/0x1570 [ 1625.231767] ? find_held_lock+0x35/0x130 [ 1625.235814] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1625.240639] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1625.245460] ? find_held_lock+0x35/0x130 [ 1625.249503] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1625.254333] memcg_kmem_charge_memcg+0x7c/0x130 [ 1625.259004] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1625.263487] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1625.268315] memcg_kmem_charge+0x13b/0x340 [ 1625.272552] __alloc_pages_nodemask+0x437/0x710 [ 1625.277203] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1625.282204] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1625.286767] ? trace_hardirqs_on+0x67/0x230 [ 1625.291120] copy_process.part.0+0x3e0/0x79a0 [ 1625.295617] ? psi_memstall_leave+0x11c/0x180 [ 1625.300096] ? sched_clock+0x2e/0x50 [ 1625.303798] ? psi_memstall_leave+0x12e/0x180 [ 1625.308274] ? find_held_lock+0x35/0x130 [ 1625.312320] ? __lock_acquire+0x53b/0x4700 [ 1625.316542] ? __cleanup_sighand+0x70/0x70 [ 1625.320761] ? mark_held_locks+0x100/0x100 [ 1625.324982] ? perf_trace_lock_acquire+0xf5/0x580 [ 1625.329807] ? rcu_read_lock_sched_held+0x110/0x130 [ 1625.334803] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1625.340340] _do_fork+0x257/0xfe0 [ 1625.343796] ? fork_idle+0x1d0/0x1d0 [ 1625.347500] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 1625.352860] ? lock_downgrade+0x810/0x810 [ 1625.356992] ? blkcg_exit_queue+0x30/0x30 [ 1625.361124] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1625.365862] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1625.370598] ? do_syscall_64+0x26/0x610 [ 1625.374555] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1625.379920] ? do_syscall_64+0x26/0x610 [ 1625.383906] __x64_sys_clone+0xbf/0x150 [ 1625.387871] do_syscall_64+0x103/0x610 [ 1625.391751] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1625.396936] RIP: 0033:0x45a7f9 [ 1625.400107] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1625.418997] RSP: 002b:00007ffee6aa5678 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1625.426685] RAX: ffffffffffffffda RBX: 00007f3c7554e700 RCX: 000000000045a7f9 [ 1625.433940] RDX: 00007f3c7554e9d0 RSI: 00007f3c7554ddb0 RDI: 00000000003d0f00 [ 1625.441190] RBP: 00007ffee6aa5880 R08: 00007f3c7554e700 R09: 00007f3c7554e700 [ 1625.448441] R10: 00007f3c7554e9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1625.455707] R13: 00007ffee6aa572f R14: 00007f3c7554e9c0 R15: 000000000073c04c [ 1625.465258] memory: usage 307144kB, limit 307200kB, failcnt 21827 [ 1625.471598] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1625.478361] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1625.484647] Memory cgroup stats for /syz0: cache:0KB rss:96544KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96492KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1625.504926] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3363,uid=0 03:53:24 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x9000000) 03:53:24 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0xfc, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:24 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000400)='/proc/capi/capi20\x00', 0x201, 0x0) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000100)=0x7, &(0x7f0000000140)=0x1) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) exit_group(0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x22100}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x30, r1, 0x200, 0x70bd25, 0x25dfdbff, {{}, 0x0, 0x4107, 0x0, {0x14, 0x18, {0x2e, @bearer=@udp='udp:syz0\x00'}}}, ["", "", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0xc0}, 0x4) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000001540)={0x3, 0x10000, 0x9, {0xc, @sliced={0x0, [0x0, 0x0, 0x0, 0x9, 0x7ff, 0x6, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x3f, 0x6, 0xafa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x101, 0x400, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3, 0x80, 0x0, 0x88, 0x9, 0xc0dd, 0x6, 0x1293ba14, 0x3]}}}) r2 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_NODELAY(r2, 0x84, 0x3, &(0x7f0000000040), &(0x7f00000000c0)=0x4) syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_GET_LOW_DMA(0xffffffffffffffff, 0x227a, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, 0x0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) 03:53:24 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:24 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x70a000) 03:53:24 executing program 2: r0 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = syz_open_dev$usb(&(0x7f0000000140)='/dev/bus/usb/00#/00#\x00', 0xfffffffffffffc00, 0x20080) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffff9c, 0x84, 0x70, &(0x7f0000000180)={0x0, @in={{0x2, 0x4e21, @multicast2}}, [0x800, 0x403, 0x84, 0x2000000000001c, 0xa9a2, 0x81, 0x9, 0xf98, 0x9, 0x6, 0x7, 0x81, 0xd7a, 0x8, 0xb]}, &(0x7f0000000280)=0x100) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000002c0)={r2, 0x6, 0x7}, &(0x7f0000000300)=0x8) r3 = msgget(0x0, 0x40) msgrcv(r3, &(0x7f0000000500)=ANY=[@ANYBLOB="000000e642baa0b45b70599f3537ab8de4000000000000000000000000000000000000"], 0x23, 0x1, 0x800) r4 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet6_opts(r1, 0x29, 0x3f, &(0x7f00000003c0)=""/195, &(0x7f00000004c0)=0xc3) r5 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$UI_DEV_CREATE(r5, 0x5501) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f00000000c0)={0x7fff, 0x33524742, 0xb6e69337c3b2e12d, @discrete={0x4, 0x1ff}}) futimesat(r1, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={{}, {0x0, 0x2710}}) [ 1625.524645] Memory cgroup out of memory: Kill process 3363 (syz-executor.0) score 1106 or sacrifice child [ 1625.534515] Killed process 3420 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB 03:53:24 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:24 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x88000, 0x0) ioctl$LOOP_SET_FD(r1, 0x4c00, r0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:24 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x12c, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:24 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x713000) 03:53:24 executing program 5: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x80, 0x0) bind$vsock_dgram(r0, &(0x7f0000000080)={0x28, 0x0, 0xffffffff, @host}, 0x10) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000736000/0x4000)=nil, 0x4000, 0x0, 0x1012, r1, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 03:53:24 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1625.909382] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1625.971061] CPU: 0 PID: 3433 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1625.978195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1625.987548] Call Trace: [ 1625.990151] dump_stack+0x172/0x1f0 [ 1625.993796] dump_header+0x10f/0xb6c [ 1625.997522] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1626.002635] ? ___ratelimit+0x60/0x595 [ 1626.006530] ? do_raw_spin_unlock+0x57/0x270 [ 1626.010961] oom_kill_process.cold+0x10/0x6f5 [ 1626.010985] ? task_will_free_mem+0x139/0x6e0 [ 1626.011014] out_of_memory+0x79a/0x1280 [ 1626.019990] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1626.020009] ? oom_killer_disable+0x280/0x280 [ 1626.020024] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1626.038649] mem_cgroup_out_of_memory+0x99/0xe0 [ 1626.043327] ? memcg_memory_event+0x40/0x40 [ 1626.047690] ? _raw_spin_unlock+0x2d/0x50 [ 1626.051875] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1626.057015] try_charge+0xfec/0x1570 [ 1626.060733] ? find_held_lock+0x35/0x130 [ 1626.064813] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1626.069692] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1626.074542] ? find_held_lock+0x35/0x130 [ 1626.082697] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1626.087557] memcg_kmem_charge_memcg+0x7c/0x130 [ 1626.092236] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1626.096742] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1626.101595] memcg_kmem_charge+0x13b/0x340 [ 1626.105844] __alloc_pages_nodemask+0x437/0x710 [ 1626.110522] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1626.115550] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1626.120141] ? trace_hardirqs_on+0x67/0x230 [ 1626.124478] copy_process.part.0+0x3e0/0x79a0 [ 1626.128985] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1626.133768] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1626.138349] ? retint_kernel+0x2d/0x2d [ 1626.142247] ? trace_hardirqs_on_caller+0x6a/0x220 [ 1626.147175] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1626.151935] ? __lock_acquire+0x53b/0x4700 [ 1626.156157] ? retint_kernel+0x2d/0x2d [ 1626.160039] ? __cleanup_sighand+0x70/0x70 [ 1626.164273] ? mark_held_locks+0x100/0x100 [ 1626.168509] ? perf_trace_lock_acquire+0xf5/0x580 [ 1626.173338] ? rcu_read_lock_sched_held+0x110/0x130 [ 1626.178363] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1626.183937] _do_fork+0x257/0xfe0 [ 1626.187431] ? fork_idle+0x1d0/0x1d0 [ 1626.191167] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 1626.196564] ? lock_downgrade+0x810/0x810 [ 1626.200734] ? blkcg_exit_queue+0x30/0x30 [ 1626.204927] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1626.209696] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1626.214440] ? do_syscall_64+0x26/0x610 [ 1626.218419] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1626.223775] ? do_syscall_64+0x26/0x610 [ 1626.227755] __x64_sys_clone+0xbf/0x150 [ 1626.231721] do_syscall_64+0x103/0x610 [ 1626.235595] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1626.240779] RIP: 0033:0x45a7f9 [ 1626.243972] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1626.262873] RSP: 002b:00007ffee6aa5678 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1626.270587] RAX: ffffffffffffffda RBX: 00007f3c7556f700 RCX: 000000000045a7f9 [ 1626.277840] RDX: 00007f3c7556f9d0 RSI: 00007f3c7556edb0 RDI: 00000000003d0f00 [ 1626.285093] RBP: 00007ffee6aa5880 R08: 00007f3c7556f700 R09: 00007f3c7556f700 [ 1626.292357] R10: 00007f3c7556f9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1626.299629] R13: 00007ffee6aa572f R14: 00007f3c7556f9c0 R15: 000000000073bfac [ 1626.313787] memory: usage 307200kB, limit 307200kB, failcnt 21881 [ 1626.321734] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1626.328686] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1626.335203] Memory cgroup stats for /syz0: cache:0KB rss:96384KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96516KB inactive_file:4KB active_file:0KB unevictable:0KB [ 1626.355603] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=9980,uid=0 [ 1626.370342] Memory cgroup out of memory: Kill process 9980 (syz-executor.0) score 1103 or sacrifice child [ 1626.380344] Killed process 9980 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1626.392261] oom_reaper: reaped process 9980 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1626.435524] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1626.454692] CPU: 0 PID: 3437 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1626.461805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1626.471180] Call Trace: [ 1626.473784] dump_stack+0x172/0x1f0 [ 1626.477423] dump_header+0x10f/0xb6c [ 1626.481168] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1626.486324] ? ___ratelimit+0x60/0x595 [ 1626.490218] ? do_raw_spin_unlock+0x57/0x270 [ 1626.494663] oom_kill_process.cold+0x10/0x6f5 [ 1626.499196] ? task_will_free_mem+0x139/0x6e0 [ 1626.503704] out_of_memory+0x79a/0x1280 [ 1626.507682] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1626.512789] ? oom_killer_disable+0x280/0x280 [ 1626.517288] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1626.522416] mem_cgroup_out_of_memory+0x99/0xe0 [ 1626.527110] ? memcg_memory_event+0x40/0x40 [ 1626.531445] ? _raw_spin_unlock+0x2d/0x50 [ 1626.535597] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1626.540705] try_charge+0xfec/0x1570 [ 1626.544413] ? find_held_lock+0x35/0x130 [ 1626.548474] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1626.553304] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1626.558152] ? find_held_lock+0x35/0x130 [ 1626.562201] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1626.567036] memcg_kmem_charge_memcg+0x7c/0x130 [ 1626.571687] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1626.576167] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1626.581013] memcg_kmem_charge+0x13b/0x340 [ 1626.585289] __alloc_pages_nodemask+0x437/0x710 [ 1626.589989] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1626.595054] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1626.599643] ? trace_hardirqs_on+0x67/0x230 [ 1626.603969] copy_process.part.0+0x3e0/0x79a0 [ 1626.608464] ? mark_held_locks+0x100/0x100 [ 1626.612686] ? debug_smp_processor_id+0x1c/0x20 [ 1626.617343] ? perf_trace_lock_acquire+0xf5/0x580 [ 1626.622174] ? __might_fault+0x12b/0x1e0 [ 1626.626228] ? __cleanup_sighand+0x70/0x70 [ 1626.630450] ? lock_downgrade+0x810/0x810 [ 1626.634624] _do_fork+0x257/0xfe0 [ 1626.638079] ? fork_idle+0x1d0/0x1d0 [ 1626.641785] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1626.646526] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1626.651276] ? do_syscall_64+0x26/0x610 [ 1626.655282] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1626.660630] ? do_syscall_64+0x26/0x610 [ 1626.664591] __x64_sys_clone+0xbf/0x150 [ 1626.668566] do_syscall_64+0x103/0x610 [ 1626.672441] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1626.677614] RIP: 0033:0x457e29 [ 1626.680803] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1626.699701] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1626.707427] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1626.714685] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1626.721956] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1626.729210] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1626.736463] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1626.750234] memory: usage 307068kB, limit 307200kB, failcnt 21902 [ 1626.756522] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1626.763412] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1626.769566] Memory cgroup stats for /syz0: cache:0KB rss:96384KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96472KB inactive_file:4KB active_file:0KB unevictable:0KB [ 1626.791035] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3433,uid=0 [ 1626.805633] Memory cgroup out of memory: Kill process 3433 (syz-executor.0) score 1106 or sacrifice child [ 1626.815450] Killed process 3448 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB 03:53:25 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0xa000000) 03:53:25 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x740000) 03:53:25 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x600, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:25 executing program 2: r0 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x8, 0xfffffffffffffffc) ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0xd000) open_by_handle_at(r0, &(0x7f0000000140)={0x67, 0xa4, "32836978c5a232f8739f5f6d232c8b2fde6473c8bcb908068db7e75fd0cc6f0a6c4bbc9f0cb4203d294fa7d4926fc04cbc4320c986763f08cc555d04953c626953a72f9fa121fb63cd00b963e9695a2d2f4012b6017664cec46184b5b4742e"}, 0x800) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:25 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:25 executing program 5: r0 = syz_open_dev$adsp(0x0, 0x0, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x400000015) getegid() setfsgid(0x0) bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000100)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "8811e78754a539d39c2bd6a40fa8c8aa024d00000000ffffffff25fec2541e21ccf67e1d7b5510029e63000000e565aa9a9d325ebac7627ffe7a54cdbd77b3"}, 0x60) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f00000060c0)={'raw\x00\x00\x00\x00\x00\x00\x00\xf1\x00L\x00\x00e\x00', 0x10ce, "703c89f3e22652be25d1dbc675c5512c217fce8f4f49b9ec6ab36c205270e5c0cbab6d8307acd5f68635f474bf700eaf345cd5021da04d08c9e7e518f2527609ab379f5c816dcab5b72e5331094fc40b0efc2e96d76fa57deb6530bd150838fb03783ec9c54c8be8b95627b685e8537eed01687caa895751b57c5770dd8283daebafbf77a46798c9b88637b8ce5fee217b668e9de5e627f25b804442db9140483461808c8eec176a7694edeb3694ea6613ebf6f55dda614d55c655bd54c5ba5d187999c62481de37f4de72566f1133e906c64e83017e30e93be13fd6653c000a226ccf74601291c261a3c6cb772f83e073af953a0e146942cb596156fe219b1302d09277014f5f28c352c0e8bb74d03d891c6e208f925eacc0ae2af180152d3bb00a739d651b022a622dc672b5af512c26d57c8aa59bea100b45c9e32eca8c2fcbc6130955858011a9ce8661d8eb66bac0d702d447df7363defec0ae649fde750d0e5b6d8d92539a416133b4ca5bf9de7fd871c3bf21e4534a4b986b884a99072ab503440147d61cc762dea3bb0636829679f865a52e1f157e0a55f895ad5f66edd8b3f3cac3232553a6e6b0cd2dd8181a63233543de40d9e852d1b4a3fb576b8db1f630b62e1a9907972fd6bc548a7b65f98e082a62d16b70af0feec37c720ce07086ffecd8466ef13bcdb0e1a68452eb77d030485604c748bbf179d8f933eb43689f6cd30eff8c3ac928a295fab5e2bccea7a591085a08a8bc143bd6f3cd66764c67beb3cdd71ec0837a9de16e0d6440fe6c9fc975558d84eda6f63ecf0972a04cd276e723179604d39e6e5ed817665af131138bc82905c52203d09c74da642fa12e8e29fddcdc0c87ab159fd51dcbdf9f4a84df46c7cdba49d1808ce048bba8b75f11d9461fe72325914ac3bbae58ac8c41b097c2279beacb3539a8299ffc2372fcd4e18aa232c9a23e0c176ee33611141edc6281cfc7f9300f08569df67a446cf62ea1ba0e7fd0165e070d58402e60629c12b681256afcc0ca9bdbe5e8abf7cb872bed1089c3c6f1f352ca5475c6d809f1128ed8f0b0e48629b8e79391eb65d66ec68d23b7511d0fd6518d2dc15d2c7802659154ed3681183c7f12a62d9fe8831c2ba70f3943438903000000000000001cdc1fc55e99806449451411f2eed7ef94a6aedddf9759dd4efcf45f6b1c7470de497836833f5a56948629d3a854f0775f51a31e26d6c6744cf550b2a216153a15ccf344ff073e3a4e1ecb4f2649f2b41bd5297b31d8d8ff13b5af576c77866fcb69675fc73190f2acf322ae21692a5402b7770aeb261b19838e16f876358a7ae88be39e4808140a32cd6a6273de3d742bd5f3d67267c2b5e986e19c8365221145c87a91a137fea4fa703a30e8902a4733f402c3148ec3c5d95a02b8e5a13be90715c23188444f98cf7f7bf6b034ae166cd8a41ff82d8ee13e2c26566c18c9983657de5be3ccfd7917cd9e7dbb3e5101000000000000006e9fcf1bf3329927c86425c1799c229298768b468d787aa9f353781b1f20b8844810e208b4653350d54d152bec9863dd65a720ddfdb2a527524a5626f6274bae8514ddb25777c3bd0883f92981dfb56523971df05afd26cf92dab023e81d1819637df8c899ca63c08bb8d7308dd9b367485f54e54a7e08b5c57ff55184b9c90cc358e5b28c7ef6cb042f600acc39157c5a4a971adf227cfbad7db8275879ad38b639c0f7673f50ebc41f4175c8f33d4761006e652863501f6ce3c6555bd95cdfb6040b4a814fcfb450d97db7bd716d3b4f068af2c4df808c061f40beecd08468c195a3600699e3fe515578ef13032f3ea2001b8fa8263312f9a83fae7b525d116a6f456e598b3b0e67b7bc4c3fab5172c70bb2869d199d96e7920001a76147195e20a27957163c409ae7a5431494e6938e392270e1a51618d6ff06fca17d84c9b4d36ead00b403c23764fa24c5a9b84f6c877a6e0645fd4bba346dfc20189b09851548b27bad44d644020bd0ae7f9de93fc2c50093416a588fc55136c5b4a2fc7f59188ef864e324d5feeb417fc78a57dc0602c22a166192137ceab0efd53e7da2a25ee910be502299b58ade758e05f4ba9c3a3805f84370fa7309d9fa8fc272cb05b43c67478e25133e0cc4ef3c2ffb7dd597e1593c291f7f9875acc751e34e826d73a9488060a6fccd9f66dfdb86bfde1d8369fa6afa759103de26f4e58f9a8fff06d4e5d6572a27484f627ac6e52828e2b8120d494558c222d050b251010bdaaa7557e9b682425cb98060ce6f164c220d6a6b3e55869dfd553289ebb0e0e9dd9c992a8cc552ad738cc53b4122c8d2bb6079ddfa6faf4f2edd62df6e7bfde18172eb693e065c77774b6547d70f26ee3ba36ea0a06c76a9fc067ca7f24118147586503e7a3d34bdd14fe471ef4a3cb25d2c327703b4675268ace93a7212fc9e5b535a54fad5adcec7d31bc2376a93dbb19c11aaf6375ed48b1e201d5b26f213f3406b949f7f9f28d247fd43cbe57856858f50622016e90e01a815d11d2e76d4153b3435faf19f14848f060799d93d5b35d057f8fca5e5f617782eb95b57b32c9cc85b86674524d09b776b9c11429fc127e5968e0a1c632db5291e177eaaac92080517252cc4279e065cbf1c76f2cd0abe1dd714d249eccb5ca6debc41020e5371758c3ea3320d8b16a826629fc96b80c4c8ee4a089f100d68578fdc59b53d7fe56c26f0cb76a54d6d1334c38b11984ad732a0c240883e365408aafdadddef0ca039b7eedd677abbd81c631463785883d876d54f6ab394da1f383736a268086e1100a025bab7b82a89cda60d001cca4b0be2cdc85b3f83f2a50cd62693e6e931c4f15f85832297e3834da746e9844aac02ae629552254a2c4b5ba4b18b86a11524ff820d04b552b8dd921f0ab0ef361d4591e50e678150ef6c9130019d296611eb379256e7769f67cd10c2ce8cb3f6aeb67761007fcfbda5bb2e6f63588c4d35c194c445fb90e18a728ace7445874403295e7a56cd54ca9c3a5a7dcdb3e640eea9bdc236e79dee00759313880865b53df075c51a8f50a8edaaa65c16e856652b7a5f2d0c063f8bc0179c47b52c278fc9cdb4245980af97fa3f0b2d7fddc5d4515ddc87998dd0f57dd550186a2ccd694ba82950a59b215593d64e2c6522432a4e169a1610e4065093728c8ff9fe15a200180c54d72cf13a47863c69fbacf99ba11352ce862702453977af1526c7ad86ff6ac7e4436b5847eefca801e5e01db487a8316d29a8d935251c98078c9c95f88a5097117eac6008ac0cd76802acba54c98fd62947862f475d846adab70afc6c9062f65ffbf3f1815cda57045e0e07db4558725a356206dfc23a1a11cc15c06d7c6d89ca174b0ac237f6b20224219436ff63c3cb5f6ea70415766284664987dcd83758a4dd20da01b865dcb7353f7bb5c2c0449e7f8342f80ad99e0f44a3e543616e5333844fdd44a6f2643fcc6e0e1254194a396bb20d9fde96edfe4682bc798326f5437590ae48f3bb2560ea43dddfee3d728b9bb92a6f4f5390ca7376843e0234472b29d6c4a31eed220423db09c6c4a7320002459fc02fbe92c73bfc28551690e29fcaea14ce403dc644ce1c3d665c95c00056ecbe4a9a7698b9d9d64ad750c0b726629f9850b3dcc9b743d6756817ebbe7e8399787463e4aaae0a7e3945ed435704442af9836879197a4d518e1f0473e6430742dc75cc09dc0566f4612c26710700000000000000f06cc9aaa8df772c5dbfe85ddcf0d19f7802f291b3c5389d8c29dc4aa53a5afded02ec335a4aab65eb4f5293973c0237349a5cf06eea181b4d91d34117063e066a7f99b72eb4b8a6f69736adad589a73462edc06c88cdf08008b271470d0d5c634dbffbb15cf018c8caa8066057362830cce4d95e93af5d794d7b61619577b55921c8a8a12ccf32f5cd7f5f68be9fd9f9cbafe63e63646a16c06526021275abc8e8845114d40bf435d4beb73146473db5e1bd8a56b6acb7fd9ea4e6c86d45b7e7ce84d4c62dad10ed559277babec28dfce04fec912df64c3e4591f96eb46fa8ae7efe8812e4e6bb5f0de03aef1ddc6d4d1606849fa8f04e4919acaaf734a9f74e2122a828c68b9c3079d9dbff174069827f819d68110ab50a42011c9dad769bbb896648cf47d540ec7d4b00c9103bfc5d7a40ce8a0eaaca1c4e7424415f416593b93a864ccb3438b7582f4d920da41591736955a24ab2141700ee34170e54f4c766b50703cc8efa2d35ffacf188547384a9a258698ee075a3069cb5b68bdd83f3a410ec84aacfb3975135bf90f23311a64d7bf70cd743b4663e026d33a31db61de68290d753b4f91dbd8b860ff00bd47bbd40a018ad067b586d3db99bb0720993c485fb5845aa83d0b75a479dbd528eb48f05fd28a650e183afe30ec1ecada4be4f1df0790d78796c3e79fbf571b177d321a8c18a07da6b05725c4e5e78788fa0dc1372ebce97559dc2971e96a3c3610a550d0506acf8e3e99fc69cf28ba893d3dbc136ac2159d10d2e2c0ac130bfea98ffa7dd83f25f69a07a45e92e5cb3d7a5e9f75db4a37a8acf63d291fbae1fef35ea1870990f225e89ee4dc56620da231c6e0e03e399cd87f00586bbf324185c74f68fc033674667cccb0a9a0097382343a36ce7fd04353f2a983fd63986af50dd997317cb263c748ca485573ff4e299b9afe8fed24861a32de9a8dd42cd5a52290ba6ff19955434f1d03ec2830d5c6f122bb9024d18c5cf3600739e10d1e8a2c68fcde48f07a313c15c28cbdd1572bbb07d37a729e7d956af02ff5bbd51b697605e255c63dd678f49c1647c1e6b1d8931697343a5196883c99412edd7cf00e79a7f046e9117cd7feaf33540e5d568c3ee47c094c4f2aebffca11e5e82338851fd54e33e16da25ce1c3eebea6d038c8a403524443ec3e98b18a16baf08655ce4e39a76ff12a0c89ef2db07b9c695955e106892414724ab52c853ca4ceca69a6ca29dfb7624fe4ed7c9f112246979bfd3d5eb3f5f1818a832d507cbc3ba4c8385ad9471f6e697de417d9ebc71258aec430a181fbfe2ff6ee3ccabe22754e41a841d23058b49946c78b40c1dcfdba7b221c8ee02babba89f817af17d204ae780d118c4742280ed8e68d5d2b63a19fe55dc56e765128f5ebb3a65071bb9be102719092c74348e6dac4f94b160330edb17d47df2eefcb028d6854cc557647c1a3f994682199be0ab84b0f1075dae9e49d8a4ac206a6cb43b9b9e27453ac2fe48641d52e7f4e93b15e4325fefbfd03b2fd836911b556c4b8f43820c863ad16c1d5c51ac6ef631a88cb8cee6c532e3722a1e2e7eeb74e1f484fd16ed7b53976aa2b91849defff7ef19bbb9f97c172b4731b3af634f96ef5fb4b4ebca4599a5f8454af67007351c7d4413796384f254c3621a1787fcfe22712c70fcae3020b81f456a222d2298a8cf055de8c21a7158483f1726e22b26e925171c5c7e4ac810e3f3f4371858ae361202006c5c758b7dc7830ac48485ac7126b61cb8f105b8efb0c94f2365ca0f3048bbd347eefa5e5bbea0b9e0c8f22b568ce000ca293d8eb2f0593d40d024e20882046dd8557b87da71c88951b4ff9416a4b67acab164956e7086fc9f2d3a04f974574f5cfa400107d87104149a8a9f1ed1147c83355f3b7d21f1b74894b667c939b31e8d536102494c89a69dcb2fb2ab4b11008252f9b30aa28311a8ad835a05f9c1f4e80a12bc396cc3669b100a63b4fa9dc00000000000000000000000000000000000000000000000000000000000000000000000000d74eae968b4c6470d6a5ab27af62ed2dfadb12195d8c9c2abd2c1f2a9a2163912150d34e5ba81d0d0b97304e3aedaded019981ad805b9370624cc49b2d93d0d078f575597ac1405d67bfa21e5f3f09925a5f15db2a624d84ec5e926e0f095c05098ff2b3d449a06cced597ac752e98914518253b7ae8fc2820f095bccf0f09c5fb92bf7465776d59a47d15764250a6233a86a667d1ca7c46290b56718edaf8a01b5ca78659613d4cf3970000000000000000000000000000001afb18de25e55307"}, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, 0x0) getsockopt$llc_int(r1, 0x10c, 0x7, 0x0, 0x0) mount(&(0x7f0000000100)=@nbd={'/dev/nbd'}, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='cgroup\x00', 0x0, 0x0) set_robust_list(0x0, 0x0) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB='s']) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, 0x0) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000000000)={0x200000000001}) setsockopt$inet_sctp_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, 0x0, 0x0) [ 1626.830549] oom_reaper: reaped process 3448 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:53:25 executing program 2: r0 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000140)={0xfffffffffffeffff, 0x7, 0x5, 0x1225, 0xfffffffffffffff8, 0x80, 0x8}) ioctl$VIDIOC_S_EDID(r0, 0xc0285629, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0xe835, [], &(0x7f0000000000)=0x80000001}) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fremovexattr(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB='user.bpuset%\x00']) mmap$xdp(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x5, 0x4010, r2, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='pipefs\x00', 0x80000, 0x0) 03:53:25 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b0") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:25 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x940000) 03:53:25 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x700, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:26 executing program 5: r0 = syz_open_dev$adsp(0x0, 0x0, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x400000015) getegid() setfsgid(0x0) bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000100)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "8811e78754a539d39c2bd6a40fa8c8aa024d00000000ffffffff25fec2541e21ccf67e1d7b5510029e63000000e565aa9a9d325ebac7627ffe7a54cdbd77b3"}, 0x60) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f00000060c0)={'raw\x00\x00\x00\x00\x00\x00\x00\xf1\x00L\x00\x00e\x00', 0x10ce, "703c89f3e22652be25d1dbc675c5512c217fce8f4f49b9ec6ab36c205270e5c0cbab6d8307acd5f68635f474bf700eaf345cd5021da04d08c9e7e518f2527609ab379f5c816dcab5b72e5331094fc40b0efc2e96d76fa57deb6530bd150838fb03783ec9c54c8be8b95627b685e8537eed01687caa895751b57c5770dd8283daebafbf77a46798c9b88637b8ce5fee217b668e9de5e627f25b804442db9140483461808c8eec176a7694edeb3694ea6613ebf6f55dda614d55c655bd54c5ba5d187999c62481de37f4de72566f1133e906c64e83017e30e93be13fd6653c000a226ccf74601291c261a3c6cb772f83e073af953a0e146942cb596156fe219b1302d09277014f5f28c352c0e8bb74d03d891c6e208f925eacc0ae2af180152d3bb00a739d651b022a622dc672b5af512c26d57c8aa59bea100b45c9e32eca8c2fcbc6130955858011a9ce8661d8eb66bac0d702d447df7363defec0ae649fde750d0e5b6d8d92539a416133b4ca5bf9de7fd871c3bf21e4534a4b986b884a99072ab503440147d61cc762dea3bb0636829679f865a52e1f157e0a55f895ad5f66edd8b3f3cac3232553a6e6b0cd2dd8181a63233543de40d9e852d1b4a3fb576b8db1f630b62e1a9907972fd6bc548a7b65f98e082a62d16b70af0feec37c720ce07086ffecd8466ef13bcdb0e1a68452eb77d030485604c748bbf179d8f933eb43689f6cd30eff8c3ac928a295fab5e2bccea7a591085a08a8bc143bd6f3cd66764c67beb3cdd71ec0837a9de16e0d6440fe6c9fc975558d84eda6f63ecf0972a04cd276e723179604d39e6e5ed817665af131138bc82905c52203d09c74da642fa12e8e29fddcdc0c87ab159fd51dcbdf9f4a84df46c7cdba49d1808ce048bba8b75f11d9461fe72325914ac3bbae58ac8c41b097c2279beacb3539a8299ffc2372fcd4e18aa232c9a23e0c176ee33611141edc6281cfc7f9300f08569df67a446cf62ea1ba0e7fd0165e070d58402e60629c12b681256afcc0ca9bdbe5e8abf7cb872bed1089c3c6f1f352ca5475c6d809f1128ed8f0b0e48629b8e79391eb65d66ec68d23b7511d0fd6518d2dc15d2c7802659154ed3681183c7f12a62d9fe8831c2ba70f3943438903000000000000001cdc1fc55e99806449451411f2eed7ef94a6aedddf9759dd4efcf45f6b1c7470de497836833f5a56948629d3a854f0775f51a31e26d6c6744cf550b2a216153a15ccf344ff073e3a4e1ecb4f2649f2b41bd5297b31d8d8ff13b5af576c77866fcb69675fc73190f2acf322ae21692a5402b7770aeb261b19838e16f876358a7ae88be39e4808140a32cd6a6273de3d742bd5f3d67267c2b5e986e19c8365221145c87a91a137fea4fa703a30e8902a4733f402c3148ec3c5d95a02b8e5a13be90715c23188444f98cf7f7bf6b034ae166cd8a41ff82d8ee13e2c26566c18c9983657de5be3ccfd7917cd9e7dbb3e5101000000000000006e9fcf1bf3329927c86425c1799c229298768b468d787aa9f353781b1f20b8844810e208b4653350d54d152bec9863dd65a720ddfdb2a527524a5626f6274bae8514ddb25777c3bd0883f92981dfb56523971df05afd26cf92dab023e81d1819637df8c899ca63c08bb8d7308dd9b367485f54e54a7e08b5c57ff55184b9c90cc358e5b28c7ef6cb042f600acc39157c5a4a971adf227cfbad7db8275879ad38b639c0f7673f50ebc41f4175c8f33d4761006e652863501f6ce3c6555bd95cdfb6040b4a814fcfb450d97db7bd716d3b4f068af2c4df808c061f40beecd08468c195a3600699e3fe515578ef13032f3ea2001b8fa8263312f9a83fae7b525d116a6f456e598b3b0e67b7bc4c3fab5172c70bb2869d199d96e7920001a76147195e20a27957163c409ae7a5431494e6938e392270e1a51618d6ff06fca17d84c9b4d36ead00b403c23764fa24c5a9b84f6c877a6e0645fd4bba346dfc20189b09851548b27bad44d644020bd0ae7f9de93fc2c50093416a588fc55136c5b4a2fc7f59188ef864e324d5feeb417fc78a57dc0602c22a166192137ceab0efd53e7da2a25ee910be502299b58ade758e05f4ba9c3a3805f84370fa7309d9fa8fc272cb05b43c67478e25133e0cc4ef3c2ffb7dd597e1593c291f7f9875acc751e34e826d73a9488060a6fccd9f66dfdb86bfde1d8369fa6afa759103de26f4e58f9a8fff06d4e5d6572a27484f627ac6e52828e2b8120d494558c222d050b251010bdaaa7557e9b682425cb98060ce6f164c220d6a6b3e55869dfd553289ebb0e0e9dd9c992a8cc552ad738cc53b4122c8d2bb6079ddfa6faf4f2edd62df6e7bfde18172eb693e065c77774b6547d70f26ee3ba36ea0a06c76a9fc067ca7f24118147586503e7a3d34bdd14fe471ef4a3cb25d2c327703b4675268ace93a7212fc9e5b535a54fad5adcec7d31bc2376a93dbb19c11aaf6375ed48b1e201d5b26f213f3406b949f7f9f28d247fd43cbe57856858f50622016e90e01a815d11d2e76d4153b3435faf19f14848f060799d93d5b35d057f8fca5e5f617782eb95b57b32c9cc85b86674524d09b776b9c11429fc127e5968e0a1c632db5291e177eaaac92080517252cc4279e065cbf1c76f2cd0abe1dd714d249eccb5ca6debc41020e5371758c3ea3320d8b16a826629fc96b80c4c8ee4a089f100d68578fdc59b53d7fe56c26f0cb76a54d6d1334c38b11984ad732a0c240883e365408aafdadddef0ca039b7eedd677abbd81c631463785883d876d54f6ab394da1f383736a268086e1100a025bab7b82a89cda60d001cca4b0be2cdc85b3f83f2a50cd62693e6e931c4f15f85832297e3834da746e9844aac02ae629552254a2c4b5ba4b18b86a11524ff820d04b552b8dd921f0ab0ef361d4591e50e678150ef6c9130019d296611eb379256e7769f67cd10c2ce8cb3f6aeb67761007fcfbda5bb2e6f63588c4d35c194c445fb90e18a728ace7445874403295e7a56cd54ca9c3a5a7dcdb3e640eea9bdc236e79dee00759313880865b53df075c51a8f50a8edaaa65c16e856652b7a5f2d0c063f8bc0179c47b52c278fc9cdb4245980af97fa3f0b2d7fddc5d4515ddc87998dd0f57dd550186a2ccd694ba82950a59b215593d64e2c6522432a4e169a1610e4065093728c8ff9fe15a200180c54d72cf13a47863c69fbacf99ba11352ce862702453977af1526c7ad86ff6ac7e4436b5847eefca801e5e01db487a8316d29a8d935251c98078c9c95f88a5097117eac6008ac0cd76802acba54c98fd62947862f475d846adab70afc6c9062f65ffbf3f1815cda57045e0e07db4558725a356206dfc23a1a11cc15c06d7c6d89ca174b0ac237f6b20224219436ff63c3cb5f6ea70415766284664987dcd83758a4dd20da01b865dcb7353f7bb5c2c0449e7f8342f80ad99e0f44a3e543616e5333844fdd44a6f2643fcc6e0e1254194a396bb20d9fde96edfe4682bc798326f5437590ae48f3bb2560ea43dddfee3d728b9bb92a6f4f5390ca7376843e0234472b29d6c4a31eed220423db09c6c4a7320002459fc02fbe92c73bfc28551690e29fcaea14ce403dc644ce1c3d665c95c00056ecbe4a9a7698b9d9d64ad750c0b726629f9850b3dcc9b743d6756817ebbe7e8399787463e4aaae0a7e3945ed435704442af9836879197a4d518e1f0473e6430742dc75cc09dc0566f4612c26710700000000000000f06cc9aaa8df772c5dbfe85ddcf0d19f7802f291b3c5389d8c29dc4aa53a5afded02ec335a4aab65eb4f5293973c0237349a5cf06eea181b4d91d34117063e066a7f99b72eb4b8a6f69736adad589a73462edc06c88cdf08008b271470d0d5c634dbffbb15cf018c8caa8066057362830cce4d95e93af5d794d7b61619577b55921c8a8a12ccf32f5cd7f5f68be9fd9f9cbafe63e63646a16c06526021275abc8e8845114d40bf435d4beb73146473db5e1bd8a56b6acb7fd9ea4e6c86d45b7e7ce84d4c62dad10ed559277babec28dfce04fec912df64c3e4591f96eb46fa8ae7efe8812e4e6bb5f0de03aef1ddc6d4d1606849fa8f04e4919acaaf734a9f74e2122a828c68b9c3079d9dbff174069827f819d68110ab50a42011c9dad769bbb896648cf47d540ec7d4b00c9103bfc5d7a40ce8a0eaaca1c4e7424415f416593b93a864ccb3438b7582f4d920da41591736955a24ab2141700ee34170e54f4c766b50703cc8efa2d35ffacf188547384a9a258698ee075a3069cb5b68bdd83f3a410ec84aacfb3975135bf90f23311a64d7bf70cd743b4663e026d33a31db61de68290d753b4f91dbd8b860ff00bd47bbd40a018ad067b586d3db99bb0720993c485fb5845aa83d0b75a479dbd528eb48f05fd28a650e183afe30ec1ecada4be4f1df0790d78796c3e79fbf571b177d321a8c18a07da6b05725c4e5e78788fa0dc1372ebce97559dc2971e96a3c3610a550d0506acf8e3e99fc69cf28ba893d3dbc136ac2159d10d2e2c0ac130bfea98ffa7dd83f25f69a07a45e92e5cb3d7a5e9f75db4a37a8acf63d291fbae1fef35ea1870990f225e89ee4dc56620da231c6e0e03e399cd87f00586bbf324185c74f68fc033674667cccb0a9a0097382343a36ce7fd04353f2a983fd63986af50dd997317cb263c748ca485573ff4e299b9afe8fed24861a32de9a8dd42cd5a52290ba6ff19955434f1d03ec2830d5c6f122bb9024d18c5cf3600739e10d1e8a2c68fcde48f07a313c15c28cbdd1572bbb07d37a729e7d956af02ff5bbd51b697605e255c63dd678f49c1647c1e6b1d8931697343a5196883c99412edd7cf00e79a7f046e9117cd7feaf33540e5d568c3ee47c094c4f2aebffca11e5e82338851fd54e33e16da25ce1c3eebea6d038c8a403524443ec3e98b18a16baf08655ce4e39a76ff12a0c89ef2db07b9c695955e106892414724ab52c853ca4ceca69a6ca29dfb7624fe4ed7c9f112246979bfd3d5eb3f5f1818a832d507cbc3ba4c8385ad9471f6e697de417d9ebc71258aec430a181fbfe2ff6ee3ccabe22754e41a841d23058b49946c78b40c1dcfdba7b221c8ee02babba89f817af17d204ae780d118c4742280ed8e68d5d2b63a19fe55dc56e765128f5ebb3a65071bb9be102719092c74348e6dac4f94b160330edb17d47df2eefcb028d6854cc557647c1a3f994682199be0ab84b0f1075dae9e49d8a4ac206a6cb43b9b9e27453ac2fe48641d52e7f4e93b15e4325fefbfd03b2fd836911b556c4b8f43820c863ad16c1d5c51ac6ef631a88cb8cee6c532e3722a1e2e7eeb74e1f484fd16ed7b53976aa2b91849defff7ef19bbb9f97c172b4731b3af634f96ef5fb4b4ebca4599a5f8454af67007351c7d4413796384f254c3621a1787fcfe22712c70fcae3020b81f456a222d2298a8cf055de8c21a7158483f1726e22b26e925171c5c7e4ac810e3f3f4371858ae361202006c5c758b7dc7830ac48485ac7126b61cb8f105b8efb0c94f2365ca0f3048bbd347eefa5e5bbea0b9e0c8f22b568ce000ca293d8eb2f0593d40d024e20882046dd8557b87da71c88951b4ff9416a4b67acab164956e7086fc9f2d3a04f974574f5cfa400107d87104149a8a9f1ed1147c83355f3b7d21f1b74894b667c939b31e8d536102494c89a69dcb2fb2ab4b11008252f9b30aa28311a8ad835a05f9c1f4e80a12bc396cc3669b100a63b4fa9dc00000000000000000000000000000000000000000000000000000000000000000000000000d74eae968b4c6470d6a5ab27af62ed2dfadb12195d8c9c2abd2c1f2a9a2163912150d34e5ba81d0d0b97304e3aedaded019981ad805b9370624cc49b2d93d0d078f575597ac1405d67bfa21e5f3f09925a5f15db2a624d84ec5e926e0f095c05098ff2b3d449a06cced597ac752e98914518253b7ae8fc2820f095bccf0f09c5fb92bf7465776d59a47d15764250a6233a86a667d1ca7c46290b56718edaf8a01b5ca78659613d4cf3970000000000000000000000000000001afb18de25e55307"}, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, 0x0) getsockopt$llc_int(r1, 0x10c, 0x7, 0x0, 0x0) mount(&(0x7f0000000100)=@nbd={'/dev/nbd'}, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='cgroup\x00', 0x0, 0x0) set_robust_list(0x0, 0x0) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB='s']) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, 0x0) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000000000)={0x200000000001}) setsockopt$inet_sctp_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, 0x0, 0x0) 03:53:26 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b0") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1627.186640] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1627.205180] CPU: 0 PID: 3486 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1627.212295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1627.221659] Call Trace: [ 1627.224263] dump_stack+0x172/0x1f0 [ 1627.227943] dump_header+0x10f/0xb6c [ 1627.231681] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1627.236794] ? ___ratelimit+0x60/0x595 [ 1627.240692] ? do_raw_spin_unlock+0x57/0x270 [ 1627.245128] oom_kill_process.cold+0x10/0x6f5 [ 1627.249659] ? task_will_free_mem+0x139/0x6e0 [ 1627.254193] out_of_memory+0x79a/0x1280 [ 1627.258203] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1627.263327] ? oom_killer_disable+0x280/0x280 [ 1627.267838] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1627.272976] mem_cgroup_out_of_memory+0x99/0xe0 [ 1627.277659] ? memcg_memory_event+0x40/0x40 [ 1627.282001] ? _raw_spin_unlock+0x2d/0x50 [ 1627.286172] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1627.291286] try_charge+0xfec/0x1570 [ 1627.295021] ? find_held_lock+0x35/0x130 [ 1627.299113] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1627.303963] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1627.308815] ? find_held_lock+0x35/0x130 [ 1627.312913] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1627.317788] memcg_kmem_charge_memcg+0x7c/0x130 [ 1627.322464] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1627.326983] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1627.331840] memcg_kmem_charge+0x13b/0x340 [ 1627.336093] __alloc_pages_nodemask+0x437/0x710 [ 1627.340303] net_ratelimit: 26 callbacks suppressed [ 1627.340310] protocol 88fb is buggy, dev hsr_slave_0 [ 1627.340773] ? find_held_lock+0x35/0x130 [ 1627.345729] protocol 88fb is buggy, dev hsr_slave_1 [ 1627.350702] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1627.350719] ? kasan_check_read+0x11/0x20 [ 1627.350737] ? lock_downgrade+0x810/0x810 [ 1627.350756] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1627.354908] protocol 88fb is buggy, dev hsr_slave_0 [ 1627.359840] alloc_pages_current+0x107/0x210 [ 1627.364885] protocol 88fb is buggy, dev hsr_slave_1 [ 1627.368974] pte_alloc_one+0x1b/0x1a0 [ 1627.373242] protocol 88fb is buggy, dev hsr_slave_0 [ 1627.378685] __pte_alloc+0x20/0x310 [ 1627.383761] protocol 88fb is buggy, dev hsr_slave_1 [ 1627.388088] copy_page_range+0x1529/0x1f90 [ 1627.414754] ? __lock_is_held+0xb6/0x140 [ 1627.418809] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1627.420298] protocol 88fb is buggy, dev hsr_slave_0 [ 1627.423825] ? pmd_alloc+0x180/0x180 [ 1627.428859] protocol 88fb is buggy, dev hsr_slave_1 [ 1627.432530] ? validate_mm_rb+0xa3/0xc0 [ 1627.432550] ? __vma_link_rb+0x279/0x370 [ 1627.432576] copy_process.part.0+0x56aa/0x79a0 [ 1627.450209] ? __cleanup_sighand+0x70/0x70 [ 1627.454446] _do_fork+0x257/0xfe0 [ 1627.457887] ? fork_idle+0x1d0/0x1d0 [ 1627.461599] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1627.466340] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1627.471093] ? do_syscall_64+0x26/0x610 [ 1627.475055] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1627.480415] ? do_syscall_64+0x26/0x610 [ 1627.484380] __x64_sys_clone+0xbf/0x150 [ 1627.488346] do_syscall_64+0x103/0x610 [ 1627.492240] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1627.497420] RIP: 0033:0x457e29 [ 1627.500597] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1627.519482] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1627.527172] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1627.534425] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1627.541675] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1627.548930] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1627.556181] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1627.565242] memory: usage 307200kB, limit 307200kB, failcnt 21927 [ 1627.571538] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1627.578301] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1627.584576] Memory cgroup stats for /syz0: cache:0KB rss:96384KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96468KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1627.604850] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3481,uid=0 [ 1627.619488] Memory cgroup out of memory: Kill process 3481 (syz-executor.0) score 1106 or sacrifice child [ 1627.629304] Killed process 3491 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB [ 1627.641048] oom_reaper: reaped process 3491 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1627.666787] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1627.678282] CPU: 0 PID: 3486 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1627.685388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1627.694769] Call Trace: [ 1627.697360] dump_stack+0x172/0x1f0 [ 1627.700993] dump_header+0x10f/0xb6c [ 1627.704715] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1627.709817] ? ___ratelimit+0x60/0x595 [ 1627.713708] ? do_raw_spin_unlock+0x57/0x270 [ 1627.718124] oom_kill_process.cold+0x10/0x6f5 [ 1627.722635] ? task_will_free_mem+0x139/0x6e0 [ 1627.727134] out_of_memory+0x79a/0x1280 [ 1627.731101] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1627.736194] ? oom_killer_disable+0x280/0x280 [ 1627.740685] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1627.745806] mem_cgroup_out_of_memory+0x99/0xe0 [ 1627.750494] ? memcg_memory_event+0x40/0x40 [ 1627.754830] ? _raw_spin_unlock+0x2d/0x50 [ 1627.758964] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1627.764064] try_charge+0xfec/0x1570 [ 1627.767780] ? find_held_lock+0x35/0x130 [ 1627.771858] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1627.776752] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1627.781650] ? find_held_lock+0x35/0x130 [ 1627.785734] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1627.790583] memcg_kmem_charge_memcg+0x7c/0x130 [ 1627.795252] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1627.799743] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1627.804585] memcg_kmem_charge+0x13b/0x340 [ 1627.808819] __alloc_pages_nodemask+0x437/0x710 [ 1627.813480] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1627.818494] ? save_stack+0xa9/0xd0 [ 1627.822145] ? kmem_cache_alloc+0x11a/0x6f0 [ 1627.826506] ? anon_vma_fork+0x1ea/0x4a0 [ 1627.830577] ? copy_process.part.0+0x350f/0x79a0 [ 1627.835323] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1627.840861] alloc_pages_current+0x107/0x210 [ 1627.845284] get_zeroed_page+0x14/0x50 [ 1627.849188] __pud_alloc+0x3b/0x250 [ 1627.852818] pud_alloc+0xde/0x150 [ 1627.856284] copy_page_range+0x375/0x1f90 [ 1627.860428] ? __lock_is_held+0xb6/0x140 [ 1627.864499] ? find_held_lock+0x35/0x130 [ 1627.868607] ? pmd_alloc+0x180/0x180 [ 1627.872309] ? vma_compute_subtree_gap+0x158/0x230 [ 1627.877237] ? validate_mm_rb+0xa3/0xc0 [ 1627.881227] ? __vma_link_rb+0x279/0x370 [ 1627.885318] copy_process.part.0+0x56aa/0x79a0 [ 1627.889928] ? __cleanup_sighand+0x70/0x70 [ 1627.894187] _do_fork+0x257/0xfe0 [ 1627.897644] ? fork_idle+0x1d0/0x1d0 [ 1627.901371] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1627.906130] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1627.910920] ? do_syscall_64+0x26/0x610 [ 1627.914890] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1627.920266] ? do_syscall_64+0x26/0x610 [ 1627.924256] __x64_sys_clone+0xbf/0x150 [ 1627.928260] do_syscall_64+0x103/0x610 [ 1627.932139] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1627.937317] RIP: 0033:0x457e29 [ 1627.940520] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1627.959431] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1627.967137] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1627.974389] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1627.981667] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1627.988947] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1627.996217] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1628.003850] protocol 88fb is buggy, dev hsr_slave_0 [ 1628.008965] protocol 88fb is buggy, dev hsr_slave_1 [ 1628.015100] memory: usage 307044kB, limit 307200kB, failcnt 21954 [ 1628.021387] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1628.028144] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:53:27 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0xb000000) 03:53:27 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x50) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f00000000c0)={0x0, @multicast2, 0x4e24, 0x4, 'wrr\x00', 0x38, 0x0, 0x48}, 0x2c) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:27 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0xa00, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:27 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0xa05000) 03:53:27 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b0") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:27 executing program 5: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x40000, 0x0) setsockopt$RDS_FREE_MR(r0, 0x114, 0x3, &(0x7f0000000040)={{0x3, 0xfffffffffffffffb}, 0x2}, 0x10) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000003140)='/dev/mISDNtimer\x00', 0x4000, 0x0) [ 1628.034335] Memory cgroup stats for /syz0: cache:0KB rss:96384KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96388KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1628.054501] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3481,uid=0 [ 1628.069106] Memory cgroup out of memory: Kill process 3481 (syz-executor.0) score 1106 or sacrifice child [ 1628.078941] Killed process 3481 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:35588kB, shmem-rss:0kB 03:53:27 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:27 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x6) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:27 executing program 5: unshare(0x6c060000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x80000000007, 0x0) lseek(r0, 0x0, 0x0) dup(r0) getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$IP6T_SO_GET_INFO(r1, 0x29, 0x40, &(0x7f0000000580)={'filter\x00'}, &(0x7f0000000600)=0x54) 03:53:27 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0xb00, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:27 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0xa07000) 03:53:27 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) recvfrom$unix(r1, &(0x7f0000000140)=""/169, 0xa9, 0x0, &(0x7f0000000200)=@abs={0x1, 0x0, 0x4e24}, 0x6e) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r2, 0x660c) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f00000000c0)=0x7) ioctl$KVM_SMI(r2, 0xaeb7) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1628.357442] IPVS: ftp: loaded support on port[0] = 21 03:53:27 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1628.381060] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1628.415103] CPU: 0 PID: 3522 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1628.422224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1628.431580] Call Trace: [ 1628.434184] dump_stack+0x172/0x1f0 [ 1628.437831] dump_header+0x10f/0xb6c [ 1628.437850] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1628.437866] ? ___ratelimit+0x60/0x595 [ 1628.450565] ? do_raw_spin_unlock+0x57/0x270 [ 1628.455033] oom_kill_process.cold+0x10/0x6f5 [ 1628.459548] ? task_will_free_mem+0x139/0x6e0 [ 1628.464064] out_of_memory+0x79a/0x1280 [ 1628.468054] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1628.473186] ? oom_killer_disable+0x280/0x280 [ 1628.477687] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1628.477716] mem_cgroup_out_of_memory+0x99/0xe0 [ 1628.477732] ? memcg_memory_event+0x40/0x40 [ 1628.477754] ? _raw_spin_unlock+0x2d/0x50 [ 1628.495955] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1628.501069] try_charge+0xfec/0x1570 [ 1628.501084] ? find_held_lock+0x35/0x130 [ 1628.501106] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1628.513701] ? kasan_check_read+0x11/0x20 [ 1628.517867] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1628.522730] mem_cgroup_try_charge+0x24d/0x5e0 [ 1628.522754] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1628.522772] wp_page_copy+0x408/0x1740 [ 1628.522785] ? find_held_lock+0x35/0x130 [ 1628.522806] ? pmd_pfn+0x1d0/0x1d0 [ 1628.532335] ? lock_downgrade+0x810/0x810 [ 1628.532353] ? swp_swapcount+0x540/0x540 [ 1628.532371] ? kasan_check_read+0x11/0x20 [ 1628.532386] ? do_raw_spin_unlock+0x57/0x270 [ 1628.532403] do_wp_page+0x2ed/0x1520 [ 1628.532423] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1628.532450] __handle_mm_fault+0x22db/0x3f20 [ 1628.532469] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1628.543935] ? find_held_lock+0x35/0x130 [ 1628.543982] ? handle_mm_fault+0x322/0xb30 [ 1628.544024] ? kasan_check_read+0x11/0x20 [ 1628.569106] handle_mm_fault+0x43f/0xb30 [ 1628.569132] __do_page_fault+0x5da/0xd60 [ 1628.569159] do_page_fault+0x71/0x581 [ 1628.569175] ? page_fault+0x8/0x30 [ 1628.590868] page_fault+0x1e/0x30 [ 1628.590880] RIP: 0033:0x40d1e8 [ 1628.590905] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf bf d4 4b 00 31 c0 e8 43 47 ff ff 31 ff e8 8c 43 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 32 64 00 [ 1628.590914] RSP: 002b:00007ffee6aa56e0 EFLAGS: 00010246 [ 1628.590939] RAX: 0000000002645e8d RBX: 00000000e71ca198 RCX: 0000001b33120000 [ 1628.590948] RDX: 0000000000000000 RSI: 0000000000001e8d RDI: ffffffff02645e8d [ 1628.590957] RBP: 0000000000000004 R08: 0000000002645e8d R09: 0000000002645e91 [ 1628.590966] R10: 00007ffee6aa5870 R11: 0000000000000246 R12: 000000000073c028 [ 1628.590975] R13: 0000000080000000 R14: 00007f3c77391008 R15: 0000000000000013 [ 1628.659416] memory: usage 307200kB, limit 307200kB, failcnt 21988 [ 1628.701495] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1628.715681] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1628.724926] Memory cgroup stats for /syz0: cache:0KB rss:96384KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96448KB inactive_file:0KB active_file:4KB unevictable:0KB [ 1628.782058] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=10020,uid=0 [ 1628.830263] Memory cgroup out of memory: Kill process 10020 (syz-executor.0) score 1103 or sacrifice child [ 1628.840124] Killed process 10020 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB 03:53:27 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0xf000000) 03:53:27 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0xe00, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:27 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0xff600000) 03:53:27 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x402, 0x0) accept$unix(r1, &(0x7f0000000140)=@abs, &(0x7f00000001c0)=0x6e) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:27 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:27 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) getsockopt$netrom_NETROM_T2(r1, 0x103, 0x2, &(0x7f00000000c0)=0x1fc0000000, &(0x7f0000000140)=0x4) 03:53:27 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1629.105001] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1629.120232] CPU: 1 PID: 3567 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1629.127373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1629.136725] Call Trace: [ 1629.139378] dump_stack+0x172/0x1f0 [ 1629.143040] dump_header+0x10f/0xb6c [ 1629.146763] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1629.146779] ? ___ratelimit+0x60/0x595 [ 1629.146796] ? do_raw_spin_unlock+0x57/0x270 [ 1629.155780] oom_kill_process.cold+0x10/0x6f5 [ 1629.155801] ? task_will_free_mem+0x139/0x6e0 [ 1629.155822] out_of_memory+0x79a/0x1280 [ 1629.173194] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1629.178323] ? oom_killer_disable+0x280/0x280 [ 1629.182827] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1629.187969] mem_cgroup_out_of_memory+0x99/0xe0 [ 1629.192648] ? memcg_memory_event+0x40/0x40 [ 1629.196995] ? _raw_spin_unlock+0x2d/0x50 [ 1629.201180] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1629.206292] try_charge+0xfec/0x1570 [ 1629.210007] ? find_held_lock+0x35/0x130 [ 1629.214082] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1629.218939] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1629.223788] ? find_held_lock+0x35/0x130 [ 1629.227880] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1629.232746] memcg_kmem_charge_memcg+0x7c/0x130 [ 1629.237411] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1629.241920] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1629.246804] memcg_kmem_charge+0x13b/0x340 [ 1629.251052] __alloc_pages_nodemask+0x437/0x710 [ 1629.255720] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1629.260742] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1629.265330] ? trace_hardirqs_on+0x67/0x230 [ 1629.269656] copy_process.part.0+0x3e0/0x79a0 [ 1629.274202] ? psi_memstall_leave+0x11c/0x180 [ 1629.278693] ? sched_clock+0x2e/0x50 [ 1629.282413] ? psi_memstall_leave+0x12e/0x180 [ 1629.286920] ? find_held_lock+0x35/0x130 [ 1629.290993] ? __lock_acquire+0x53b/0x4700 [ 1629.295239] ? __cleanup_sighand+0x70/0x70 [ 1629.299472] ? mark_held_locks+0x100/0x100 [ 1629.303692] ? perf_trace_lock_acquire+0xf5/0x580 [ 1629.308521] ? rcu_read_lock_sched_held+0x110/0x130 [ 1629.313523] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1629.319048] _do_fork+0x257/0xfe0 [ 1629.322492] ? fork_idle+0x1d0/0x1d0 [ 1629.326195] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 1629.331541] ? lock_downgrade+0x810/0x810 [ 1629.335676] ? blkcg_exit_queue+0x30/0x30 [ 1629.339810] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1629.344576] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1629.349319] ? do_syscall_64+0x26/0x610 [ 1629.353289] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1629.358635] ? do_syscall_64+0x26/0x610 [ 1629.362598] __x64_sys_clone+0xbf/0x150 [ 1629.366576] do_syscall_64+0x103/0x610 [ 1629.370450] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1629.375622] RIP: 0033:0x45a7f9 [ 1629.378812] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1629.397696] RSP: 002b:00007ffee6aa5678 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1629.405390] RAX: ffffffffffffffda RBX: 00007f3c75590700 RCX: 000000000045a7f9 [ 1629.412647] RDX: 00007f3c755909d0 RSI: 00007f3c7558fdb0 RDI: 00000000003d0f00 [ 1629.419920] RBP: 00007ffee6aa5880 R08: 00007f3c75590700 R09: 00007f3c75590700 [ 1629.427173] R10: 00007f3c755909d0 R11: 0000000000000202 R12: 0000000000000000 [ 1629.434439] R13: 00007ffee6aa572f R14: 00007f3c755909c0 R15: 000000000073bf0c [ 1629.449373] memory: usage 307180kB, limit 307200kB, failcnt 22036 [ 1629.455996] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1629.462843] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1629.468988] Memory cgroup stats for /syz0: cache:0KB rss:96384KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96428KB inactive_file:4KB active_file:0KB unevictable:0KB [ 1629.489200] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=10067,uid=0 [ 1629.504068] Memory cgroup out of memory: Kill process 10067 (syz-executor.0) score 1103 or sacrifice child [ 1629.514324] Killed process 10067 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1629.529489] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 1629.550686] CPU: 1 PID: 3527 Comm: syz-executor.5 Not tainted 5.0.0-rc8 #87 [ 1629.557802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1629.567151] Call Trace: [ 1629.569728] dump_stack+0x172/0x1f0 [ 1629.573404] dump_header+0x10f/0xb6c [ 1629.577140] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1629.582230] ? ___ratelimit+0x60/0x595 [ 1629.586105] ? do_raw_spin_unlock+0x57/0x270 [ 1629.590501] oom_kill_process.cold+0x10/0x6f5 [ 1629.594988] ? task_will_free_mem+0x139/0x6e0 [ 1629.599496] out_of_memory+0x79a/0x1280 [ 1629.603465] ? oom_killer_disable+0x280/0x280 [ 1629.607996] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1629.613117] mem_cgroup_out_of_memory+0x99/0xe0 [ 1629.617782] ? memcg_memory_event+0x40/0x40 [ 1629.622105] ? _raw_spin_unlock+0x2d/0x50 [ 1629.626243] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1629.631361] try_charge+0xfec/0x1570 [ 1629.635073] ? find_held_lock+0x35/0x130 [ 1629.639121] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1629.643963] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1629.648798] ? find_held_lock+0x35/0x130 [ 1629.652854] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1629.657722] memcg_kmem_charge_memcg+0x7c/0x130 [ 1629.662385] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1629.666877] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1629.671724] memcg_kmem_charge+0x13b/0x340 [ 1629.675961] __alloc_pages_nodemask+0x437/0x710 [ 1629.680629] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1629.685641] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1629.690224] ? trace_hardirqs_on+0x67/0x230 [ 1629.694546] copy_process.part.0+0x3e0/0x79a0 [ 1629.699044] ? psi_memstall_leave+0x11c/0x180 [ 1629.703540] ? sched_clock+0x2e/0x50 [ 1629.707252] ? psi_memstall_leave+0x12e/0x180 [ 1629.711745] ? find_held_lock+0x35/0x130 [ 1629.715805] ? __lock_acquire+0x53b/0x4700 [ 1629.720046] ? __cleanup_sighand+0x70/0x70 [ 1629.724290] ? mark_held_locks+0x100/0x100 [ 1629.728528] ? perf_trace_lock_acquire+0xf5/0x580 [ 1629.733378] ? rcu_read_lock_sched_held+0x110/0x130 [ 1629.738392] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1629.743927] _do_fork+0x257/0xfe0 [ 1629.747372] ? fork_idle+0x1d0/0x1d0 [ 1629.751103] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 1629.756459] ? lock_downgrade+0x810/0x810 [ 1629.760608] ? blkcg_exit_queue+0x30/0x30 [ 1629.764740] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1629.769491] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1629.774239] ? do_syscall_64+0x26/0x610 [ 1629.778200] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1629.783548] ? do_syscall_64+0x26/0x610 [ 1629.787510] __x64_sys_clone+0xbf/0x150 [ 1629.791470] do_syscall_64+0x103/0x610 [ 1629.795346] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1629.800551] RIP: 0033:0x45a7f9 [ 1629.803750] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1629.822648] RSP: 002b:00007ffc465ca228 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1629.830354] RAX: ffffffffffffffda RBX: 00007f082abbd700 RCX: 000000000045a7f9 [ 1629.837627] RDX: 00007f082abbd9d0 RSI: 00007f082abbcdb0 RDI: 00000000003d0f00 [ 1629.844926] RBP: 00007ffc465ca430 R08: 00007f082abbd700 R09: 00007f082abbd700 [ 1629.852181] R10: 00007f082abbd9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1629.859448] R13: 00007ffc465ca2df R14: 00007f082abbd9c0 R15: 000000000073c04c [ 1629.870541] memory: usage 307172kB, limit 307200kB, failcnt 5760 [ 1629.876701] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1629.883581] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1629.889737] Memory cgroup stats for /syz5: cache:11452KB rss:191500KB rss_huge:139264KB shmem:11376KB mapped_file:11352KB dirty:0KB writeback:0KB swap:0KB inactive_anon:11480KB active_anon:191404KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1629.911920] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=21907,uid=0 [ 1629.926583] Memory cgroup out of memory: Kill process 21907 (syz-executor.5) score 1113 or sacrifice child [ 1629.936536] Killed process 21907 (syz-executor.5) total-vm:72576kB, anon-rss:2196kB, file-rss:35788kB, shmem-rss:0kB [ 1629.967390] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1629.980531] CPU: 1 PID: 3579 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1629.987641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1629.997012] Call Trace: [ 1629.999644] dump_stack+0x172/0x1f0 [ 1630.003330] dump_header+0x10f/0xb6c [ 1630.007065] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1630.012182] ? ___ratelimit+0x60/0x595 [ 1630.016085] ? do_raw_spin_unlock+0x57/0x270 [ 1630.020503] oom_kill_process.cold+0x10/0x6f5 [ 1630.025010] ? task_will_free_mem+0x139/0x6e0 [ 1630.029508] out_of_memory+0x79a/0x1280 [ 1630.033489] ? oom_killer_disable+0x280/0x280 [ 1630.037980] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1630.043103] mem_cgroup_out_of_memory+0x99/0xe0 [ 1630.047785] ? memcg_memory_event+0x40/0x40 [ 1630.052140] ? _raw_spin_unlock+0x2d/0x50 [ 1630.056287] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1630.061389] try_charge+0xfec/0x1570 [ 1630.065109] ? find_held_lock+0x35/0x130 [ 1630.069163] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1630.074005] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1630.078841] ? find_held_lock+0x35/0x130 [ 1630.082924] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1630.087779] memcg_kmem_charge_memcg+0x7c/0x130 [ 1630.092486] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1630.096998] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1630.101856] memcg_kmem_charge+0x13b/0x340 [ 1630.106101] __alloc_pages_nodemask+0x437/0x710 [ 1630.110780] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1630.115812] ? find_held_lock+0x35/0x130 [ 1630.119882] ? percpu_ref_put_many+0x94/0x190 [ 1630.124391] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1630.129950] alloc_pages_current+0x107/0x210 [ 1630.134409] __get_free_pages+0xc/0x40 [ 1630.138313] pgd_alloc+0x8b/0x3f0 [ 1630.141774] ? pgd_page_get_mm+0x40/0x40 [ 1630.145845] ? lockdep_init_map+0x10c/0x5b0 [ 1630.150191] ? lockdep_init_map+0x10c/0x5b0 [ 1630.154533] mm_init+0x583/0x9a0 [ 1630.157929] copy_process.part.0+0x2b65/0x79a0 [ 1630.162514] ? perf_trace_lock_acquire+0xf5/0x580 [ 1630.167356] ? __cleanup_sighand+0x70/0x70 [ 1630.171578] ? lock_downgrade+0x810/0x810 [ 1630.175720] _do_fork+0x257/0xfe0 [ 1630.179197] ? fork_idle+0x1d0/0x1d0 [ 1630.182949] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1630.187696] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1630.192443] ? do_syscall_64+0x26/0x610 [ 1630.196402] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1630.201753] ? do_syscall_64+0x26/0x610 [ 1630.205732] __x64_sys_clone+0xbf/0x150 [ 1630.209697] do_syscall_64+0x103/0x610 [ 1630.213574] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1630.218746] RIP: 0033:0x457e29 [ 1630.221932] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1630.240829] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1630.248522] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1630.255793] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1630.263061] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1630.270356] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1630.277628] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1630.285091] memory: usage 307116kB, limit 307200kB, failcnt 22078 [ 1630.291384] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1630.298141] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1630.304332] Memory cgroup stats for /syz0: cache:0KB rss:96384KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96396KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1630.324521] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=10222,uid=0 [ 1630.339179] Memory cgroup out of memory: Kill process 10222 (syz-executor.0) score 1103 or sacrifice child [ 1630.349066] Killed process 10222 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1630.361023] oom_reaper: reaped process 10222 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1630.377847] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1630.399240] CPU: 0 PID: 3567 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1630.406345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1630.415677] Call Trace: [ 1630.418248] dump_stack+0x172/0x1f0 [ 1630.421862] dump_header+0x10f/0xb6c [ 1630.425560] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1630.430646] ? ___ratelimit+0x60/0x595 [ 1630.434514] ? do_raw_spin_unlock+0x57/0x270 [ 1630.438913] oom_kill_process.cold+0x10/0x6f5 [ 1630.443432] ? task_will_free_mem+0x139/0x6e0 [ 1630.447942] out_of_memory+0x79a/0x1280 [ 1630.451914] ? oom_killer_disable+0x280/0x280 [ 1630.456410] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1630.461506] mem_cgroup_out_of_memory+0x99/0xe0 [ 1630.466176] ? memcg_memory_event+0x40/0x40 [ 1630.470492] ? _raw_spin_unlock+0x2d/0x50 [ 1630.474624] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1630.479708] try_charge+0xb4a/0x1570 [ 1630.483404] ? find_held_lock+0x35/0x130 [ 1630.487468] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1630.492294] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1630.497116] ? find_held_lock+0x35/0x130 [ 1630.501163] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1630.505999] memcg_kmem_charge_memcg+0x7c/0x130 [ 1630.510664] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1630.515147] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1630.519972] memcg_kmem_charge+0x13b/0x340 [ 1630.524195] __alloc_pages_nodemask+0x437/0x710 [ 1630.528861] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1630.533880] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1630.538452] ? trace_hardirqs_on+0x67/0x230 [ 1630.542770] copy_process.part.0+0x3e0/0x79a0 [ 1630.547295] ? psi_memstall_leave+0x11c/0x180 [ 1630.551806] ? sched_clock+0x2e/0x50 [ 1630.555505] ? psi_memstall_leave+0x12e/0x180 [ 1630.559984] ? find_held_lock+0x35/0x130 [ 1630.564031] ? __lock_acquire+0x53b/0x4700 [ 1630.568272] ? __cleanup_sighand+0x70/0x70 [ 1630.572507] ? mark_held_locks+0x100/0x100 [ 1630.576737] ? perf_trace_lock_acquire+0xf5/0x580 [ 1630.581565] ? rcu_read_lock_sched_held+0x110/0x130 [ 1630.586567] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1630.592137] _do_fork+0x257/0xfe0 [ 1630.595584] ? fork_idle+0x1d0/0x1d0 [ 1630.599295] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 1630.604641] ? lock_downgrade+0x810/0x810 [ 1630.608776] ? blkcg_exit_queue+0x30/0x30 [ 1630.612914] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1630.617659] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1630.622413] ? do_syscall_64+0x26/0x610 [ 1630.626394] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1630.631876] ? do_syscall_64+0x26/0x610 [ 1630.635844] __x64_sys_clone+0xbf/0x150 [ 1630.639800] do_syscall_64+0x103/0x610 [ 1630.643687] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1630.648857] RIP: 0033:0x45a7f9 [ 1630.652031] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1630.670914] RSP: 002b:00007ffee6aa5678 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1630.678621] RAX: ffffffffffffffda RBX: 00007f3c7554e700 RCX: 000000000045a7f9 [ 1630.685872] RDX: 00007f3c7554e9d0 RSI: 00007f3c7554ddb0 RDI: 00000000003d0f00 [ 1630.693131] RBP: 00007ffee6aa5880 R08: 00007f3c7554e700 R09: 00007f3c7554e700 [ 1630.700398] R10: 00007f3c7554e9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1630.707654] R13: 00007ffee6aa572f R14: 00007f3c7554e9c0 R15: 000000000073c04c [ 1630.719832] memory: usage 307008kB, limit 307200kB, failcnt 22082 [ 1630.726142] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1630.733223] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1630.739374] Memory cgroup stats for /syz0: cache:0KB rss:96384KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96304KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1630.759823] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3582,uid=0 [ 1630.774644] Memory cgroup out of memory: Kill process 3582 (syz-executor.0) score 1103 or sacrifice child [ 1630.785067] Killed process 3582 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB [ 1630.796552] oom_reaper: reaped process 3582 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1630.812255] syz-executor.5 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1630.830358] CPU: 0 PID: 3539 Comm: syz-executor.5 Not tainted 5.0.0-rc8 #87 [ 1630.837469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1630.846825] Call Trace: [ 1630.849420] dump_stack+0x172/0x1f0 [ 1630.853080] dump_header+0x10f/0xb6c [ 1630.856803] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1630.861931] ? ___ratelimit+0x60/0x595 [ 1630.865827] ? do_raw_spin_unlock+0x57/0x270 [ 1630.870256] oom_kill_process.cold+0x10/0x6f5 [ 1630.874783] ? task_will_free_mem+0x139/0x6e0 [ 1630.879291] out_of_memory+0x79a/0x1280 [ 1630.883290] ? oom_killer_disable+0x280/0x280 [ 1630.887825] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1630.892960] mem_cgroup_out_of_memory+0x99/0xe0 [ 1630.897640] ? memcg_memory_event+0x40/0x40 [ 1630.901985] ? _raw_spin_unlock+0x2d/0x50 [ 1630.906140] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1630.911258] try_charge+0xfec/0x1570 [ 1630.914976] ? find_held_lock+0x35/0x130 [ 1630.919055] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1630.923932] ? kasan_check_read+0x11/0x20 [ 1630.928091] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1630.932948] mem_cgroup_try_charge+0x24d/0x5e0 [ 1630.937558] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1630.942489] shmem_getpage_gfp+0x69b/0x3520 [ 1630.946816] ? shmem_add_to_page_cache+0x1200/0x1200 [ 1630.951934] ? lock_downgrade+0x810/0x810 [ 1630.956100] shmem_fault+0x22d/0x760 [ 1630.959819] ? __handle_mm_fault+0x349d/0x3f20 [ 1630.964437] ? shmem_read_mapping_page_gfp+0x1a0/0x1a0 [ 1630.969743] ? lock_downgrade+0x810/0x810 [ 1630.973921] __do_fault+0x116/0x4e0 [ 1630.977554] __handle_mm_fault+0x2cbd/0x3f20 [ 1630.981973] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1630.986809] ? find_held_lock+0x35/0x130 [ 1630.990883] ? handle_mm_fault+0x322/0xb30 [ 1630.995139] ? kasan_check_read+0x11/0x20 [ 1630.999322] handle_mm_fault+0x43f/0xb30 [ 1631.003427] __get_user_pages+0x7b6/0x1a40 [ 1631.007681] ? follow_page_mask+0x19a0/0x19a0 [ 1631.012184] ? memset+0x32/0x40 [ 1631.015466] populate_vma_page_range+0x20d/0x2a0 [ 1631.020231] __mm_populate+0x204/0x380 [ 1631.024135] ? populate_vma_page_range+0x2a0/0x2a0 [ 1631.029062] vm_mmap_pgoff+0x213/0x230 [ 1631.032975] ? vma_is_stack_for_current+0xd0/0xd0 [ 1631.037815] ? kasan_check_read+0x11/0x20 [ 1631.041965] ? _copy_to_user+0xc9/0x120 [ 1631.045948] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1631.051491] ksys_mmap_pgoff+0xf7/0x630 [ 1631.055465] ? find_mergeable_anon_vma+0x2e0/0x2e0 [ 1631.060391] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1631.065142] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1631.069883] ? do_syscall_64+0x26/0x610 [ 1631.073866] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1631.079220] __x64_sys_mmap+0xe9/0x1b0 [ 1631.083113] do_syscall_64+0x103/0x610 [ 1631.087001] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1631.092182] RIP: 0033:0x457e29 [ 1631.095373] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1631.114259] RSP: 002b:00007f082abddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1631.121958] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457e29 [ 1631.129227] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000 [ 1631.136480] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 1631.143759] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f082abde6d4 [ 1631.151030] R13: 00000000004c3b88 R14: 00000000004d6d40 R15: 00000000ffffffff [ 1631.159516] memory: usage 307196kB, limit 307200kB, failcnt 5777 [ 1631.165753] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1631.172767] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1631.178950] Memory cgroup stats for /syz5: cache:13696KB rss:189356KB rss_huge:137216KB shmem:13620KB mapped_file:2112KB dirty:0KB writeback:0KB swap:0KB inactive_anon:2272KB active_anon:200760KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1631.201021] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=22572,uid=0 [ 1631.215650] Memory cgroup out of memory: Kill process 22572 (syz-executor.5) score 1113 or sacrifice child [ 1631.225546] Killed process 22572 (syz-executor.5) total-vm:72576kB, anon-rss:2196kB, file-rss:35788kB, shmem-rss:0kB [ 1631.237108] oom_reaper: reaped process 22572 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 1631.270606] syz-executor.5 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1631.281936] CPU: 0 PID: 3539 Comm: syz-executor.5 Not tainted 5.0.0-rc8 #87 [ 1631.289098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1631.298437] Call Trace: [ 1631.301023] dump_stack+0x172/0x1f0 [ 1631.304661] dump_header+0x10f/0xb6c [ 1631.308373] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1631.313479] ? ___ratelimit+0x60/0x595 [ 1631.317362] ? do_raw_spin_unlock+0x57/0x270 [ 1631.321799] oom_kill_process.cold+0x10/0x6f5 [ 1631.326311] ? task_will_free_mem+0x139/0x6e0 [ 1631.330811] out_of_memory+0x79a/0x1280 [ 1631.334799] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1631.339891] ? oom_killer_disable+0x280/0x280 [ 1631.344384] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1631.349486] mem_cgroup_out_of_memory+0x99/0xe0 [ 1631.354171] ? memcg_memory_event+0x40/0x40 [ 1631.358507] ? _raw_spin_unlock+0x2d/0x50 [ 1631.362655] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1631.367763] try_charge+0xfec/0x1570 [ 1631.371497] ? find_held_lock+0x35/0x130 [ 1631.375561] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1631.380437] ? kasan_check_read+0x11/0x20 [ 1631.384602] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1631.389447] mem_cgroup_try_charge+0x24d/0x5e0 [ 1631.394034] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1631.398978] shmem_getpage_gfp+0x69b/0x3520 [ 1631.403323] ? shmem_add_to_page_cache+0x1200/0x1200 [ 1631.408411] ? lock_downgrade+0x810/0x810 [ 1631.412566] shmem_fault+0x22d/0x760 [ 1631.416279] ? __handle_mm_fault+0x349d/0x3f20 [ 1631.420866] ? shmem_read_mapping_page_gfp+0x1a0/0x1a0 [ 1631.426154] ? lock_downgrade+0x810/0x810 [ 1631.430325] __do_fault+0x116/0x4e0 [ 1631.433962] __handle_mm_fault+0x2cbd/0x3f20 [ 1631.438382] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1631.443225] ? find_held_lock+0x35/0x130 [ 1631.447301] ? handle_mm_fault+0x322/0xb30 [ 1631.451566] ? kasan_check_read+0x11/0x20 [ 1631.455727] handle_mm_fault+0x43f/0xb30 [ 1631.459775] __get_user_pages+0x7b6/0x1a40 [ 1631.464003] ? follow_page_mask+0x19a0/0x19a0 [ 1631.468487] ? memset+0x32/0x40 [ 1631.471777] populate_vma_page_range+0x20d/0x2a0 [ 1631.476530] __mm_populate+0x204/0x380 [ 1631.480420] ? populate_vma_page_range+0x2a0/0x2a0 [ 1631.485354] vm_mmap_pgoff+0x213/0x230 [ 1631.489233] ? vma_is_stack_for_current+0xd0/0xd0 [ 1631.494071] ? kasan_check_read+0x11/0x20 [ 1631.498216] ? _copy_to_user+0xc9/0x120 [ 1631.502204] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1631.507752] ksys_mmap_pgoff+0xf7/0x630 [ 1631.511740] ? find_mergeable_anon_vma+0x2e0/0x2e0 [ 1631.516664] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1631.521417] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1631.526207] ? do_syscall_64+0x26/0x610 [ 1631.530193] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1631.535558] __x64_sys_mmap+0xe9/0x1b0 [ 1631.539449] do_syscall_64+0x103/0x610 [ 1631.543322] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1631.548507] RIP: 0033:0x457e29 [ 1631.551696] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1631.570593] RSP: 002b:00007f082abddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1631.578295] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457e29 [ 1631.585547] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000 [ 1631.592827] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 1631.600106] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f082abde6d4 [ 1631.607378] R13: 00000000004c3b88 R14: 00000000004d6d40 R15: 00000000ffffffff [ 1631.616810] memory: usage 306976kB, limit 307200kB, failcnt 5814 [ 1631.622995] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1631.629727] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1631.635903] Memory cgroup stats for /syz5: cache:15808KB rss:187196KB rss_huge:135168KB shmem:15732KB mapped_file:4356KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4432KB active_anon:198600KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1631.658144] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=22830,uid=0 [ 1631.672805] Memory cgroup out of memory: Kill process 22830 (syz-executor.5) score 1113 or sacrifice child [ 1631.682668] Killed process 22830 (syz-executor.5) total-vm:72444kB, anon-rss:2188kB, file-rss:35796kB, shmem-rss:0kB [ 1631.698786] oom_reaper: reaped process 22830 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 03:53:30 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0xf00, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:30 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x400000000000) 03:53:30 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:30 executing program 5: clone(0x4000003102041ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2f) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="052fc73cb00040ef426bec5dff000700050074aef6ad36368fa7a4685c872416f5f7e1159b952a660200000000007280ffd9b3feabc20831aa"], 0x39) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000000c0)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:53:30 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='pipefs\x00', 0x0, 0x0) 03:53:30 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:30 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x10000000) 03:53:30 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:30 executing program 2: r0 = dup2(0xffffffffffffff9c, 0xffffffffffffffff) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000000c0)={0xffffffffffffffff}, 0x111, 0x1007}}, 0x20) write$RDMA_USER_CM_CMD_CONNECT(r0, &(0x7f0000000180)={0x6, 0x118, 0xfa00, {{0x4, 0x7ff, "8107dc4cefc8735db0d59b1e7cd66c58efa76c554ff6d350ab88e94d9f1c62b5390d6893a13dd3b63e3c27ff86f27342ae6cecb4056d14b35fb8f57375db04831d1db0a93ec34b64ec2150e51fcc83b6c84760f859889572d8a77aa2b6e17895494392f3f3a00a275787eb0df0ef367236612abfaade51c36e95aab9925e462c88e5f660e0abb8406db4ccfeebafdc9aac5aa15f50fc78a3fc16eeecc5175d0b776c74858529e1e538c03962b5eabde9bdd9a9542e6171e329d32da0daadf7868ac8068510c60b9b8f1d544de3610df6a457cb4dea4c01e688ce73db1ef02443934f3d6f470c03a6c5d7cf5fd0c6cd5d7a79236432710c20810f07141ce0a756", 0x9a, 0x0, 0x5, 0x7, 0xad24, 0x6, 0xbd39}, r1}}, 0x120) openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x17) r2 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:30 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x2000, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:30 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x60ffffffffff) 03:53:30 executing program 5: r0 = creat(&(0x7f0000000700)='./bus\x00', 0x0) r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0) ftruncate(r1, 0x2081fc) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f00000001c0), 0xfffffef3) r4 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800003, 0x11, r4, 0x0) read(r2, &(0x7f0000000000)=""/250, 0x128b9372) fcntl$setstatus(r0, 0x4, 0x6100) write$cgroup_type(r0, &(0x7f0000000200)='threaded\x00', 0xf642e7e) r5 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x4002012, r5, 0x0) 03:53:30 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1632.007711] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1632.025133] CPU: 1 PID: 3590 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1632.032343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1632.041708] Call Trace: [ 1632.044396] dump_stack+0x172/0x1f0 [ 1632.048047] dump_header+0x10f/0xb6c [ 1632.051770] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 03:53:31 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1632.056921] ? ___ratelimit+0x60/0x595 [ 1632.060840] ? do_raw_spin_unlock+0x57/0x270 [ 1632.065261] oom_kill_process.cold+0x10/0x6f5 [ 1632.069769] ? task_will_free_mem+0x139/0x6e0 [ 1632.074311] out_of_memory+0x79a/0x1280 [ 1632.078295] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1632.083405] ? oom_killer_disable+0x280/0x280 [ 1632.087921] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1632.093046] mem_cgroup_out_of_memory+0x99/0xe0 [ 1632.097745] ? memcg_memory_event+0x40/0x40 [ 1632.102111] ? _raw_spin_unlock+0x2d/0x50 [ 1632.106270] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1632.111382] try_charge+0xfec/0x1570 [ 1632.115106] ? find_held_lock+0x35/0x130 [ 1632.119184] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1632.124046] ? kasan_check_read+0x11/0x20 [ 1632.128226] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1632.133084] mem_cgroup_try_charge+0x24d/0x5e0 [ 1632.137679] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1632.142625] __handle_mm_fault+0x1e26/0x3f20 [ 1632.147054] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1632.151928] ? find_held_lock+0x35/0x130 03:53:31 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1632.156006] ? handle_mm_fault+0x322/0xb30 [ 1632.160268] ? kasan_check_read+0x11/0x20 [ 1632.164488] handle_mm_fault+0x43f/0xb30 [ 1632.168566] __do_page_fault+0x5da/0xd60 [ 1632.172649] do_page_fault+0x71/0x581 [ 1632.176497] ? page_fault+0x8/0x30 [ 1632.180048] page_fault+0x1e/0x30 [ 1632.183507] RIP: 0033:0x40f98f [ 1632.186710] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 03:53:31 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sync_file_range(r0, 0x4, 0x8, 0x2) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1632.205619] RSP: 002b:00007ffee6aa56c0 EFLAGS: 00010206 [ 1632.210990] RAX: 00007f3c7552e000 RBX: 0000000000020000 RCX: 0000000000457e7a [ 1632.218267] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1632.225542] RBP: 00007ffee6aa57a0 R08: ffffffffffffffff R09: 0000000000000000 [ 1632.232818] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffee6aa5880 [ 1632.240097] R13: 00007f3c7554e700 R14: 0000000000000003 R15: 000000000073c04c [ 1632.251540] memory: usage 307200kB, limit 307200kB, failcnt 22114 03:53:31 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1632.263675] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1632.302870] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1632.360814] Memory cgroup stats for /syz0: cache:0KB rss:96384KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96372KB inactive_file:4KB active_file:0KB unevictable:0KB [ 1632.416222] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3590,uid=0 [ 1632.437631] Memory cgroup out of memory: Kill process 3590 (syz-executor.0) score 1106 or sacrifice child [ 1632.450439] Killed process 3606 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB [ 1632.461334] oom_reaper: reaped process 3606 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1632.504943] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1632.521446] CPU: 0 PID: 3598 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1632.528576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1632.537950] Call Trace: [ 1632.540565] dump_stack+0x172/0x1f0 [ 1632.544227] dump_header+0x10f/0xb6c [ 1632.547973] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1632.553105] ? ___ratelimit+0x60/0x595 [ 1632.557017] ? do_raw_spin_unlock+0x57/0x270 [ 1632.561462] oom_kill_process.cold+0x10/0x6f5 [ 1632.565990] ? task_will_free_mem+0x139/0x6e0 [ 1632.570527] out_of_memory+0x79a/0x1280 [ 1632.574517] ? oom_killer_disable+0x280/0x280 [ 1632.579019] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1632.584163] mem_cgroup_out_of_memory+0x99/0xe0 [ 1632.587073] audit: type=1804 audit(2000001211.540:162): pid=3629 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir186871136/syzkaller.y1AeaV/2320/bus" dev="sda1" ino=16708 res=1 [ 1632.588864] ? memcg_memory_event+0x40/0x40 [ 1632.588912] ? _raw_spin_unlock+0x2d/0x50 [ 1632.624156] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1632.628071] audit: type=1804 audit(2000001211.580:163): pid=3621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir186871136/syzkaller.y1AeaV/2320/bus" dev="sda1" ino=16708 res=1 [ 1632.629747] try_charge+0xb4a/0x1570 [ 1632.629765] ? find_held_lock+0x35/0x130 [ 1632.629800] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1632.664889] audit: type=1804 audit(2000001211.580:164): pid=3621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir186871136/syzkaller.y1AeaV/2320/bus" dev="sda1" ino=16708 res=1 [ 1632.668604] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1632.668624] ? find_held_lock+0x35/0x130 [ 1632.668660] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1632.708616] memcg_kmem_charge_memcg+0x7c/0x130 [ 1632.713305] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1632.717836] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1632.722706] memcg_kmem_charge+0x13b/0x340 [ 1632.726979] __alloc_pages_nodemask+0x437/0x710 [ 1632.731681] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1632.734661] audit: type=1804 audit(2000001211.650:165): pid=3629 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir186871136/syzkaller.y1AeaV/2320/bus" dev="sda1" ino=16708 res=1 [ 1632.736708] ? debug_smp_processor_id+0x1c/0x20 [ 1632.736741] ? find_held_lock+0x35/0x130 [ 1632.736763] ? percpu_ref_put_many+0x94/0x190 [ 1632.776653] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1632.782282] alloc_pages_current+0x107/0x210 [ 1632.786733] __get_free_pages+0xc/0x40 [ 1632.790757] pgd_alloc+0x8b/0x3f0 [ 1632.794248] ? pgd_page_get_mm+0x40/0x40 [ 1632.798361] ? lockdep_init_map+0x10c/0x5b0 [ 1632.802720] ? lockdep_init_map+0x10c/0x5b0 [ 1632.807110] mm_init+0x583/0x9a0 [ 1632.810534] copy_process.part.0+0x2b65/0x79a0 [ 1632.815158] ? perf_trace_lock_acquire+0xf5/0x580 [ 1632.816810] audit: type=1804 audit(2000001211.650:166): pid=3636 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir186871136/syzkaller.y1AeaV/2320/bus" dev="sda1" ino=16708 res=1 [ 1632.820064] ? __cleanup_sighand+0x70/0x70 [ 1632.820089] ? lock_downgrade+0x810/0x810 [ 1632.855220] _do_fork+0x257/0xfe0 [ 1632.858710] ? fork_idle+0x1d0/0x1d0 [ 1632.862450] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1632.867229] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1632.872018] ? do_syscall_64+0x26/0x610 [ 1632.876009] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1632.881377] ? do_syscall_64+0x26/0x610 [ 1632.885351] __x64_sys_clone+0xbf/0x150 [ 1632.889353] do_syscall_64+0x103/0x610 [ 1632.893260] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1632.898472] RIP: 0033:0x457e29 [ 1632.901682] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1632.920596] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1632.928310] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1632.935580] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1632.942852] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1632.950119] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1632.957412] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1632.967236] memory: usage 307068kB, limit 307200kB, failcnt 22125 [ 1632.974254] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1632.981509] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1632.988093] Memory cgroup stats for [ 1632.988103] /syz0: cache:0KB rss:96384KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96300KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1633.010415] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3590,uid=0 [ 1633.025428] Memory cgroup out of memory: Kill process 3590 (syz-executor.0) score 1106 or sacrifice child [ 1633.035535] Killed process 3598 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:35600kB, shmem-rss:0kB [ 1633.048007] oom_reaper: reaped process 3598 (syz-executor.0), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1633.055116] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1633.069808] CPU: 0 PID: 3606 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1633.076929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1633.086282] Call Trace: [ 1633.088878] dump_stack+0x172/0x1f0 [ 1633.092541] dump_header+0x10f/0xb6c [ 1633.096266] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1633.101380] ? ___ratelimit+0x60/0x595 [ 1633.105269] ? do_raw_spin_unlock+0x57/0x270 [ 1633.109689] oom_kill_process.cold+0x10/0x6f5 [ 1633.114204] ? task_will_free_mem+0x139/0x6e0 [ 1633.118711] out_of_memory+0x79a/0x1280 [ 1633.122717] ? oom_killer_disable+0x280/0x280 [ 1633.127219] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1633.132338] mem_cgroup_out_of_memory+0x99/0xe0 [ 1633.137030] ? memcg_memory_event+0x40/0x40 [ 1633.141386] ? _raw_spin_unlock+0x2d/0x50 [ 1633.145552] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1633.150664] try_charge+0xb4a/0x1570 [ 1633.154385] ? find_held_lock+0x35/0x130 [ 1633.158464] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1633.163320] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1633.168168] ? find_held_lock+0x35/0x130 [ 1633.172243] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1633.177105] memcg_kmem_charge_memcg+0x7c/0x130 [ 1633.181784] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1633.186289] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1633.191152] memcg_kmem_charge+0x13b/0x340 [ 1633.195401] __alloc_pages_nodemask+0x437/0x710 [ 1633.200092] ? find_held_lock+0x35/0x130 03:53:32 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x11000000) 03:53:32 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x2c01, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:32 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x740000000000) 03:53:32 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:32 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x0) r1 = dup(r0) setsockopt$inet6_int(r1, 0x29, 0x43, &(0x7f0000000600)=0xffffffffffffffff, 0x4) [ 1633.204174] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1633.209242] ? __lock_acquire+0x53b/0x4700 [ 1633.213507] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1633.219078] alloc_pages_current+0x107/0x210 [ 1633.223505] pte_alloc_one+0x1b/0x1a0 [ 1633.227314] __handle_mm_fault+0x34e4/0x3f20 [ 1633.231746] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1633.236595] ? find_held_lock+0x35/0x130 [ 1633.240662] ? handle_mm_fault+0x322/0xb30 [ 1633.244938] ? kasan_check_read+0x11/0x20 [ 1633.249095] handle_mm_fault+0x43f/0xb30 [ 1633.253187] __do_page_fault+0x5da/0xd60 [ 1633.257309] do_page_fault+0x71/0x581 [ 1633.261114] ? page_fault+0x8/0x30 [ 1633.264667] page_fault+0x1e/0x30 [ 1633.268127] RIP: 0033:0x457e29 [ 1633.271346] Code: Bad RIP value. [ 1633.274732] RSP: 002b:00007f3c7558fc78 EFLAGS: 00010246 [ 1633.280130] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000457e29 [ 1633.287418] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1633.294706] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1633.301984] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1633.309303] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1633.339580] memory: usage 307200kB, limit 307200kB, failcnt 22151 [ 1633.345973] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1633.352798] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1633.359087] Memory cgroup stats for /syz0: cache:0KB rss:96384KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96276KB inactive_file:8KB active_file:0KB unevictable:0KB [ 1633.379474] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=10259,uid=0 03:53:32 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, &(0x7f0000000140)) 03:53:32 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x100000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000040)=ANY=[@ANYBLOB="0fc8"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000028000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 03:53:32 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x3f00, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) [ 1633.403705] Memory cgroup out of memory: Kill process 10259 (syz-executor.0) score 1103 or sacrifice child 03:53:32 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x7fffffffefff) [ 1633.452827] Killed process 10259 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB 03:53:32 executing program 5: read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x201, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x72647332}) r1 = syz_open_pts(r0, 0x1) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000140)={0x0, 0x0, 0x0, 0xaf2}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) flock(0xffffffffffffffff, 0xfffffffffffffffd) flock(0xffffffffffffffff, 0xfffffffffffffffc) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) sync_file_range(r1, 0x80, 0xb6, 0x3) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$TIOCGETD(r1, 0x5424, &(0x7f0000000000)) ioctl$FUSE_DEV_IOC_CLONE(0xffffffffffffffff, 0x8004e500, &(0x7f0000000500)) setsockopt$sock_void(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x300) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000040)) [ 1633.532271] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 1633.559387] CPU: 1 PID: 3645 Comm: syz-executor.2 Not tainted 5.0.0-rc8 #87 [ 1633.566523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1633.575948] Call Trace: [ 1633.578551] dump_stack+0x172/0x1f0 [ 1633.582196] dump_header+0x10f/0xb6c [ 1633.585927] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1633.591046] ? ___ratelimit+0x60/0x595 [ 1633.594975] ? do_raw_spin_unlock+0x57/0x270 [ 1633.599400] oom_kill_process.cold+0x10/0x6f5 [ 1633.603940] ? task_will_free_mem+0x139/0x6e0 [ 1633.608537] out_of_memory+0x79a/0x1280 [ 1633.612537] ? oom_killer_disable+0x280/0x280 [ 1633.617053] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1633.622193] mem_cgroup_out_of_memory+0x99/0xe0 [ 1633.626884] ? memcg_memory_event+0x40/0x40 [ 1633.631248] ? _raw_spin_unlock+0x2d/0x50 [ 1633.635405] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1633.640548] try_charge+0xfec/0x1570 [ 1633.644279] ? find_held_lock+0x35/0x130 [ 1633.648362] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1633.653237] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1633.658105] ? find_held_lock+0x35/0x130 [ 1633.662182] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1633.667043] memcg_kmem_charge_memcg+0x7c/0x130 [ 1633.671719] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1633.676231] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1633.681084] memcg_kmem_charge+0x13b/0x340 [ 1633.685331] __alloc_pages_nodemask+0x437/0x710 [ 1633.690019] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1633.695062] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1633.699652] ? trace_hardirqs_on+0x67/0x230 [ 1633.703990] copy_process.part.0+0x3e0/0x79a0 [ 1633.708500] ? mark_held_locks+0x100/0x100 [ 1633.712748] ? debug_smp_processor_id+0x1c/0x20 [ 1633.717429] ? perf_trace_lock_acquire+0xf5/0x580 [ 1633.722304] ? __might_fault+0x12b/0x1e0 [ 1633.726388] ? __cleanup_sighand+0x70/0x70 [ 1633.730639] ? lock_downgrade+0x810/0x810 [ 1633.734813] _do_fork+0x257/0xfe0 [ 1633.738282] ? fork_idle+0x1d0/0x1d0 [ 1633.742018] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1633.746782] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1633.751544] ? do_syscall_64+0x26/0x610 [ 1633.755528] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1633.761404] ? do_syscall_64+0x26/0x610 [ 1633.765423] __x64_sys_clone+0xbf/0x150 [ 1633.769443] do_syscall_64+0x103/0x610 [ 1633.773344] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1633.778569] RIP: 0033:0x457e29 [ 1633.781776] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1633.800703] RSP: 002b:00007f388c286c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1633.808425] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1633.815703] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000001000140 [ 1633.822979] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1633.830270] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f388c2876d4 [ 1633.837562] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1633.845263] net_ratelimit: 26 callbacks suppressed [ 1633.845286] protocol 88fb is buggy, dev hsr_slave_0 [ 1633.855358] protocol 88fb is buggy, dev hsr_slave_1 [ 1633.860567] protocol 88fb is buggy, dev hsr_slave_0 [ 1633.865648] protocol 88fb is buggy, dev hsr_slave_1 [ 1633.870884] protocol 88fb is buggy, dev hsr_slave_0 [ 1633.875989] protocol 88fb is buggy, dev hsr_slave_1 [ 1633.881169] protocol 88fb is buggy, dev hsr_slave_0 [ 1633.886753] protocol 88fb is buggy, dev hsr_slave_1 [ 1633.902561] memory: usage 307196kB, limit 307200kB, failcnt 3592 [ 1633.908970] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1633.916121] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1633.922746] Memory cgroup stats for /syz2: cache:56KB rss:246528KB rss_huge:217088KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:12KB active_anon:246680KB inactive_file:4KB active_file:4KB unevictable:40KB [ 1633.951552] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=21334,uid=0 [ 1634.010444] Memory cgroup out of memory: Kill process 21334 (syz-executor.2) score 1113 or sacrifice child [ 1634.039771] Killed process 21334 (syz-executor.2) total-vm:72576kB, anon-rss:2200kB, file-rss:35792kB, shmem-rss:0kB [ 1634.102557] syz-executor.2 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 1634.126113] CPU: 0 PID: 3644 Comm: syz-executor.2 Not tainted 5.0.0-rc8 #87 [ 1634.133225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1634.142574] Call Trace: [ 1634.145184] dump_stack+0x172/0x1f0 [ 1634.148824] dump_header+0x10f/0xb6c [ 1634.152543] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1634.157651] ? ___ratelimit+0x60/0x595 [ 1634.161561] ? do_raw_spin_unlock+0x57/0x270 [ 1634.166009] oom_kill_process.cold+0x10/0x6f5 [ 1634.170522] ? task_will_free_mem+0x139/0x6e0 [ 1634.175031] out_of_memory+0x79a/0x1280 [ 1634.179020] ? oom_killer_disable+0x280/0x280 [ 1634.183518] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1634.188638] mem_cgroup_out_of_memory+0x99/0xe0 [ 1634.193326] ? memcg_memory_event+0x40/0x40 [ 1634.197691] ? _raw_spin_unlock+0x2d/0x50 [ 1634.201839] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1634.206955] try_charge+0xb4a/0x1570 [ 1634.210670] ? find_held_lock+0x35/0x130 [ 1634.214740] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1634.219605] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1634.224452] ? find_held_lock+0x35/0x130 [ 1634.228551] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1634.233413] memcg_kmem_charge_memcg+0x7c/0x130 [ 1634.238112] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1634.242620] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1634.247468] memcg_kmem_charge+0x13b/0x340 [ 1634.251708] __alloc_pages_nodemask+0x437/0x710 [ 1634.256386] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1634.261408] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1634.266008] ? trace_hardirqs_on+0x67/0x230 [ 1634.270338] copy_process.part.0+0x3e0/0x79a0 [ 1634.274837] ? psi_memstall_leave+0x11c/0x180 [ 1634.279335] ? sched_clock+0x2e/0x50 [ 1634.283057] ? psi_memstall_leave+0x12e/0x180 [ 1634.287556] ? find_held_lock+0x35/0x130 [ 1634.291621] ? __lock_acquire+0x53b/0x4700 [ 1634.295882] ? __cleanup_sighand+0x70/0x70 [ 1634.300163] ? mark_held_locks+0x100/0x100 [ 1634.304435] ? perf_trace_lock_acquire+0xf5/0x580 [ 1634.309280] ? rcu_read_lock_sched_held+0x110/0x130 [ 1634.314296] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1634.319851] _do_fork+0x257/0xfe0 [ 1634.323320] ? fork_idle+0x1d0/0x1d0 [ 1634.327042] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 1634.332423] ? lock_downgrade+0x810/0x810 [ 1634.336578] ? blkcg_exit_queue+0x30/0x30 [ 1634.340733] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1634.345494] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1634.350257] ? do_syscall_64+0x26/0x610 [ 1634.354233] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1634.359600] ? do_syscall_64+0x26/0x610 [ 1634.363583] __x64_sys_clone+0xbf/0x150 [ 1634.367609] do_syscall_64+0x103/0x610 [ 1634.371565] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1634.376783] RIP: 0033:0x45a7f9 [ 1634.379981] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1634.398903] RSP: 002b:00007ffda87d9ef8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1634.406623] RAX: ffffffffffffffda RBX: 00007f388c266700 RCX: 000000000045a7f9 [ 1634.413900] RDX: 00007f388c2669d0 RSI: 00007f388c265db0 RDI: 00000000003d0f00 [ 1634.421173] RBP: 00007ffda87da100 R08: 00007f388c266700 R09: 00007f388c266700 [ 1634.428447] R10: 00007f388c2669d0 R11: 0000000000000202 R12: 0000000000000000 [ 1634.435714] R13: 00007ffda87d9faf R14: 00007f388c2669c0 R15: 000000000073bfac [ 1634.443178] protocol 88fb is buggy, dev hsr_slave_0 [ 1634.448246] protocol 88fb is buggy, dev hsr_slave_1 [ 1634.457710] memory: usage 304836kB, limit 307200kB, failcnt 3592 [ 1634.464501] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1634.472029] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1634.478611] Memory cgroup stats for /syz2: cache:56KB rss:244500KB rss_huge:215040KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:12KB active_anon:244520KB inactive_file:4KB active_file:4KB unevictable:40KB [ 1634.500483] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8624,uid=0 [ 1634.515818] Memory cgroup out of memory: Kill process 8624 (syz-executor.2) score 1113 or sacrifice child [ 1634.526388] Killed process 8624 (syz-executor.2) total-vm:72576kB, anon-rss:2208kB, file-rss:35784kB, shmem-rss:0kB [ 1634.578675] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1634.590536] CPU: 1 PID: 3652 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1634.597643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1634.606996] Call Trace: [ 1634.609614] dump_stack+0x172/0x1f0 [ 1634.613271] dump_header+0x10f/0xb6c [ 1634.617005] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1634.622116] ? ___ratelimit+0x60/0x595 [ 1634.626259] ? do_raw_spin_unlock+0x57/0x270 [ 1634.630694] oom_kill_process.cold+0x10/0x6f5 [ 1634.635202] ? task_will_free_mem+0x139/0x6e0 [ 1634.639715] out_of_memory+0x79a/0x1280 [ 1634.643709] ? oom_killer_disable+0x280/0x280 [ 1634.648224] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1634.653347] mem_cgroup_out_of_memory+0x99/0xe0 [ 1634.658031] ? memcg_memory_event+0x40/0x40 [ 1634.662365] ? _raw_spin_unlock+0x2d/0x50 [ 1634.666515] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1634.671625] try_charge+0xfec/0x1570 [ 1634.675356] ? find_held_lock+0x35/0x130 [ 1634.679451] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1634.684331] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1634.689319] ? find_held_lock+0x35/0x130 [ 1634.693387] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1634.698254] memcg_kmem_charge_memcg+0x7c/0x130 [ 1634.702939] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1634.707478] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1634.712357] memcg_kmem_charge+0x13b/0x340 [ 1634.716601] __alloc_pages_nodemask+0x437/0x710 [ 1634.721286] ? debug_smp_processor_id+0x1c/0x20 [ 1634.725962] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1634.731005] ? copy_page_range+0x125a/0x1f90 [ 1634.735431] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1634.740980] alloc_pages_current+0x107/0x210 [ 1634.745452] pte_alloc_one+0x1b/0x1a0 [ 1634.749261] __pte_alloc+0x20/0x310 [ 1634.752907] copy_page_range+0x1529/0x1f90 [ 1634.757641] ? mark_held_locks+0x100/0x100 [ 1634.761919] ? pmd_alloc+0x180/0x180 [ 1634.765640] ? vma_compute_subtree_gap+0x158/0x230 [ 1634.770596] ? validate_mm_rb+0xa3/0xc0 [ 1634.774599] ? __vma_link_rb+0x279/0x370 [ 1634.778691] copy_process.part.0+0x56aa/0x79a0 [ 1634.783315] ? __cleanup_sighand+0x70/0x70 [ 1634.787608] _do_fork+0x257/0xfe0 [ 1634.791094] ? fork_idle+0x1d0/0x1d0 [ 1634.794824] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1634.799586] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1634.804350] ? do_syscall_64+0x26/0x610 [ 1634.808342] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1634.813742] ? do_syscall_64+0x26/0x610 [ 1634.817728] __x64_sys_clone+0xbf/0x150 [ 1634.821737] do_syscall_64+0x103/0x610 [ 1634.825632] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1634.830823] RIP: 0033:0x457e29 [ 1634.834032] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1634.852955] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1634.860665] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1634.867946] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 03:53:33 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000200)={&(0x7f00000001c0)='./file0\x00', 0x0, 0x8}, 0x10) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) syz_open_dev$media(&(0x7f0000002780)='/dev/media#\x00', 0xffff, 0x42000) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x0) openat$cgroup_procs(r1, &(0x7f0000002700)='cgroup.threads\x00', 0x2, 0x0) vmsplice(r1, &(0x7f0000002580)=[{&(0x7f0000000280)="a89cbe6fd9b6fc28d17503b9bc5076d427d89e706f75e486484db2946a3a7f355b5818fdcfc6841372f508dfa83c816c1bbc6d55835dec297be608c785f64ed7788e0ae4b1b6ee8cc5efe8bcfbad6818963a68e8e6a35fc135115dd3612d8f3f09546d15da5faba9ea9871e6ecdc8adb8fcc3132dd4411ed6c795e43b043fcecaea0cce4cf8376d8d4dd06af99ed4cd6fb622560dbb2ebf54f86c8997f2fc7ecc9ee88bf5da3df88028f7be22bfb2ae5f3321987602dac1bc9179dd36dcd98c6bcc4a6350118a2cb02bcfeeecd2d6f9dd72629145a6b34563d20de3908f05d37b81272066fff0c077d490eff53d639585bae50c120789e1dbfdaa91a0d3f29cdb2f8e2ae03e3dc9e973b88fcd6c17e92c74b52a0e76fff3fbbc469a3c4e4a7fdc034c88da7e1ab45b108f790e62ea815e014ea7644fc4e6a0ad2d5b497e9a9363819a81d321d0a46cadb37054028f365c564532242bc2d5b014b74129ee1e62951f9ef52a6d061386a8940be454556636daa2f1a0c61e974af6fa837f2876ba730ddb0933fd3e868b8ba63ab4596cbca608abebc081317c616432512b340b323a65a32eb2d382d6418b3b93aa69fb1d7f4de0a6966b319ccdeb3296c641fa659330fbfc795520b1766b570142a623aa0c5adcb366226639c40ccdae0dd143604ed5c23d865c6115cf8f4fedefea718098bb0d50f510f2c5b3e6c8770f2a010c10c5d3550eb336469cbc9d31901fe61cff7108da1622779434d8f3566c1eab0571dc043099b30448c7cb6f8a3c2bf76baead42f85eb4273414e4447196b8694e3f0c630dff7440b7fd46094b1f1434abcf81a99d43189544d753e1b86ab2c769b0184d42dd83fe5fed10504316214b50d01f06a5fc78a57aa851d1dabf9c57bb1bb85a7ffe190745b69b84e507374f486649e3333f12cfc634ec081e8a1946d44596b6f7073f6a0dcb5feff20bf1b584a5d0e43198e8cf9627676871b6736dfbb2b61f3e5c8125d03644f9a1549eefa352565419c0ba63f7890c5f92058274fe94191919bbad8ff377a467c73ce29eb316612bdfe8a51bb60e2c18d7e0ec694e2f8136f32b231982febb94fb26b1c8603f325e4957e974e2e81699d41e69ac51d949d468eb904f37cff4b7d03933088887e47d49e75cf8681ad5af001941ff72ecd5dda9e84f749f08a5d449bf0a5deef91418750579562ca5a7e7aa1f01b11fdb4dac99db70e28ec89fe3bf24729bf3ee75424bb9dd87fa0c33aa8c9150a127542ca7d124073d008b27dae03daa1da5bc6a6fcecfb30fa7e2e3e6ce63a1caa2ca00cbb6651fb73c63e86c5c21194f933a9ad8db12ca152a12729119e02a645aa434d61e9e9f0c564ebb735cc60be994c665a7cff46b2860c730d868d9db5962b13d6f9806ff30ef832f4703eb723f1af73ff4e9aaed29e157a9f5930b3814d918c99feea36b7b6d4139cfc331ec09d89c0037dd6e6ccfd76e21526b3d21175ba12b3ed79e88aaeb5e3f27ec7a3213a8acb5fd4a8b41da03449d92b5a17ca3575e4a11f3a64862b7f75ac39eea9ad2982dfa26c2caeb153875d11cd363c0066ea4dc7917384bcff2d942e977ca052eb080d427c2bc53152757bbf64fdddf781dcfe2a5ec0ece165fb57bcde6b898bc5fc4a724f6854b3b41f4cfa97198a6e85cb21f686f33006b0cfdfc2ef5e2a85d9a3473ae0edefa649e8055a0c71ee8730fbb77ddb66f011a023a62c5a73b2b7b3469aadac2973409a4b8109632e91db7055d20d595d90ba0defc5c25efa01923cfac94609eaad6c575db8b4dc11d225674b1ae26fc2914eae53147ac0194c0ccbaaa0cfb28d77301a2c4a9bb76369fd7bc8eab4e845e844d062c57d2b6fa2cd479b205350f92028023f7add13d6eef20a7b1c5cfb8f80b3541a7bc64df98302fb9b88a1a0aa8b20e70e40032a48b43e8f21954ed51f5d47e03f41acc43952c2035a10325d100bd2ea8096316f7d16656f7fa654d13630b9ad51c1f8c2f82e657f0023d3c8d38f7263125647bd738b80ba925a2411d4609ea43f7c909587be685e170ca946dd8992d00a4d5a63e0793b828d7e11d898fc1792d2e7414c539aadc61750dc39793e70b2635d4ff6707ec52df61018bfed9d44484cc92f0d3dd06c3736fccefa548e8b393c2e31a89816acbedc0685ac5be6203395e37e77eea6cc5810f9a8949c63e3f0d67d2519c2bf91b70ff801b89c7d3d9505e480671722034ae12266b42ef76f51436f4c0ac92539f85a7119d4bfed2f213533ea1bcafae0a27e7b6bf7aa611fc9cfb9d4f6007bd0938834868cd66241f4fbaa3c37480851c750241325bceb5bbec3546860964ac87c160dfdac469ab988ce7214f9139f51f03adf7afc8653d1edf62bed53dac263da64a1430d2d5abaf2d9bf90356620b4029935c750c085b32501514ac7d1872553abdf9d1cca9989c06439e4d6043265448fd0fa3c9dca4e8d0e914b3e294a1c8ac441ae9c255aa36b091f3cba7ffb44c27768608114a152639546604997ac5537582c82c22a5b3e5a18fe1e8fd31df04f0517e7729c012f0938f0efef6676d6c7108ed50e84ae03069703d799cb7973d852bca52b2cdc1789170f47aef9f392591cef7cc444e9055f1605cd460b5b6134c1a17a04812c448cdae910fceeef612cbd61eb2d88f81072dd4a7aed430d467b3358e71404077c6e3f9661a0a046841ab1040c580d00bbbe834080d8026392639c6a5df6cc6f9df902ab85ebe705aacd0d97da097d3aa7ec68bd79e6d6dcbefe630542ed984d41c832dce9d8eaa5b0d698e80be6ae0765f367ad168319948b7f63dd3cae279d84095796a862ed69a2e4eae3a1306d5677a04e0654446c8fca1cad970a822c98beb6c251ddaf4500b6d61c9c7934e1b24591e026dce808000a6d4301735f4cbd2b49a87262ff090f9f7dcd16ef806eb49401f07a3d438a133ced18edc74e4cf5606664e6f9471791a769e96a7c92c871256452471d857e662ac855eae9d152d022418d48ae665db7193e3b474ed5eaa15fda705860fea3ba47722565f587916ce9e6f002633cacd4c4567435118391429c8252bffe79c3a490663c18b93b507c51ff2ed04a49fd3c5cedd4b63f1de3fb90d22cedc750e5c8a82848788e846b9c0377a53db37962a7704733e9921850da423c726f1332e13c6c00fbab0dc7d20ac52848cf0eaccee111a28c61898248e126527c6c8fbb013f5addc365e027833e446ecb3b592e06cf6a2ebef1a437dce68a9775538744cffa034f0ce3ed39ba95d847e32aedae702d53b64ce11e3ef9d57d90828c4966326e532e4dc8538d4abc42a2923cb8668ea69e002fc68aeca8f0616986a1a179435b531fd24aeb91341ad4bbabb390b431d49d83f4d8ad142c902b3a40acd781834d071f5522b9ead719ab98ca6048c67579825800fb737a35947380e9c79b2fb620ad161219603d60a9cbb4919a6df76d55fdac56b9dcfd2456db6705fc1755a45e701e8e4fbac04928886abc3ceab53f47f5658a34a6177d7b0fe0c2202af787a923a49f1bfe9620cc4881d2d410b47865561e0508041bc78ec84968c8a711106044ad0dea5756f1e5da28fd015777c1ac0d67749e6f5d612b2aad2c4422300bc5cecd3400de3d841daebd735f2b71e980d09c3817ca9b411f883ff5f9ae0642fcadb693889046dc7ddfd5262aef37d0d5533e12eff8c0e3c25d90a9e68024f658c34c973a48b68466a723ba6450e779f9326fbc4b7fcc437aacb5e1889b99b53b41e1856838f9d258d9d3ada3ace19022cbd53645a3289f6b1b9b1207a3d3dab1679a45c849c06f96fbd867e30fb3c05d8996818fac29af850e1efbae1fec5d971d5397408a2ece469869afb362740dbe9cab65dc24a562a902f9c31d3b8d7087b91bcb7fbb37836662ffe2255cd7cb4bff97dab09e8fd8bd4e9b41d04dd45908cc9336be435598188df61ab311a44d6c4d19644c083b5281b80716c5523c3f69d555df0323daf964a3d0eae0be85d87b0c02b7c6192f17c65a212c87910cad5681cb4745de9ca50748d00f03a67de8539e3a181d0bd82702cf5b41b5e6f1762ab217a4f2167cff273029cc021587f46087823d3c71259d0ffe1c7642a820e17d493f53a98539621cc190dfce360bc708f18ec3a3a631cf50e85c60f609df4fe451199d8ad2ede5e10eadd8ca6e317a79b29661d0b4f1b1d0008279095d530e137d5be16c20e0438340bad18b6350c0fb1a122b4454b7bff981d9168735e5c214def2ce1fc7fcbe0d41cd590ce4b007f3dfba163ffaf1ccf7e74cc77e5512f7796212b13beefe39a471e035afc8ba2956b5224c13bc68ac738093f23108b603be8adc681f0c5163daec7444017a918335cf5f89861aa056094565f015d7462efc20ab1db55c3afb60482cf63d3b0972047486d34c60a62a6e50b198b615b6de2d01ab246f74fdbe022bcd5d992ca79d839126b5135078a829d55c6eef33204dc32ebb821c79f6424ccc717ba2b392a0b21981561d45c659ea5cb7898ed5780774bf851753e982afae250f86502edab4a2236408964bb6af4272b79458ef658a3dc54ad0aa86395858f4bbe6c9f0d74c418339a76039645bf03822426d24198c02dca07a643e260f99cc2f7cc268c6088de9143771476668daa953d4fddfbf626e8e25825f006987c7cf4e2fd63115708110e3a15d649d8447c26c8f549b265247aa4d62d7418aaf44dd304654a51574a069f0b88dc46ffb66d4af91808eeb193d509bde45bd9e07b808278a4ceca2912d93fb5cbc4535f74afc8afd441195123e97aa4517a2f8bfb8646a64aa5b62232b4665f82cabc67f770a4192afd66c1172d97129d8ee49dc4bfabf3d2c740c9c59c5e5819b4b91bd9d6df9f90caf61e8217e61c635baeacea1bb6bbb2f0bbecca6aed7a3222c11847f0967c56d41a50466b9c8571f124adee06b3ebaa9e0e4c511bf038642cf234856746bfd8fead2549680d6e22c999b811d8018f07879eb217d90a04420950d76f7f52d2585a1b8ab59a7869f0a5e2d487687811e432e59381405eff53751b13a874948578c2a3f29eddcf150c23ea821c50294f8f3a55c226d5ad691b78e0184301df3b77c3a682a5292370f8089837d3c332dbb753196def9f866dad9368995ee04d0a6df5fe41cf43f45364abb7ed9692a3139c6fe3bebc861e3bd017f4e6c3f4b569b6d605f20ae08ae84057e0fa16beb4e420d405aa1e1d263f74479445321b0ead41472a208bc05e29bddd647f205ca6337351621655ca851ad27dbe4581e525322d0e6e9eccd52d3471720ea14af4d6600f114df29968c6fdba797bb74b33dd92eedca2da7f3cc421f0038126f15c8f00db0228b856d17d6f428f3f286ddd40aa7c6f18160e103a8f32ea345bc9c077c7d5460565bcfbeaf1ceac00e6fba2d1cda0ea8b897fe5ed69a7c70aa092e42301248647681ac2784518a2799985ae744021d0c315eff0dd53ad0de9d9a515f9ab6204242f51367caa956e7f15d278f082a9b3493056d1e7ac5da42bd51653d34a6d7f5cf652cd8e1a29ae83fc69cd6ba86d5ed51829615c3baff8c2e934a6f92ab4183d4ff8a9ec13c49747976751b7dcfd1f95a97f17cb1a9b5e381fd5b493b37c1b704d09cb8619fe013cd91ee8fc7a848ca2960fc07ed6950209a9dbd89b6fe7e320a1532334a00f3dd9f621ef1e016d75e26520207b648caf174066e727a06a2f966876cd94dde6a92f5afdd0ec2fdbc120aac03cede0bae12c1934148903ab384bd270fb9a6cb", 0x1000}, {&(0x7f0000001280)="c4c503cce9bff964bc159715cf2f359eefdbf9e7c6baf26eca5701e51969a0b9017e993fbffd1a", 0x27}, {&(0x7f00000012c0)="83", 0x1}, {&(0x7f0000001300)="26a8b61973d7bc7b092dafef9f51f5d0de55958f7e851f58d9ee9c9d9a06d508832f67e5a8ae4c59f56da80a5c14b2178c7d459aae95c1d1171ebd421d28a4e1420904c831cfad2b310fbfdd6ca77b4900115fb13e270ee5a9ad2792c2ad41c5ccf2b6a9a2d7f30068d8539058568adf3e786f012bef1b96a6d3f90fe1eeac5a5fed37bc20c98ea684b6f2c1e0c5efe89f8cd9e81325245edd53b81de1b84f7f037f0a4e6d34ed573100072466fefbc20f4496b758478e794502238c4f742bb4b285fb794145f714de776755557c05e7936be0e6956b60209c708b7ae200bdeb0a53d7122c04befe9e22", 0xea}, {&(0x7f0000001400)="73bd66eaa9512cb527d590e89961969a20e6527c10cec96fa7f0e188a02524d77832a5ddac868b231a9eaefd6a0fb297927f99159af19c0bfcd980ae34bd5a4db7f19516f3e9950282bcf5128d6b07e1f79123c196ab87cac1dd254798cbe4c76fb2cc7bdb64eb0c34ecb95d900eccb2a67859e79b62be4bf44751279fc18e5d6b0328b72a", 0x85}, {&(0x7f00000014c0)="cd7228946d45720b1e31cd9d90dead36d2c711650bffd1f184889499258a0d76a79e7bf8074c07859bc47b1633d7497bbe67a733ddde56df1d01c4f979f425cb3c05e7b1c9f284d50fb4de430ca0dff38f09457e159edbeeee543f8243738b41e98ec13e3e746e42becd268131296a9d93e9932ab2a3bec5e3f49b8a6c72c8f242db1c24f12502ffcd3daedbf117c4a7bbcacef670063ae4788b78482beedc8b6c6302ec35a3f402e326456671eecf1b5dcd", 0xb2}, {&(0x7f0000001580)="79c85862b2bfc0da5ff569f5bbd2e56a4a546f1ce6263305cee37cc83dae63dce56cedfa6132dcc21545c78abef8dd54994eef785ad87432f4d7c3c9aff6e70c7fad1ea87756ae7d2be1446b4d2040c33d5b95327387581f0fc2f4fe2667953c77a286bd35be4ae22a8c42f7a3de30234e1df99565cb9d9eeebbdc23d3d08ab7e4b9af00e4c58d75e4157089a311545a6fa00320e3ceb6af2297fcbf3c6ebf04594ada5feff256b20ecccf0f26af1977257fc99a49b42cb9ff9454cf9012783000543432a66cb25b193c8fc1f2c6e7e3d085761462f71a94badffce0990c1d2c158b01fa8f4df371a9700b36350fd01afd56af102d3dfd43a52f2283814279548af87108cabab14757833a7c7e6a93f69f5cc9164ebc1398ec8cf927f35af5e0b4cfc72c83d1cf8532830a51592648c5737f8dd34ddd42ab8c84ecb76c4698037871c7211d3785fbbd17f26177ac60f6be17409e418cf0a01937dd1eebfb55fd1d8a1286c78a7a42b41145b0f339f50144599918e0f754f56af54d1f1ceb77fb08158cac61e0a70289fbefc9dc3060998496602759cc60ef343009b8dbcbb115e9cc0c07499af8d0f6d4646fe7d0db047664680c2d8d82345f449e96218cbb18481703522ee2d9b6c7753bf34b8919c53885eff8adbc9f89a595fbf76825a3c539afa378d95c700fba861b02c74ad60fb0eb9bb5d8d25a93509d00157bb3256ff5eb45044faf8171cfe619b045bf81edc3ccb63e2e4cebdab1f517230fa81d37b5643fbdb2d8298560deced544184b1ae3b39d05db5ec3e749d93fd52050964e0057f8194c9509308818f150b9597b3bf77b55ee6784a873cad975c084e3d1dabe177af25e02675095832c99f1d066a0528da6f9adfb90492531da835f5715da6d3154fa4abdb9693b31800b18fa40104af78ee785d6129bd94dc49fc0c33ce046a33ed77d08498bd1789b57d91b8eee707fff808fa1b90892ead38bd77d0d53a6fd229eca7770adc1a23c427551af0a3642ad691ecc80c872a3990ec4d640fe7ee785d4be3b32849e151e9f08bd8013653dd086468f0c92a6b7455770864f2f598b4b8ba82f85685f20ac26c4952b4beebf858eb87c68800623b6aac2bdf08142f7fe5caae0a8051741b709eaf68cedbc2b79a2b4cc6de4655dbe68e2614561a6e4ae2c52cecf6c58550f74e4f16a94a5af6825564ad8ae60aa9b739233ad0534698320a818cb00f70455f32a18da7136882dc8af729a53dd8faa20f3e6b11a6f19ba2aca7d80c2cd2f8333a9a71c8859fb05a1d88c6846ee27e8ed52b1fdb8811119ab1e0ad2d0b3ccae3c4c21bafbf7864280646ea863c2ae9787532e18ac788306c70a0ae36e19d79bc6c4cc7f51ac3f1502951f6ddba30ec2582eec4cb71fc3ef0e49c5ce0ac3626d753f246fc594de0fdfa01f2a66b4a8cefa6bb9d269e0714519213e6002670a262d274b8ac593c29878192b64e5adfeb7cdb280ad7462f211b47192322ff641170233dc83280732efac194a6a4d9a12381f2f8ebbc69d60a452fe24dc286a806086b3b870f54d429a87ffac622009586a8b280a60607feab3b7d5d7bca795795ae132132170d2eaa7b16c94f27df60f27659c484f8fd67545dfa1d8f8fb32ab64ee383e0194ce0d1f95888d65ca9c0c04a48340f61ce051145136e1bdf05edf77a246ceecf534d7ff802fc77e9caa288c33201efb78127179a082cbbf3ee6ef478858b9cf6b3a1f7cb3c29a54089ff45afa1ddaa6ed82013a5fbf4f88a80c231ada536efd97afadaa74e55c60a85788022e397b04b669d3b68de8e9aafbdf4f00a715faa743e8dff2d5badb46f2ec3a96fdab349f30c3b66062f089d82587e9412c1f628ae4b60f5b2f80f25aa4d39050dbd874da01108d07aee74bce0963b9b240dcafa121036de6eae20bb782dfb0d8d10c02e7ca8198cd42b68415c240b67f2f2053564f1f04796b333d58c2cb4c231d9f23956367d147529215990abead19125c28360bbb4f18f9ac0ebd5d58f11447507da0a7787c39726458fabd1fac81e995eed49bcb48776b9b0f901d9afa530ad5f3d4215eb7f7a898fac876a0ff1bb74bfb9031013f3a28131c1f9ccd900f3b6f09d43e84f4494731435d2138232804a23a62ffe887a212ec279577d0f5106c8b50277fa8c859c87fb72c147406c54e4ff376fc3dab541afc904d6daa76d653d62ea620c6efa6fcdf9e4960ca88015ac92a864b70d8b8f6825d647c3449426f196b19aaa7a51ea4f44ffd1d0641058f0048396fe0206ca8cd12b282b231b31dfaaf18829349870829420d1e8d05deff1d96c87b8c1911e66d1b6ac3c0f78431afcec7b84130b8eafd666d4f04e34e56f9224c9c96577e619cfc62341cf6cd48a018eed36c5fa1171d883627ddb977c7ffc073ede91304391fc67804158a38a9f4f64e54867f004c4257b62597f5dc851df664a60b0668633c8b78be85c865b7ff9a8a66a7461fdb010b185148327f4779709da34ca489d1d5960dfa2d3dc7ab4598564351fcd9d9f3a918f4574897573b78465b56a8488890fd54d73c0139e56d4b6c896eb64cd6e5bbce335df2ff2f0ca599e03f43a2699733a6e95524821f346f17094caa3878450b05719f4f2495de1703c8585119040155f754a5086f3f0b05fea24397ad5592780e91d2b2d8c917a2f30162851e41e37034fa5923038934bcc78b31ed7c01704641f1ac0224a39439b27ec89c6039dd570b41df54be27cbd4245d299d0566ad6a06c5eecf37aaf74239f241524a8322d40b16d8b58a83cae78bf486b655bbbe3588b8bb95b958fd4a456d59ffeb348a9b1a8271ba127ba9b259cc785358fa78d695366b9fdac1df35a646b5bf3fcceabe6870435c79cfc51a1716208516ed29cf532ca6af275c9a1a34228cc86775e883c7b2efaa526c4b0f99a5124d50e1835873f4d658b884e0fd7c6dc9a8df5ff304589cc46c2d6e38e1e41ed5888bd3acf555df0c7d292459976f0090efbc25a0db82d667b0bcafe60596ac91b11a98bc2d696c5b6a57bf3282013c4e97b1a9e5dfe6b808a905aef8bec2baf00982fedf2dd1fe825b7eccb4ba073864eae4fe5ed4c2753bef723e0faee35a24e6405588da751283e5e4be6f0443047d9645d3795fedb9f6a2ec315910c5cd3bc85b73c530f3981bb6b5a71a9263170e979dc3d628f849b03fc76827c403869e11eae89af7eb1e65bf110c9ef54ef023f6b5f4f7db0bb22d38e77bd9ce0812a656d65d5521e64629ba2478903907002924bf35b4a2d469b7de581c53e86ebaa18d15aacc9fa95ea8cb306f63afb5a5ab7bb18d6dfb16f9bd3c10b71e6b6323b3e884e06b0b56a1ce43b4a7dfd68430c35e5a606abaef821dd3296ebdb0dbc1fc6ac8b0cfb8d0d91efe08f7282c61ec54d93aaa961004a66d9450c50a9e0b6ff29a6e9765b41243aa07d81253929f01fd93721a3186162623057ab33cccc454e29d622a09644662c55f84505513773bab3deb41aa802e1a1bf224efc46ea7879b2bebd74b87f0bf6cce6b04d34c1127535a0a3ee3fa2a4dbc1e40ea64e11e94058b990d0a1719a54bd5e35ba1da42cb22ff4bc740a639cb7224e6dce1c252788d295d625ffea0f98264e3dfbd13c04a65f0daf9326037befcb43eee601b2e8db77fdf7d6a3c5b8ffe703755669856c7ba8dc19f46e6211a19ba47d922bd7b2ef903752a630332829997fef0edc5b219e3f3b56f9ed47c99fe471379c1f6eda4b6d94c8430bde795324430c389f1d3678a64dfb034966bbf83706b5306c1d2743aa5bbbd030a05dbfe261930c2860bd418d1fa619cbd51d6afd87611f437b1748a89671f0f866623a34c2ad44baccc55439fc202058c3aad13810f6a56ecbf08ecc6d6a76f14ed898572b15771c5aaf61e4dd5d1b63240f868717d64c396060230d558ea6cb4f8ada83bebf5a56c1a827fe98af8e2cd8d5594be14f309853466b26354d4a1b5b8bcb156e356e125c6d00ed3fcd6c14cb7969b6f963def82e0fc12c064a02926f95375b25c5881c3333c255543b6a563860bcec5d85e1a6a1ff5d9a4755c97320487da2ac7e5ce70ad9f25aef86c056eb55fbb8013d7bef5d75870ba510a91851aa65322c0a4b2c8f717c8750f002604269e748a6084acf7ac75f49f0fac4fddf4138bb3e0ce03bc677defeb3228b91904c2180ede379c26aabfbd9db2656df25e201a637f55e7786874d3e5e9d1d9fe0983f7cdbbe885266dc9bf0c5091bbd66558ac1c783797b7d914e226716db874ba5b1ed537bcf57d359d908de43a86c975ea004084d0f662970496a3ef8a7182db1cb223ee28c169c0fc1fe113935d283052b4190e690680c0e0a49da5fe54d0d0d3afd645a7c589ac62fbfaaa485db20b236506736a8901aa34571dff489a5373b572b59dc03a9f5839c8bf624dcebf08d2e1b2207a395d3542f4246bb602d0fd77abc107a8a721e93ac88210576ba56737c49e5fd1eb7f403c494ab3836ac843175a921120bfe056af96a8f27a3d8193250eabe0c71d02be6602b63e569271f70dced38d028b7fea60816415962beb9c9d5a16ffcbfd4e3f8eb2720c5139e98c5c672edd404cd51d1e4d206a198fc0943cc8289044d9588df72e9ebc84282696e9c9176f7ef9692b13b99de47478bd50b9813706fa4301524e6f8bee81f8d79f24c376517808a7d7228dfec3ff11d7a67f69ddf739d48ebe049ce2e4192097d643d3c3836455c688ada77b45151341595545612db76d6f7fcbb0d0cb617a9daa7495e26b36009004db09b0076bfd93011bf15daa422c5421d72352b7451a5b149d90f5a62aff6dc4e8a548f80c6bba8dafcd8f17e8cd6ef1f70dc558d1a4223c03a75bdb4f53cc7b53fdaeeadca9641cb9cab7ea92e4f31d7c04d95e97ddc38d62eae70afa323cf7980b7712d58897f9d23895b95c73391e0f0e79d11a05e14b571e6deebdc1d4a7af48047c9dd65490df7f28d2900943ece6935d20901eb65e08c629ac3c3c86cd82973d4a0c611c39219da9e6733a60e61affecc59d8e7c7f69c85f6fa220edc00feb22f15c7357f7ba8842cc39f1701caa0877cf9cfd1b5b9d4c24c57c5f42587e10ed739fef85f082604cfa1b1c2fda6ad418e9fd8ace9c782a7d1d2235a20d1058950b522aef88abb41ab3619998959a7ef93b78eed8afb33edf866caced5141b937e5146d4aaec8b69e5fadaac04e69864b474ddc3c8e3c851336dd727ad1edf2b80eb683b046a20a1ac66550fe00d370fcf685301c1a8e6e677725313c2ce53b66272c57e5956f150b624358687eebbc762e15a6860fa493403e607d5c73e7911fd13cc06d190ff67e3ed93c0111f1f9fb87e7661a6cea729049927160f2838e86d75e12b1db6db4a7f1c93ffbedcf38d593dd7e592a07f52aab72f224c1687f1582f0892a1ada7fc72b6cf15f7c7382f8732b46ffb45fe86683180e0f8e6aca72915f5d925723c5dd699fd5ed3a861ccd719bc6856eba99cfcaf38447429308b98c61bbdb871eaf3078602487f17d9b4716032aca144c220692bb0970bb239841f84c509458189136195afa6bf1ee239e5005ac448e828c3a03b573336ef5e5cb615a8f3691d49db2cba34df14581bebe1a88542e24db857551c6f654d90a837867f41831380bec19aaa47952144f37f3ac41886b822564bb3662b11c502434b58399d03335dd34ab280ccf6f5381adeaf0765ffd70c06bd2cd92a6b8540ea0e4d8314b82d336a25c222e858edcf75ded1eb421a013c654bea223053793f8", 0x1000}], 0x7, 0x9) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$DRM_IOCTL_GET_STATS(r1, 0x80f86406, &(0x7f0000000140)=""/72) ioctl$KVM_TRANSLATE(r1, 0xc018ae85, &(0x7f0000002740)={0xd000, 0x5000, 0x4b7, 0xfff, 0xffff}) openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/checkreqprot\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000002600)=@assoc_value={0x0, 0x8000}, &(0x7f0000002640)=0x8) mount$bpf(0x0, &(0x7f0000002800)='./file0\x00', &(0x7f0000002840)='bpf\x00', 0x0, &(0x7f0000002880)={[{@mode={'mode'}}, {@mode={'mode', 0x3d, 0x81}}]}) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000002680)={r3, 0x4}, 0x8) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f00000026c0)={0x1c, 0x1, 0x3}) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r2, 0x800442d3, &(0x7f00000027c0)={0x9, 0xffff, 0xb8, @empty, 'veth0_to_team\x00'}) ioctl$RTC_PLL_GET(r1, 0x80207011, &(0x7f00000000c0)) 03:53:33 executing program 1: syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r0, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1634.875219] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1634.882502] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1634.889771] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1634.909998] memory: usage 306780kB, limit 307200kB, failcnt 22151 [ 1634.921849] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1634.951539] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1634.962836] Memory cgroup stats for /syz0: cache:0KB rss:96240KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96180KB inactive_file:4KB active_file:4KB unevictable:0KB [ 1634.997483] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=10291,uid=0 [ 1635.023307] Memory cgroup out of memory: Kill process 10291 (syz-executor.0) score 1103 or sacrifice child [ 1635.034747] Killed process 10291 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1635.069730] syz-executor.5 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1635.085849] CPU: 0 PID: 3689 Comm: syz-executor.5 Not tainted 5.0.0-rc8 #87 [ 1635.092974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1635.102339] Call Trace: [ 1635.104946] dump_stack+0x172/0x1f0 [ 1635.108600] dump_header+0x10f/0xb6c [ 1635.112318] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1635.117430] ? ___ratelimit+0x60/0x595 [ 1635.121320] ? do_raw_spin_unlock+0x57/0x270 [ 1635.125745] oom_kill_process.cold+0x10/0x6f5 [ 1635.130252] ? task_will_free_mem+0x139/0x6e0 [ 1635.134767] out_of_memory+0x79a/0x1280 [ 1635.138760] ? oom_killer_disable+0x280/0x280 [ 1635.143280] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1635.148418] mem_cgroup_out_of_memory+0x99/0xe0 [ 1635.153096] ? memcg_memory_event+0x40/0x40 [ 1635.157430] ? _raw_spin_unlock+0x2d/0x50 [ 1635.161616] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1635.166757] try_charge+0xfec/0x1570 [ 1635.170476] ? find_held_lock+0x35/0x130 [ 1635.174556] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1635.179429] ? kasan_check_read+0x11/0x20 [ 1635.183604] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1635.188460] mem_cgroup_try_charge+0x24d/0x5e0 [ 1635.193060] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1635.198002] shmem_getpage_gfp+0x69b/0x3520 [ 1635.202353] ? shmem_add_to_page_cache+0x1200/0x1200 [ 1635.207467] ? lock_downgrade+0x810/0x810 [ 1635.211628] shmem_fault+0x22d/0x760 [ 1635.215347] ? __handle_mm_fault+0x349d/0x3f20 [ 1635.219947] ? shmem_read_mapping_page_gfp+0x1a0/0x1a0 [ 1635.225238] ? lock_downgrade+0x810/0x810 [ 1635.229398] __do_fault+0x116/0x4e0 [ 1635.233035] __handle_mm_fault+0x2cbd/0x3f20 [ 1635.237473] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1635.242317] ? find_held_lock+0x35/0x130 [ 1635.246400] ? handle_mm_fault+0x322/0xb30 [ 1635.250656] ? kasan_check_read+0x11/0x20 [ 1635.254816] handle_mm_fault+0x43f/0xb30 [ 1635.258885] __get_user_pages+0x7b6/0x1a40 [ 1635.263163] ? follow_page_mask+0x19a0/0x19a0 [ 1635.267674] ? memset+0x32/0x40 [ 1635.270984] populate_vma_page_range+0x20d/0x2a0 [ 1635.275781] __mm_populate+0x204/0x380 [ 1635.279679] ? populate_vma_page_range+0x2a0/0x2a0 [ 1635.284621] vm_mmap_pgoff+0x213/0x230 [ 1635.288524] ? vma_is_stack_for_current+0xd0/0xd0 [ 1635.293370] ? kasan_check_read+0x11/0x20 [ 1635.297530] ? _copy_to_user+0xc9/0x120 [ 1635.301513] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1635.307065] ksys_mmap_pgoff+0xf7/0x630 [ 1635.311050] ? find_mergeable_anon_vma+0x2e0/0x2e0 [ 1635.315992] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1635.320762] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1635.325525] ? do_syscall_64+0x26/0x610 [ 1635.329511] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1635.334889] __x64_sys_mmap+0xe9/0x1b0 [ 1635.338802] do_syscall_64+0x103/0x610 [ 1635.342699] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1635.347902] RIP: 0033:0x457e29 [ 1635.351104] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1635.370011] RSP: 002b:00007f082abddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1635.377755] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457e29 [ 1635.385058] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000 [ 1635.392336] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 1635.399600] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f082abde6d4 [ 1635.406867] R13: 00000000004c3b88 R14: 00000000004d6d40 R15: 00000000ffffffff 03:53:34 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x12000000) 03:53:34 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x4000, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:34 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x940000000000) 03:53:34 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:34 executing program 1: syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r0, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1635.434571] memory: usage 307200kB, limit 307200kB, failcnt 5858 [ 1635.470834] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:53:34 executing program 1: syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r0, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0xfffffbfffff3ffa7, &(0x7f0000000140)) [ 1635.497978] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1635.517024] Memory cgroup stats for /syz5: cache:17804KB rss:184876KB rss_huge:133120KB shmem:17784KB mapped_file:6204KB dirty:0KB writeback:0KB swap:0KB inactive_anon:6388KB active_anon:196452KB inactive_file:4KB active_file:0KB unevictable:0KB 03:53:34 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x80fe, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:34 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x408200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x81002004, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:34 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x30710000000000) [ 1635.694671] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=22889,uid=0 [ 1635.770077] Memory cgroup out of memory: Kill process 22889 (syz-executor.5) score 1113 or sacrifice child [ 1635.788094] Killed process 22889 (syz-executor.5) total-vm:72444kB, anon-rss:2188kB, file-rss:35796kB, shmem-rss:0kB [ 1635.907926] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1635.937345] CPU: 0 PID: 3723 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1635.944464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1635.953816] Call Trace: [ 1635.956415] dump_stack+0x172/0x1f0 [ 1635.960071] dump_header+0x10f/0xb6c [ 1635.963795] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1635.968943] ? ___ratelimit+0x60/0x595 [ 1635.972845] ? do_raw_spin_unlock+0x57/0x270 [ 1635.977269] oom_kill_process.cold+0x10/0x6f5 [ 1635.981766] ? task_will_free_mem+0x139/0x6e0 [ 1635.986269] out_of_memory+0x79a/0x1280 [ 1635.990281] ? oom_killer_disable+0x280/0x280 [ 1635.994779] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1635.999874] mem_cgroup_out_of_memory+0x99/0xe0 [ 1636.004536] ? memcg_memory_event+0x40/0x40 [ 1636.008846] ? _raw_spin_unlock+0x2d/0x50 [ 1636.012979] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1636.018068] try_charge+0xfec/0x1570 [ 1636.021792] ? find_held_lock+0x35/0x130 [ 1636.025854] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1636.030755] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1636.035581] ? find_held_lock+0x35/0x130 [ 1636.039645] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1636.044509] memcg_kmem_charge_memcg+0x7c/0x130 [ 1636.049177] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1636.053663] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1636.058492] memcg_kmem_charge+0x13b/0x340 [ 1636.062713] __alloc_pages_nodemask+0x437/0x710 [ 1636.067370] ? debug_smp_processor_id+0x1c/0x20 [ 1636.072036] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1636.077078] ? copy_page_range+0x125a/0x1f90 [ 1636.081473] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1636.087018] alloc_pages_current+0x107/0x210 [ 1636.091442] pte_alloc_one+0x1b/0x1a0 [ 1636.095327] __pte_alloc+0x20/0x310 [ 1636.098948] copy_page_range+0x1529/0x1f90 [ 1636.103166] ? mark_held_locks+0x100/0x100 [ 1636.107399] ? pmd_alloc+0x180/0x180 [ 1636.111102] ? __rb_insert_augmented+0x231/0xdf0 [ 1636.115843] ? validate_mm_rb+0xa3/0xc0 [ 1636.119805] ? __vma_link_rb+0x279/0x370 [ 1636.123856] copy_process.part.0+0x56aa/0x79a0 [ 1636.128468] ? __cleanup_sighand+0x70/0x70 [ 1636.132704] _do_fork+0x257/0xfe0 [ 1636.136161] ? fork_idle+0x1d0/0x1d0 [ 1636.139865] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1636.144621] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1636.149362] ? do_syscall_64+0x26/0x610 [ 1636.153342] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1636.158698] ? do_syscall_64+0x26/0x610 [ 1636.162665] __x64_sys_clone+0xbf/0x150 [ 1636.166638] do_syscall_64+0x103/0x610 [ 1636.170515] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1636.175685] RIP: 0033:0x457e29 [ 1636.178860] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1636.197743] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1636.205436] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1636.212689] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1636.219942] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1636.227198] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1636.234458] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1636.245128] memory: usage 307200kB, limit 307200kB, failcnt 22193 [ 1636.251694] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1636.258676] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1636.265181] Memory cgroup stats for /syz0: cache:0KB rss:96236KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96292KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1636.285350] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3708,uid=0 [ 1636.303577] Memory cgroup out of memory: Kill process 3708 (syz-executor.0) score 1103 or sacrifice child [ 1636.314953] Killed process 3708 (syz-executor.0) total-vm:72840kB, anon-rss:180kB, file-rss:34816kB, shmem-rss:0kB [ 1636.327217] oom_reaper: reaped process 3708 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1636.347142] syz-executor.5 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1636.370802] CPU: 1 PID: 3689 Comm: syz-executor.5 Not tainted 5.0.0-rc8 #87 [ 1636.377918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1636.387270] Call Trace: [ 1636.389901] dump_stack+0x172/0x1f0 [ 1636.393557] dump_header+0x10f/0xb6c [ 1636.397288] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1636.402442] ? ___ratelimit+0x60/0x595 [ 1636.406337] ? do_raw_spin_unlock+0x57/0x270 [ 1636.410759] oom_kill_process.cold+0x10/0x6f5 [ 1636.415267] ? task_will_free_mem+0x139/0x6e0 [ 1636.419773] out_of_memory+0x79a/0x1280 [ 1636.423765] ? oom_killer_disable+0x280/0x280 [ 1636.428271] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1636.433404] mem_cgroup_out_of_memory+0x99/0xe0 [ 1636.438089] ? memcg_memory_event+0x40/0x40 [ 1636.442429] ? _raw_spin_unlock+0x2d/0x50 [ 1636.446585] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1636.451688] try_charge+0xfec/0x1570 [ 1636.455407] ? find_held_lock+0x35/0x130 [ 1636.459503] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1636.464391] ? kasan_check_read+0x11/0x20 [ 1636.468581] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1636.473433] mem_cgroup_try_charge+0x24d/0x5e0 [ 1636.478003] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1636.482926] shmem_getpage_gfp+0x69b/0x3520 [ 1636.487266] ? shmem_add_to_page_cache+0x1200/0x1200 [ 1636.492466] ? lock_downgrade+0x810/0x810 [ 1636.496622] shmem_fault+0x22d/0x760 [ 1636.500349] ? __handle_mm_fault+0x349d/0x3f20 [ 1636.504925] ? shmem_read_mapping_page_gfp+0x1a0/0x1a0 [ 1636.510191] ? lock_downgrade+0x810/0x810 [ 1636.514330] __do_fault+0x116/0x4e0 [ 1636.517944] __handle_mm_fault+0x2cbd/0x3f20 [ 1636.522341] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1636.527181] ? find_held_lock+0x35/0x130 [ 1636.531255] ? handle_mm_fault+0x322/0xb30 [ 1636.535490] ? kasan_check_read+0x11/0x20 [ 1636.539640] handle_mm_fault+0x43f/0xb30 [ 1636.543704] __get_user_pages+0x7b6/0x1a40 [ 1636.547975] ? follow_page_mask+0x19a0/0x19a0 [ 1636.552462] ? memset+0x32/0x40 [ 1636.555732] populate_vma_page_range+0x20d/0x2a0 [ 1636.560493] __mm_populate+0x204/0x380 [ 1636.564391] ? populate_vma_page_range+0x2a0/0x2a0 [ 1636.569331] vm_mmap_pgoff+0x213/0x230 [ 1636.573224] ? vma_is_stack_for_current+0xd0/0xd0 [ 1636.578067] ? kasan_check_read+0x11/0x20 [ 1636.582229] ? _copy_to_user+0xc9/0x120 [ 1636.586219] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1636.591745] ksys_mmap_pgoff+0xf7/0x630 [ 1636.595721] ? find_mergeable_anon_vma+0x2e0/0x2e0 [ 1636.600650] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1636.605391] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1636.610160] ? do_syscall_64+0x26/0x610 [ 1636.614142] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1636.619505] __x64_sys_mmap+0xe9/0x1b0 [ 1636.623388] do_syscall_64+0x103/0x610 [ 1636.627392] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1636.632600] RIP: 0033:0x457e29 [ 1636.635785] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1636.654680] RSP: 002b:00007f082abddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1636.662372] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457e29 [ 1636.669626] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000 [ 1636.676878] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 1636.684141] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f082abde6d4 [ 1636.691411] R13: 00000000004c3b88 R14: 00000000004d6d40 R15: 00000000ffffffff [ 1636.703708] memory: usage 307100kB, limit 307200kB, failcnt 5869 [ 1636.710438] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1636.717358] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1636.723996] Memory cgroup stats for /syz5: cache:20048KB rss:182768KB rss_huge:131072KB shmem:20028KB mapped_file:8580KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8700KB active_anon:194304KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1636.746672] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23034,uid=0 [ 1636.768495] Memory cgroup out of memory: Kill process 23034 (syz-executor.5) score 1113 or sacrifice child [ 1636.778676] Killed process 23034 (syz-executor.5) total-vm:72576kB, anon-rss:2196kB, file-rss:35788kB, shmem-rss:0kB [ 1636.798395] oom_reaper: reaped process 23034 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 1636.816067] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1636.870554] CPU: 0 PID: 3719 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1636.877661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1636.887009] Call Trace: [ 1636.889600] dump_stack+0x172/0x1f0 [ 1636.893240] dump_header+0x10f/0xb6c [ 1636.896991] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1636.902101] ? ___ratelimit+0x60/0x595 [ 1636.906023] ? do_raw_spin_unlock+0x57/0x270 [ 1636.910475] oom_kill_process.cold+0x10/0x6f5 [ 1636.914981] ? task_will_free_mem+0x139/0x6e0 [ 1636.919489] out_of_memory+0x79a/0x1280 [ 1636.923492] ? oom_killer_disable+0x280/0x280 [ 1636.928004] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1636.933139] mem_cgroup_out_of_memory+0x99/0xe0 [ 1636.937819] ? memcg_memory_event+0x40/0x40 [ 1636.942166] ? _raw_spin_unlock+0x2d/0x50 [ 1636.946323] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1636.951430] try_charge+0xfec/0x1570 [ 1636.955150] ? find_held_lock+0x35/0x130 [ 1636.959222] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1636.964075] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1636.968935] ? find_held_lock+0x35/0x130 [ 1636.973032] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1636.977903] memcg_kmem_charge_memcg+0x7c/0x130 [ 1636.982582] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1636.987090] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1636.991948] memcg_kmem_charge+0x13b/0x340 [ 1636.996195] __alloc_pages_nodemask+0x437/0x710 [ 1637.000873] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1637.005910] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1637.010499] ? trace_hardirqs_on+0x67/0x230 [ 1637.014839] copy_process.part.0+0x3e0/0x79a0 [ 1637.019351] ? psi_memstall_leave+0x11c/0x180 [ 1637.023859] ? sched_clock+0x2e/0x50 [ 1637.027580] ? psi_memstall_leave+0x12e/0x180 [ 1637.032078] ? find_held_lock+0x35/0x130 [ 1637.036155] ? __lock_acquire+0x53b/0x4700 [ 1637.040401] ? __cleanup_sighand+0x70/0x70 [ 1637.044635] ? mark_held_locks+0x100/0x100 [ 1637.048864] ? perf_trace_lock_acquire+0xf5/0x580 [ 1637.053715] ? rcu_read_lock_sched_held+0x110/0x130 [ 1637.058730] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1637.064277] _do_fork+0x257/0xfe0 [ 1637.067747] ? fork_idle+0x1d0/0x1d0 [ 1637.071464] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 1637.076837] ? lock_downgrade+0x810/0x810 [ 1637.081000] ? blkcg_exit_queue+0x30/0x30 [ 1637.085162] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1637.089943] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1637.094734] ? do_syscall_64+0x26/0x610 [ 1637.098704] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1637.104075] ? do_syscall_64+0x26/0x610 [ 1637.108052] __x64_sys_clone+0xbf/0x150 [ 1637.112077] do_syscall_64+0x103/0x610 [ 1637.115968] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1637.121155] RIP: 0033:0x45a7f9 [ 1637.124355] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1637.143254] RSP: 002b:00007ffee6aa5678 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1637.150975] RAX: ffffffffffffffda RBX: 00007f3c7556f700 RCX: 000000000045a7f9 [ 1637.158238] RDX: 00007f3c7556f9d0 RSI: 00007f3c7556edb0 RDI: 00000000003d0f00 03:53:36 executing program 5: openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vga_arbiter\x00', 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x10000014c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 03:53:36 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0x0, &(0x7f0000000140)) 03:53:36 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0xc0fe, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) [ 1637.165505] RBP: 00007ffee6aa5880 R08: 00007f3c7556f700 R09: 00007f3c7556f700 [ 1637.172775] R10: 00007f3c7556f9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1637.180041] R13: 00007ffee6aa572f R14: 00007f3c7556f9c0 R15: 000000000073bfac [ 1637.209369] memory: usage 307036kB, limit 307200kB, failcnt 22245 [ 1637.227354] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1637.235717] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1637.250200] Memory cgroup stats for /syz0: cache:0KB rss:96236KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96228KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1637.286300] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=10611,uid=0 [ 1637.302107] Memory cgroup out of memory: Kill process 10611 (syz-executor.0) score 1103 or sacrifice child [ 1637.340552] Killed process 10611 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1637.383423] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1637.396854] CPU: 0 PID: 3723 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1637.403995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1637.413394] Call Trace: [ 1637.416028] dump_stack+0x172/0x1f0 [ 1637.419738] dump_header+0x10f/0xb6c [ 1637.423493] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1637.428604] ? ___ratelimit+0x60/0x595 [ 1637.432500] ? do_raw_spin_unlock+0x57/0x270 [ 1637.436956] oom_kill_process.cold+0x10/0x6f5 [ 1637.441471] ? task_will_free_mem+0x139/0x6e0 [ 1637.445992] out_of_memory+0x79a/0x1280 [ 1637.450002] ? oom_killer_disable+0x280/0x280 [ 1637.454514] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1637.459639] mem_cgroup_out_of_memory+0x99/0xe0 [ 1637.464336] ? memcg_memory_event+0x40/0x40 [ 1637.468691] ? _raw_spin_unlock+0x2d/0x50 [ 1637.472852] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1637.477978] try_charge+0xb4a/0x1570 [ 1637.481693] ? find_held_lock+0x35/0x130 [ 1637.485764] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1637.490617] ? kasan_check_read+0x11/0x20 [ 1637.494782] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1637.499623] mem_cgroup_try_charge+0x24d/0x5e0 [ 1637.504218] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1637.509146] wp_page_copy+0x408/0x1740 [ 1637.513037] ? find_held_lock+0x35/0x130 [ 1637.517090] ? pmd_pfn+0x1d0/0x1d0 [ 1637.520632] ? lock_downgrade+0x810/0x810 [ 1637.524787] ? swp_swapcount+0x540/0x540 [ 1637.528843] ? kasan_check_read+0x11/0x20 [ 1637.532988] ? do_raw_spin_unlock+0x57/0x270 [ 1637.537399] do_wp_page+0x2ed/0x1520 [ 1637.541118] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1637.545808] __handle_mm_fault+0x22db/0x3f20 [ 1637.550328] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1637.555172] ? find_held_lock+0x35/0x130 [ 1637.559234] ? handle_mm_fault+0x322/0xb30 [ 1637.563523] ? kasan_check_read+0x11/0x20 [ 1637.567683] handle_mm_fault+0x43f/0xb30 [ 1637.571751] __do_page_fault+0x5da/0xd60 [ 1637.575814] do_page_fault+0x71/0x581 [ 1637.579600] ? page_fault+0x8/0x30 [ 1637.583166] page_fault+0x1e/0x30 [ 1637.586643] RIP: 0033:0x404478 [ 1637.589817] Code: 85 02 00 00 80 3d 1f c0 64 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 0c c0 64 00 39 45 24 0f 84 e7 01 00 00 44 8b a5 80 00 00 00 73 d8 ff ff 48 2b 05 8c 3b 33 00 8b 75 00 49 89 d8 45 89 e1 4c [ 1637.608716] RSP: 002b:00007f3c7558fc90 EFLAGS: 00010246 [ 1637.614086] RAX: 00007f3c77591000 RBX: 0000000000002050 RCX: 0000000000457e29 [ 1637.621420] RDX: 000000000003ffff RSI: 0000000000000000 RDI: 0000000000000000 [ 1637.629190] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1637.636449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1637.643723] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1637.655851] memory: usage 306936kB, limit 307200kB, failcnt 22245 [ 1637.663495] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1637.670644] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1637.676776] Memory cgroup stats for /syz0: cache:0KB rss:96236KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96132KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1637.697176] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=10664,uid=0 [ 1637.712205] Memory cgroup out of memory: Kill process 10664 (syz-executor.0) score 1103 or sacrifice child [ 1637.724172] Killed process 10664 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1637.759588] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1637.771086] CPU: 0 PID: 3744 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1637.778190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1637.787556] Call Trace: [ 1637.790166] dump_stack+0x172/0x1f0 [ 1637.793812] dump_header+0x10f/0xb6c [ 1637.797529] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1637.802653] ? ___ratelimit+0x60/0x595 [ 1637.806548] ? do_raw_spin_unlock+0x57/0x270 [ 1637.810970] oom_kill_process.cold+0x10/0x6f5 [ 1637.815479] ? task_will_free_mem+0x139/0x6e0 [ 1637.820023] out_of_memory+0x79a/0x1280 [ 1637.824017] ? oom_killer_disable+0x280/0x280 [ 1637.828529] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1637.833669] mem_cgroup_out_of_memory+0x99/0xe0 [ 1637.838355] ? memcg_memory_event+0x40/0x40 [ 1637.842690] ? _raw_spin_unlock+0x2d/0x50 [ 1637.846842] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1637.851957] try_charge+0xb4a/0x1570 [ 1637.855675] ? find_held_lock+0x35/0x130 [ 1637.860125] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1637.864993] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1637.869846] ? find_held_lock+0x35/0x130 [ 1637.873932] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1637.878791] memcg_kmem_charge_memcg+0x7c/0x130 [ 1637.883468] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1637.887973] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1637.892834] memcg_kmem_charge+0x13b/0x340 [ 1637.897081] __alloc_pages_nodemask+0x437/0x710 [ 1637.901760] ? find_held_lock+0x35/0x130 [ 1637.905833] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1637.910865] ? __lock_acquire+0x53b/0x4700 [ 1637.915123] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1637.920677] alloc_pages_current+0x107/0x210 [ 1637.925102] pte_alloc_one+0x1b/0x1a0 [ 1637.928947] __handle_mm_fault+0x34e4/0x3f20 [ 1637.933376] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1637.938238] ? find_held_lock+0x35/0x130 [ 1637.942310] ? handle_mm_fault+0x322/0xb30 [ 1637.946571] ? kasan_check_read+0x11/0x20 [ 1637.950736] handle_mm_fault+0x43f/0xb30 [ 1637.954817] __do_page_fault+0x5da/0xd60 03:53:36 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x13000000) 03:53:36 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0xa0500000000000) 03:53:36 executing program 2: llistxattr(&(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000340)=""/131, 0x83) r0 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x20102) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) r3 = creat(&(0x7f0000000100)='./file0\x00', 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') write$capi20(r3, &(0x7f0000000400)={0x10, 0x4, 0x5, 0x80, 0x400, 0x7ff}, 0x10) sendmsg$TIPC_CMD_RESET_LINK_STATS(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x30, r4, 0x200, 0x70bd29, 0x25dfdbfc, {{}, 0x0, 0x410c, 0x0, {0x14, 0x14, 'broadcast-link\x00'}}, ["", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x20000080}, 0x1) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000000)='pipefs\x00', 0x4, 0x0) umount2(&(0x7f0000000140)='./file0\x00', 0x2) ioctl$KDGETMODE(r2, 0x4b3b, &(0x7f0000000180)) umount2(&(0x7f0000000440)='./file0/file0\x00', 0x0) 03:53:36 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0x0, &(0x7f0000000140)) 03:53:36 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0xfc00, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:36 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff}) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) finit_module(r0, 0x0, 0x0) 03:53:36 executing program 5: [ 1637.958909] do_page_fault+0x71/0x581 [ 1637.962740] ? page_fault+0x8/0x30 [ 1637.966317] page_fault+0x1e/0x30 [ 1637.969781] RIP: 0033:0x457e29 [ 1637.972983] Code: Bad RIP value. [ 1637.976344] RSP: 002b:00007f3c7558fc78 EFLAGS: 00010246 [ 1637.981706] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000457e29 [ 1637.988993] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1637.996266] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1638.003551] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 03:53:36 executing program 5: [ 1638.010825] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff 03:53:37 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0x0, &(0x7f0000000140)) 03:53:37 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={0x0, 0x9, 0x9}, &(0x7f0000000140)=0xc) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000180)={r2, 0x1000}, 0x8) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1638.076353] memory: usage 307200kB, limit 307200kB, failcnt 22286 [ 1638.083121] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1638.089909] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1638.089922] Memory cgroup stats for /syz0: cache:0KB rss:96236KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96248KB inactive_file:0KB active_file:0KB unevictable:0KB 03:53:37 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0xa0700000000000) 03:53:37 executing program 5: [ 1638.167613] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3719,uid=0 [ 1638.239177] Memory cgroup out of memory: Kill process 3719 (syz-executor.0) score 1106 or sacrifice child [ 1638.299276] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1638.312652] CPU: 0 PID: 3768 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1638.319777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1638.329130] Call Trace: [ 1638.331725] dump_stack+0x172/0x1f0 [ 1638.335400] dump_header+0x10f/0xb6c [ 1638.339123] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1638.344251] ? ___ratelimit+0x60/0x595 [ 1638.348150] ? do_raw_spin_unlock+0x57/0x270 [ 1638.352588] oom_kill_process.cold+0x10/0x6f5 [ 1638.357109] ? task_will_free_mem+0x139/0x6e0 [ 1638.361631] out_of_memory+0x79a/0x1280 [ 1638.365619] ? oom_killer_disable+0x280/0x280 [ 1638.370143] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1638.375319] mem_cgroup_out_of_memory+0x99/0xe0 [ 1638.380004] ? memcg_memory_event+0x40/0x40 [ 1638.384331] ? _raw_spin_unlock+0x2d/0x50 [ 1638.388505] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1638.393619] try_charge+0xfec/0x1570 [ 1638.397376] ? find_held_lock+0x35/0x130 [ 1638.401541] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1638.406388] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1638.411248] ? find_held_lock+0x35/0x130 [ 1638.415349] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1638.420230] memcg_kmem_charge_memcg+0x7c/0x130 [ 1638.424927] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1638.429467] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1638.434346] memcg_kmem_charge+0x13b/0x340 [ 1638.438606] __alloc_pages_nodemask+0x437/0x710 [ 1638.443281] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1638.448306] ? save_stack+0x45/0xd0 [ 1638.451944] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1638.457079] ? __lock_acquire+0x53b/0x4700 [ 1638.461324] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1638.466877] alloc_pages_current+0x107/0x210 [ 1638.471333] pte_alloc_one+0x1b/0x1a0 [ 1638.475157] __pte_alloc+0x20/0x310 [ 1638.478795] copy_page_range+0x1529/0x1f90 [ 1638.483051] ? __lock_is_held+0xb6/0x140 [ 1638.487137] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1638.492173] ? pmd_alloc+0x180/0x180 [ 1638.495927] ? validate_mm_rb+0xa3/0xc0 [ 1638.499925] ? __vma_link_rb+0x279/0x370 [ 1638.503992] copy_process.part.0+0x56aa/0x79a0 [ 1638.508599] ? __cleanup_sighand+0x70/0x70 [ 1638.512885] _do_fork+0x257/0xfe0 [ 1638.516386] ? fork_idle+0x1d0/0x1d0 [ 1638.520123] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1638.524908] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1638.529665] ? do_syscall_64+0x26/0x610 [ 1638.533640] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1638.539025] ? do_syscall_64+0x26/0x610 [ 1638.543012] __x64_sys_clone+0xbf/0x150 [ 1638.547014] do_syscall_64+0x103/0x610 [ 1638.550945] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1638.556148] RIP: 0033:0x457e29 [ 1638.559355] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1638.578272] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1638.586011] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1638.593309] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1638.600581] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1638.607853] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1638.615129] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1638.624751] memory: usage 307200kB, limit 307200kB, failcnt 22292 [ 1638.631048] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1638.638307] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1638.644555] Memory cgroup stats for /syz0: cache:0KB rss:96236KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96248KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1638.664998] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=10754,uid=0 [ 1638.679725] Memory cgroup out of memory: Kill process 10754 (syz-executor.0) score 1103 or sacrifice child [ 1638.689629] Killed process 10754 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1638.701155] oom_reaper: reaped process 10754 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1638.726446] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1638.737883] CPU: 0 PID: 3768 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1638.745013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1638.754372] Call Trace: [ 1638.757073] dump_stack+0x172/0x1f0 [ 1638.760725] dump_header+0x10f/0xb6c [ 1638.764446] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1638.769540] ? ___ratelimit+0x60/0x595 [ 1638.773427] ? do_raw_spin_unlock+0x57/0x270 [ 1638.777875] oom_kill_process.cold+0x10/0x6f5 [ 1638.782446] ? task_will_free_mem+0x139/0x6e0 [ 1638.786955] out_of_memory+0x79a/0x1280 [ 1638.790954] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1638.796079] ? oom_killer_disable+0x280/0x280 [ 1638.800574] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1638.805677] mem_cgroup_out_of_memory+0x99/0xe0 [ 1638.810350] ? memcg_memory_event+0x40/0x40 [ 1638.814699] ? _raw_spin_unlock+0x2d/0x50 [ 1638.818857] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1638.824045] try_charge+0xfec/0x1570 [ 1638.827791] ? find_held_lock+0x35/0x130 [ 1638.831920] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1638.836777] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1638.841645] ? find_held_lock+0x35/0x130 [ 1638.845712] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1638.850604] memcg_kmem_charge_memcg+0x7c/0x130 [ 1638.855298] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1638.859802] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1638.864653] memcg_kmem_charge+0x13b/0x340 [ 1638.868887] __alloc_pages_nodemask+0x437/0x710 [ 1638.873576] ? perf_trace_lock_acquire+0x380/0x580 [ 1638.878527] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1638.883542] ? copy_page_range+0x125a/0x1f90 [ 1638.887966] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1638.893552] alloc_pages_current+0x107/0x210 [ 1638.898009] pte_alloc_one+0x1b/0x1a0 [ 1638.901830] __pte_alloc+0x20/0x310 [ 1638.905467] copy_page_range+0x1529/0x1f90 [ 1638.909700] ? mark_held_locks+0x100/0x100 [ 1638.914015] ? pmd_alloc+0x180/0x180 [ 1638.917736] ? __rb_insert_augmented+0x231/0xdf0 [ 1638.922492] ? validate_mm_rb+0xa3/0xc0 [ 1638.926463] ? __vma_link_rb+0x279/0x370 [ 1638.930554] copy_process.part.0+0x56aa/0x79a0 [ 1638.935210] ? __cleanup_sighand+0x70/0x70 [ 1638.939499] _do_fork+0x257/0xfe0 [ 1638.942968] ? fork_idle+0x1d0/0x1d0 [ 1638.946697] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1638.951454] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1638.956223] ? do_syscall_64+0x26/0x610 [ 1638.960214] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1638.965619] ? do_syscall_64+0x26/0x610 [ 1638.969632] __x64_sys_clone+0xbf/0x150 [ 1638.973624] do_syscall_64+0x103/0x610 [ 1638.977535] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1638.982737] RIP: 0033:0x457e29 [ 1638.985934] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1639.004837] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1639.012542] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1639.019808] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1639.027094] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1639.034375] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1639.041688] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1639.049344] net_ratelimit: 22 callbacks suppressed [ 1639.049354] protocol 88fb is buggy, dev hsr_slave_0 [ 1639.059424] protocol 88fb is buggy, dev hsr_slave_1 [ 1639.064643] protocol 88fb is buggy, dev hsr_slave_0 [ 1639.069720] protocol 88fb is buggy, dev hsr_slave_1 [ 1639.078163] memory: usage 307040kB, limit 307200kB, failcnt 22322 [ 1639.084530] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1639.092967] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1639.099257] Memory cgroup stats for /syz0: cache:0KB rss:96236KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96152KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1639.119749] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=10977,uid=0 [ 1639.134532] Memory cgroup out of memory: Kill process 10977 (syz-executor.0) score 1103 or sacrifice child 03:53:38 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x3f000000) 03:53:38 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0xfe80, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:38 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, 0x0) 03:53:38 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x101, 0x80) clone(0x4000100013f, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:38 executing program 5: 03:53:38 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0xffefffffff7f0000) [ 1639.144448] Killed process 10977 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB 03:53:38 executing program 5: 03:53:38 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, 0x0) 03:53:38 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0xfec0, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:38 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r0 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x10000, 0x4000) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x100dd7f) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:38 executing program 5: 03:53:38 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0xffffffffff600000) [ 1639.399962] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1639.425536] CPU: 0 PID: 3810 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1639.432650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1639.442030] Call Trace: [ 1639.444656] dump_stack+0x172/0x1f0 [ 1639.448300] dump_header+0x10f/0xb6c [ 1639.452054] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1639.457178] ? ___ratelimit+0x60/0x595 [ 1639.461075] ? do_raw_spin_unlock+0x57/0x270 [ 1639.465528] oom_kill_process.cold+0x10/0x6f5 [ 1639.470045] ? task_will_free_mem+0x139/0x6e0 [ 1639.474562] out_of_memory+0x79a/0x1280 [ 1639.478550] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1639.483681] ? oom_killer_disable+0x280/0x280 [ 1639.488187] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1639.493310] mem_cgroup_out_of_memory+0x99/0xe0 [ 1639.497996] ? memcg_memory_event+0x40/0x40 [ 1639.502351] ? _raw_spin_unlock+0x2d/0x50 [ 1639.506555] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1639.511671] try_charge+0xfec/0x1570 [ 1639.515421] ? find_held_lock+0x35/0x130 [ 1639.519506] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1639.524357] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1639.529209] ? find_held_lock+0x35/0x130 [ 1639.533269] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1639.538122] memcg_kmem_charge_memcg+0x7c/0x130 [ 1639.542792] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1639.547300] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1639.552133] memcg_kmem_charge+0x13b/0x340 [ 1639.556357] __alloc_pages_nodemask+0x437/0x710 [ 1639.561020] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1639.566042] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1639.570617] ? trace_hardirqs_on+0x67/0x230 [ 1639.574946] copy_process.part.0+0x3e0/0x79a0 [ 1639.579447] ? psi_memstall_leave+0x11c/0x180 [ 1639.583940] ? sched_clock+0x2e/0x50 [ 1639.587643] ? psi_memstall_leave+0x12e/0x180 [ 1639.592141] ? find_held_lock+0x35/0x130 [ 1639.596204] ? __lock_acquire+0x53b/0x4700 [ 1639.600447] ? __cleanup_sighand+0x70/0x70 [ 1639.604671] ? mark_held_locks+0x100/0x100 [ 1639.608904] ? perf_trace_lock_acquire+0xf5/0x580 [ 1639.613743] ? rcu_read_lock_sched_held+0x110/0x130 [ 1639.618747] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1639.624295] _do_fork+0x257/0xfe0 [ 1639.627765] ? fork_idle+0x1d0/0x1d0 [ 1639.631476] ? blkcg_maybe_throttle_current+0x5d4/0xfd0 [ 1639.636826] ? lock_downgrade+0x810/0x810 [ 1639.640963] ? blkcg_exit_queue+0x30/0x30 [ 1639.645107] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1639.649862] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1639.654625] ? do_syscall_64+0x26/0x610 [ 1639.658589] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1639.663985] ? do_syscall_64+0x26/0x610 [ 1639.667956] __x64_sys_clone+0xbf/0x150 [ 1639.671947] do_syscall_64+0x103/0x610 [ 1639.675835] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1639.681008] RIP: 0033:0x45a7f9 [ 1639.684185] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1639.703076] RSP: 002b:00007ffee6aa5678 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1639.710782] RAX: ffffffffffffffda RBX: 00007f3c7556f700 RCX: 000000000045a7f9 [ 1639.718039] RDX: 00007f3c7556f9d0 RSI: 00007f3c7556edb0 RDI: 00000000003d0f00 [ 1639.725299] RBP: 00007ffee6aa5880 R08: 00007f3c7556f700 R09: 00007f3c7556f700 [ 1639.732583] R10: 00007f3c7556f9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1639.739858] R13: 00007ffee6aa572f R14: 00007f3c7556f9c0 R15: 000000000073bfac [ 1639.750883] memory: usage 307200kB, limit 307200kB, failcnt 22370 [ 1639.757143] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1639.764485] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1639.780481] Memory cgroup stats for /syz0: cache:0KB rss:96104KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96200KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1639.814095] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=11025,uid=0 [ 1639.840443] Memory cgroup out of memory: Kill process 11025 (syz-executor.0) score 1103 or sacrifice child [ 1639.851075] Killed process 11025 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1639.868017] oom_reaper: reaped process 11025 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1639.908373] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1639.931844] CPU: 1 PID: 3811 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1639.938978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1639.948329] Call Trace: [ 1639.950917] dump_stack+0x172/0x1f0 [ 1639.954552] dump_header+0x10f/0xb6c [ 1639.958279] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1639.963396] ? ___ratelimit+0x60/0x595 [ 1639.967308] ? do_raw_spin_unlock+0x57/0x270 [ 1639.971717] oom_kill_process.cold+0x10/0x6f5 [ 1639.976221] ? task_will_free_mem+0x139/0x6e0 [ 1639.980723] out_of_memory+0x79a/0x1280 [ 1639.984689] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1639.989778] ? oom_killer_disable+0x280/0x280 [ 1639.994273] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1639.999422] mem_cgroup_out_of_memory+0x99/0xe0 [ 1640.004086] ? memcg_memory_event+0x40/0x40 [ 1640.008398] ? _raw_spin_unlock+0x2d/0x50 [ 1640.012543] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1640.017642] try_charge+0xfec/0x1570 [ 1640.021342] ? find_held_lock+0x35/0x130 [ 1640.025407] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1640.030259] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1640.035099] ? find_held_lock+0x35/0x130 [ 1640.039157] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1640.044009] memcg_kmem_charge_memcg+0x7c/0x130 [ 1640.048674] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1640.053159] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1640.058001] memcg_kmem_charge+0x13b/0x340 [ 1640.062230] __alloc_pages_nodemask+0x437/0x710 [ 1640.066903] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1640.071929] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1640.076506] ? trace_hardirqs_on+0x67/0x230 [ 1640.080845] copy_process.part.0+0x3e0/0x79a0 [ 1640.085339] ? mark_held_locks+0x100/0x100 [ 1640.089576] ? debug_smp_processor_id+0x1c/0x20 [ 1640.094242] ? perf_trace_lock_acquire+0xf5/0x580 [ 1640.099076] ? __might_fault+0x12b/0x1e0 [ 1640.103133] ? __cleanup_sighand+0x70/0x70 [ 1640.107361] ? lock_downgrade+0x810/0x810 [ 1640.111524] _do_fork+0x257/0xfe0 [ 1640.115021] ? fork_idle+0x1d0/0x1d0 [ 1640.118744] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1640.123487] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1640.128240] ? do_syscall_64+0x26/0x610 [ 1640.132216] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1640.137564] ? do_syscall_64+0x26/0x610 [ 1640.141524] __x64_sys_clone+0xbf/0x150 [ 1640.145487] do_syscall_64+0x103/0x610 [ 1640.149363] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1640.154536] RIP: 0033:0x457e29 [ 1640.157713] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1640.176619] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1640.184360] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1640.191639] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1640.198899] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1640.206156] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1640.213443] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1640.220869] protocol 88fb is buggy, dev hsr_slave_0 [ 1640.225961] protocol 88fb is buggy, dev hsr_slave_1 [ 1640.231132] protocol 88fb is buggy, dev hsr_slave_0 [ 1640.236194] protocol 88fb is buggy, dev hsr_slave_1 [ 1640.241451] protocol 88fb is buggy, dev hsr_slave_0 [ 1640.246534] protocol 88fb is buggy, dev hsr_slave_1 [ 1640.252530] memory: usage 307040kB, limit 307200kB, failcnt 22399 [ 1640.258821] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1640.267189] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1640.273635] Memory cgroup stats for /syz0: cache:0KB rss:96236KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96156KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1640.295591] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3810,uid=0 [ 1640.310293] Memory cgroup out of memory: Kill process 3810 (syz-executor.0) score 1106 or sacrifice child [ 1640.320209] Killed process 3815 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34944kB, shmem-rss:0kB [ 1640.345431] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1640.355362] CPU: 0 PID: 3810 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1640.362458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1640.371803] Call Trace: [ 1640.374424] dump_stack+0x172/0x1f0 [ 1640.378055] dump_header+0x10f/0xb6c [ 1640.381753] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1640.386864] ? ___ratelimit+0x60/0x595 [ 1640.390760] ? do_raw_spin_unlock+0x57/0x270 [ 1640.395158] oom_kill_process.cold+0x10/0x6f5 [ 1640.399642] ? task_will_free_mem+0x139/0x6e0 [ 1640.404125] out_of_memory+0x79a/0x1280 [ 1640.408116] ? oom_killer_disable+0x280/0x280 [ 1640.412604] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1640.417723] mem_cgroup_out_of_memory+0x99/0xe0 [ 1640.422388] ? memcg_memory_event+0x40/0x40 [ 1640.426714] ? _raw_spin_unlock+0x2d/0x50 [ 1640.430859] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1640.435946] try_charge+0xb4a/0x1570 [ 1640.439653] ? find_held_lock+0x35/0x130 [ 1640.443703] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1640.448536] ? kasan_check_read+0x11/0x20 [ 1640.452687] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1640.457517] mem_cgroup_try_charge+0x24d/0x5e0 [ 1640.462088] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1640.467011] __handle_mm_fault+0x1e26/0x3f20 [ 1640.471440] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1640.476278] ? find_held_lock+0x35/0x130 [ 1640.480335] ? handle_mm_fault+0x322/0xb30 [ 1640.484562] ? kasan_check_read+0x11/0x20 [ 1640.488698] handle_mm_fault+0x43f/0xb30 [ 1640.492754] __do_page_fault+0x5da/0xd60 [ 1640.496826] do_page_fault+0x71/0x581 [ 1640.500644] ? page_fault+0x8/0x30 [ 1640.504203] page_fault+0x1e/0x30 [ 1640.507640] RIP: 0033:0x40f98f [ 1640.510837] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 1640.529731] RSP: 002b:00007ffee6aa56c0 EFLAGS: 00010206 [ 1640.535077] RAX: 00007f3c7552e000 RBX: 0000000000020000 RCX: 0000000000457e7a [ 1640.542344] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1640.549625] RBP: 00007ffee6aa57a0 R08: ffffffffffffffff R09: 0000000000000000 [ 1640.556921] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffee6aa5880 [ 1640.564190] R13: 00007f3c7554e700 R14: 0000000000000003 R15: 000000000073c04c [ 1640.573731] memory: usage 306960kB, limit 307200kB, failcnt 22399 [ 1640.579980] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1640.586831] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:53:39 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0, 0x0}, &(0x7f0000000280)=0xc) lchown(&(0x7f0000000140)='./file0\x00', r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f00000000c0)=0x40) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:39 executing program 5: 03:53:39 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) request_key(0x0, 0x0, &(0x7f00000003c0)='selinuxcgroup\x00', 0xfffffffffffffff9) ioctl(r1, 0x81000008912, &(0x7f0000000100)="0adc1f123c40a41d88b070") perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x20, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(r0, 0xfffffbfffff3ffa7, 0x0) 03:53:39 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x840c0000) 03:53:39 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0xff00, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:39 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_BEARER_NAMES(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r2, 0x10, 0x70bd2b, 0x25dfdbfb, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x15}, 0x20000000) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0xfffffffffffffce4) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x8011) [ 1640.593007] Memory cgroup stats for /syz0: cache:0KB rss:96096KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96076KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1640.613145] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3810,uid=0 [ 1640.628144] Memory cgroup out of memory: Kill process 3810 (syz-executor.0) score 1106 or sacrifice child [ 1640.637992] Killed process 3810 (syz-executor.0) total-vm:72708kB, anon-rss:164kB, file-rss:35588kB, shmem-rss:0kB [ 1640.649515] oom_reaper: reaped process 3810 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 03:53:39 executing program 5: 03:53:39 executing program 2: r0 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, &(0x7f0000000140)={0x5, 0x0, 0x200c, 0x9, 0x1770, 0x995, 0xfffffffffffff869}) r1 = socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$binfmt_elf64(r2, 0x0, 0x0) setsockopt$sock_int(r3, 0x1, 0x22, &(0x7f0000000540)=0x1, 0x4) recvmmsg(r3, &(0x7f0000002bc0)=[{{0x0, 0xffffffffffffff74, &(0x7f0000002b00), 0x0, &(0x7f0000000080)=""/62, 0x3e}}], 0x20a, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sysfs$1(0x1, &(0x7f00000000c0)='/dev/usbmon#\x00') mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:39 executing program 1: 03:53:39 executing program 5: 03:53:39 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x8001, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') syz_genetlink_get_family_id$nbd(&(0x7f0000000200)='nbd\x00') sendmsg$IPVS_CMD_GET_DAEMON(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200002}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x24, r2, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}]}, 0x24}}, 0x810) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x0) 03:53:39 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x1000000, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:39 executing program 5: 03:53:39 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket(0x15, 0x80005, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @rand_addr=0x9}}, 0x1c) getsockname$packet(r1, 0x0, 0x0) openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='attr/current\x00') ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000180)={0x0, r2, 0x1}) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0x0, 0x410000) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) [ 1640.956310] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 03:53:39 executing program 1: [ 1641.002584] CPU: 0 PID: 3845 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1641.009705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1641.019065] Call Trace: [ 1641.019092] dump_stack+0x172/0x1f0 [ 1641.019124] dump_header+0x10f/0xb6c [ 1641.029064] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1641.034186] ? ___ratelimit+0x60/0x595 [ 1641.034205] ? do_raw_spin_unlock+0x57/0x270 [ 1641.034237] oom_kill_process.cold+0x10/0x6f5 [ 1641.034269] ? task_will_free_mem+0x139/0x6e0 [ 1641.034318] out_of_memory+0x79a/0x1280 [ 1641.055589] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1641.060723] ? oom_killer_disable+0x280/0x280 [ 1641.065239] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1641.070394] mem_cgroup_out_of_memory+0x99/0xe0 [ 1641.075087] ? memcg_memory_event+0x40/0x40 [ 1641.079461] ? _raw_spin_unlock+0x2d/0x50 [ 1641.083625] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1641.088766] try_charge+0xfec/0x1570 [ 1641.092492] ? find_held_lock+0x35/0x130 [ 1641.096607] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1641.101473] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1641.106330] ? find_held_lock+0x35/0x130 [ 1641.110411] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1641.115314] memcg_kmem_charge_memcg+0x7c/0x130 [ 1641.120005] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1641.124548] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1641.129431] memcg_kmem_charge+0x13b/0x340 [ 1641.133691] __alloc_pages_nodemask+0x437/0x710 [ 1641.138393] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1641.143488] ? __lock_acquire+0x53b/0x4700 [ 1641.147746] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1641.153299] alloc_pages_current+0x107/0x210 [ 1641.157727] pte_alloc_one+0x1b/0x1a0 [ 1641.161524] __pte_alloc+0x20/0x310 [ 1641.165148] copy_page_range+0x1529/0x1f90 [ 1641.169375] ? __lock_is_held+0xb6/0x140 [ 1641.173505] ? pmd_alloc+0x180/0x180 [ 1641.177237] ? vma_compute_subtree_gap+0x158/0x230 [ 1641.182174] ? validate_mm_rb+0xa3/0xc0 [ 1641.186147] ? __vma_link_rb+0x279/0x370 [ 1641.190227] copy_process.part.0+0x56aa/0x79a0 [ 1641.194847] ? __cleanup_sighand+0x70/0x70 [ 1641.199114] _do_fork+0x257/0xfe0 [ 1641.202567] ? fork_idle+0x1d0/0x1d0 [ 1641.206286] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1641.211051] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1641.215816] ? do_syscall_64+0x26/0x610 [ 1641.219782] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1641.225152] ? do_syscall_64+0x26/0x610 [ 1641.229123] __x64_sys_clone+0xbf/0x150 [ 1641.233114] do_syscall_64+0x103/0x610 [ 1641.237027] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1641.242243] RIP: 0033:0x457e29 [ 1641.245443] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1641.264346] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1641.272068] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1641.279339] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1641.286634] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1641.293903] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1641.301171] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1641.312582] memory: usage 307200kB, limit 307200kB, failcnt 22417 [ 1641.319474] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1641.326913] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1641.333350] Memory cgroup stats for /syz0: cache:0KB rss:96228KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96160KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1641.361700] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3843,uid=0 [ 1641.383733] Memory cgroup out of memory: Kill process 3843 (syz-executor.0) score 1106 or sacrifice child [ 1641.394097] Killed process 3849 (syz-executor.0) total-vm:72444kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB 03:53:40 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0x9effffff) 03:53:40 executing program 1: sched_setscheduler(0x0, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f00000005c0)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\x94a\xac', 0x3) write$binfmt_misc(r0, &(0x7f0000000540)=ANY=[@ANYRES32], 0xfffffda2) fcntl$addseals(r0, 0x409, 0x8) 03:53:40 executing program 2: r0 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f00000000c0)) socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000001c0)={{{@in6=@dev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in6=@local}}, &(0x7f00000002c0)=0xe8) connect$packet(r1, &(0x7f0000000300)={0x11, 0x1, r2, 0x1, 0xffffffffffffffc0}, 0x14) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$sock_bt_hidp_HIDPCONNDEL(r1, 0x400448c9, &(0x7f0000000000)={{0xf4d1, 0x7, 0x7f, 0x4, 0x3ff, 0x6}}) r4 = creat(&(0x7f0000000100)='./file0\x00', 0x0) r5 = getegid() chown(&(0x7f0000000140)='./file0\x00', r3, r5) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$XDP_RX_RING(r4, 0x11b, 0x2, &(0x7f0000000040)=0x8, 0x4) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000340)={&(0x7f0000000180)='./file0\x00', r1}, 0x10) 03:53:40 executing program 5: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) ftruncate(r0, 0x2081fc) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) r3 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800003, 0x11, r3, 0x0) read(r1, &(0x7f0000000000)=""/250, 0x128b9372) 03:53:40 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x248000}, 0xc, 0x0}, 0x0) r2 = syz_open_dev$midi(&(0x7f0000000300)='/dev/midi#\x00', 0x0, 0x40) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r2, 0x84, 0x20, &(0x7f00000002c0)=0x4, 0x4) r3 = accept$inet6(r2, 0x0, &(0x7f0000000000)=0x30e) r4 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0x4, 0x40000) readlinkat(r4, &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=""/125, 0x7d) getsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f0000000040), &(0x7f0000000080)=0x4) 03:53:40 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x2000000, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:40 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x4000000, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:40 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x200000, 0x0) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000140), &(0x7f0000000180)=0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:40 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000100)=@req3={0x3, 0xfff, 0x9a, 0x7fffffff, 0x7, 0x0, 0x80}, 0x1c) bind$netrom(r1, &(0x7f0000000140)={{0x3, @null, 0x1}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @null, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]}, 0x48) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000080), 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040090}, 0x20000000) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc) [ 1641.706535] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1641.745701] CPU: 1 PID: 3888 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1641.752824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1641.762178] Call Trace: [ 1641.764778] dump_stack+0x172/0x1f0 [ 1641.768464] dump_header+0x10f/0xb6c [ 1641.772188] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1641.777301] ? ___ratelimit+0x60/0x595 [ 1641.781215] ? do_raw_spin_unlock+0x57/0x270 [ 1641.785641] oom_kill_process.cold+0x10/0x6f5 [ 1641.790154] ? task_will_free_mem+0x139/0x6e0 [ 1641.794671] out_of_memory+0x79a/0x1280 [ 1641.798663] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1641.803782] ? oom_killer_disable+0x280/0x280 [ 1641.808324] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1641.813510] mem_cgroup_out_of_memory+0x99/0xe0 [ 1641.818189] ? memcg_memory_event+0x40/0x40 [ 1641.822543] ? _raw_spin_unlock+0x2d/0x50 [ 1641.826699] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1641.831807] try_charge+0xfec/0x1570 [ 1641.835530] ? find_held_lock+0x35/0x130 [ 1641.839608] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1641.844470] ? kasan_check_read+0x11/0x20 [ 1641.848634] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1641.853493] mem_cgroup_try_charge+0x24d/0x5e0 [ 1641.858098] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1641.863051] wp_page_copy+0x408/0x1740 [ 1641.866985] ? find_held_lock+0x35/0x130 [ 1641.871086] ? pmd_pfn+0x1d0/0x1d0 [ 1641.874643] ? lock_downgrade+0x810/0x810 [ 1641.878807] ? __pte_alloc_kernel+0x220/0x220 [ 1641.883339] ? kasan_check_read+0x11/0x20 [ 1641.887500] ? do_raw_spin_unlock+0x57/0x270 [ 1641.891935] do_wp_page+0x2ed/0x1520 [ 1641.895672] ? rwlock_bug.part.0+0x90/0x90 [ 1641.899943] ? lock_acquire+0x16f/0x3f0 [ 1641.903980] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1641.908667] ? add_mm_counter_fast.part.0+0x40/0x40 [ 1641.913712] __handle_mm_fault+0x22db/0x3f20 [ 1641.918145] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1641.923018] ? find_held_lock+0x35/0x130 [ 1641.927098] ? handle_mm_fault+0x322/0xb30 [ 1641.931362] ? kasan_check_read+0x11/0x20 [ 1641.935528] handle_mm_fault+0x43f/0xb30 [ 1641.939647] __do_page_fault+0x5da/0xd60 [ 1641.943740] do_page_fault+0x71/0x581 [ 1641.947585] ? page_fault+0x8/0x30 [ 1641.951142] page_fault+0x1e/0x30 [ 1641.954604] RIP: 0033:0x40d1e8 [ 1641.957810] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf bf d4 4b 00 31 c0 e8 43 47 ff ff 31 ff e8 8c 43 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 7e 32 64 00 [ 1641.976737] RSP: 002b:00007ffee6aa56e0 EFLAGS: 00010246 [ 1641.982114] RAX: 00000000bee4e50a RBX: 00000000a21f0acb RCX: 0000001b33120000 [ 1641.989496] RDX: 0000000000000000 RSI: 000000000000050a RDI: ffffffffbee4e50a [ 1641.996807] RBP: 0000000000000008 R08: 00000000bee4e50a R09: 00000000bee4e50e [ 1642.004127] R10: 00007ffee6aa5870 R11: 0000000000000246 R12: 000000000073bf88 [ 1642.011446] R13: 0000000080000000 R14: 00007f3c77591008 R15: 0000000000000008 03:53:41 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x6000000, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:41 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$P9_RWALK(r1, &(0x7f0000000140)={0x71, 0x6f, 0x1, {0x8, [{0x8, 0x2, 0x2}, {0x80, 0x3, 0x2}, {0xd, 0x3, 0x3}, {0x90, 0x2, 0x7}, {0x50, 0x1, 0x3}, {0x12, 0x1, 0x1}, {0x80, 0x1, 0x5}, {0xc0, 0x2, 0x3}]}}, 0x71) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) 03:53:41 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000280)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@loopback}}, &(0x7f0000000380)=0xe8) unshare(0x60000000) getsockname$packet(r0, &(0x7f0000000480)={0x11, 0x0, 0x0}, &(0x7f00000004c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000500)={'team0\x00', 0x0}) getsockname$packet(r0, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) sendmsg$nl_route(r1, &(0x7f0000000680)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)=ANY=[@ANYBLOB="60000000180000002bbd7000ffdbdf250a341401ff04fe000020000014000500fe80000000000000000000000000000b0c00090000100001", @ANYRES32=r2, @ANYBLOB="08000400", @ANYRES32=r3, @ANYBLOB="08000600000001000c2931e617ea1c02", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=r5], 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x48080) r6 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x400000, 0x0) ioctl$SIOCGETLINKNAME(r6, 0x89e0, &(0x7f0000000080)={0x2, 0x2}) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x0) [ 1642.120757] memory: usage 307200kB, limit 307200kB, failcnt 22460 [ 1642.149286] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1642.216705] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1642.274522] Memory cgroup stats for /syz0: cache:0KB rss:96228KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96152KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1642.278244] IPVS: ftp: loaded support on port[0] = 21 [ 1642.380843] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3874,uid=0 [ 1642.425566] Memory cgroup out of memory: Kill process 3874 (syz-executor.0) score 1103 or sacrifice child [ 1642.457458] Killed process 3874 (syz-executor.0) total-vm:72708kB, anon-rss:168kB, file-rss:34816kB, shmem-rss:0kB [ 1642.509140] IPVS: ftp: loaded support on port[0] = 21 [ 1642.554247] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1642.572859] CPU: 1 PID: 3894 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1642.579980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1642.579987] Call Trace: [ 1642.580011] dump_stack+0x172/0x1f0 [ 1642.580035] dump_header+0x10f/0xb6c [ 1642.599279] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1642.599296] ? ___ratelimit+0x60/0x595 [ 1642.599315] ? do_raw_spin_unlock+0x57/0x270 [ 1642.608353] oom_kill_process.cold+0x10/0x6f5 [ 1642.608376] ? task_will_free_mem+0x139/0x6e0 [ 1642.608399] out_of_memory+0x79a/0x1280 [ 1642.625874] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1642.625903] ? oom_killer_disable+0x280/0x280 [ 1642.625919] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1642.640599] mem_cgroup_out_of_memory+0x99/0xe0 [ 1642.640616] ? memcg_memory_event+0x40/0x40 [ 1642.640638] ? _raw_spin_unlock+0x2d/0x50 [ 1642.640653] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1642.649621] try_charge+0xfec/0x1570 [ 1642.649634] ? find_held_lock+0x35/0x130 [ 1642.649656] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1642.662573] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1642.662589] ? find_held_lock+0x35/0x130 [ 1642.662607] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1642.671501] memcg_kmem_charge_memcg+0x7c/0x130 [ 1642.671516] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1642.671552] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1642.671571] memcg_kmem_charge+0x13b/0x340 [ 1642.671591] __alloc_pages_nodemask+0x437/0x710 [ 1642.671610] ? __alloc_pages_slowpath+0x2900/0x2900 [ 1642.689993] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1642.690011] ? trace_hardirqs_on+0x67/0x230 [ 1642.690038] copy_process.part.0+0x3e0/0x79a0 [ 1642.699352] ? mark_held_locks+0x100/0x100 [ 1642.713239] ? debug_smp_processor_id+0x1c/0x20 [ 1642.713254] ? perf_trace_lock_acquire+0xf5/0x580 [ 1642.713274] ? __might_fault+0x12b/0x1e0 [ 1642.713298] ? __cleanup_sighand+0x70/0x70 [ 1642.713316] ? lock_downgrade+0x810/0x810 [ 1642.713345] _do_fork+0x257/0xfe0 [ 1642.726711] ? fork_idle+0x1d0/0x1d0 [ 1642.735643] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1642.748732] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1642.748748] ? do_syscall_64+0x26/0x610 [ 1642.748765] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1642.756826] ? do_syscall_64+0x26/0x610 [ 1642.756849] __x64_sys_clone+0xbf/0x150 [ 1642.756869] do_syscall_64+0x103/0x610 [ 1642.770066] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1642.770079] RIP: 0033:0x457e29 [ 1642.770095] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1642.779405] RSP: 002b:00007f3c7558fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1642.779426] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 1642.779440] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1642.791273] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 1642.791283] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c755906d4 [ 1642.791293] R13: 00000000004be1d9 R14: 00000000004ce8e0 R15: 00000000ffffffff [ 1642.795278] memory: usage 307196kB, limit 307200kB, failcnt 22485 [ 1642.818838] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1642.848720] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1642.864549] Memory cgroup stats for /syz0: cache:0KB rss:96228KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96132KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1642.882624] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=11088,uid=0 [ 1642.924796] Memory cgroup out of memory: Kill process 11088 (syz-executor.0) score 1103 or sacrifice child [ 1642.934724] Killed process 11088 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB [ 1642.964310] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1642.982617] CPU: 0 PID: 3888 Comm: syz-executor.0 Not tainted 5.0.0-rc8 #87 [ 1642.989722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1642.999078] Call Trace: [ 1643.001654] dump_stack+0x172/0x1f0 [ 1643.005271] dump_header+0x10f/0xb6c [ 1643.008975] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1643.014063] ? ___ratelimit+0x60/0x595 [ 1643.017939] ? do_raw_spin_unlock+0x57/0x270 [ 1643.022343] oom_kill_process.cold+0x10/0x6f5 [ 1643.026823] ? task_will_free_mem+0x139/0x6e0 [ 1643.031307] out_of_memory+0x79a/0x1280 [ 1643.035271] ? oom_killer_disable+0x280/0x280 [ 1643.039767] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1643.044859] mem_cgroup_out_of_memory+0x99/0xe0 [ 1643.049511] ? memcg_memory_event+0x40/0x40 [ 1643.053835] ? _raw_spin_unlock+0x2d/0x50 [ 1643.057979] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1643.063065] try_charge+0xb4a/0x1570 [ 1643.066763] ? find_held_lock+0x35/0x130 [ 1643.070809] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1643.075637] ? kasan_check_read+0x11/0x20 [ 1643.079770] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1643.084601] mem_cgroup_try_charge+0x24d/0x5e0 [ 1643.089182] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1643.094097] wp_page_copy+0x408/0x1740 [ 1643.097985] ? find_held_lock+0x35/0x130 [ 1643.102035] ? pmd_pfn+0x1d0/0x1d0 [ 1643.105557] ? lock_downgrade+0x810/0x810 [ 1643.109685] ? swp_swapcount+0x540/0x540 [ 1643.113758] ? kasan_check_read+0x11/0x20 [ 1643.117910] ? do_raw_spin_unlock+0x57/0x270 [ 1643.122332] do_wp_page+0x2ed/0x1520 [ 1643.126035] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1643.130690] __handle_mm_fault+0x22db/0x3f20 [ 1643.135086] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1643.139913] ? find_held_lock+0x35/0x130 [ 1643.143967] ? handle_mm_fault+0x322/0xb30 [ 1643.148194] ? kasan_check_read+0x11/0x20 [ 1643.152332] handle_mm_fault+0x43f/0xb30 [ 1643.156407] __do_page_fault+0x5da/0xd60 [ 1643.160503] do_page_fault+0x71/0x581 [ 1643.164287] ? page_fault+0x8/0x30 [ 1643.167810] page_fault+0x1e/0x30 [ 1643.171244] RIP: 0033:0x40f9ba [ 1643.174432] Code: 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 c7 45 18 01 00 00 00 49 89 85 10 05 00 00 48 8b 05 ae 68 64 00 00 01 00 00 00 c7 05 ba 68 64 00 01 00 00 00 41 c7 85 1c 06 00 [ 1643.193314] RSP: 002b:00007ffee6aa56c0 EFLAGS: 00010206 [ 1643.198658] RAX: 0000000000a56748 RBX: 0000000000020000 RCX: 0000000000457e7a [ 1643.205922] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1643.213178] RBP: 00007ffee6aa57a0 R08: ffffffffffffffff R09: 0000000000000000 [ 1643.220428] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffee6aa5880 [ 1643.227678] R13: 00007f3c7556f700 R14: 0000000000000005 R15: 000000000073bfac [ 1643.237790] memory: usage 306996kB, limit 307200kB, failcnt 22486 [ 1643.244923] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1643.252183] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:53:42 executing program 0: sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x20, 0x10000032, 0x829, 0x0, 0x0, {0x2803, 0x1000000}, [@nested={0xc, 0x0, [@typed={0x8, 0x9, @uid}]}]}, 0x20}}, 0xf0ffffff) 03:53:42 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x7000000, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) 03:53:42 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) creat(&(0x7f0000000100)='./file0\x00', 0x0) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) 03:53:42 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x1) ioctl$TCSETSW(r1, 0x89f1, &(0x7f0000000000)) 03:53:42 executing program 5: sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x40) fcntl$getown(0xffffffffffffffff, 0x9) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0x0, 0xffffffffffffff9c, 0x0, 0xa, &(0x7f00000001c0)='@trusted]\x00', 0xffffffffffffffff}, 0x30) ptrace$cont(0x1, r0, 0x4, 0x0) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/avc/cache_stats\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f00000002c0)="63a272bd13d377407a1b1e74e52a4d1caf4f0be89b1b1b85f5feaec897c84e40203753f502cc5ab9ade7f8be3cab7c414f04a7067e4319777c572dbeea574cf0c1534507086154ff7492b794d4a9ed69be91eec35086368551d5e4d2aed95793a7383cedb2a4ceb7eee19f8297e37b607775fcf0bd4459220d8990d4851552be08c66e7a8b21cceadfa7651605bd5dd38e052c96f4a2f5cd6e82d387d508f73eca29155807a0411c574084e4ed23a48fcd14ee58a84d0373bbda645a435bd2034ca2510f0140ca3639633e8f82aa4e28eb5b7dc28a879851aa8d079488b7b8db8c1c8d9bccf88f66a499c296a5cf05", 0xef) ioctl$KDGKBTYPE(r1, 0x4b33, &(0x7f0000000180)) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000500)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = memfd_create(&(0x7f00000005c0)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\x94a\xac', 0x3) write$binfmt_misc(r2, &(0x7f0000000540)=ANY=[@ANYRES32], 0xfffffda2) fcntl$addseals(r2, 0x409, 0x8) 03:53:42 executing program 3: r0 = socket$packet(0x11, 0x200000000000002, 0x300) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x7, 0x400000) getsockopt$IPT_SO_GET_INFO(r1, 0x0, 0x40, &(0x7f0000000040)={'raw\x00'}, &(0x7f00000000c0)=0x54) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x0) [ 1643.258343] Memory cgroup stats for /syz0: cache:0KB rss:96228KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96056KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1643.278853] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=11104,uid=0 [ 1643.293577] Memory cgroup out of memory: Kill process 11104 (syz-executor.0) score 1103 or sacrifice child [ 1643.303478] Killed process 11104 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB 03:53:42 executing program 2: openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'team0\x00', 0x0}) ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f0000000140)={r2, 0x80000000, 0x101, 0x3e, 0x9, 0x101, 0x1}) clone(0x1000140, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x7, 0x210000) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='pipefs\x00', 0x21fffe, 0x0) 03:53:42 executing program 3: r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000240)=0x1000000003f, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000180), 0xc, 0x0}, 0x0) socket$packet(0x11, 0x3, 0x300) 03:53:42 executing program 1: recvfrom(0xffffffffffffffff, 0x0, 0xfffffffffffffffa, 0x0, &(0x7f0000002240)=@ipx={0x4, 0x0, 0x0, "5d6f634e9e66"}, 0x80) madvise(&(0x7f000079c000/0x800000)=nil, 0x800000, 0xc) mlock(&(0x7f0000950000/0x1000)=nil, 0x1000) madvise(&(0x7f00002f8000/0xc00000)=nil, 0xc00000, 0xd) 03:53:42 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket(0xa, 0x5, 0x0) sendmsg$rds(r1, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x8000000, @dev}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1}, 0x0) tkill(r0, 0x1000000000016) [ 1644.463133] syz-executor.5 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1644.473659] CPU: 1 PID: 3945 Comm: syz-executor.5 Not tainted 5.0.0-rc8 #87 [ 1644.480761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1644.490118] Call Trace: [ 1644.492714] dump_stack+0x172/0x1f0 [ 1644.496373] dump_header+0x10f/0xb6c [ 1644.500151] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1644.505263] ? ___ratelimit+0x60/0x595 [ 1644.509169] ? do_raw_spin_unlock+0x57/0x270 [ 1644.513614] oom_kill_process.cold+0x10/0x6f5 [ 1644.518136] ? out_of_memory+0x14a/0x1280 [ 1644.522298] out_of_memory+0x79a/0x1280 [ 1644.526281] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1644.531393] ? oom_killer_disable+0x280/0x280 [ 1644.535929] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1644.541052] mem_cgroup_out_of_memory+0x99/0xe0 [ 1644.545725] ? memcg_memory_event+0x40/0x40 [ 1644.550071] ? _raw_spin_unlock+0x2d/0x50 [ 1644.554227] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1644.559330] try_charge+0xfec/0x1570 [ 1644.563044] ? find_held_lock+0x35/0x130 [ 1644.567125] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1644.571985] ? kasan_check_read+0x11/0x20 [ 1644.576146] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1644.580996] mem_cgroup_try_charge+0x24d/0x5e0 [ 1644.585628] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1644.590569] shmem_getpage_gfp+0x69b/0x3520 [ 1644.594935] ? shmem_add_to_page_cache+0x1200/0x1200 [ 1644.600079] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1644.605623] ? balance_dirty_pages_ratelimited+0x168/0x1f50 [ 1644.611341] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1644.616884] ? iov_iter_fault_in_readable+0x22c/0x450 [ 1644.622099] shmem_write_begin+0x105/0x1e0 [ 1644.626446] generic_perform_write+0x231/0x530 [ 1644.631044] ? page_endio+0x780/0x780 [ 1644.634867] ? current_time+0x140/0x140 [ 1644.638860] ? lock_acquire+0x16f/0x3f0 [ 1644.642854] __generic_file_write_iter+0x25e/0x630 [ 1644.647840] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1644.652870] generic_file_write_iter+0x360/0x610 [ 1644.657675] ? __generic_file_write_iter+0x630/0x630 [ 1644.662792] ? debug_smp_processor_id+0x1c/0x20 [ 1644.667470] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1644.673027] ? iov_iter_init+0xea/0x220 [ 1644.677017] __vfs_write+0x613/0x8e0 [ 1644.680740] ? kernel_read+0x120/0x120 [ 1644.684648] ? rcu_read_lock_sched_held+0x110/0x130 [ 1644.689682] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 1644.694444] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1644.700030] ? __sb_start_write+0x1ac/0x360 [ 1644.704361] vfs_write+0x20c/0x580 [ 1644.707936] ksys_write+0xea/0x1f0 [ 1644.711493] ? __ia32_sys_read+0xb0/0xb0 [ 1644.715598] ? do_syscall_64+0x26/0x610 [ 1644.719579] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1644.724947] ? do_syscall_64+0x26/0x610 [ 1644.728957] __x64_sys_write+0x73/0xb0 [ 1644.732854] do_syscall_64+0x103/0x610 [ 1644.736750] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1644.741941] RIP: 0033:0x457e29 [ 1644.745140] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1644.764508] RSP: 002b:00007f082abfec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1644.772235] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 1644.779510] RDX: 00000000fffffda2 RSI: 0000000020000540 RDI: 0000000000000004 [ 1644.786777] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1644.794049] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f082abff6d4 [ 1644.801319] R13: 00000000004c7260 R14: 00000000004dcde8 R15: 00000000ffffffff [ 1644.808949] memory: usage 307200kB, limit 307200kB, failcnt 5888 [ 1644.815339] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1644.822224] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1644.828568] Memory cgroup stats for /syz5: cache:19532KB rss:182608KB rss_huge:131072KB shmem:19468KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:19636KB active_anon:182712KB inactive_file:4KB active_file:4KB unevictable:0KB [ 1644.850673] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23365,uid=0 [ 1644.865460] Memory cgroup out of memory: Kill process 23365 (syz-executor.5) score 1113 or sacrifice child [ 1644.876424] Killed process 23365 (syz-executor.5) total-vm:72576kB, anon-rss:2196kB, file-rss:35788kB, shmem-rss:0kB [ 1645.422152] net_ratelimit: 18 callbacks suppressed [ 1645.422181] protocol 88fb is buggy, dev hsr_slave_0 [ 1645.433164] protocol 88fb is buggy, dev hsr_slave_1 [ 1645.440558] protocol 88fb is buggy, dev hsr_slave_0 [ 1645.446574] protocol 88fb is buggy, dev hsr_slave_1 [ 1710.203867] protocol 88fb is buggy, dev hsr_slave_0 [ 1710.208988] protocol 88fb is buggy, dev hsr_slave_1 [ 1710.214118] protocol 88fb is buggy, dev hsr_slave_0 [ 1710.219171] protocol 88fb is buggy, dev hsr_slave_1 [ 1710.224318] protocol 88fb is buggy, dev hsr_slave_0 [ 1710.229398] protocol 88fb is buggy, dev hsr_slave_1 [ 1710.234545] protocol 88fb is buggy, dev hsr_slave_0 [ 1710.239632] protocol 88fb is buggy, dev hsr_slave_1 [ 1748.420137] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 1748.426407] rcu: (detected by 0, t=10502 jiffies, g=179933, q=273) [ 1748.432846] rcu: All QSes seen, last rcu_preempt kthread activity 10426 (4295112004-4295101578), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 1748.445493] syz-executor.5 R running task 26112 3958 8057 0x00000002 [ 1748.452686] Call Trace: [ 1748.455291] [ 1748.457457] sched_show_task.cold+0x292/0x30b [ 1748.461952] ? set_rq_offline.part.0+0x140/0x140 [ 1748.466704] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1748.471714] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1748.477257] rcu_check_callbacks.cold+0xa10/0xa4a [ 1748.482113] update_process_times+0x32/0x80 [ 1748.486437] tick_sched_handle+0xa2/0x190 [ 1748.490588] tick_sched_timer+0x47/0x130 [ 1748.494664] __hrtimer_run_queues+0x33e/0xde0 [ 1748.499169] ? tick_sched_do_timer+0x1b0/0x1b0 [ 1748.503757] ? hrtimer_start_range_ns+0xc80/0xc80 [ 1748.508604] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1748.513618] ? ktime_get_update_offsets_now+0x2d9/0x440 [ 1748.518994] hrtimer_interrupt+0x314/0x770 [ 1748.523252] smp_apic_timer_interrupt+0x120/0x570 [ 1748.528102] apic_timer_interrupt+0xf/0x20 [ 1748.532333] [ 1748.534571] RIP: 0010:__sanitizer_cov_trace_pc+0x26/0x50 [ 1748.540028] Code: 90 90 90 90 55 48 89 e5 48 8b 75 08 65 48 8b 04 25 40 ee 01 00 65 8b 15 38 0c 92 7e 81 e2 00 01 1f 00 75 2b 8b 90 d8 12 00 00 <83> fa 02 75 20 48 8b 88 e0 12 00 00 8b 80 dc 12 00 00 48 8b 11 48 [ 1748.558933] RSP: 0018:ffff88803829f358 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 1748.566659] RAX: ffff8880a82404c0 RBX: 0000000000012c00 RCX: ffffffff818b72fc [ 1748.573943] RDX: 0000000000000002 RSI: ffffffff818b7309 RDI: 0000000000000005 [ 1748.581232] RBP: ffff88803829f358 R08: ffff8880a82404c0 R09: ffff8880a8240e28 [ 1748.588507] R10: ffff8880a8240e08 R11: 0000000000000001 R12: ffff88808a1aa000 [ 1748.595791] R13: 00000000000003e8 R14: ffff88808a1aa420 R15: ffff88808a1aa788 [ 1748.603082] ? oom_badness+0x1bc/0x6c0 [ 1748.606974] ? oom_badness+0x1c9/0x6c0 [ 1748.610871] oom_badness+0x1c9/0x6c0 [ 1748.614600] ? oom_unkillable_task+0x283/0x400 [ 1748.619216] oom_evaluate_task+0x368/0x540 [ 1748.623508] ? oom_badness+0x6c0/0x6c0 [ 1748.627839] mem_cgroup_scan_tasks+0xcf/0x180 [ 1748.632341] ? mem_cgroup_iter_break+0x30/0x30 [ 1748.636958] ? task_will_free_mem+0x139/0x6e0 [ 1748.641465] ? mutex_trylock+0x1e0/0x1e0 [ 1748.645546] out_of_memory+0x6b2/0x1280 [ 1748.649529] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1748.654636] ? oom_killer_disable+0x280/0x280 [ 1748.659138] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1748.664259] mem_cgroup_out_of_memory+0x99/0xe0 [ 1748.668939] ? memcg_memory_event+0x40/0x40 [ 1748.673269] ? _raw_spin_unlock+0x2d/0x50 [ 1748.677421] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1748.682528] try_charge+0xfec/0x1570 [ 1748.686243] ? find_held_lock+0x35/0x130 [ 1748.690327] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1748.695180] ? kasan_check_read+0x11/0x20 [ 1748.699355] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1748.704202] mem_cgroup_try_charge+0x24d/0x5e0 [ 1748.708807] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1748.713741] shmem_getpage_gfp+0x69b/0x3520 [ 1748.718090] ? shmem_add_to_page_cache+0x1200/0x1200 [ 1748.723211] ? __set_page_dirty_no_writeback+0x1ea/0x370 [ 1748.728661] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1748.734219] ? balance_dirty_pages_ratelimited+0x168/0x1f50 [ 1748.739975] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1748.745515] ? iov_iter_fault_in_readable+0x22c/0x450 [ 1748.750714] shmem_write_begin+0x105/0x1e0 [ 1748.754960] generic_perform_write+0x231/0x530 [ 1748.759742] ? page_endio+0x780/0x780 [ 1748.763547] ? current_time+0x140/0x140 [ 1748.767545] ? lock_acquire+0x16f/0x3f0 [ 1748.771527] __generic_file_write_iter+0x25e/0x630 [ 1748.776458] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1748.781496] generic_file_write_iter+0x360/0x610 [ 1748.786273] ? __generic_file_write_iter+0x630/0x630 [ 1748.791395] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1748.796153] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1748.801707] ? iov_iter_init+0xea/0x220 [ 1748.805687] __vfs_write+0x613/0x8e0 [ 1748.809406] ? kernel_read+0x120/0x120 [ 1748.813330] ? __sb_start_write+0x267/0x360 [ 1748.817659] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1748.823203] ? __sb_start_write+0x1ac/0x360 [ 1748.827533] vfs_write+0x20c/0x580 [ 1748.831086] ksys_write+0xea/0x1f0 [ 1748.834633] ? __ia32_sys_read+0xb0/0xb0 [ 1748.838706] __x64_sys_write+0x73/0xb0 [ 1748.842598] do_syscall_64+0x103/0x610 [ 1748.846495] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1748.851682] RIP: 0033:0x457e29 [ 1748.854902] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1748.873818] RSP: 002b:00007f082abbcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1748.881541] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 1748.888829] RDX: 00000000fffffda2 RSI: 0000000020000540 RDI: 0000000000000006 [ 1748.896097] RBP: 000000000073c040 R08: 0000000000000000 R09: 0000000000000000 [ 1748.903364] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f082abbd6d4 [ 1748.910631] R13: 00000000004c7260 R14: 00000000004dcde8 R15: 00000000ffffffff [ 1748.917938] rcu: rcu_preempt kthread starved for 10426 jiffies! g179933 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 1748.928504] rcu: RCU grace-period kthread stack dump: [ 1748.933689] rcu_preempt R running task 29024 10 2 0x80000000 [ 1748.940901] Call Trace: [ 1748.943502] __schedule+0x817/0x1cc0 [ 1748.947226] ? pci_mmcfg_check_reserved+0x170/0x170 [ 1748.952246] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1748.957352] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1748.961951] ? trace_hardirqs_on+0x67/0x230 [ 1748.966310] schedule+0x92/0x180 [ 1748.969684] schedule_timeout+0x4db/0xfd0 [ 1748.973844] ? usleep_range+0x170/0x170 [ 1748.977816] ? trace_hardirqs_on+0x67/0x230 [ 1748.982155] ? kasan_check_read+0x11/0x20 [ 1748.986311] ? __next_timer_interrupt+0x1a0/0x1a0 [ 1748.991161] ? prepare_to_swait_exclusive+0x120/0x120 [ 1748.996374] rcu_gp_kthread+0x956/0x17a0 [ 1749.000442] ? kasan_check_read+0x11/0x20 [ 1749.004599] ? rcu_exp_wait_wake+0x3c0/0x3c0 [ 1749.009009] ? trace_hardirqs_on+0x67/0x230 [ 1749.013333] ? kasan_check_read+0x11/0x20 [ 1749.017505] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1749.022623] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1749.028160] ? __kthread_parkme+0xfb/0x1b0 [ 1749.032438] kthread+0x357/0x430 [ 1749.035834] ? rcu_exp_wait_wake+0x3c0/0x3c0 [ 1749.040269] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 1749.045807] ret_from_fork+0x3a/0x50