$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1285.342542][T13351] ? __read_once_size+0x41/0xe0 [ 1285.347408][T13351] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1285.353308][T13351] do_wp_page+0x192/0xeb0 [ 1285.357647][T13351] ? record_times+0x16/0x90 [ 1285.362200][T13351] __handle_mm_fault+0x1d16/0x2e00 [ 1285.367335][T13351] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1285.373427][T13351] handle_mm_fault+0x21b/0x530 [ 1285.378207][T13351] __do_page_fault+0x456/0x8d0 [ 1285.382981][T13351] do_page_fault+0x38/0x194 [ 1285.387502][T13351] page_fault+0x34/0x40 [ 1285.391664][T13351] RIP: 0033:0x404324 [ 1285.395574][T13351] Code: 48 8b 55 40 48 8b 75 38 48 8b 7d 30 ff 75 70 ff 75 68 ff 75 60 4c 8b 4d 58 4c 8b 45 50 ff d0 48 83 c4 20 48 89 c3 48 83 fb ff <48> 89 5d 78 41 8b 04 24 0f 85 d6 00 00 00 85 c0 0f 85 ce 00 00 00 [ 1285.415186][T13351] RSP: 002b:00007fcace6ddc90 EFLAGS: 00010246 [ 1285.421255][T13351] RAX: 0000000000000000 RBX: ffffffffffffffff RCX: 000000000045a919 [ 1285.430015][T13351] RDX: 00000000004042dc RSI: 0000000020000500 RDI: 0000000000000000 04:19:36 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', 0x0, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1285.438074][T13351] RBP: 000000000075c070 R08: 0000000020000000 R09: 0000000000000000 [ 1285.446044][T13351] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcace6de6d4 [ 1285.454024][T13351] R13: 00000000004c7d30 R14: 00000000004dec28 R15: 00000000ffffffff [ 1285.478281][T13351] memory: usage 307200kB, limit 307200kB, failcnt 4204 [ 1285.488400][T13351] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1285.498357][T13351] Memory cgroup stats for /syz0: [ 1285.498505][T13351] anon 254988288 [ 1285.498505][T13351] file 106496 [ 1285.498505][T13351] kernel_stack 5455872 [ 1285.498505][T13351] slab 10973184 [ 1285.498505][T13351] sock 0 [ 1285.498505][T13351] shmem 0 [ 1285.498505][T13351] file_mapped 0 [ 1285.498505][T13351] file_dirty 0 [ 1285.498505][T13351] file_writeback 0 [ 1285.498505][T13351] anon_thp 216006656 [ 1285.498505][T13351] inactive_anon 0 [ 1285.498505][T13351] active_anon 254885888 [ 1285.498505][T13351] inactive_file 0 [ 1285.498505][T13351] active_file 0 [ 1285.498505][T13351] unevictable 0 [ 1285.498505][T13351] slab_reclaimable 1486848 [ 1285.498505][T13351] slab_unreclaimable 9486336 [ 1285.498505][T13351] pgfault 111903 [ 1285.498505][T13351] pgmajfault 0 [ 1285.498505][T13351] workingset_refault 198 [ 1285.498505][T13351] workingset_activate 132 [ 1285.498505][T13351] workingset_nodereclaim 0 [ 1285.498505][T13351] pgrefill 2512 [ 1285.498505][T13351] pgscan 2442 [ 1285.498505][T13351] pgsteal 468 04:19:37 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0x0) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) bind$rds(0xffffffffffffffff, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(0xffffffffffffffff, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r4, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1285.642827][T13351] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19903,uid=0 [ 1285.658990][T13351] Memory cgroup out of memory: Killed process 19903 (syz-executor.0) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1285.687142][T13580] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1285.727909][T13582] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 04:19:37 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1285.834564][T13337] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1285.842891][T13609] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1285.855649][T13337] CPU: 0 PID: 13337 Comm: syz-executor.0 Not tainted 5.5.0-rc1-syzkaller #0 [ 1285.864418][T13337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1285.874471][T13337] Call Trace: [ 1285.877775][T13337] dump_stack+0x11d/0x181 [ 1285.882160][T13337] dump_header+0xaa/0x39c [ 1285.886509][T13337] oom_kill_process.cold+0x10/0x15 [ 1285.891701][T13337] out_of_memory+0x231/0xa60 [ 1285.896311][T13337] mem_cgroup_out_of_memory+0x128/0x150 [ 1285.901873][T13337] try_charge+0x800/0xbf0 [ 1285.906217][T13337] ? rcu_note_context_switch+0x6d0/0x760 [ 1285.911871][T13337] mem_cgroup_try_charge+0xd2/0x260 [ 1285.917152][T13337] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1285.922787][T13337] wp_page_copy+0x322/0x1040 [ 1285.927416][T13337] ? get_futex_key+0x55e/0xa10 [ 1285.932185][T13337] ? __read_once_size+0x41/0xe0 [ 1285.937036][T13337] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1285.943002][T13337] do_wp_page+0x192/0xeb0 [ 1285.947382][T13337] __handle_mm_fault+0x1d16/0x2e00 [ 1285.952664][T13337] ? _raw_spin_unlock_irqrestore+0x70/0x80 [ 1285.958479][T13337] handle_mm_fault+0x21b/0x530 [ 1285.963251][T13337] __do_page_fault+0x456/0x8d0 [ 1285.968067][T13337] do_page_fault+0x38/0x194 [ 1285.972570][T13337] page_fault+0x34/0x40 [ 1285.976874][T13337] RIP: 0033:0x415fa3 [ 1285.980812][T13337] Code: e9 4c 89 e2 ff 74 24 48 4c 8b 4c 24 10 89 ee 4c 8b 44 24 18 48 89 df e8 cb f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 48 f7 d8 <64> 89 04 25 d4 ff ff ff 48 83 c8 ff c3 48 81 ec 98 00 00 00 31 ff [ 1286.000421][T13337] RSP: 002b:00007ffec4661af8 EFLAGS: 00010213 [ 1286.006492][T13337] RAX: 000000000000006e RBX: 00000000000003e8 RCX: 000000000045a919 [ 1286.014486][T13337] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075c07c [ 1286.022558][T13337] RBP: 000000000000002d R08: ffffffffffffffff R09: ffffffffffffffff [ 1286.030533][T13337] R10: 00007ffec4661bd0 R11: 0000000000000246 R12: 000000000075c070 [ 1286.038507][T13337] R13: 000000000013985e R14: 000000000013988b R15: 000000000075c07c [ 1286.064482][T13337] memory: usage 305012kB, limit 307200kB, failcnt 4204 [ 1286.134006][T13337] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1286.154380][T13337] Memory cgroup stats for /syz0: [ 1286.154619][T13337] anon 252833792 [ 1286.154619][T13337] file 106496 [ 1286.154619][T13337] kernel_stack 5455872 [ 1286.154619][T13337] slab 10973184 [ 1286.154619][T13337] sock 0 [ 1286.154619][T13337] shmem 0 [ 1286.154619][T13337] file_mapped 0 [ 1286.154619][T13337] file_dirty 0 [ 1286.154619][T13337] file_writeback 0 [ 1286.154619][T13337] anon_thp 213909504 [ 1286.154619][T13337] inactive_anon 0 [ 1286.154619][T13337] active_anon 252731392 [ 1286.154619][T13337] inactive_file 0 [ 1286.154619][T13337] active_file 0 [ 1286.154619][T13337] unevictable 0 [ 1286.154619][T13337] slab_reclaimable 1486848 [ 1286.154619][T13337] slab_unreclaimable 9486336 [ 1286.154619][T13337] pgfault 111903 [ 1286.154619][T13337] pgmajfault 0 [ 1286.154619][T13337] workingset_refault 198 [ 1286.154619][T13337] workingset_activate 132 [ 1286.154619][T13337] workingset_nodereclaim 0 [ 1286.154619][T13337] pgrefill 2512 [ 1286.154619][T13337] pgscan 2442 [ 1286.154619][T13337] pgsteal 468 [ 1286.248138][T13337] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19853,uid=0 [ 1286.263778][T13337] Memory cgroup out of memory: Killed process 19853 (syz-executor.0) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1286.312759][T13348] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1286.325691][T13348] CPU: 0 PID: 13348 Comm: syz-executor.0 Not tainted 5.5.0-rc1-syzkaller #0 [ 1286.334389][T13348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1286.344436][T13348] Call Trace: [ 1286.347726][T13348] dump_stack+0x11d/0x181 [ 1286.352132][T13348] dump_header+0xaa/0x39c [ 1286.356461][T13348] oom_kill_process.cold+0x10/0x15 [ 1286.361568][T13348] out_of_memory+0x231/0xa60 [ 1286.366299][T13348] mem_cgroup_out_of_memory+0x128/0x150 [ 1286.371855][T13348] try_charge+0x800/0xbf0 [ 1286.376181][T13348] ? rcu_note_context_switch+0x6d0/0x760 [ 1286.381820][T13348] mem_cgroup_try_charge+0xd2/0x260 [ 1286.387018][T13348] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1286.392648][T13348] wp_page_copy+0x322/0x1040 [ 1286.397353][T13348] ? __this_cpu_preempt_check+0x45/0x140 [ 1286.402981][T13348] ? __read_once_size+0x41/0xe0 [ 1286.407904][T13348] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1286.414402][T13348] do_wp_page+0x192/0xeb0 [ 1286.418727][T13348] ? switch_mm_irqs_off+0x1a1/0x5f0 [ 1286.423922][T13348] __handle_mm_fault+0x1d16/0x2e00 [ 1286.429087][T13348] handle_mm_fault+0x21b/0x530 [ 1286.433872][T13348] __do_page_fault+0x456/0x8d0 [ 1286.438641][T13348] do_page_fault+0x38/0x194 [ 1286.443186][T13348] page_fault+0x34/0x40 [ 1286.447331][T13348] RIP: 0033:0x4145d8 [ 1286.451230][T13348] Code: 0f 05 48 3d 01 f0 ff ff 0f 83 e4 19 00 00 c3 48 83 ec 08 e8 ea fa ff ff 48 89 04 24 b8 2e 00 00 00 0f 05 48 8b 3c 24 48 89 c2 33 fb ff ff 48 89 d0 48 83 c4 08 48 3d 01 f0 ff ff 0f 83 b0 19 [ 1286.471446][T13348] RSP: 002b:00007fcace6fe9c0 EFLAGS: 00010293 [ 1286.477946][T13348] RAX: 0000000000000028 RBX: 00007fcace6fea58 RCX: 00000000004145d1 [ 1286.486067][T13348] RDX: 0000000000000028 RSI: 00007fcace6fea00 RDI: 0000000000000000 [ 1286.494035][T13348] RBP: 0000000000000009 R08: 0000000000000009 R09: 0000000000000000 [ 1286.501998][T13348] R10: 0000000000000000 R11: 0000000000000293 R12: 00007fcace6fea40 [ 1286.509962][T13348] R13: 00000000004d3a80 R14: 00000000004e4160 R15: 00000000ffffffff [ 1286.519793][T13348] memory: usage 302836kB, limit 307200kB, failcnt 4204 [ 1286.529581][T13348] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1286.536620][T13348] Memory cgroup stats for /syz0: [ 1286.536799][T13348] anon 250617856 [ 1286.536799][T13348] file 106496 [ 1286.536799][T13348] kernel_stack 5455872 [ 1286.536799][T13348] slab 10973184 [ 1286.536799][T13348] sock 0 [ 1286.536799][T13348] shmem 0 [ 1286.536799][T13348] file_mapped 0 [ 1286.536799][T13348] file_dirty 0 [ 1286.536799][T13348] file_writeback 0 [ 1286.536799][T13348] anon_thp 211812352 [ 1286.536799][T13348] inactive_anon 0 [ 1286.536799][T13348] active_anon 250515456 [ 1286.536799][T13348] inactive_file 0 [ 1286.536799][T13348] active_file 0 [ 1286.536799][T13348] unevictable 0 [ 1286.536799][T13348] slab_reclaimable 1486848 [ 1286.536799][T13348] slab_unreclaimable 9486336 [ 1286.536799][T13348] pgfault 111936 [ 1286.536799][T13348] pgmajfault 0 [ 1286.536799][T13348] workingset_refault 198 [ 1286.536799][T13348] workingset_activate 132 [ 1286.536799][T13348] workingset_nodereclaim 0 [ 1286.536799][T13348] pgrefill 2512 [ 1286.536799][T13348] pgscan 2442 [ 1286.536799][T13348] pgsteal 468 [ 1286.631109][T13348] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19686,uid=0 [ 1286.646667][T13348] Memory cgroup out of memory: Killed process 19686 (syz-executor.0) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 04:19:38 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(0x0, &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:38 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0x0) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) bind$rds(0xffffffffffffffff, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(0xffffffffffffffff, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r4, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1286.665977][ T546] oom_reaper: reaped process 19686 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1286.678328][T13352] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1286.689181][T13352] CPU: 1 PID: 13352 Comm: syz-executor.0 Not tainted 5.5.0-rc1-syzkaller #0 [ 1286.697858][T13352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1286.707923][T13352] Call Trace: [ 1286.711236][T13352] dump_stack+0x11d/0x181 [ 1286.715679][T13352] dump_header+0xaa/0x39c [ 1286.720027][T13352] oom_kill_process.cold+0x10/0x15 [ 1286.725159][T13352] out_of_memory+0x231/0xa60 [ 1286.729826][T13352] mem_cgroup_out_of_memory+0x128/0x150 [ 1286.735382][T13352] try_charge+0x800/0xbf0 [ 1286.739804][T13352] ? rcu_note_context_switch+0x6d0/0x760 [ 1286.745457][T13352] mem_cgroup_try_charge+0xd2/0x260 [ 1286.750703][T13352] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1286.756560][T13352] wp_page_copy+0x322/0x1040 [ 1286.761210][T13352] ? __read_once_size+0x41/0xe0 [ 1286.766074][T13352] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1286.772096][T13352] do_wp_page+0x192/0xeb0 [ 1286.776439][T13352] ? record_times+0x16/0x90 [ 1286.780959][T13352] __handle_mm_fault+0x1d16/0x2e00 [ 1286.786260][T13352] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1286.792421][T13352] handle_mm_fault+0x21b/0x530 [ 1286.797189][T13352] __do_page_fault+0x456/0x8d0 [ 1286.802077][T13352] do_page_fault+0x38/0x194 [ 1286.806588][T13352] page_fault+0x34/0x40 [ 1286.810748][T13352] RIP: 0033:0x404324 [ 1286.814660][T13352] Code: 48 8b 55 40 48 8b 75 38 48 8b 7d 30 ff 75 70 ff 75 68 ff 75 60 4c 8b 4d 58 4c 8b 45 50 ff d0 48 83 c4 20 48 89 c3 48 83 fb ff <48> 89 5d 78 41 8b 04 24 0f 85 d6 00 00 00 85 c0 0f 85 ce 00 00 00 [ 1286.834422][T13352] RSP: 002b:00007fcace6ddc90 EFLAGS: 00010217 [ 1286.840543][T13352] RAX: 0000000000000000 RBX: 00000000000021dd RCX: 000000000045a919 [ 1286.848516][T13352] RDX: 00000000004042dc RSI: 0000000000000000 RDI: 0000000000000000 [ 1286.856490][T13352] RBP: 000000000075c070 R08: ffffffffffffffff R09: 0000000000000000 [ 1286.864467][T13352] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcace6de6d4 [ 1286.872444][T13352] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1286.883429][T13352] memory: usage 300480kB, limit 307200kB, failcnt 4204 [ 1286.890365][T13352] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1286.897197][T13352] Memory cgroup stats for /syz0: [ 1286.897471][T13352] anon 248401920 [ 1286.897471][T13352] file 106496 [ 1286.897471][T13352] kernel_stack 5382144 [ 1286.897471][T13352] slab 10973184 [ 1286.897471][T13352] sock 0 [ 1286.897471][T13352] shmem 0 [ 1286.897471][T13352] file_mapped 0 [ 1286.897471][T13352] file_dirty 0 [ 1286.897471][T13352] file_writeback 0 [ 1286.897471][T13352] anon_thp 209715200 [ 1286.897471][T13352] inactive_anon 0 [ 1286.897471][T13352] active_anon 248434688 [ 1286.897471][T13352] inactive_file 0 [ 1286.897471][T13352] active_file 0 [ 1286.897471][T13352] unevictable 0 [ 1286.897471][T13352] slab_reclaimable 1486848 [ 1286.897471][T13352] slab_unreclaimable 9486336 [ 1286.897471][T13352] pgfault 111936 [ 1286.897471][T13352] pgmajfault 0 [ 1286.897471][T13352] workingset_refault 198 [ 1286.897471][T13352] workingset_activate 132 [ 1286.897471][T13352] workingset_nodereclaim 0 [ 1286.897471][T13352] pgrefill 2512 [ 1286.897471][T13352] pgscan 2442 [ 1286.897471][T13352] pgsteal 468 [ 1287.005790][T13352] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19617,uid=0 [ 1287.048814][T13352] Memory cgroup out of memory: Killed process 19617 (syz-executor.0) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1287.068711][ T546] oom_reaper: reaped process 19617 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1287.106591][T13356] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1287.146676][T13356] CPU: 1 PID: 13356 Comm: syz-executor.0 Not tainted 5.5.0-rc1-syzkaller #0 [ 1287.155438][T13356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1287.165534][T13356] Call Trace: [ 1287.168833][T13356] dump_stack+0x11d/0x181 [ 1287.173225][T13356] dump_header+0xaa/0x39c [ 1287.177574][T13356] oom_kill_process.cold+0x10/0x15 [ 1287.182696][T13356] out_of_memory+0x231/0xa60 [ 1287.187303][T13356] mem_cgroup_out_of_memory+0x128/0x150 [ 1287.192921][T13356] try_charge+0x800/0xbf0 [ 1287.197350][T13356] ? __rcu_read_unlock+0x66/0x3d0 [ 1287.202401][T13356] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1287.207875][T13356] __memcg_kmem_charge+0xcf/0x1b0 [ 1287.212958][T13356] __alloc_pages_nodemask+0x26c/0x310 [ 1287.218369][T13356] alloc_pages_current+0xd1/0x170 [ 1287.223494][T13356] pte_alloc_one+0x18/0x50 [ 1287.228158][T13356] __handle_mm_fault+0x2be6/0x2e00 [ 1287.233291][T13356] handle_mm_fault+0x21b/0x530 [ 1287.238062][T13356] __do_page_fault+0x456/0x8d0 [ 1287.242836][T13356] do_page_fault+0x38/0x194 [ 1287.247449][T13356] page_fault+0x34/0x40 [ 1287.251818][T13356] RIP: 0033:0x45a919 [ 1287.255725][T13356] Code: Bad RIP value. [ 1287.259792][T13356] RSP: 002b:00007fcace6ddc78 EFLAGS: 00010246 [ 1287.265866][T13356] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 000000000045a919 [ 1287.273846][T13356] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1287.281821][T13356] RBP: 000000000075c070 R08: ffffffffffffffff R09: 0000000000000000 [ 1287.289815][T13356] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcace6de6d4 [ 1287.297785][T13356] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1287.310694][T13356] memory: usage 300440kB, limit 307200kB, failcnt 4204 [ 1287.317663][T13356] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1287.326285][T13356] Memory cgroup stats for /syz0: [ 1287.326593][T13356] anon 248442880 [ 1287.326593][T13356] file 106496 [ 1287.326593][T13356] kernel_stack 5382144 [ 1287.326593][T13356] slab 10973184 [ 1287.326593][T13356] sock 0 [ 1287.326593][T13356] shmem 0 [ 1287.326593][T13356] file_mapped 0 [ 1287.326593][T13356] file_dirty 0 [ 1287.326593][T13356] file_writeback 0 [ 1287.326593][T13356] anon_thp 209715200 [ 1287.326593][T13356] inactive_anon 0 [ 1287.326593][T13356] active_anon 248475648 [ 1287.326593][T13356] inactive_file 0 [ 1287.326593][T13356] active_file 0 [ 1287.326593][T13356] unevictable 0 [ 1287.326593][T13356] slab_reclaimable 1486848 [ 1287.326593][T13356] slab_unreclaimable 9486336 [ 1287.326593][T13356] pgfault 112035 [ 1287.326593][T13356] pgmajfault 0 [ 1287.326593][T13356] workingset_refault 198 [ 1287.326593][T13356] workingset_activate 132 [ 1287.326593][T13356] workingset_nodereclaim 0 [ 1287.326593][T13356] pgrefill 2512 [ 1287.326593][T13356] pgscan 2442 [ 1287.326593][T13356] pgsteal 468 [ 1287.421929][T13356] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=13707,uid=0 [ 1287.437471][T13356] Memory cgroup out of memory: Killed process 13707 (syz-executor.0) total-vm:72584kB, anon-rss:2204kB, file-rss:35828kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1287.456758][ T546] oom_reaper: reaped process 13707 (syz-executor.0), now anon-rss:0kB, file-rss:34868kB, shmem-rss:0kB [ 1287.468729][T10228] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1287.480748][T10228] CPU: 1 PID: 10228 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1287.489431][T10228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1287.499481][T10228] Call Trace: [ 1287.502765][T10228] dump_stack+0x11d/0x181 [ 1287.507161][T10228] dump_header+0xaa/0x39c [ 1287.511519][T10228] oom_kill_process.cold+0x10/0x15 [ 1287.516625][T10228] out_of_memory+0x231/0xa60 [ 1287.521215][T10228] mem_cgroup_out_of_memory+0x128/0x150 [ 1287.527188][T10228] try_charge+0xb6c/0xbf0 [ 1287.531512][T10228] ? __rcu_read_unlock+0x66/0x3d0 [ 1287.536669][T10228] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1287.542111][T10228] __memcg_kmem_charge+0xcf/0x1b0 [ 1287.547137][T10228] __alloc_pages_nodemask+0x26c/0x310 [ 1287.552503][T10228] alloc_pages_current+0xd1/0x170 [ 1287.557511][T10228] pte_alloc_one+0x18/0x50 [ 1287.561931][T10228] __pte_alloc+0x2d/0x220 [ 1287.566256][T10228] copy_page_range+0x135a/0x19b0 [ 1287.571191][T10228] ? __read_once_size.constprop.0+0x12/0x20 [ 1287.577087][T10228] ? __vma_link_rb+0x3f4/0x440 [ 1287.581838][T10228] dup_mm+0x74a/0xba0 [ 1287.585815][T10228] copy_process+0x3138/0x3c40 [ 1287.590480][T10228] ? do_wp_page+0x19f/0xeb0 [ 1287.594976][T10228] _do_fork+0xfe/0x7a0 [ 1287.599074][T10228] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1287.604952][T10228] ? __read_once_size+0x5a/0xe0 [ 1287.609789][T10228] __x64_sys_clone+0x130/0x170 [ 1287.614547][T10228] do_syscall_64+0xcc/0x3a0 [ 1287.619047][T10228] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1287.624926][T10228] RIP: 0033:0x458eea [ 1287.628818][T10228] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1287.648485][T10228] RSP: 002b:00007ffdab4b5a10 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1287.656888][T10228] RAX: ffffffffffffffda RBX: 00007ffdab4b5a10 RCX: 0000000000458eea [ 1287.664838][T10228] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1287.672804][T10228] RBP: 00007ffdab4b5a50 R08: 0000000000000001 R09: 0000000002634940 [ 1287.680815][T10228] R10: 0000000002634c10 R11: 0000000000000246 R12: 0000000000000001 [ 1287.688767][T10228] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdab4b5aa0 [ 1287.697926][T10228] memory: usage 307200kB, limit 307200kB, failcnt 3215 [ 1287.704824][T10228] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1287.711680][T10228] Memory cgroup stats for /syz1: [ 1287.711970][T10228] anon 269991936 [ 1287.711970][T10228] file 45056 [ 1287.711970][T10228] kernel_stack 4091904 [ 1287.711970][T10228] slab 8499200 [ 1287.711970][T10228] sock 0 [ 1287.711970][T10228] shmem 0 [ 1287.711970][T10228] file_mapped 0 [ 1287.711970][T10228] file_dirty 0 [ 1287.711970][T10228] file_writeback 0 [ 1287.711970][T10228] anon_thp 241172480 [ 1287.711970][T10228] inactive_anon 0 [ 1287.711970][T10228] active_anon 269991936 [ 1287.711970][T10228] inactive_file 0 [ 1287.711970][T10228] active_file 0 [ 1287.711970][T10228] unevictable 0 [ 1287.711970][T10228] slab_reclaimable 1216512 [ 1287.711970][T10228] slab_unreclaimable 7282688 [ 1287.711970][T10228] pgfault 113256 [ 1287.711970][T10228] pgmajfault 0 [ 1287.711970][T10228] workingset_refault 132 [ 1287.711970][T10228] workingset_activate 99 [ 1287.711970][T10228] workingset_nodereclaim 0 [ 1287.711970][T10228] pgrefill 1537 [ 1287.711970][T10228] pgscan 1480 [ 1287.711970][T10228] pgsteal 331 [ 1287.711970][T10228] pgactivate 1089 [ 1287.808942][T10228] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13347,uid=0 [ 1287.824475][T10228] Memory cgroup out of memory: Killed process 13347 (syz-executor.1) total-vm:72716kB, anon-rss:2212kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1287.844158][ T546] oom_reaper: reaped process 13347 (syz-executor.1), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 1287.844656][T13470] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1287.878230][T13470] CPU: 1 PID: 13470 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0 [ 1287.887007][T13470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1287.897109][T13470] Call Trace: [ 1287.900482][T13470] dump_stack+0x11d/0x181 [ 1287.904801][T13470] dump_header+0xaa/0x39c [ 1287.909175][T13470] oom_kill_process.cold+0x10/0x15 [ 1287.914353][T13470] out_of_memory+0x231/0xa60 [ 1287.918952][T13470] mem_cgroup_out_of_memory+0x128/0x150 [ 1287.924495][T13470] try_charge+0xb6c/0xbf0 [ 1287.928892][T13470] ? rcu_note_context_switch+0x6d0/0x760 [ 1287.934536][T13470] mem_cgroup_try_charge+0xd2/0x260 [ 1287.939820][T13470] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1287.945474][T13470] wp_page_copy+0x322/0x1040 [ 1287.950061][T13470] ? __read_once_size+0x41/0xe0 [ 1287.955008][T13470] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1287.960892][T13470] do_wp_page+0x192/0xeb0 [ 1287.965287][T13470] __handle_mm_fault+0x1d16/0x2e00 [ 1287.970431][T13470] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1287.976746][T13470] handle_mm_fault+0x21b/0x530 [ 1287.981682][T13470] __do_page_fault+0x456/0x8d0 [ 1287.986438][T13470] do_page_fault+0x38/0x194 [ 1287.990928][T13470] page_fault+0x34/0x40 [ 1287.995076][T13470] RIP: 0033:0x40d90b [ 1287.999029][T13470] Code: 74 28 41 8b 07 85 c0 0f 85 f0 00 00 00 41 83 c6 01 48 81 c5 a8 00 00 00 41 83 fe 10 75 d7 bf 36 02 4c 00 31 c0 e8 b5 44 ff ff 45 f8 01 44 89 75 f4 48 89 ef c6 45 15 00 c7 45 fc 00 00 00 00 [ 1288.018628][T13470] RSP: 002b:00007ffdb9b63780 EFLAGS: 00010246 [ 1288.025177][T13470] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00007ffdb9b63838 [ 1288.033130][T13470] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 1288.041147][T13470] RBP: 000000000075bf2c R08: 00007ffdb9b63840 R09: 0000000000760060 [ 1288.049113][T13470] R10: 000000000043a7f0 R11: 000000000000000e R12: 000000000075bf20 [ 1288.057098][T13470] R13: 0000000000000003 R14: 0000000000000000 R15: 000000000075bf2c [ 1288.066161][T13470] memory: usage 307200kB, limit 307200kB, failcnt 3782 [ 1288.073057][T13470] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1288.079920][T13470] Memory cgroup stats for /syz3: [ 1288.080152][T13470] anon 245891072 [ 1288.080152][T13470] file 0 [ 1288.080152][T13470] kernel_stack 6266880 [ 1288.080152][T13470] slab 12451840 [ 1288.080152][T13470] sock 0 [ 1288.080152][T13470] shmem 0 [ 1288.080152][T13470] file_mapped 0 [ 1288.080152][T13470] file_dirty 0 [ 1288.080152][T13470] file_writeback 0 [ 1288.080152][T13470] anon_thp 203423744 [ 1288.080152][T13470] inactive_anon 0 [ 1288.080152][T13470] active_anon 245891072 [ 1288.080152][T13470] inactive_file 0 [ 1288.080152][T13470] active_file 53248 [ 1288.080152][T13470] unevictable 0 [ 1288.080152][T13470] slab_reclaimable 1622016 [ 1288.080152][T13470] slab_unreclaimable 10829824 [ 1288.080152][T13470] pgfault 104709 [ 1288.080152][T13470] pgmajfault 0 [ 1288.080152][T13470] workingset_refault 198 [ 1288.080152][T13470] workingset_activate 132 [ 1288.080152][T13470] workingset_nodereclaim 0 [ 1288.080152][T13470] pgrefill 2263 [ 1288.080152][T13470] pgscan 2240 [ 1288.080152][T13470] pgsteal 449 [ 1288.174262][T13470] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=20851,uid=0 [ 1288.189883][T13470] Memory cgroup out of memory: Killed process 20851 (syz-executor.3) total-vm:72716kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1288.209618][ T546] oom_reaper: reaped process 20851 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1288.209841][T10228] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1288.248546][T10228] CPU: 1 PID: 10228 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1288.257370][T10228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1288.267405][T10228] Call Trace: [ 1288.270682][T10228] dump_stack+0x11d/0x181 [ 1288.275068][T10228] dump_header+0xaa/0x39c [ 1288.279385][T10228] oom_kill_process.cold+0x10/0x15 [ 1288.284507][T10228] out_of_memory+0x231/0xa60 [ 1288.289087][T10228] mem_cgroup_out_of_memory+0x128/0x150 [ 1288.294626][T10228] try_charge+0xb6c/0xbf0 [ 1288.298970][T10228] ? rcu_note_context_switch+0x6d0/0x760 [ 1288.304738][T10228] mem_cgroup_try_charge+0xd2/0x260 [ 1288.309927][T10228] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1288.315551][T10228] wp_page_copy+0x322/0x1040 [ 1288.320127][T10228] ? __read_once_size+0x41/0xe0 [ 1288.324962][T10228] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1288.330860][T10228] do_wp_page+0x192/0xeb0 [ 1288.335213][T10228] ? record_times+0x16/0x90 [ 1288.339709][T10228] __handle_mm_fault+0x1d16/0x2e00 [ 1288.344876][T10228] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1288.350945][T10228] handle_mm_fault+0x21b/0x530 [ 1288.355817][T10228] __do_page_fault+0x456/0x8d0 [ 1288.360571][T10228] do_page_fault+0x38/0x194 [ 1288.365058][T10228] page_fault+0x34/0x40 [ 1288.369206][T10228] RIP: 0033:0x45900e [ 1288.373126][T10228] Code: 5c 41 5d 41 5e 5d c3 48 c7 c2 d4 ff ff ff f7 d8 41 bd ff ff ff ff 64 89 02 64 8b 04 25 d0 02 00 00 41 39 c4 0f 85 2f 01 00 00 <64> 44 89 04 25 d4 02 00 00 45 85 f6 0f 85 7f 00 00 00 48 85 db 74 [ 1288.392881][T10228] RSP: 002b:00007ffdab4b5a10 EFLAGS: 00010246 [ 1288.398935][T10228] RAX: 0000000000000001 RBX: 00007ffdab4b5a10 RCX: 0000000000458eea [ 1288.406922][T10228] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1288.414886][T10228] RBP: 00007ffdab4b5a50 R08: 0000000000000001 R09: 0000000002634940 [ 1288.422839][T10228] R10: 0000000002634c10 R11: 0000000000000246 R12: 0000000000000001 [ 1288.430795][T10228] R13: 0000000000005ebe R14: 0000000000000000 R15: 00007ffdab4b5aa0 [ 1288.443324][T10228] memory: usage 307060kB, limit 307200kB, failcnt 3245 [ 1288.450254][T10228] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1288.457092][T10228] Memory cgroup stats for /syz1: [ 1288.457321][T10228] anon 269991936 [ 1288.457321][T10228] file 45056 [ 1288.457321][T10228] kernel_stack 4091904 [ 1288.457321][T10228] slab 8499200 [ 1288.457321][T10228] sock 0 [ 1288.457321][T10228] shmem 0 [ 1288.457321][T10228] file_mapped 0 [ 1288.457321][T10228] file_dirty 0 [ 1288.457321][T10228] file_writeback 0 [ 1288.457321][T10228] anon_thp 241172480 [ 1288.457321][T10228] inactive_anon 0 [ 1288.457321][T10228] active_anon 269991936 [ 1288.457321][T10228] inactive_file 0 [ 1288.457321][T10228] active_file 0 [ 1288.457321][T10228] unevictable 0 [ 1288.457321][T10228] slab_reclaimable 1216512 [ 1288.457321][T10228] slab_unreclaimable 7282688 [ 1288.457321][T10228] pgfault 113256 [ 1288.457321][T10228] pgmajfault 0 [ 1288.457321][T10228] workingset_refault 132 [ 1288.457321][T10228] workingset_activate 99 [ 1288.457321][T10228] workingset_nodereclaim 0 [ 1288.457321][T10228] pgrefill 1537 [ 1288.457321][T10228] pgscan 1480 [ 1288.457321][T10228] pgsteal 331 [ 1288.457321][T10228] pgactivate 1089 [ 1288.554693][T10228] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13353,uid=0 [ 1288.570429][T10228] Memory cgroup out of memory: Killed process 13353 (syz-executor.1) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1288.601508][T13711] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1288.611560][T13711] CPU: 0 PID: 13711 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1288.620373][T13711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1288.630451][T13711] Call Trace: [ 1288.633732][T13711] dump_stack+0x11d/0x181 [ 1288.638077][T13711] dump_header+0xaa/0x39c [ 1288.642421][T13711] oom_kill_process.cold+0x10/0x15 [ 1288.647594][T13711] out_of_memory+0x231/0xa60 [ 1288.652214][T13711] mem_cgroup_out_of_memory+0x128/0x150 [ 1288.657758][T13711] try_charge+0x800/0xbf0 [ 1288.662142][T13711] ? rcu_note_context_switch+0x6d0/0x760 [ 1288.667786][T13711] mem_cgroup_try_charge+0xd2/0x260 [ 1288.673026][T13711] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1288.678744][T13711] wp_page_copy+0x322/0x1040 [ 1288.683332][T13711] ? __read_once_size+0x41/0xe0 [ 1288.688200][T13711] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1288.694142][T13711] do_wp_page+0x192/0xeb0 [ 1288.700472][T13711] __handle_mm_fault+0x1d16/0x2e00 [ 1288.705689][T13711] handle_mm_fault+0x21b/0x530 [ 1288.710507][T13711] __do_page_fault+0x456/0x8d0 [ 1288.715691][T13711] do_page_fault+0x38/0x194 [ 1288.720211][T13711] page_fault+0x34/0x40 [ 1288.724347][T13711] RIP: 0010:__put_user_4+0x1c/0x30 [ 1288.729452][T13711] Code: 1f 00 c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 40 8c 01 00 48 8b 9b 50 0b 00 00 48 83 eb 03 48 39 d9 73 4a 0f 1f 00 <89> 01 31 c0 0f 1f 00 c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 1288.749053][T13711] RSP: 0018:ffffc90002f17f38 EFLAGS: 00010293 [ 1288.755140][T13711] RAX: 0000000000005ebe RBX: 00007fffffffeffd RCX: 0000000002634c10 [ 1288.763112][T13711] RDX: 0000000000000000 RSI: 0000ffffffffffff RDI: ffff88803917a378 [ 1288.771074][T13711] RBP: ffffc90002f17f48 R08: 0000000000000000 R09: 0000c90002f17ebc [ 1288.779097][T13711] R10: 000088803917a378 R11: 000088803917a37b R12: 0000000000000000 [ 1288.787054][T13711] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1288.795038][T13711] ? schedule_tail+0x54/0x70 [ 1288.799629][T13711] ret_from_fork+0x8/0x30 [ 1288.803948][T13711] RIP: 0033:0x458eea [ 1288.807849][T13711] Code: Bad RIP value. [ 1288.811900][T13711] RSP: 002b:00007ffdab4b5a10 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1288.820306][T13711] RAX: 0000000000000000 RBX: 00007ffdab4b5a10 RCX: 0000000000458eea [ 1288.828380][T13711] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1288.836466][T13711] RBP: 00007ffdab4b5a50 R08: 0000000000000001 R09: 0000000002634940 [ 1288.844499][T13711] R10: 0000000002634c10 R11: 0000000000000246 R12: 0000000000000001 [ 1288.852480][T13711] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdab4b5aa0 [ 1288.860895][T13711] memory: usage 304884kB, limit 307200kB, failcnt 3245 [ 1288.867830][T13711] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1288.874696][T13711] Memory cgroup stats for /syz1: [ 1288.874961][T13711] anon 267808768 [ 1288.874961][T13711] file 45056 [ 1288.874961][T13711] kernel_stack 4055040 [ 1288.874961][T13711] slab 8499200 [ 1288.874961][T13711] sock 0 [ 1288.874961][T13711] shmem 0 [ 1288.874961][T13711] file_mapped 0 [ 1288.874961][T13711] file_dirty 0 [ 1288.874961][T13711] file_writeback 0 [ 1288.874961][T13711] anon_thp 239075328 [ 1288.874961][T13711] inactive_anon 0 [ 1288.874961][T13711] active_anon 267808768 [ 1288.874961][T13711] inactive_file 0 [ 1288.874961][T13711] active_file 0 [ 1288.874961][T13711] unevictable 0 [ 1288.874961][T13711] slab_reclaimable 1216512 [ 1288.874961][T13711] slab_unreclaimable 7282688 [ 1288.874961][T13711] pgfault 113256 [ 1288.874961][T13711] pgmajfault 0 [ 1288.874961][T13711] workingset_refault 132 [ 1288.874961][T13711] workingset_activate 99 [ 1288.874961][T13711] workingset_nodereclaim 0 [ 1288.874961][T13711] pgrefill 1537 [ 1288.874961][T13711] pgscan 1480 [ 1288.874961][T13711] pgsteal 331 [ 1288.874961][T13711] pgactivate 1089 [ 1288.971182][T13711] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=21330,uid=0 [ 1288.986750][T13711] Memory cgroup out of memory: Killed process 21330 (syz-executor.1) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1289.006609][ T546] oom_reaper: reaped process 21330 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:19:40 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) bind$rds(0xffffffffffffffff, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(0xffffffffffffffff, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:40 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', 0x0, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1289.045153][T13713] __nla_validate_parse: 3 callbacks suppressed [ 1289.045170][T13713] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 04:19:40 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(0x0) syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:40 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', 0x0, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:40 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0x0) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) bind$rds(0xffffffffffffffff, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(0xffffffffffffffff, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r4, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:40 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', 0x0, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1289.153328][T13722] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1289.167129][T13726] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1289.259468][T13723] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 04:19:40 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(0x0) syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:40 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', 0x0, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1289.327680][T13719] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1289.372963][T13795] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1289.390949][T13719] CPU: 0 PID: 13719 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0 [ 1289.399651][T13719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1289.409698][T13719] Call Trace: [ 1289.413001][T13719] dump_stack+0x11d/0x181 [ 1289.417392][T13719] dump_header+0xaa/0x39c [ 1289.421737][T13719] oom_kill_process.cold+0x10/0x15 [ 1289.426919][T13719] out_of_memory+0x231/0xa60 [ 1289.431524][T13719] ? __rcu_read_unlock+0x66/0x3d0 [ 1289.436569][T13719] mem_cgroup_out_of_memory+0x128/0x150 [ 1289.442251][T13719] try_charge+0xb6c/0xbf0 [ 1289.446697][T13719] ? rcu_note_context_switch+0x6d0/0x760 [ 1289.452400][T13719] mem_cgroup_try_charge+0xd2/0x260 [ 1289.457663][T13719] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1289.463299][T13719] wp_page_copy+0x322/0x1040 [ 1289.467901][T13719] ? __read_once_size+0x41/0xe0 [ 1289.472767][T13719] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1289.478656][T13719] do_wp_page+0x192/0xeb0 [ 1289.483029][T13719] ? record_times+0x16/0x90 [ 1289.487535][T13719] __handle_mm_fault+0x1d16/0x2e00 [ 1289.492652][T13719] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1289.498732][T13719] handle_mm_fault+0x21b/0x530 [ 1289.503495][T13719] __do_page_fault+0x456/0x8d0 [ 1289.508255][T13719] do_page_fault+0x38/0x194 [ 1289.512796][T13719] page_fault+0x34/0x40 [ 1289.516939][T13719] RIP: 0033:0x40db81 [ 1289.520832][T13719] Code: 24 d0 00 00 00 48 69 c2 40 42 0f 00 ba 80 00 00 00 48 89 84 24 d8 00 00 00 31 c0 e8 89 cd 04 00 41 8b 07 85 c0 74 a6 4c 89 e7 1a f7 ff ff bb 20 bf 75 00 bd a0 c9 75 00 eb 10 48 81 c3 a8 00 [ 1289.540571][T13719] RSP: 002b:00007ffdb9b63780 EFLAGS: 00010202 [ 1289.546671][T13719] RAX: 0000000000000001 RBX: 00000000000003e8 RCX: 000000000045a919 [ 1289.554636][T13719] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bf20 [ 1289.562609][T13719] RBP: 000000000000002d R08: ffffffffffffffff R09: ffffffffffffffff 04:19:41 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(0x0, &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1289.570569][T13719] R10: 00007ffdb9b63850 R11: 0000000000000246 R12: 000000000075bf20 [ 1289.578596][T13719] R13: 000000000013abfd R14: 000000000013ac2a R15: 000000000075bf2c 04:19:41 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) bind$rds(0xffffffffffffffff, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(0xffffffffffffffff, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:41 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(0x0, &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1289.677664][T13719] memory: usage 307184kB, limit 307200kB, failcnt 3811 [ 1289.727631][T13846] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1289.775071][T13849] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1289.841219][T13719] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1289.848418][T13719] Memory cgroup stats for /syz3: [ 1289.849405][T13719] anon 245923840 [ 1289.849405][T13719] file 0 [ 1289.849405][T13719] kernel_stack 6303744 [ 1289.849405][T13719] slab 12451840 [ 1289.849405][T13719] sock 0 [ 1289.849405][T13719] shmem 0 [ 1289.849405][T13719] file_mapped 0 [ 1289.849405][T13719] file_dirty 0 [ 1289.849405][T13719] file_writeback 0 [ 1289.849405][T13719] anon_thp 203423744 [ 1289.849405][T13719] inactive_anon 0 [ 1289.849405][T13719] active_anon 245923840 [ 1289.849405][T13719] inactive_file 0 [ 1289.849405][T13719] active_file 53248 [ 1289.849405][T13719] unevictable 0 [ 1289.849405][T13719] slab_reclaimable 1622016 [ 1289.849405][T13719] slab_unreclaimable 10829824 [ 1289.849405][T13719] pgfault 104808 [ 1289.849405][T13719] pgmajfault 0 [ 1289.849405][T13719] workingset_refault 198 [ 1289.849405][T13719] workingset_activate 132 [ 1289.849405][T13719] workingset_nodereclaim 0 [ 1289.849405][T13719] pgrefill 2263 [ 1289.849405][T13719] pgscan 2240 [ 1289.849405][T13719] pgsteal 449 [ 1289.889048][T13851] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1289.964396][T13719] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13728,uid=0 [ 1290.024609][T13853] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1290.049844][T13962] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1290.063483][T13853] CPU: 0 PID: 13853 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1290.072190][T13853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1290.082240][T13853] Call Trace: [ 1290.085536][T13853] dump_stack+0x11d/0x181 [ 1290.089875][T13853] dump_header+0xaa/0x39c [ 1290.094220][T13853] oom_kill_process.cold+0x10/0x15 [ 1290.099345][T13853] out_of_memory+0x231/0xa60 [ 1290.103938][T13853] ? __rcu_read_unlock+0x66/0x3d0 [ 1290.108980][T13853] mem_cgroup_out_of_memory+0x128/0x150 [ 1290.114539][T13853] try_charge+0xb6c/0xbf0 [ 1290.118883][T13853] ? __rcu_read_unlock+0x66/0x3d0 [ 1290.123917][T13853] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1290.129387][T13853] __memcg_kmem_charge+0xcf/0x1b0 [ 1290.134430][T13853] __alloc_pages_nodemask+0x26c/0x310 [ 1290.139814][T13853] alloc_pages_current+0xd1/0x170 [ 1290.144867][T13853] pte_alloc_one+0x18/0x50 [ 1290.149291][T13853] __pte_alloc+0x2d/0x220 [ 1290.153631][T13853] copy_page_range+0x135a/0x19b0 [ 1290.158593][T13853] ? __vma_link_rb+0x3f4/0x440 [ 1290.163353][T13853] dup_mm+0x74a/0xba0 [ 1290.167322][T13853] copy_process+0x3138/0x3c40 04:19:41 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', 0x0, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x700, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:41 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', 0x0, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:41 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', 0x0, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1290.172014][T13853] _do_fork+0xfe/0x7a0 [ 1290.176103][T13853] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1290.182002][T13853] ? __read_once_size+0x5a/0xe0 [ 1290.186867][T13853] __x64_sys_clone+0x130/0x170 [ 1290.191658][T13853] do_syscall_64+0xcc/0x3a0 [ 1290.196180][T13853] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1290.202074][T13853] RIP: 0033:0x45a919 [ 1290.205982][T13853] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1290.214166][T13966] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1290.225587][T13853] RSP: 002b:00007fd40135bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1290.225605][T13853] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1290.225620][T13853] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1290.225632][T13853] RBP: 000000000075bfc8 R08: ffffffffffffffff R09: 0000000000000000 [ 1290.225642][T13853] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd40135c6d4 [ 1290.225653][T13853] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1290.233352][T13853] memory: usage 307200kB, limit 307200kB, failcnt 3283 04:19:41 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(0x0) syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:41 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:41 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', 0x0, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1290.512502][T13853] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1290.578321][T13853] Memory cgroup stats for /syz1: [ 1290.578464][T13853] anon 269930496 [ 1290.578464][T13853] file 45056 [ 1290.578464][T13853] kernel_stack 4055040 [ 1290.578464][T13853] slab 8499200 [ 1290.578464][T13853] sock 0 [ 1290.578464][T13853] shmem 0 [ 1290.578464][T13853] file_mapped 0 [ 1290.578464][T13853] file_dirty 0 [ 1290.578464][T13853] file_writeback 0 [ 1290.578464][T13853] anon_thp 241172480 [ 1290.578464][T13853] inactive_anon 0 [ 1290.578464][T13853] active_anon 269930496 [ 1290.578464][T13853] inactive_file 0 [ 1290.578464][T13853] active_file 0 [ 1290.578464][T13853] unevictable 0 [ 1290.578464][T13853] slab_reclaimable 1216512 [ 1290.578464][T13853] slab_unreclaimable 7282688 [ 1290.578464][T13853] pgfault 113487 [ 1290.578464][T13853] pgmajfault 0 [ 1290.578464][T13853] workingset_refault 132 [ 1290.578464][T13853] workingset_activate 99 [ 1290.578464][T13853] workingset_nodereclaim 0 [ 1290.578464][T13853] pgrefill 1571 [ 1290.578464][T13853] pgscan 1513 [ 1290.578464][T13853] pgsteal 331 [ 1290.578464][T13853] pgactivate 1089 [ 1290.678637][T13853] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13840,uid=0 [ 1290.698081][T13853] Memory cgroup out of memory: Killed process 13840 (syz-executor.1) total-vm:72584kB, anon-rss:2204kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1290.835037][T13976] Memory cgroup out of memory: Killed process 20724 (syz-executor.3) total-vm:72716kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 04:19:42 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(0x0, 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:42 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) bind$rds(0xffffffffffffffff, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(0xffffffffffffffff, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1291.095695][T13987] FS-Cache: Duplicate cookie detected [ 1291.101398][T13987] FS-Cache: O-cookie c=00000000417170c6 [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1291.110490][T13987] FS-Cache: O-cookie d=00000000b2421e71 n=0000000083cd651b [ 1291.117755][T13987] FS-Cache: O-key=[10] '02000200000000100000' [ 1291.124199][T13987] FS-Cache: N-cookie c=00000000348d0d38 [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1291.132986][T13987] FS-Cache: N-cookie d=00000000b2421e71 n=00000000bf32e2a6 [ 1291.140358][T13987] FS-Cache: N-key=[10] '02000200000000100000' [ 1291.180857][T10228] oom_kill_process: 1 callbacks suppressed [ 1291.180881][T10228] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1291.256562][T10228] CPU: 0 PID: 10228 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1291.265438][T10228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1291.275566][T10228] Call Trace: [ 1291.278870][T10228] dump_stack+0x11d/0x181 [ 1291.283223][T10228] dump_header+0xaa/0x39c [ 1291.287587][T10228] oom_kill_process.cold+0x10/0x15 [ 1291.292711][T10228] out_of_memory+0x231/0xa60 [ 1291.297309][T10228] ? __rcu_read_unlock+0x66/0x3d0 [ 1291.302377][T10228] mem_cgroup_out_of_memory+0x128/0x150 [ 1291.307929][T10228] try_charge+0xb6c/0xbf0 [ 1291.312278][T10228] ? __rcu_read_unlock+0x66/0x3d0 [ 1291.317317][T10228] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1291.322889][T10228] __memcg_kmem_charge+0xcf/0x1b0 [ 1291.327992][T10228] __alloc_pages_nodemask+0x26c/0x310 [ 1291.333419][T10228] alloc_pages_current+0xd1/0x170 [ 1291.338529][T10228] __pmd_alloc+0x4b/0x2b0 [ 1291.342882][T10228] copy_page_range+0x1529/0x19b0 [ 1291.347838][T10228] ? __read_once_size.constprop.0+0x12/0x20 [ 1291.353749][T10228] ? __read_once_size.constprop.0+0x12/0x20 [ 1291.359653][T10228] ? __rcu_read_unlock+0x66/0x3d0 [ 1291.364693][T10228] ? __rcu_read_unlock+0x66/0x3d0 [ 1291.369733][T10228] ? vma_gap_callbacks_rotate+0x126/0x190 [ 1291.375473][T10228] ? __rb_insert_augmented+0x11a/0x370 [ 1291.380952][T10228] ? vm_get_page_prot+0x90/0x90 [ 1291.385817][T10228] ? __vma_link_rb+0x3f4/0x440 [ 1291.390591][T10228] dup_mm+0x74a/0xba0 [ 1291.394655][T10228] copy_process+0x3138/0x3c40 [ 1291.399337][T10228] ? do_wp_page+0x19f/0xeb0 [ 1291.403867][T10228] _do_fork+0xfe/0x7a0 [ 1291.407951][T10228] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1291.414209][T10228] ? __read_once_size+0x5a/0xe0 [ 1291.419087][T10228] __x64_sys_clone+0x130/0x170 [ 1291.423947][T10228] do_syscall_64+0xcc/0x3a0 [ 1291.428469][T10228] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1291.434359][T10228] RIP: 0033:0x458eea 04:19:42 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(0x0, 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1291.438269][T10228] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1291.457876][T10228] RSP: 002b:00007ffdab4b5a10 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1291.466431][T10228] RAX: ffffffffffffffda RBX: 00007ffdab4b5a10 RCX: 0000000000458eea [ 1291.474407][T10228] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1291.482383][T10228] RBP: 00007ffdab4b5a50 R08: 0000000000000001 R09: 0000000002634940 [ 1291.490357][T10228] R10: 0000000002634c10 R11: 0000000000000246 R12: 0000000000000001 [ 1291.498388][T10228] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdab4b5aa0 04:19:43 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', 0x0, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:43 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(0x0, 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1291.705007][T10228] memory: usage 307200kB, limit 307200kB, failcnt 3330 [ 1291.722937][T10228] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1291.733368][T10228] Memory cgroup stats for /syz1: [ 1291.733631][T10228] anon 269930496 [ 1291.733631][T10228] file 45056 [ 1291.733631][T10228] kernel_stack 4018176 [ 1291.733631][T10228] slab 8499200 [ 1291.733631][T10228] sock 0 [ 1291.733631][T10228] shmem 0 [ 1291.733631][T10228] file_mapped 0 [ 1291.733631][T10228] file_dirty 0 [ 1291.733631][T10228] file_writeback 0 [ 1291.733631][T10228] anon_thp 241172480 [ 1291.733631][T10228] inactive_anon 0 [ 1291.733631][T10228] active_anon 269930496 [ 1291.733631][T10228] inactive_file 0 [ 1291.733631][T10228] active_file 0 [ 1291.733631][T10228] unevictable 0 [ 1291.733631][T10228] slab_reclaimable 1216512 [ 1291.733631][T10228] slab_unreclaimable 7282688 [ 1291.733631][T10228] pgfault 113520 [ 1291.733631][T10228] pgmajfault 0 04:19:43 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1291.733631][T10228] workingset_refault 132 [ 1291.733631][T10228] workingset_activate 99 [ 1291.733631][T10228] workingset_nodereclaim 0 [ 1291.733631][T10228] pgrefill 1604 [ 1291.733631][T10228] pgscan 1513 [ 1291.733631][T10228] pgsteal 331 [ 1291.733631][T10228] pgactivate 1122 [ 1291.838650][T10228] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13961,uid=0 [ 1291.888874][T10228] Memory cgroup out of memory: Killed process 13961 (syz-executor.1) total-vm:72716kB, anon-rss:2212kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1292.004599][T13982] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1292.028315][T13982] CPU: 1 PID: 13982 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1292.037020][T13982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1292.047069][T13982] Call Trace: [ 1292.050368][T13982] dump_stack+0x11d/0x181 [ 1292.054714][T13982] dump_header+0xaa/0x39c [ 1292.059089][T13982] oom_kill_process.cold+0x10/0x15 [ 1292.064212][T13982] out_of_memory+0x231/0xa60 [ 1292.068912][T13982] mem_cgroup_out_of_memory+0x128/0x150 [ 1292.074592][T13982] try_charge+0xb6c/0xbf0 [ 1292.078983][T13982] ? rcu_note_context_switch+0x6d0/0x760 [ 1292.087510][T13982] mem_cgroup_try_charge+0xd2/0x260 [ 1292.092867][T13982] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1292.098539][T13982] wp_page_copy+0x322/0x1040 [ 1292.103242][T13982] ? __read_once_size+0x41/0xe0 [ 1292.108111][T13982] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1292.114022][T13982] do_wp_page+0x192/0xeb0 [ 1292.118362][T13982] ? record_times+0x16/0x90 [ 1292.122888][T13982] __handle_mm_fault+0x1d16/0x2e00 [ 1292.128019][T13982] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1292.134243][T13982] handle_mm_fault+0x21b/0x530 [ 1292.139021][T13982] __do_page_fault+0x456/0x8d0 [ 1292.143794][T13982] do_page_fault+0x38/0x194 [ 1292.148310][T13982] page_fault+0x34/0x40 [ 1292.152474][T13982] RIP: 0033:0x40f920 [ 1292.156388][T13982] Code: 89 f8 89 c6 81 e6 ff 1f 00 00 8b 14 b5 00 00 73 00 41 39 d0 74 23 85 d2 74 58 83 c0 01 41 39 c1 75 e0 48 89 f8 25 ff 1f 00 00 <89> 3c 85 00 00 73 00 83 c5 01 e8 d1 22 ff ff 41 83 c7 01 45 39 7c [ 1292.176096][T13982] RSP: 002b:00007fff75c8a340 EFLAGS: 00010202 [ 1292.182193][T13982] RAX: 00000000000013b6 RBX: 000000000761d130 RCX: 0000001b34620000 [ 1292.190172][T13982] RDX: 000000005291f3b8 RSI: 00000000000013b9 RDI: ffffffff60a7d3b6 [ 1292.198151][T13982] RBP: 0000000000000001 R08: 0000000060a7d3b6 R09: 0000000060a7d3ba [ 1292.206142][T13982] R10: 00007fff75c8a4e0 R11: 0000000000000000 R12: 000000000075bfa8 [ 1292.214231][T13982] R13: 0000000080000000 R14: 00007fa5a5177008 R15: 000000000000000e [ 1292.230214][T13982] memory: usage 307200kB, limit 307200kB, failcnt 3696 [ 1292.247213][T13982] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1292.278175][T13982] Memory cgroup stats for /syz2: [ 1292.278420][T13982] anon 236732416 [ 1292.278420][T13982] file 102400 [ 1292.278420][T13982] kernel_stack 7188480 [ 1292.278420][T13982] slab 13623296 [ 1292.278420][T13982] sock 0 [ 1292.278420][T13982] shmem 0 [ 1292.278420][T13982] file_mapped 0 [ 1292.278420][T13982] file_dirty 0 [ 1292.278420][T13982] file_writeback 0 [ 1292.278420][T13982] anon_thp 188743680 [ 1292.278420][T13982] inactive_anon 0 [ 1292.278420][T13982] active_anon 236732416 [ 1292.278420][T13982] inactive_file 8192 [ 1292.278420][T13982] active_file 0 [ 1292.278420][T13982] unevictable 0 [ 1292.278420][T13982] slab_reclaimable 1622016 [ 1292.278420][T13982] slab_unreclaimable 12001280 [ 1292.278420][T13982] pgfault 111771 [ 1292.278420][T13982] pgmajfault 0 [ 1292.278420][T13982] workingset_refault 231 [ 1292.278420][T13982] workingset_activate 132 [ 1292.278420][T13982] workingset_nodereclaim 0 [ 1292.278420][T13982] pgrefill 2382 [ 1292.278420][T13982] pgscan 14650 [ 1292.278420][T13982] pgsteal 12791 [ 1292.380147][T13982] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=20376,uid=0 [ 1292.434160][T13982] Memory cgroup out of memory: Killed process 20376 (syz-executor.2) total-vm:72716kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1292.461113][ T546] oom_reaper: reaped process 20376 (syz-executor.2), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 1292.473933][T14003] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1292.508983][T14003] CPU: 0 PID: 14003 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0 [ 1292.517746][T14003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1292.527970][T14003] Call Trace: [ 1292.531307][T14003] dump_stack+0x11d/0x181 [ 1292.535646][T14003] dump_header+0xaa/0x39c [ 1292.540000][T14003] oom_kill_process.cold+0x10/0x15 [ 1292.545126][T14003] out_of_memory+0x231/0xa60 [ 1292.549752][T14003] mem_cgroup_out_of_memory+0x128/0x150 [ 1292.555303][T14003] try_charge+0xb6c/0xbf0 [ 1292.559650][T14003] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1292.565554][T14003] ? __rcu_read_unlock+0x66/0x3d0 [ 1292.570589][T14003] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1292.576125][T14003] __memcg_kmem_charge+0xcf/0x1b0 [ 1292.581161][T14003] __alloc_pages_nodemask+0x26c/0x310 [ 1292.586557][T14003] alloc_pages_current+0xd1/0x170 [ 1292.591613][T14003] pte_alloc_one+0x18/0x50 [ 1292.596044][T14003] __handle_mm_fault+0x2be6/0x2e00 [ 1292.601170][T14003] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1292.607245][T14003] handle_mm_fault+0x21b/0x530 [ 1292.612047][T14003] __do_page_fault+0x456/0x8d0 [ 1292.616817][T14003] do_page_fault+0x38/0x194 [ 1292.621401][T14003] page_fault+0x34/0x40 [ 1292.625560][T14003] RIP: 0033:0x45a919 [ 1292.629460][T14003] Code: Bad RIP value. [ 1292.633660][T14003] RSP: 002b:00007f8515893c78 EFLAGS: 00010246 [ 1292.639793][T14003] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 000000000045a919 [ 1292.647767][T14003] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1292.655737][T14003] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1292.663717][T14003] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85158946d4 [ 1292.671691][T14003] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1292.681783][T14003] memory: usage 307200kB, limit 307200kB, failcnt 3874 [ 1292.688740][T14003] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1292.695594][T14003] Memory cgroup stats for /syz3: [ 1292.695756][T14003] anon 245878784 [ 1292.695756][T14003] file 0 [ 1292.695756][T14003] kernel_stack 6303744 [ 1292.695756][T14003] slab 12587008 [ 1292.695756][T14003] sock 0 [ 1292.695756][T14003] shmem 0 [ 1292.695756][T14003] file_mapped 0 [ 1292.695756][T14003] file_dirty 0 [ 1292.695756][T14003] file_writeback 0 [ 1292.695756][T14003] anon_thp 203423744 [ 1292.695756][T14003] inactive_anon 0 [ 1292.695756][T14003] active_anon 245878784 [ 1292.695756][T14003] inactive_file 0 [ 1292.695756][T14003] active_file 53248 [ 1292.695756][T14003] unevictable 0 [ 1292.695756][T14003] slab_reclaimable 1757184 [ 1292.695756][T14003] slab_unreclaimable 10829824 [ 1292.695756][T14003] pgfault 104874 [ 1292.695756][T14003] pgmajfault 0 [ 1292.695756][T14003] workingset_refault 198 [ 1292.695756][T14003] workingset_activate 132 [ 1292.695756][T14003] workingset_nodereclaim 0 [ 1292.695756][T14003] pgrefill 2329 [ 1292.695756][T14003] pgscan 2273 [ 1292.695756][T14003] pgsteal 449 [ 1292.814565][T14003] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=14002,uid=0 [ 1292.830682][T14003] Memory cgroup out of memory: Killed process 14002 (syz-executor.3) total-vm:72584kB, anon-rss:2200kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1292.879497][ T7943] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1292.908702][ T7943] CPU: 0 PID: 7943 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 1292.917426][ T7943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1292.927477][ T7943] Call Trace: [ 1292.930781][ T7943] dump_stack+0x11d/0x181 [ 1292.935201][ T7943] dump_header+0xaa/0x39c [ 1292.939680][ T7943] oom_kill_process.cold+0x10/0x15 [ 1292.944820][ T7943] out_of_memory+0x231/0xa60 [ 1292.949428][ T7943] mem_cgroup_out_of_memory+0x128/0x150 [ 1292.954989][ T7943] try_charge+0xb6c/0xbf0 [ 1292.959329][ T7943] ? __rcu_read_unlock+0x66/0x3d0 [ 1292.964361][ T7943] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1292.969832][ T7943] __memcg_kmem_charge+0xcf/0x1b0 [ 1292.974867][ T7943] __alloc_pages_nodemask+0x26c/0x310 [ 1292.980276][ T7943] alloc_pages_current+0xd1/0x170 [ 1292.985308][ T7943] get_zeroed_page+0x14/0x50 [ 1292.989920][ T7943] __pud_alloc+0x48/0x250 [ 1292.994411][ T7943] ? preempt_count_add+0x6f/0xb0 [ 1292.999350][ T7943] pud_alloc+0xc3/0x100 [ 1293.003533][ T7943] copy_page_range+0x270/0x19b0 [ 1293.008395][ T7943] ? __read_once_size.constprop.0+0x12/0x20 [ 1293.014314][ T7943] ? __read_once_size.constprop.0+0x12/0x20 [ 1293.020222][ T7943] ? __rcu_read_unlock+0x66/0x3d0 [ 1293.025249][ T7943] ? __rcu_read_unlock+0x66/0x3d0 [ 1293.030277][ T7943] ? __rb_rotate_set_parents+0x9a/0xf0 [ 1293.035797][ T7943] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1293.041626][ T7943] ? vma_gap_callbacks_rotate+0x126/0x190 [ 1293.047345][ T7943] ? __rb_insert_augmented+0x11a/0x370 [ 1293.052840][ T7943] ? vm_get_page_prot+0x90/0x90 [ 1293.057707][ T7943] ? __vma_link_rb+0x3f4/0x440 [ 1293.062486][ T7943] dup_mm+0x74a/0xba0 [ 1293.066543][ T7943] copy_process+0x3138/0x3c40 [ 1293.071241][ T7943] ? do_wp_page+0x19f/0xeb0 [ 1293.075855][ T7943] _do_fork+0xfe/0x7a0 [ 1293.080064][ T7943] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1293.086007][ T7943] ? __read_once_size+0x5a/0xe0 [ 1293.090871][ T7943] __x64_sys_clone+0x130/0x170 [ 1293.095649][ T7943] do_syscall_64+0xcc/0x3a0 [ 1293.100180][ T7943] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1293.106126][ T7943] RIP: 0033:0x458eea [ 1293.110033][ T7943] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1293.129645][ T7943] RSP: 002b:00007ffcaccd00b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1293.138119][ T7943] RAX: ffffffffffffffda RBX: 00007ffcaccd00b0 RCX: 0000000000458eea [ 1293.146149][ T7943] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1293.154170][ T7943] RBP: 00007ffcaccd00f0 R08: 0000000000000001 R09: 0000000001ea4940 [ 1293.162143][ T7943] R10: 0000000001ea4c10 R11: 0000000000000246 R12: 0000000000000001 [ 1293.170175][ T7943] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffcaccd0140 04:19:44 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', 0x0, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x700, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:44 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', 0x0, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:44 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:44 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1293.208532][ T7943] memory: usage 307200kB, limit 307200kB, failcnt 1200 [ 1293.215420][ T7943] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1293.228628][ T7943] Memory cgroup stats for /syz5: [ 1293.228799][ T7943] anon 274079744 [ 1293.228799][ T7943] file 0 [ 1293.228799][ T7943] kernel_stack 3612672 [ 1293.228799][ T7943] slab 7102464 [ 1293.228799][ T7943] sock 0 [ 1293.228799][ T7943] shmem 0 [ 1293.228799][ T7943] file_mapped 0 [ 1293.228799][ T7943] file_dirty 0 [ 1293.228799][ T7943] file_writeback 0 [ 1293.228799][ T7943] anon_thp 249561088 [ 1293.228799][ T7943] inactive_anon 0 [ 1293.228799][ T7943] active_anon 274079744 [ 1293.228799][ T7943] inactive_file 77824 [ 1293.228799][ T7943] active_file 45056 [ 1293.228799][ T7943] unevictable 0 [ 1293.228799][ T7943] slab_reclaimable 946176 [ 1293.228799][ T7943] slab_unreclaimable 6156288 [ 1293.228799][ T7943] pgfault 97218 [ 1293.228799][ T7943] pgmajfault 0 [ 1293.228799][ T7943] workingset_refault 132 [ 1293.228799][ T7943] workingset_activate 66 [ 1293.228799][ T7943] workingset_nodereclaim 0 [ 1293.228799][ T7943] pgrefill 1114 [ 1293.228799][ T7943] pgscan 1073 [ 1293.228799][ T7943] pgsteal 370 [ 1293.388614][ T7943] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10653,uid=0 [ 1293.418113][ T7943] Memory cgroup out of memory: Killed process 10653 (syz-executor.5) total-vm:72584kB, anon-rss:2204kB, file-rss:35852kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 04:19:45 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1293.556069][T14020] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1293.606623][T14020] CPU: 1 PID: 14020 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1293.615750][T14020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1293.625807][T14020] Call Trace: [ 1293.629204][T14020] dump_stack+0x11d/0x181 [ 1293.637460][T14020] dump_header+0xaa/0x39c [ 1293.641842][T14020] oom_kill_process.cold+0x10/0x15 [ 1293.647036][T14020] out_of_memory+0x231/0xa60 [ 1293.651682][T14020] mem_cgroup_out_of_memory+0x128/0x150 [ 1293.657942][T14020] try_charge+0xb6c/0xbf0 [ 1293.662420][T14020] ? rcu_note_context_switch+0x6d0/0x760 [ 1293.668101][T14020] mem_cgroup_try_charge+0xd2/0x260 [ 1293.673330][T14020] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1293.679006][T14020] wp_page_copy+0x322/0x1040 [ 1293.683642][T14020] ? __read_once_size+0x41/0xe0 [ 1293.688513][T14020] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1293.694418][T14020] do_wp_page+0x192/0xeb0 [ 1293.698872][T14020] __handle_mm_fault+0x1d16/0x2e00 [ 1293.703994][T14020] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1293.710076][T14020] handle_mm_fault+0x21b/0x530 [ 1293.714859][T14020] __do_page_fault+0x456/0x8d0 [ 1293.719747][T14020] do_page_fault+0x38/0x194 [ 1293.724261][T14020] page_fault+0x34/0x40 [ 1293.728415][T14020] RIP: 0033:0x40d318 [ 1293.732318][T14020] Code: d9 48 8b 47 78 48 83 f8 ff 0f 84 0b 01 00 00 48 8b 73 18 48 83 fe ff 74 29 48 81 fe e7 03 00 00 0f 87 67 01 00 00 48 c1 e6 04 86 80 80 75 00 01 48 89 86 88 80 75 00 66 2e 0f 1f 84 00 00 00 04:19:45 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x0, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1293.752035][T14020] RSP: 002b:00007ffdab4b5880 EFLAGS: 00010202 [ 1293.758104][T14020] RAX: 0000000000000003 RBX: 000000000075bf20 RCX: 0000000000000001 [ 1293.766176][T14020] RDX: 0000000000000001 RSI: 0000000000000010 RDI: 000000000075bf20 [ 1293.774163][T14020] RBP: 000000000000002d R08: ffffffffffffffff R09: ffffffffffffffff [ 1293.782181][T14020] R10: 00007ffdab4b5980 R11: 0000000000000246 R12: 000000000075bf20 [ 1293.790151][T14020] R13: 000000000013b84e R14: 000000000013b87b R15: 000000000075bf2c [ 1293.804867][T14020] memory: usage 307176kB, limit 307200kB, failcnt 3365 [ 1293.811991][T14020] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1293.819266][T14020] Memory cgroup stats for /syz1: [ 1293.819479][T14020] anon 269930496 [ 1293.819479][T14020] file 45056 [ 1293.819479][T14020] kernel_stack 4018176 [ 1293.819479][T14020] slab 8499200 [ 1293.819479][T14020] sock 0 [ 1293.819479][T14020] shmem 0 [ 1293.819479][T14020] file_mapped 0 [ 1293.819479][T14020] file_dirty 0 [ 1293.819479][T14020] file_writeback 0 [ 1293.819479][T14020] anon_thp 241172480 [ 1293.819479][T14020] inactive_anon 0 [ 1293.819479][T14020] active_anon 269930496 [ 1293.819479][T14020] inactive_file 0 [ 1293.819479][T14020] active_file 0 [ 1293.819479][T14020] unevictable 0 [ 1293.819479][T14020] slab_reclaimable 1216512 [ 1293.819479][T14020] slab_unreclaimable 7282688 [ 1293.819479][T14020] pgfault 113586 [ 1293.819479][T14020] pgmajfault 0 [ 1293.819479][T14020] workingset_refault 132 [ 1293.819479][T14020] workingset_activate 99 [ 1293.819479][T14020] workingset_nodereclaim 0 [ 1293.819479][T14020] pgrefill 1637 [ 1293.819479][T14020] pgscan 1546 [ 1293.819479][T14020] pgsteal 364 [ 1293.819479][T14020] pgactivate 1155 [ 1293.921964][T14020] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=13992,uid=0 04:19:45 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x0, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1294.077171][T14020] Memory cgroup out of memory: Killed process 13992 (syz-executor.1) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1294.109599][T14258] __nla_validate_parse: 15 callbacks suppressed [ 1294.109625][T14258] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1294.250769][T14060] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1294.293092][T14024] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1294.318918][T14060] CPU: 1 PID: 14060 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0 [ 1294.328487][T14060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1294.338582][T14060] Call Trace: [ 1294.341879][T14060] dump_stack+0x11d/0x181 [ 1294.346270][T14060] dump_header+0xaa/0x39c [ 1294.350611][T14060] oom_kill_process.cold+0x10/0x15 [ 1294.355744][T14060] out_of_memory+0x231/0xa60 [ 1294.360569][T14060] mem_cgroup_out_of_memory+0x128/0x150 [ 1294.366164][T14060] try_charge+0xb6c/0xbf0 [ 1294.370580][T14060] ? __rcu_read_unlock+0x66/0x3d0 [ 1294.375620][T14060] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1294.381199][T14060] __memcg_kmem_charge+0xcf/0x1b0 [ 1294.386245][T14060] __alloc_pages_nodemask+0x26c/0x310 [ 1294.391729][T14060] alloc_pages_current+0xd1/0x170 [ 1294.396846][T14060] __pmd_alloc+0x4b/0x2b0 [ 1294.401190][T14060] __handle_mm_fault+0x9b6/0x2e00 [ 1294.406308][T14060] handle_mm_fault+0x21b/0x530 [ 1294.411091][T14060] __do_page_fault+0x456/0x8d0 [ 1294.415920][T14060] ? __close_fd+0xfc/0x140 [ 1294.420385][T14060] do_page_fault+0x38/0x194 [ 1294.424941][T14060] page_fault+0x34/0x40 [ 1294.429128][T14060] RIP: 0033:0x401c27 [ 1294.433038][T14060] Code: 00 00 00 48 83 ec 08 48 8b 15 6d 0a 67 00 48 8b 05 5e 0a 67 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 40 0a 67 00 48 83 c4 08 c3 48 89 c6 bf 78 c1 4c 00 [ 1294.452642][T14060] RSP: 002b:00007ffdb9b63770 EFLAGS: 00010287 [ 1294.458710][T14060] RAX: 0000001b33920000 RBX: 0000000000000000 RCX: 0000001b34920000 [ 1294.466683][T14060] RDX: 0000001b33920004 RSI: 00007ffdb9b63530 RDI: 0000000000000000 [ 1294.474678][T14060] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004 [ 1294.482684][T14060] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 1294.490695][T14060] R13: 00007ffdb9b63960 R14: 0000000000000000 R15: 00007ffdb9b63970 04:19:46 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:46 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:46 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x0, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:46 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x0, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:46 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1294.758815][T14060] memory: usage 307200kB, limit 307200kB, failcnt 3911 [ 1294.788391][T14060] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1294.822156][T14269] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1294.834949][T14060] Memory cgroup stats for /syz3: [ 1294.835190][T14060] anon 245878784 [ 1294.835190][T14060] file 0 [ 1294.835190][T14060] kernel_stack 6303744 [ 1294.835190][T14060] slab 12587008 [ 1294.835190][T14060] sock 0 [ 1294.835190][T14060] shmem 0 [ 1294.835190][T14060] file_mapped 0 [ 1294.835190][T14060] file_dirty 0 [ 1294.835190][T14060] file_writeback 0 [ 1294.835190][T14060] anon_thp 203423744 [ 1294.835190][T14060] inactive_anon 0 [ 1294.835190][T14060] active_anon 245878784 [ 1294.835190][T14060] inactive_file 0 [ 1294.835190][T14060] active_file 53248 [ 1294.835190][T14060] unevictable 0 [ 1294.835190][T14060] slab_reclaimable 1757184 [ 1294.835190][T14060] slab_unreclaimable 10829824 [ 1294.835190][T14060] pgfault 104907 [ 1294.835190][T14060] pgmajfault 0 [ 1294.835190][T14060] workingset_refault 198 [ 1294.835190][T14060] workingset_activate 132 [ 1294.835190][T14060] workingset_nodereclaim 0 [ 1294.835190][T14060] pgrefill 2362 [ 1294.835190][T14060] pgscan 2306 [ 1294.835190][T14060] pgsteal 449 [ 1294.893197][T14282] FS-Cache: Duplicate cookie detected [ 1294.933893][T14282] FS-Cache: O-cookie c=00000000d45d149e [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1294.942820][T14282] FS-Cache: O-cookie d=00000000b2421e71 n=00000000c1f33556 [ 1294.950100][T14282] FS-Cache: O-key=[10] '02000200000000100000' [ 1294.956380][T14282] FS-Cache: N-cookie c=00000000ef94f4fc [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1294.965203][T14282] FS-Cache: N-cookie d=00000000b2421e71 n=00000000d9b84f46 [ 1294.972476][T14282] FS-Cache: N-key=[10] '02000200000000100000' [ 1295.031842][T14281] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1295.303946][T14060] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=20599,uid=0 [ 1295.386095][T14060] Memory cgroup out of memory: Killed process 20599 (syz-executor.3) total-vm:72716kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1295.432806][T14276] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1295.450234][T14276] CPU: 1 PID: 14276 Comm: syz-executor.0 Not tainted 5.5.0-rc1-syzkaller #0 [ 1295.459197][T14276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1295.470069][T14276] Call Trace: [ 1295.473373][T14276] dump_stack+0x11d/0x181 [ 1295.477717][T14276] dump_header+0xaa/0x39c [ 1295.482173][T14276] oom_kill_process.cold+0x10/0x15 [ 1295.487293][T14276] out_of_memory+0x231/0xa60 [ 1295.491906][T14276] mem_cgroup_out_of_memory+0x128/0x150 [ 1295.497461][T14276] try_charge+0xb6c/0xbf0 [ 1295.501824][T14276] ? __rcu_read_unlock+0x66/0x3d0 [ 1295.506869][T14276] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1295.512425][T14276] __memcg_kmem_charge+0xcf/0x1b0 [ 1295.517464][T14276] copy_process+0x11d2/0x3c40 [ 1295.522203][T14276] ? record_times+0x16/0x90 [ 1295.526734][T14276] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1295.532813][T14276] _do_fork+0xfe/0x7a0 [ 1295.536953][T14276] ? cgroup_file_notify+0xff/0x130 [ 1295.542111][T14276] ? blkcg_maybe_throttle_current+0x23d/0x580 [ 1295.548165][T14276] __x64_sys_clone+0x130/0x170 [ 1295.552921][T14276] do_syscall_64+0xcc/0x3a0 [ 1295.557414][T14276] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1295.563306][T14276] RIP: 0033:0x45d2e9 [ 1295.567186][T14276] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1295.586812][T14276] RSP: 002b:00007ffec46619c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1295.595230][T14276] RAX: ffffffffffffffda RBX: 00007fcace6ff700 RCX: 000000000045d2e9 [ 1295.603204][T14276] RDX: 00007fcace6ff9d0 RSI: 00007fcace6fedb0 RDI: 00000000003d0f00 [ 1295.611236][T14276] RBP: 00007ffec4661be0 R08: 00007fcace6ff700 R09: 00007fcace6ff700 [ 1295.619247][T14276] R10: 00007fcace6ff9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1295.627222][T14276] R13: 00007ffec4661a7f R14: 00007fcace6ff9c0 R15: 000000000075bfd4 [ 1295.645059][T14276] memory: usage 307200kB, limit 307200kB, failcnt 4250 [ 1295.663730][T14276] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1295.678606][T14276] Memory cgroup stats for /syz0: [ 1295.678816][T14276] anon 253714432 [ 1295.678816][T14276] file 106496 [ 1295.678816][T14276] kernel_stack 5529600 [ 1295.678816][T14276] slab 11243520 [ 1295.678816][T14276] sock 0 [ 1295.678816][T14276] shmem 0 [ 1295.678816][T14276] file_mapped 0 [ 1295.678816][T14276] file_dirty 0 [ 1295.678816][T14276] file_writeback 0 [ 1295.678816][T14276] anon_thp 213909504 [ 1295.678816][T14276] inactive_anon 0 [ 1295.678816][T14276] active_anon 253714432 [ 1295.678816][T14276] inactive_file 0 [ 1295.678816][T14276] active_file 0 [ 1295.678816][T14276] unevictable 0 [ 1295.678816][T14276] slab_reclaimable 1486848 [ 1295.678816][T14276] slab_unreclaimable 9756672 [ 1295.678816][T14276] pgfault 112860 [ 1295.678816][T14276] pgmajfault 0 [ 1295.678816][T14276] workingset_refault 198 [ 1295.678816][T14276] workingset_activate 132 [ 1295.678816][T14276] workingset_nodereclaim 0 [ 1295.678816][T14276] pgrefill 2611 [ 1295.678816][T14276] pgscan 2541 [ 1295.678816][T14276] pgsteal 468 [ 1295.706341][T14393] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1295.773922][T14276] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=13970,uid=0 [ 1295.807470][T14276] Memory cgroup out of memory: Killed process 13970 (syz-executor.0) total-vm:72716kB, anon-rss:2212kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1295.849902][T14396] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1295.854540][T14284] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1295.865662][T14396] CPU: 1 PID: 14396 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0 [ 1295.880174][T14396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1295.890282][T14396] Call Trace: [ 1295.893591][T14396] dump_stack+0x11d/0x181 [ 1295.897940][T14396] dump_header+0xaa/0x39c [ 1295.902299][T14396] oom_kill_process.cold+0x10/0x15 [ 1295.907444][T14396] out_of_memory+0x231/0xa60 [ 1295.912057][T14396] mem_cgroup_out_of_memory+0x128/0x150 [ 1295.917644][T14396] try_charge+0xb6c/0xbf0 [ 1295.922115][T14396] ? __rcu_read_unlock+0x66/0x3d0 [ 1295.927149][T14396] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1295.932766][T14396] __memcg_kmem_charge+0xcf/0x1b0 [ 1295.937805][T14396] __alloc_pages_nodemask+0x26c/0x310 [ 1295.943187][T14396] alloc_pages_current+0xd1/0x170 [ 1295.948245][T14396] pte_alloc_one+0x18/0x50 [ 1295.952666][T14396] __pte_alloc+0x2d/0x220 [ 1295.956999][T14396] copy_page_range+0x135a/0x19b0 [ 1295.961979][T14396] ? __vma_link_rb+0x3f4/0x440 [ 1295.966743][T14396] dup_mm+0x74a/0xba0 [ 1295.970751][T14396] copy_process+0x3138/0x3c40 [ 1295.975442][T14396] _do_fork+0xfe/0x7a0 [ 1295.979532][T14396] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1295.985527][T14396] ? __read_once_size+0x5a/0xe0 [ 1295.990608][T14396] __x64_sys_clone+0x130/0x170 [ 1295.995404][T14396] do_syscall_64+0xcc/0x3a0 [ 1296.000214][T14396] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1296.006274][T14396] RIP: 0033:0x45a919 [ 1296.010540][T14396] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1296.030507][T14396] RSP: 002b:00007f8515893c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1296.039052][T14396] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1296.047483][T14396] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1296.055529][T14396] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1296.063584][T14396] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85158946d4 [ 1296.071670][T14396] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1296.084220][T14396] memory: usage 307200kB, limit 307200kB, failcnt 3949 [ 1296.091302][T14396] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1296.101415][T14396] Memory cgroup stats for /syz3: [ 1296.101580][T14396] anon 245878784 [ 1296.101580][T14396] file 0 [ 1296.101580][T14396] kernel_stack 6303744 [ 1296.101580][T14396] slab 12587008 [ 1296.101580][T14396] sock 0 [ 1296.101580][T14396] shmem 0 [ 1296.101580][T14396] file_mapped 0 [ 1296.101580][T14396] file_dirty 0 [ 1296.101580][T14396] file_writeback 0 [ 1296.101580][T14396] anon_thp 203423744 [ 1296.101580][T14396] inactive_anon 0 [ 1296.101580][T14396] active_anon 245878784 [ 1296.101580][T14396] inactive_file 0 [ 1296.101580][T14396] active_file 53248 [ 1296.101580][T14396] unevictable 0 [ 1296.101580][T14396] slab_reclaimable 1757184 [ 1296.101580][T14396] slab_unreclaimable 10829824 [ 1296.101580][T14396] pgfault 104973 [ 1296.101580][T14396] pgmajfault 0 [ 1296.101580][T14396] workingset_refault 198 [ 1296.101580][T14396] workingset_activate 132 [ 1296.101580][T14396] workingset_nodereclaim 0 [ 1296.101580][T14396] pgrefill 2395 [ 1296.101580][T14396] pgscan 2306 [ 1296.101580][T14396] pgsteal 449 04:19:47 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', 0x0, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x700, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:47 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x0, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:47 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:47 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:47 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1296.195997][T14396] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=14396,uid=0 [ 1296.211504][T14396] Memory cgroup out of memory: Killed process 14396 (syz-executor.3) total-vm:72716kB, anon-rss:2208kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 04:19:47 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1296.262633][ T7925] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1296.288693][ T7925] CPU: 1 PID: 7925 Comm: syz-executor.0 Not tainted 5.5.0-rc1-syzkaller #0 [ 1296.297803][ T7925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1296.308005][ T7925] Call Trace: [ 1296.311323][ T7925] dump_stack+0x11d/0x181 [ 1296.315769][ T7925] dump_header+0xaa/0x39c [ 1296.320361][ T7925] oom_kill_process.cold+0x10/0x15 [ 1296.325481][ T7925] out_of_memory+0x231/0xa60 [ 1296.330194][ T7925] mem_cgroup_out_of_memory+0x128/0x150 [ 1296.335760][ T7925] try_charge+0xb6c/0xbf0 [ 1296.340575][ T7925] ? kvm_clock_read+0x18/0x30 [ 1296.345329][ T7925] ? __rcu_read_unlock+0x66/0x3d0 [ 1296.350418][ T7925] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1296.355886][ T7925] __memcg_kmem_charge+0xcf/0x1b0 [ 1296.360935][ T7925] __alloc_pages_nodemask+0x26c/0x310 [ 1296.366568][ T7925] alloc_pages_current+0xd1/0x170 [ 1296.371604][ T7925] __get_free_pages+0xc/0x40 [ 1296.376196][ T7925] pgd_alloc+0x34/0x220 [ 1296.380438][ T7925] mm_init+0x377/0x560 [ 1296.380953][T14451] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1296.384645][ T7925] dup_mm+0x98/0xba0 [ 1296.384667][ T7925] ? memcg_kmem_put_cache+0x7c/0xc0 [ 1296.384723][ T7925] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1296.409825][ T7925] ? __hrtimer_init+0x12f/0x1a0 [ 1296.414967][ T7925] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1296.421221][ T7925] copy_process+0x3138/0x3c40 [ 1296.425968][ T7925] ? do_wp_page+0x19f/0xeb0 [ 1296.430677][ T7925] _do_fork+0xfe/0x7a0 [ 1296.435389][ T7925] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1296.443000][ T7925] ? __read_once_size+0x5a/0xe0 [ 1296.447942][ T7925] __x64_sys_clone+0x130/0x170 [ 1296.452708][ T7925] do_syscall_64+0xcc/0x3a0 [ 1296.457256][ T7925] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1296.463184][ T7925] RIP: 0033:0x458eea [ 1296.467128][ T7925] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1296.487004][ T7925] RSP: 002b:00007ffec4661c60 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1296.492284][T14405] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1296.495528][ T7925] RAX: ffffffffffffffda RBX: 00007ffec4661c60 RCX: 0000000000458eea [ 1296.495617][ T7925] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1296.521003][ T7925] RBP: 00007ffec4661ca0 R08: 0000000000000001 R09: 00000000016b2940 [ 1296.529087][ T7925] R10: 00000000016b2c10 R11: 0000000000000246 R12: 0000000000000001 [ 1296.537216][ T7925] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffec4661cf0 [ 1296.548432][ T7925] memory: usage 307200kB, limit 307200kB, failcnt 4305 [ 1296.559330][ T7925] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1296.567934][ T7925] Memory cgroup stats for /syz0: [ 1296.568226][ T7925] anon 253714432 [ 1296.568226][ T7925] file 106496 [ 1296.568226][ T7925] kernel_stack 5566464 [ 1296.568226][ T7925] slab 11243520 [ 1296.568226][ T7925] sock 0 [ 1296.568226][ T7925] shmem 0 [ 1296.568226][ T7925] file_mapped 0 [ 1296.568226][ T7925] file_dirty 0 [ 1296.568226][ T7925] file_writeback 0 [ 1296.568226][ T7925] anon_thp 213909504 [ 1296.568226][ T7925] inactive_anon 0 04:19:48 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x0, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:48 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', 0x0, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x700, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1296.568226][ T7925] active_anon 253714432 [ 1296.568226][ T7925] inactive_file 0 [ 1296.568226][ T7925] active_file 0 [ 1296.568226][ T7925] unevictable 0 [ 1296.568226][ T7925] slab_reclaimable 1486848 [ 1296.568226][ T7925] slab_unreclaimable 9756672 [ 1296.568226][ T7925] pgfault 112893 [ 1296.568226][ T7925] pgmajfault 0 [ 1296.568226][ T7925] workingset_refault 198 [ 1296.568226][ T7925] workingset_activate 132 [ 1296.568226][ T7925] workingset_nodereclaim 0 [ 1296.568226][ T7925] pgrefill 2611 [ 1296.568226][ T7925] pgscan 2541 [ 1296.568226][ T7925] pgsteal 468 [ 1296.804098][T14512] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1296.921297][T14521] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 04:19:48 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', 0x0, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x700, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:48 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:48 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1297.078861][ T7925] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=13835,uid=0 [ 1297.164382][ T7925] Memory cgroup out of memory: Killed process 13835 (syz-executor.0) total-vm:72716kB, anon-rss:2212kB, file-rss:35808kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1297.211110][ T546] oom_reaper: reaped process 13835 (syz-executor.0), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB [ 1297.227799][ T7931] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1297.264399][ T7931] CPU: 1 PID: 7931 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1297.273033][ T7931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1297.283631][ T7931] Call Trace: [ 1297.286944][ T7931] dump_stack+0x11d/0x181 [ 1297.291360][ T7931] dump_header+0xaa/0x39c [ 1297.295803][ T7931] oom_kill_process.cold+0x10/0x15 [ 1297.300971][ T7931] out_of_memory+0x231/0xa60 [ 1297.305805][ T7931] mem_cgroup_out_of_memory+0x128/0x150 [ 1297.311384][ T7931] try_charge+0xb6c/0xbf0 [ 1297.315735][ T7931] ? rcu_note_context_switch+0x6d0/0x760 [ 1297.321392][ T7931] mem_cgroup_try_charge+0xd2/0x260 [ 1297.326600][ T7931] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1297.332280][ T7931] wp_page_copy+0x322/0x1040 [ 1297.336898][ T7931] ? debug_smp_processor_id+0x43/0x137 [ 1297.342374][ T7931] ? __read_once_size+0x41/0xe0 [ 1297.347259][ T7931] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1297.353170][ T7931] do_wp_page+0x192/0xeb0 [ 1297.357763][ T7931] ? record_times+0x16/0x90 [ 1297.362782][ T7931] __handle_mm_fault+0x1d16/0x2e00 [ 1297.368256][ T7931] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1297.374450][ T7931] handle_mm_fault+0x21b/0x530 [ 1297.379520][ T7931] __do_page_fault+0x456/0x8d0 [ 1297.384546][ T7931] do_page_fault+0x38/0x194 [ 1297.389150][ T7931] page_fault+0x34/0x40 [ 1297.395129][ T7931] RIP: 0033:0x45904a [ 1297.399114][ T7931] Code: 48 85 db 74 b6 41 bc ca 00 00 00 eb 0c 0f 1f 00 48 8b 5b 08 48 85 db 74 a2 48 8b 3b 48 8b 47 10 48 85 c0 74 05 ff d0 48 8b 3b ff 4f 28 0f 94 c0 84 c0 74 db 8b 47 2c 85 c0 74 d4 45 31 d2 ba [ 1297.418925][ T7931] RSP: 002b:00007fff75c8a570 EFLAGS: 00010246 [ 1297.425025][ T7931] RAX: 0000000000000000 RBX: 00007fff75c8a570 RCX: 0000000000458eea [ 1297.433916][ T7931] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000a771a8 [ 1297.441894][ T7931] RBP: 00007fff75c8a5b0 R08: 0000000000000001 R09: 00000000026bd940 [ 1297.449923][ T7931] R10: 00000000026bdc10 R11: 0000000000000246 R12: 00000000000000ca 04:19:48 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1297.457922][ T7931] R13: 0000000000001749 R14: 0000000000000000 R15: 00007fff75c8a600 [ 1297.472676][ T7931] memory: usage 307200kB, limit 307200kB, failcnt 3730 [ 1297.481655][ T7931] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1297.489917][ T7931] Memory cgroup stats for /syz2: [ 1297.490243][ T7931] anon 235454464 [ 1297.490243][ T7931] file 102400 [ 1297.490243][ T7931] kernel_stack 7262208 [ 1297.490243][ T7931] slab 14028800 [ 1297.490243][ T7931] sock 0 [ 1297.490243][ T7931] shmem 0 [ 1297.490243][ T7931] file_mapped 0 [ 1297.490243][ T7931] file_dirty 0 [ 1297.490243][ T7931] file_writeback 0 [ 1297.490243][ T7931] anon_thp 186646528 [ 1297.490243][ T7931] inactive_anon 0 [ 1297.490243][ T7931] active_anon 235454464 [ 1297.490243][ T7931] inactive_file 8192 [ 1297.490243][ T7931] active_file 0 [ 1297.490243][ T7931] unevictable 0 [ 1297.490243][ T7931] slab_reclaimable 1757184 [ 1297.490243][ T7931] slab_unreclaimable 12271616 [ 1297.490243][ T7931] pgfault 112398 [ 1297.490243][ T7931] pgmajfault 0 [ 1297.490243][ T7931] workingset_refault 231 [ 1297.490243][ T7931] workingset_activate 132 [ 1297.490243][ T7931] workingset_nodereclaim 0 [ 1297.490243][ T7931] pgrefill 2415 [ 1297.490243][ T7931] pgscan 14650 [ 1297.490243][ T7931] pgsteal 12791 [ 1297.588607][ T7931] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=20363,uid=0 [ 1297.636023][ T7931] Memory cgroup out of memory: Killed process 20363 (syz-executor.2) total-vm:72716kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1297.761027][T14632] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1297.782897][T14632] CPU: 1 PID: 14632 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1297.791637][T14632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1297.802830][T14632] Call Trace: [ 1297.806545][T14632] dump_stack+0x11d/0x181 [ 1297.810988][T14632] dump_header+0xaa/0x39c [ 1297.815471][T14632] oom_kill_process.cold+0x10/0x15 [ 1297.820657][T14632] out_of_memory+0x231/0xa60 [ 1297.825498][T14632] mem_cgroup_out_of_memory+0x128/0x150 [ 1297.831061][T14632] try_charge+0x800/0xbf0 [ 1297.835500][T14632] ? __rcu_read_unlock+0x66/0x3d0 [ 1297.840580][T14632] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1297.846110][T14632] __memcg_kmem_charge+0xcf/0x1b0 [ 1297.851836][T14632] __alloc_pages_nodemask+0x26c/0x310 [ 1297.857303][T14632] alloc_pages_current+0xd1/0x170 [ 1297.862366][T14632] pte_alloc_one+0x18/0x50 [ 1297.866789][T14632] __handle_mm_fault+0x2be6/0x2e00 [ 1297.871916][T14632] handle_mm_fault+0x21b/0x530 [ 1297.876693][T14632] __do_page_fault+0x456/0x8d0 [ 1297.881501][T14632] do_page_fault+0x38/0x194 [ 1297.886087][T14632] page_fault+0x34/0x40 [ 1297.890242][T14632] RIP: 0033:0x458eea [ 1297.894316][T14632] Code: Bad RIP value. [ 1297.898404][T14632] RSP: 002b:00007fff75c8a570 EFLAGS: 00010246 [ 1297.904507][T14632] RAX: 0000000000000000 RBX: 00007fff75c8a570 RCX: 0000000000458eea [ 1297.912573][T14632] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1297.920613][T14632] RBP: 00007fff75c8a5b0 R08: 0000000000000001 R09: 00000000026bd940 [ 1297.928913][T14632] R10: 00000000026bdc10 R11: 0000000000000246 R12: 0000000000000001 [ 1297.936917][T14632] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff75c8a600 [ 1297.949547][T14632] memory: usage 304900kB, limit 307200kB, failcnt 3730 [ 1297.956469][T14632] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1297.963389][T14632] Memory cgroup stats for /syz2: [ 1297.963573][T14632] anon 233308160 [ 1297.963573][T14632] file 102400 [ 1297.963573][T14632] kernel_stack 7262208 [ 1297.963573][T14632] slab 14028800 [ 1297.963573][T14632] sock 0 [ 1297.963573][T14632] shmem 0 [ 1297.963573][T14632] file_mapped 0 [ 1297.963573][T14632] file_dirty 0 [ 1297.963573][T14632] file_writeback 0 [ 1297.963573][T14632] anon_thp 184549376 [ 1297.963573][T14632] inactive_anon 0 [ 1297.963573][T14632] active_anon 233308160 [ 1297.963573][T14632] inactive_file 8192 [ 1297.963573][T14632] active_file 0 [ 1297.963573][T14632] unevictable 0 [ 1297.963573][T14632] slab_reclaimable 1757184 [ 1297.963573][T14632] slab_unreclaimable 12271616 [ 1297.963573][T14632] pgfault 112398 [ 1297.963573][T14632] pgmajfault 0 [ 1297.963573][T14632] workingset_refault 231 [ 1297.963573][T14632] workingset_activate 132 [ 1297.963573][T14632] workingset_nodereclaim 0 [ 1297.963573][T14632] pgrefill 2415 [ 1297.963573][T14632] pgscan 14650 [ 1297.963573][T14632] pgsteal 12791 [ 1298.062152][T14632] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=20325,uid=0 [ 1298.081648][T14632] Memory cgroup out of memory: Killed process 20325 (syz-executor.2) total-vm:72716kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1298.125846][T14630] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1298.148541][T14630] CPU: 1 PID: 14630 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0 [ 1298.157275][T14630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1298.167417][T14630] Call Trace: [ 1298.170724][T14630] dump_stack+0x11d/0x181 [ 1298.175070][T14630] dump_header+0xaa/0x39c [ 1298.179509][T14630] oom_kill_process.cold+0x10/0x15 [ 1298.184670][T14630] out_of_memory+0x231/0xa60 [ 1298.189267][T14630] mem_cgroup_out_of_memory+0x128/0x150 [ 1298.194822][T14630] try_charge+0xb6c/0xbf0 [ 1298.199170][T14630] ? __tsan_read4+0xc6/0x100 [ 1298.203775][T14630] ? __rcu_read_unlock+0x66/0x3d0 [ 1298.208937][T14630] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1298.214410][T14630] __memcg_kmem_charge+0xcf/0x1b0 [ 1298.219553][T14630] __alloc_pages_nodemask+0x26c/0x310 [ 1298.225002][T14630] alloc_pages_current+0xd1/0x170 [ 1298.230185][T14630] pte_alloc_one+0x18/0x50 [ 1298.234715][T14630] __pte_alloc+0x2d/0x220 [ 1298.239081][T14630] copy_page_range+0x135a/0x19b0 [ 1298.244054][T14630] ? __vma_link_rb+0x3f4/0x440 [ 1298.248906][T14630] dup_mm+0x74a/0xba0 [ 1298.253217][T14630] copy_process+0x3138/0x3c40 [ 1298.258004][T14630] _do_fork+0xfe/0x7a0 [ 1298.262169][T14630] ? cgroup_file_notify+0xff/0x130 [ 1298.267548][T14630] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1298.273481][T14630] ? __read_once_size+0x5a/0xe0 [ 1298.278353][T14630] __x64_sys_clone+0x130/0x170 [ 1298.283158][T14630] do_syscall_64+0xcc/0x3a0 [ 1298.287698][T14630] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1298.293610][T14630] RIP: 0033:0x45a919 [ 1298.297555][T14630] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1298.319087][T14630] RSP: 002b:00007f8515893c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1298.327525][T14630] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1298.335499][T14630] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1298.343517][T14630] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1298.351483][T14630] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85158946d4 [ 1298.359477][T14630] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1298.368820][T14630] memory: usage 307200kB, limit 307200kB, failcnt 3982 [ 1298.375685][T14630] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1298.382643][T14630] Memory cgroup stats for /syz3: [ 1298.382990][T14630] anon 245878784 [ 1298.382990][T14630] file 0 [ 1298.382990][T14630] kernel_stack 6303744 [ 1298.382990][T14630] slab 12587008 [ 1298.382990][T14630] sock 0 [ 1298.382990][T14630] shmem 0 [ 1298.382990][T14630] file_mapped 0 [ 1298.382990][T14630] file_dirty 0 [ 1298.382990][T14630] file_writeback 0 [ 1298.382990][T14630] anon_thp 203423744 [ 1298.382990][T14630] inactive_anon 0 [ 1298.382990][T14630] active_anon 245878784 [ 1298.382990][T14630] inactive_file 0 [ 1298.382990][T14630] active_file 53248 [ 1298.382990][T14630] unevictable 0 [ 1298.382990][T14630] slab_reclaimable 1757184 [ 1298.382990][T14630] slab_unreclaimable 10829824 [ 1298.382990][T14630] pgfault 105072 [ 1298.382990][T14630] pgmajfault 0 [ 1298.382990][T14630] workingset_refault 198 [ 1298.382990][T14630] workingset_activate 132 [ 1298.382990][T14630] workingset_nodereclaim 0 [ 1298.382990][T14630] pgrefill 2395 [ 1298.382990][T14630] pgscan 2306 [ 1298.382990][T14630] pgsteal 449 04:19:49 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:49 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:49 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:49 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:50 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1298.477162][T14630] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=14630,uid=0 [ 1298.493100][T14630] Memory cgroup out of memory: Killed process 14630 (syz-executor.3) total-vm:72716kB, anon-rss:2200kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 04:19:50 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', 0x0, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x700, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1298.764895][T14674] FS-Cache: Duplicate cookie detected [ 1298.770551][T14674] FS-Cache: O-cookie c=00000000d45d149e [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1298.779462][T14674] FS-Cache: O-cookie d=00000000b2421e71 n=00000000b98e7f5b [ 1298.786666][T14674] FS-Cache: O-key=[10] '02000200000000100000' [ 1298.792984][T14674] FS-Cache: N-cookie c=00000000ef94f4fc [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1298.801956][T14674] FS-Cache: N-cookie d=00000000b2421e71 n=0000000037c92a8f [ 1298.809292][T14674] FS-Cache: N-key=[10] '02000200000000100000' 04:19:50 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:50 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:50 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1299.218092][T14784] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1299.282348][T14784] CPU: 0 PID: 14784 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 1299.285269][T14786] __nla_validate_parse: 10 callbacks suppressed [ 1299.285299][T14786] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1299.291136][T14784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1299.291181][T14784] Call Trace: [ 1299.291206][T14784] dump_stack+0x11d/0x181 [ 1299.291231][T14784] dump_header+0xaa/0x39c [ 1299.291263][T14784] oom_kill_process.cold+0x10/0x15 [ 1299.333848][T14784] out_of_memory+0x231/0xa60 [ 1299.338458][T14784] ? __rcu_read_unlock+0x66/0x3d0 [ 1299.343603][T14784] mem_cgroup_out_of_memory+0x128/0x150 [ 1299.349334][T14784] try_charge+0xb6c/0xbf0 [ 1299.353840][T14784] ? rcu_note_context_switch+0x6d0/0x760 [ 1299.359498][T14784] mem_cgroup_try_charge+0xd2/0x260 [ 1299.364712][T14784] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1299.370364][T14784] wp_page_copy+0x322/0x1040 [ 1299.374991][T14784] ? __read_once_size+0x41/0xe0 [ 1299.379912][T14784] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1299.386428][T14784] do_wp_page+0x192/0xeb0 [ 1299.391257][T14784] __handle_mm_fault+0x1d16/0x2e00 [ 1299.397265][T14784] handle_mm_fault+0x21b/0x530 [ 1299.402167][T14784] __do_page_fault+0x456/0x8d0 [ 1299.406956][T14784] do_page_fault+0x38/0x194 [ 1299.411623][T14784] page_fault+0x34/0x40 [ 1299.415846][T14784] RIP: 0033:0x45dde6 04:19:50 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1299.419847][T14784] Code: 24 20 c7 44 24 08 28 00 00 00 c7 44 24 0c 30 00 00 00 48 89 44 24 18 e8 08 00 00 00 48 81 c4 d8 00 00 00 c3 41 57 41 56 41 55 <41> 54 55 53 48 81 ec 38 01 00 00 48 39 f1 0f 82 be 00 00 00 48 85 [ 1299.441092][T14784] RSP: 002b:00007ffcaccd0000 EFLAGS: 00010246 [ 1299.447209][T14784] RAX: 00007ffcaccd0040 RBX: 0000000000000000 RCX: 0000000000000040 [ 1299.449271][T14791] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1299.455270][T14784] RDX: 0000000000000001 RSI: 0000000000000040 RDI: 00007ffcaccd0180 [ 1299.455280][T14784] RBP: 0000000000000000 R08: 00000000004c0245 R09: 00007ffcaccd0028 04:19:50 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1299.455289][T14784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1299.455390][T14784] R13: 00007ffcaccd0130 R14: 0000000000000000 R15: 00007ffcaccd0140 [ 1299.553557][T14784] memory: usage 307200kB, limit 307200kB, failcnt 1226 [ 1299.566903][T14784] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1299.593709][T14784] Memory cgroup stats for /syz5: [ 1299.593969][T14784] anon 272592896 [ 1299.593969][T14784] file 0 [ 1299.593969][T14784] kernel_stack 3723264 [ 1299.593969][T14784] slab 7372800 [ 1299.593969][T14784] sock 0 [ 1299.593969][T14784] shmem 0 [ 1299.593969][T14784] file_mapped 0 [ 1299.593969][T14784] file_dirty 0 [ 1299.593969][T14784] file_writeback 0 [ 1299.593969][T14784] anon_thp 247463936 [ 1299.593969][T14784] inactive_anon 0 [ 1299.593969][T14784] active_anon 272592896 [ 1299.593969][T14784] inactive_file 77824 [ 1299.593969][T14784] active_file 45056 [ 1299.593969][T14784] unevictable 0 [ 1299.593969][T14784] slab_reclaimable 946176 [ 1299.593969][T14784] slab_unreclaimable 6426624 [ 1299.593969][T14784] pgfault 97878 [ 1299.593969][T14784] pgmajfault 0 [ 1299.593969][T14784] workingset_refault 132 [ 1299.593969][T14784] workingset_activate 66 [ 1299.593969][T14784] workingset_nodereclaim 0 [ 1299.593969][T14784] pgrefill 1180 [ 1299.593969][T14784] pgscan 1172 [ 1299.593969][T14784] pgsteal 370 04:19:51 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:51 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1299.687587][T14797] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1299.694405][T14784] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10631,uid=0 [ 1299.716316][T14784] Memory cgroup out of memory: Killed process 10631 (syz-executor.5) total-vm:72584kB, anon-rss:2204kB, file-rss:35852kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1299.803395][T14794] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1299.868949][T14794] CPU: 1 PID: 14794 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1299.877733][T14794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1299.887792][T14794] Call Trace: [ 1299.891162][T14794] dump_stack+0x11d/0x181 [ 1299.895504][T14794] dump_header+0xaa/0x39c [ 1299.899852][T14794] oom_kill_process.cold+0x10/0x15 [ 1299.904975][T14794] out_of_memory+0x231/0xa60 [ 1299.909847][T14794] mem_cgroup_out_of_memory+0x128/0x150 [ 1299.915399][T14794] try_charge+0xb6c/0xbf0 [ 1299.919746][T14794] ? __rcu_read_unlock+0x66/0x3d0 [ 1299.924785][T14794] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1299.930364][T14794] __memcg_kmem_charge+0xcf/0x1b0 [ 1299.935391][T14794] __alloc_pages_nodemask+0x26c/0x310 [ 1299.940857][T14794] alloc_pages_current+0xd1/0x170 [ 1299.945877][T14794] get_zeroed_page+0x14/0x50 [ 1299.950460][T14794] __pud_alloc+0x48/0x250 [ 1299.954856][T14794] ? __anon_vma_interval_tree_augment_rotate+0xfd/0x110 [ 1299.961784][T14794] pud_alloc+0xc3/0x100 [ 1299.965952][T14794] copy_page_range+0x270/0x19b0 [ 1299.970873][T14794] ? __read_once_size.constprop.0+0x12/0x20 [ 1299.977530][T14794] ? __rcu_read_unlock+0x66/0x3d0 [ 1299.982601][T14794] ? __write_once_size.constprop.0+0x20/0x20 [ 1299.988586][T14794] ? __rb_rotate_set_parents+0x9a/0xf0 [ 1299.994908][T14794] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1300.000622][T14794] ? vma_gap_callbacks_rotate+0x126/0x190 [ 1300.006349][T14794] ? __rb_insert_augmented+0x11a/0x370 [ 1300.011932][T14794] ? vm_get_page_prot+0x90/0x90 [ 1300.016784][T14794] dup_mm+0x74a/0xba0 [ 1300.020768][T14794] copy_process+0x3138/0x3c40 [ 1300.025462][T14794] _do_fork+0xfe/0x7a0 [ 1300.029574][T14794] ? cgroup_file_notify+0xff/0x130 [ 1300.034711][T14794] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1300.040597][T14794] ? __read_once_size+0x5a/0xe0 [ 1300.045445][T14794] __x64_sys_clone+0x130/0x170 [ 1300.050217][T14794] do_syscall_64+0xcc/0x3a0 [ 1300.054726][T14794] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1300.060718][T14794] RIP: 0033:0x45a919 [ 1300.064666][T14794] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1300.084272][T14794] RSP: 002b:00007fa5a3175c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1300.092735][T14794] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1300.100770][T14794] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1300.108811][T14794] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1300.116856][T14794] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa5a31766d4 [ 1300.124881][T14794] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1300.142537][T14794] memory: usage 307200kB, limit 307200kB, failcnt 3778 [ 1300.150865][T14794] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 04:19:51 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1300.152374][T14808] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1300.165516][T14794] Memory cgroup stats for /syz2: [ 1300.165732][T14794] anon 235606016 [ 1300.165732][T14794] file 102400 [ 1300.165732][T14794] kernel_stack 7262208 [ 1300.165732][T14794] slab 14028800 [ 1300.165732][T14794] sock 0 [ 1300.165732][T14794] shmem 0 [ 1300.165732][T14794] file_mapped 0 [ 1300.165732][T14794] file_dirty 0 [ 1300.165732][T14794] file_writeback 0 [ 1300.165732][T14794] anon_thp 186646528 [ 1300.165732][T14794] inactive_anon 0 [ 1300.165732][T14794] active_anon 235520000 [ 1300.165732][T14794] inactive_file 8192 [ 1300.165732][T14794] active_file 0 [ 1300.165732][T14794] unevictable 0 [ 1300.165732][T14794] slab_reclaimable 1757184 [ 1300.165732][T14794] slab_unreclaimable 12271616 [ 1300.165732][T14794] pgfault 112728 [ 1300.165732][T14794] pgmajfault 0 [ 1300.165732][T14794] workingset_refault 231 [ 1300.165732][T14794] workingset_activate 132 [ 1300.165732][T14794] workingset_nodereclaim 0 [ 1300.165732][T14794] pgrefill 2481 [ 1300.165732][T14794] pgscan 14683 [ 1300.165732][T14794] pgsteal 12791 [ 1300.183537][T14863] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1300.274601][T14794] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=14794,uid=0 [ 1300.346659][T14794] Memory cgroup out of memory: Killed process 14794 (syz-executor.2) total-vm:72584kB, anon-rss:2200kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 04:19:51 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(0xffffffffffffffff, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:51 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1300.405801][T14916] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1300.436357][T14910] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1300.459251][T14910] CPU: 0 PID: 14910 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0 [ 1300.468222][T14910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1300.478281][T14910] Call Trace: [ 1300.481586][T14910] dump_stack+0x11d/0x181 [ 1300.486017][T14910] dump_header+0xaa/0x39c [ 1300.493715][T14910] oom_kill_process.cold+0x10/0x15 [ 1300.498966][T14910] out_of_memory+0x231/0xa60 [ 1300.503679][T14910] mem_cgroup_out_of_memory+0x128/0x150 [ 1300.509590][T14910] try_charge+0xb6c/0xbf0 [ 1300.514574][T14910] ? __rcu_read_unlock+0x66/0x3d0 [ 1300.520408][T14910] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1300.526278][T14910] __memcg_kmem_charge+0xcf/0x1b0 [ 1300.531342][T14910] __alloc_pages_nodemask+0x26c/0x310 [ 1300.536736][T14910] alloc_pages_current+0xd1/0x170 [ 1300.539475][ T546] oom_reaper: reaped process 14794 (syz-executor.2), now anon-rss:0kB, file-rss:34928kB, shmem-rss:0kB [ 1300.542046][T14910] pte_alloc_one+0x18/0x50 [ 1300.557693][T14910] __pte_alloc+0x2d/0x220 [ 1300.559819][T14917] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1300.562048][T14910] copy_page_range+0x135a/0x19b0 [ 1300.562088][T14910] ? __vma_link_rb+0x3f4/0x440 [ 1300.562117][T14910] dup_mm+0x74a/0xba0 [ 1300.585203][T14910] copy_process+0x3138/0x3c40 [ 1300.590008][T14910] _do_fork+0xfe/0x7a0 [ 1300.594275][T14910] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1300.600288][T14910] ? __read_once_size+0x5a/0xe0 [ 1300.605171][T14910] __x64_sys_clone+0x130/0x170 [ 1300.609955][T14910] do_syscall_64+0xcc/0x3a0 [ 1300.614494][T14910] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1300.620389][T14910] RIP: 0033:0x45a919 [ 1300.624335][T14910] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1300.643987][T14910] RSP: 002b:00007f8515872c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1300.652409][T14910] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 04:19:52 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1300.660536][T14910] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1300.668595][T14910] RBP: 000000000075bfc8 R08: ffffffffffffffff R09: 0000000000000000 [ 1300.676574][T14910] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85158736d4 [ 1300.684621][T14910] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1300.701168][T14910] memory: usage 307200kB, limit 307200kB, failcnt 4028 [ 1300.711331][T14910] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1300.728819][T14910] Memory cgroup stats for /syz3: [ 1300.729104][T14910] anon 245964800 [ 1300.729104][T14910] file 0 [ 1300.729104][T14910] kernel_stack 6303744 [ 1300.729104][T14910] slab 12587008 [ 1300.729104][T14910] sock 0 [ 1300.729104][T14910] shmem 0 [ 1300.729104][T14910] file_mapped 0 [ 1300.729104][T14910] file_dirty 0 [ 1300.729104][T14910] file_writeback 0 [ 1300.729104][T14910] anon_thp 203423744 [ 1300.729104][T14910] inactive_anon 0 [ 1300.729104][T14910] active_anon 245882880 [ 1300.729104][T14910] inactive_file 0 [ 1300.729104][T14910] active_file 53248 [ 1300.729104][T14910] unevictable 0 [ 1300.729104][T14910] slab_reclaimable 1757184 [ 1300.729104][T14910] slab_unreclaimable 10829824 [ 1300.729104][T14910] pgfault 105303 [ 1300.729104][T14910] pgmajfault 0 [ 1300.729104][T14910] workingset_refault 198 [ 1300.729104][T14910] workingset_activate 132 [ 1300.729104][T14910] workingset_nodereclaim 0 [ 1300.729104][T14910] pgrefill 2395 [ 1300.729104][T14910] pgscan 2372 [ 1300.729104][T14910] pgsteal 449 [ 1300.953585][T15034] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. 04:19:52 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1301.008590][T14910] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=14911,uid=0 04:19:52 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1301.188824][T14910] Memory cgroup out of memory: Killed process 14911 (syz-executor.3) total-vm:72716kB, anon-rss:2200kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 04:19:52 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(0xffffffffffffffff, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1301.277732][ T546] oom_reaper: reaped process 14911 (syz-executor.3), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB [ 1301.281518][T15027] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1301.314645][T15027] CPU: 0 PID: 15027 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1301.323440][T15027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1301.333491][T15027] Call Trace: [ 1301.336787][T15027] dump_stack+0x11d/0x181 [ 1301.341228][T15027] dump_header+0xaa/0x39c [ 1301.345644][T15027] oom_kill_process.cold+0x10/0x15 [ 1301.351387][T15027] out_of_memory+0x231/0xa60 [ 1301.355981][T15027] mem_cgroup_out_of_memory+0x128/0x150 [ 1301.361532][T15027] try_charge+0xb6c/0xbf0 [ 1301.365979][T15027] ? rcu_note_context_switch+0x6d0/0x760 [ 1301.371626][T15027] mem_cgroup_try_charge+0xd2/0x260 [ 1301.376833][T15027] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1301.382804][T15027] wp_page_copy+0x322/0x1040 [ 1301.387394][T15027] ? preempt_schedule+0x30/0x40 [ 1301.392331][T15027] ? ___preempt_schedule+0x16/0x18 [ 1301.397448][T15027] do_wp_page+0x192/0xeb0 [ 1301.401855][T15027] ? record_times+0x16/0x90 [ 1301.406390][T15027] __handle_mm_fault+0x1d16/0x2e00 [ 1301.411574][T15027] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1301.417650][T15027] handle_mm_fault+0x21b/0x530 [ 1301.422453][T15027] __do_page_fault+0x456/0x8d0 04:19:52 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1301.427228][T15027] do_page_fault+0x38/0x194 [ 1301.431734][T15027] page_fault+0x34/0x40 [ 1301.435889][T15027] RIP: 0033:0x40d0d8 [ 1301.439839][T15027] Code: 00 00 49 8d be 88 00 00 00 48 89 ea 48 89 de 0f 85 dd 00 00 00 e8 d8 2c 00 00 8b 05 32 af 32 00 48 8b 15 a3 55 66 00 83 c0 01 <89> 05 22 af 32 00 89 02 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f [ 1301.459443][T15027] RSP: 002b:00007ffdab4b5840 EFLAGS: 00010202 [ 1301.465655][T15027] RAX: 0000000000000001 RBX: 0000001b32c20014 RCX: 0000001b33c20000 04:19:52 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1301.473635][T15027] RDX: 0000001b32c20000 RSI: 0000000000000b7f RDI: ffffffff63b54b7f [ 1301.481599][T15027] RBP: 0000001b32c20018 R08: 0000000063b54b7f R09: 0000000063b54b83 [ 1301.489570][T15027] R10: 00007ffdab4b5980 R11: 0000000000000246 R12: 0000001b32c2001c [ 1301.497540][T15027] R13: 000000000013d8ef R14: 000000000075bf20 R15: 000000000075bf2c [ 1301.518447][T15042] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1301.521366][T15027] memory: usage 307200kB, limit 307200kB, failcnt 3389 [ 1301.573792][T15027] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1301.618675][T15027] Memory cgroup stats for /syz1: [ 1301.618923][T15027] anon 268627968 [ 1301.618923][T15027] file 45056 [ 1301.618923][T15027] kernel_stack 4165632 [ 1301.618923][T15027] slab 8634368 [ 1301.618923][T15027] sock 0 [ 1301.618923][T15027] shmem 0 [ 1301.618923][T15027] file_mapped 0 [ 1301.618923][T15027] file_dirty 0 [ 1301.618923][T15027] file_writeback 0 [ 1301.618923][T15027] anon_thp 239075328 [ 1301.618923][T15027] inactive_anon 0 [ 1301.618923][T15027] active_anon 268627968 [ 1301.618923][T15027] inactive_file 0 04:19:53 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:53 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(0xffffffffffffffff, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1301.618923][T15027] active_file 0 [ 1301.618923][T15027] unevictable 0 [ 1301.618923][T15027] slab_reclaimable 1216512 [ 1301.618923][T15027] slab_unreclaimable 7417856 [ 1301.618923][T15027] pgfault 114279 [ 1301.618923][T15027] pgmajfault 0 [ 1301.618923][T15027] workingset_refault 132 [ 1301.618923][T15027] workingset_activate 99 [ 1301.618923][T15027] workingset_nodereclaim 0 [ 1301.618923][T15027] pgrefill 1670 [ 1301.618923][T15027] pgscan 1612 [ 1301.618923][T15027] pgsteal 364 [ 1301.618923][T15027] pgactivate 1188 [ 1301.723527][T15027] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=21268,uid=0 [ 1301.772989][T15147] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1301.864033][T15027] Memory cgroup out of memory: Killed process 21268 (syz-executor.1) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 04:19:53 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:53 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1302.133409][T15035] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1302.194161][T15035] CPU: 0 PID: 15035 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1302.202873][T15035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1302.212931][T15035] Call Trace: [ 1302.216228][T15035] dump_stack+0x11d/0x181 [ 1302.220568][T15035] dump_header+0xaa/0x39c [ 1302.224934][T15035] oom_kill_process.cold+0x10/0x15 [ 1302.230061][T15035] out_of_memory+0x231/0xa60 [ 1302.234676][T15035] mem_cgroup_out_of_memory+0x128/0x150 [ 1302.240235][T15035] try_charge+0xb6c/0xbf0 [ 1302.244573][T15035] ? __rcu_read_unlock+0x66/0x3d0 [ 1302.249617][T15035] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1302.255138][T15035] __memcg_kmem_charge+0xcf/0x1b0 [ 1302.260178][T15035] __alloc_pages_nodemask+0x26c/0x310 [ 1302.265552][T15035] alloc_pages_current+0xd1/0x170 [ 1302.270634][T15035] get_zeroed_page+0x14/0x50 [ 1302.275234][T15035] __pud_alloc+0x48/0x250 [ 1302.279658][T15035] ? __anon_vma_interval_tree_augment_rotate+0xfd/0x110 [ 1302.286604][T15035] pud_alloc+0xc3/0x100 [ 1302.290770][T15035] copy_page_range+0x270/0x19b0 [ 1302.295630][T15035] ? __read_once_size.constprop.0+0x12/0x20 [ 1302.301536][T15035] ? __rcu_read_unlock+0x66/0x3d0 [ 1302.306568][T15035] ? __write_once_size.constprop.0+0x20/0x20 [ 1302.312640][T15035] ? __rb_rotate_set_parents+0x9a/0xf0 [ 1302.318221][T15035] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1302.323948][T15035] ? vma_gap_callbacks_rotate+0x126/0x190 [ 1302.329673][T15035] ? __rb_insert_augmented+0x11a/0x370 [ 1302.335126][T15035] ? vm_get_page_prot+0x90/0x90 [ 1302.340043][T15035] dup_mm+0x74a/0xba0 [ 1302.344052][T15035] copy_process+0x3138/0x3c40 [ 1302.348825][T15035] _do_fork+0xfe/0x7a0 [ 1302.352899][T15035] ? cgroup_file_notify+0xff/0x130 [ 1302.358054][T15035] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1302.364024][T15035] ? __read_once_size+0x5a/0xe0 [ 1302.368881][T15035] __x64_sys_clone+0x130/0x170 [ 1302.373660][T15035] do_syscall_64+0xcc/0x3a0 [ 1302.378176][T15035] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1302.384126][T15035] RIP: 0033:0x45a919 [ 1302.388031][T15035] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1302.407754][T15035] RSP: 002b:00007fa5a3175c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1302.416172][T15035] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1302.424147][T15035] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1302.432123][T15035] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1302.440115][T15035] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa5a31766d4 [ 1302.448088][T15035] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1302.460360][T15035] memory: usage 307200kB, limit 307200kB, failcnt 3831 [ 1302.468385][T15035] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1302.476182][T15035] Memory cgroup stats for /syz2: [ 1302.476391][T15035] anon 235581440 [ 1302.476391][T15035] file 102400 [ 1302.476391][T15035] kernel_stack 7262208 [ 1302.476391][T15035] slab 14028800 [ 1302.476391][T15035] sock 0 [ 1302.476391][T15035] shmem 0 [ 1302.476391][T15035] file_mapped 0 [ 1302.476391][T15035] file_dirty 0 [ 1302.476391][T15035] file_writeback 0 [ 1302.476391][T15035] anon_thp 186646528 [ 1302.476391][T15035] inactive_anon 0 [ 1302.476391][T15035] active_anon 235503616 [ 1302.476391][T15035] inactive_file 8192 [ 1302.476391][T15035] active_file 0 [ 1302.476391][T15035] unevictable 0 [ 1302.476391][T15035] slab_reclaimable 1757184 [ 1302.476391][T15035] slab_unreclaimable 12271616 [ 1302.476391][T15035] pgfault 112860 [ 1302.476391][T15035] pgmajfault 0 [ 1302.476391][T15035] workingset_refault 231 [ 1302.476391][T15035] workingset_activate 132 [ 1302.476391][T15035] workingset_nodereclaim 0 [ 1302.476391][T15035] pgrefill 2481 [ 1302.476391][T15035] pgscan 14683 [ 1302.476391][T15035] pgsteal 12791 04:19:54 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:54 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:54 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:54 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1302.669208][T15035] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15035,uid=0 [ 1302.711667][T15035] Memory cgroup out of memory: Killed process 15035 (syz-executor.2) total-vm:72716kB, anon-rss:2208kB, file-rss:35888kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1302.764367][ T7931] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1302.848662][ T7931] CPU: 0 PID: 7931 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1302.857283][ T7931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1302.867377][ T7931] Call Trace: [ 1302.870720][ T7931] dump_stack+0x11d/0x181 [ 1302.875056][ T7931] dump_header+0xaa/0x39c [ 1302.879441][ T7931] oom_kill_process.cold+0x10/0x15 [ 1302.884554][ T7931] out_of_memory+0x231/0xa60 [ 1302.889171][ T7931] mem_cgroup_out_of_memory+0x128/0x150 [ 1302.894850][ T7931] try_charge+0x800/0xbf0 [ 1302.899190][ T7931] ? rcu_note_context_switch+0x6d0/0x760 [ 1302.904862][ T7931] mem_cgroup_try_charge+0xd2/0x260 [ 1302.910133][ T7931] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1302.915763][ T7931] wp_page_copy+0x322/0x1040 [ 1302.920363][ T7931] ? __read_once_size+0x41/0xe0 [ 1302.925219][ T7931] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1302.931122][ T7931] do_wp_page+0x192/0xeb0 [ 1302.935458][ T7931] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1302.941214][ T7931] __handle_mm_fault+0x1d16/0x2e00 [ 1302.946341][ T7931] handle_mm_fault+0x21b/0x530 [ 1302.951119][ T7931] __do_page_fault+0x456/0x8d0 [ 1302.955918][ T7931] do_page_fault+0x38/0x194 [ 1302.960463][ T7931] page_fault+0x34/0x40 [ 1302.964612][ T7931] RIP: 0033:0x4319fa [ 1302.968518][ T7931] Code: 48 29 e8 31 c9 48 81 fb 40 a6 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 48 89 4a 08 <48> 89 46 08 48 8d 4a 10 8b 05 4c 57 64 00 85 c0 0f 84 3a f7 ff ff [ 1302.988122][ T7931] RSP: 002b:00007fff75c88240 EFLAGS: 00010206 [ 1302.994192][ T7931] RAX: 0000000000010651 RBX: 000000000071a640 RCX: 0000000000008041 [ 1303.002162][ T7931] RDX: 00000000026c6970 RSI: 00000000026ce9b0 RDI: 0000000000000003 [ 1303.010299][ T7931] RBP: 0000000000008041 R08: 0000000000000000 R09: 000000000000000c [ 1303.018278][ T7931] R10: 0000000000000005 R11: 0000000000000246 R12: 000000000071a698 [ 1303.026255][ T7931] R13: 000000000071a698 R14: 0000000000000000 R15: 0000000000002710 [ 1303.153502][T15186] FS-Cache: Duplicate cookie detected [ 1303.159051][T15186] FS-Cache: O-cookie c=00000000d45d149e [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1303.167952][T15186] FS-Cache: O-cookie d=00000000b2421e71 n=0000000046460ad5 [ 1303.175310][T15186] FS-Cache: O-key=[10] '02000200000000100000' [ 1303.181668][T15186] FS-Cache: N-cookie c=0000000029b3e08d [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1303.190533][T15186] FS-Cache: N-cookie d=00000000b2421e71 n=000000008812b76f [ 1303.197759][T15186] FS-Cache: N-key=[10] '02000200000000100000' [ 1303.350042][ T7931] memory: usage 304844kB, limit 307200kB, failcnt 3836 [ 1303.356987][ T7931] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1303.370749][ T7931] Memory cgroup stats for /syz2: [ 1303.370975][ T7931] anon 233418752 [ 1303.370975][ T7931] file 102400 [ 1303.370975][ T7931] kernel_stack 7262208 [ 1303.370975][ T7931] slab 14028800 [ 1303.370975][ T7931] sock 0 [ 1303.370975][ T7931] shmem 0 [ 1303.370975][ T7931] file_mapped 0 [ 1303.370975][ T7931] file_dirty 0 [ 1303.370975][ T7931] file_writeback 0 [ 1303.370975][ T7931] anon_thp 184549376 [ 1303.370975][ T7931] inactive_anon 0 [ 1303.370975][ T7931] active_anon 233340928 [ 1303.370975][ T7931] inactive_file 8192 [ 1303.370975][ T7931] active_file 0 [ 1303.370975][ T7931] unevictable 0 [ 1303.370975][ T7931] slab_reclaimable 1757184 [ 1303.370975][ T7931] slab_unreclaimable 12271616 [ 1303.370975][ T7931] pgfault 112860 [ 1303.370975][ T7931] pgmajfault 0 [ 1303.370975][ T7931] workingset_refault 231 [ 1303.370975][ T7931] workingset_activate 132 [ 1303.370975][ T7931] workingset_nodereclaim 0 [ 1303.370975][ T7931] pgrefill 2481 [ 1303.370975][ T7931] pgscan 14683 [ 1303.370975][ T7931] pgsteal 12791 [ 1303.464864][ T7931] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=20255,uid=0 [ 1303.489948][ T7931] Memory cgroup out of memory: Killed process 20255 (syz-executor.2) total-vm:72716kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1303.530872][T15157] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1303.572714][T15157] CPU: 0 PID: 15157 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0 [ 1303.581468][T15157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1303.591522][T15157] Call Trace: [ 1303.594868][T15157] dump_stack+0x11d/0x181 [ 1303.599249][T15157] dump_header+0xaa/0x39c [ 1303.603605][T15157] oom_kill_process.cold+0x10/0x15 [ 1303.608722][T15157] out_of_memory+0x231/0xa60 [ 1303.613346][T15157] mem_cgroup_out_of_memory+0x128/0x150 [ 1303.618910][T15157] try_charge+0xb6c/0xbf0 [ 1303.623416][T15157] ? __rcu_read_unlock+0x66/0x3d0 [ 1303.628531][T15157] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1303.634011][T15157] __memcg_kmem_charge+0xcf/0x1b0 [ 1303.639191][T15157] __alloc_pages_nodemask+0x26c/0x310 [ 1303.644771][T15157] alloc_pages_current+0xd1/0x170 [ 1303.649823][T15157] pte_alloc_one+0x18/0x50 [ 1303.654262][T15157] __pte_alloc+0x2d/0x220 [ 1303.658596][T15157] copy_page_range+0x135a/0x19b0 [ 1303.663575][T15157] ? __vma_link_rb+0x3f4/0x440 [ 1303.669218][T15157] dup_mm+0x74a/0xba0 [ 1303.673219][T15157] copy_process+0x3138/0x3c40 [ 1303.677919][T15157] _do_fork+0xfe/0x7a0 [ 1303.682033][T15157] ? cgroup_file_notify+0xff/0x130 [ 1303.687154][T15157] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1303.693107][T15157] ? __read_once_size+0x5a/0xe0 [ 1303.697969][T15157] __x64_sys_clone+0x130/0x170 [ 1303.702790][T15157] do_syscall_64+0xcc/0x3a0 [ 1303.707309][T15157] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1303.713273][T15157] RIP: 0033:0x45a919 [ 1303.717186][T15157] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1303.737354][T15157] RSP: 002b:00007f8515893c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1303.745777][T15157] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1303.753869][T15157] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1303.761878][T15157] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1303.769851][T15157] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85158946d4 [ 1303.777820][T15157] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1303.786136][T15157] memory: usage 307184kB, limit 307200kB, failcnt 4072 [ 1303.793084][T15157] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1303.799975][T15157] Memory cgroup stats for /syz3: [ 1303.800156][T15157] anon 245964800 [ 1303.800156][T15157] file 0 [ 1303.800156][T15157] kernel_stack 6266880 [ 1303.800156][T15157] slab 12587008 [ 1303.800156][T15157] sock 0 [ 1303.800156][T15157] shmem 0 [ 1303.800156][T15157] file_mapped 0 [ 1303.800156][T15157] file_dirty 0 [ 1303.800156][T15157] file_writeback 0 [ 1303.800156][T15157] anon_thp 203423744 [ 1303.800156][T15157] inactive_anon 0 [ 1303.800156][T15157] active_anon 245882880 [ 1303.800156][T15157] inactive_file 0 [ 1303.800156][T15157] active_file 53248 [ 1303.800156][T15157] unevictable 0 [ 1303.800156][T15157] slab_reclaimable 1757184 [ 1303.800156][T15157] slab_unreclaimable 10829824 [ 1303.800156][T15157] pgfault 105435 [ 1303.800156][T15157] pgmajfault 0 04:19:55 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:55 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1303.800156][T15157] workingset_refault 198 [ 1303.800156][T15157] workingset_activate 132 [ 1303.800156][T15157] workingset_nodereclaim 0 [ 1303.800156][T15157] pgrefill 2395 [ 1303.800156][T15157] pgscan 2372 [ 1303.800156][T15157] pgsteal 449 [ 1303.895191][T15157] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=15157,uid=0 [ 1303.924750][T15157] Memory cgroup out of memory: Killed process 15157 (syz-executor.3) total-vm:72584kB, anon-rss:2200kB, file-rss:35804kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 04:19:55 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1303.964462][T10228] syz-executor.1 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 1303.981840][T10228] CPU: 0 PID: 10228 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1303.990537][T10228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1304.000590][T10228] Call Trace: [ 1304.003897][T10228] dump_stack+0x11d/0x181 [ 1304.008242][T10228] dump_header+0xaa/0x39c [ 1304.012614][T10228] oom_kill_process.cold+0x10/0x15 [ 1304.017876][T10228] out_of_memory+0x231/0xa60 [ 1304.022488][T10228] mem_cgroup_out_of_memory+0x128/0x150 [ 1304.028043][T10228] try_charge+0xb6c/0xbf0 [ 1304.032387][T10228] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1304.037857][T10228] cache_grow_begin+0x3bb/0x5c0 [ 1304.042841][T10228] fallback_alloc+0x161/0x1f0 [ 1304.047597][T10228] ____cache_alloc_node+0x1b1/0x1c0 [ 1304.052803][T10228] ? memcg_kmem_get_cache+0x1b1/0x320 [ 1304.058180][T10228] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1304.064480][T10228] kmem_cache_alloc+0x179/0x5d0 [ 1304.069346][T10228] vm_area_dup+0x49/0xf0 [ 1304.071695][ T546] oom_reaper: reaped process 15157 (syz-executor.3), now anon-rss:0kB, file-rss:34920kB, shmem-rss:0kB [ 1304.073608][T10228] dup_mm+0x330/0xba0 [ 1304.088673][T10228] copy_process+0x3138/0x3c40 [ 1304.093358][T10228] ? do_wp_page+0x19f/0xeb0 [ 1304.098011][T10228] _do_fork+0xfe/0x7a0 [ 1304.102089][T10228] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1304.107989][T10228] ? __read_once_size+0x5a/0xe0 [ 1304.112940][T10228] __x64_sys_clone+0x130/0x170 [ 1304.117792][T10228] do_syscall_64+0xcc/0x3a0 [ 1304.122325][T10228] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1304.128223][T10228] RIP: 0033:0x458eea [ 1304.132130][T10228] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1304.152174][T10228] RSP: 002b:00007ffdab4b5a10 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1304.160596][T10228] RAX: ffffffffffffffda RBX: 00007ffdab4b5a10 RCX: 0000000000458eea 04:19:55 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:55 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1304.168582][T10228] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1304.176559][T10228] RBP: 00007ffdab4b5a50 R08: 0000000000000001 R09: 0000000002634940 [ 1304.184533][T10228] R10: 0000000002634c10 R11: 0000000000000246 R12: 0000000000000001 [ 1304.192537][T10228] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdab4b5aa0 [ 1304.232068][T10228] memory: usage 307200kB, limit 307200kB, failcnt 3478 [ 1304.239025][T10228] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1304.256611][T10228] Memory cgroup stats for /syz1: [ 1304.256919][T10228] anon 268554240 [ 1304.256919][T10228] file 45056 [ 1304.256919][T10228] kernel_stack 4165632 [ 1304.256919][T10228] slab 8634368 [ 1304.256919][T10228] sock 0 [ 1304.256919][T10228] shmem 0 [ 1304.256919][T10228] file_mapped 0 [ 1304.256919][T10228] file_dirty 0 [ 1304.256919][T10228] file_writeback 0 [ 1304.256919][T10228] anon_thp 239075328 [ 1304.256919][T10228] inactive_anon 0 [ 1304.256919][T10228] active_anon 268554240 [ 1304.256919][T10228] inactive_file 0 [ 1304.256919][T10228] active_file 0 [ 1304.256919][T10228] unevictable 0 [ 1304.256919][T10228] slab_reclaimable 1216512 [ 1304.256919][T10228] slab_unreclaimable 7417856 [ 1304.256919][T10228] pgfault 114378 [ 1304.256919][T10228] pgmajfault 0 [ 1304.256919][T10228] workingset_refault 132 [ 1304.256919][T10228] workingset_activate 99 [ 1304.256919][T10228] workingset_nodereclaim 0 [ 1304.256919][T10228] pgrefill 1704 [ 1304.256919][T10228] pgscan 1612 [ 1304.256919][T10228] pgsteal 364 [ 1304.256919][T10228] pgactivate 1221 [ 1304.454222][T15212] __nla_validate_parse: 11 callbacks suppressed [ 1304.454249][T15212] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1304.548676][T10228] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15168,uid=0 04:19:56 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1304.587721][T10228] Memory cgroup out of memory: Killed process 15168 (syz-executor.1) total-vm:72584kB, anon-rss:2204kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1304.660699][ T7943] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1304.691012][ T7943] CPU: 1 PID: 7943 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 1304.699684][ T7943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1304.709736][ T7943] Call Trace: [ 1304.713038][ T7943] dump_stack+0x11d/0x181 [ 1304.717385][ T7943] dump_header+0xaa/0x39c [ 1304.721731][ T7943] oom_kill_process.cold+0x10/0x15 [ 1304.725474][T15218] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1304.726973][ T7943] out_of_memory+0x231/0xa60 [ 1304.727033][ T7943] mem_cgroup_out_of_memory+0x128/0x150 [ 1304.746344][ T7943] try_charge+0xb6c/0xbf0 [ 1304.750910][ T7943] ? kcsan_setup_watchpoint+0x1d4/0x460 04:19:56 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1304.756467][ T7943] ? __rcu_read_unlock+0x66/0x3d0 [ 1304.761547][ T7943] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1304.768839][ T7943] __memcg_kmem_charge+0xcf/0x1b0 [ 1304.773879][ T7943] __alloc_pages_nodemask+0x26c/0x310 [ 1304.779256][ T7943] alloc_pages_current+0xd1/0x170 [ 1304.784362][ T7943] pte_alloc_one+0x18/0x50 [ 1304.788782][ T7943] __pte_alloc+0x2d/0x220 [ 1304.793119][ T7943] copy_page_range+0x135a/0x19b0 [ 1304.798058][ T7943] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1304.804313][ T7943] ? __vma_link_rb+0x3f4/0x440 [ 1304.809069][ T7943] dup_mm+0x74a/0xba0 [ 1304.813123][ T7943] copy_process+0x3138/0x3c40 [ 1304.817790][ T7943] ? do_wp_page+0x19f/0xeb0 [ 1304.822387][ T7943] _do_fork+0xfe/0x7a0 [ 1304.826522][ T7943] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1304.832407][ T7943] ? __read_once_size+0x5a/0xe0 [ 1304.837267][ T7943] __x64_sys_clone+0x130/0x170 [ 1304.842035][ T7943] do_syscall_64+0xcc/0x3a0 [ 1304.846602][ T7943] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1304.852505][ T7943] RIP: 0033:0x458eea [ 1304.856391][ T7943] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1304.878327][ T7943] RSP: 002b:00007ffcaccd00b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1304.886741][ T7943] RAX: ffffffffffffffda RBX: 00007ffcaccd00b0 RCX: 0000000000458eea [ 1304.894699][ T7943] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1304.902653][ T7943] RBP: 00007ffcaccd00f0 R08: 0000000000000001 R09: 0000000001ea4940 [ 1304.910650][ T7943] R10: 0000000001ea4c10 R11: 0000000000000246 R12: 0000000000000001 [ 1304.918686][ T7943] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffcaccd0140 [ 1304.936070][ T7943] memory: usage 307084kB, limit 307200kB, failcnt 1264 [ 1304.950335][ T7943] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1304.960732][ T7943] Memory cgroup stats for /syz5: [ 1304.960884][ T7943] anon 271478784 [ 1304.960884][ T7943] file 0 [ 1304.960884][ T7943] kernel_stack 3870720 [ 1304.960884][ T7943] slab 7643136 [ 1304.960884][ T7943] sock 0 [ 1304.960884][ T7943] shmem 0 [ 1304.960884][ T7943] file_mapped 0 [ 1304.960884][ T7943] file_dirty 0 [ 1304.960884][ T7943] file_writeback 0 [ 1304.960884][ T7943] anon_thp 245366784 [ 1304.960884][ T7943] inactive_anon 0 [ 1304.960884][ T7943] active_anon 271478784 [ 1304.960884][ T7943] inactive_file 0 04:19:56 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1304.960884][ T7943] active_file 45056 [ 1304.960884][ T7943] unevictable 0 [ 1304.960884][ T7943] slab_reclaimable 1081344 [ 1304.960884][ T7943] slab_unreclaimable 6561792 [ 1304.960884][ T7943] pgfault 98505 [ 1304.960884][ T7943] pgmajfault 0 [ 1304.960884][ T7943] workingset_refault 132 [ 1304.960884][ T7943] workingset_activate 66 [ 1304.960884][ T7943] workingset_nodereclaim 0 [ 1304.960884][ T7943] pgrefill 1248 [ 1304.960884][ T7943] pgscan 1238 [ 1304.960884][ T7943] pgsteal 403 [ 1304.960884][ T7943] pgactivate 792 [ 1305.104942][T15225] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1305.109065][ T7943] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10604,uid=0 [ 1305.144592][T15228] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1305.174172][ T7943] Memory cgroup out of memory: Killed process 10604 (syz-executor.5) total-vm:72584kB, anon-rss:2204kB, file-rss:35852kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1305.239934][ T546] oom_reaper: reaped process 10604 (syz-executor.5), now anon-rss:0kB, file-rss:34892kB, shmem-rss:0kB [ 1305.256141][T15205] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1305.281702][T15205] CPU: 0 PID: 15205 Comm: syz-executor.0 Not tainted 5.5.0-rc1-syzkaller #0 [ 1305.290397][T15205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1305.300521][T15205] Call Trace: [ 1305.303864][T15205] dump_stack+0x11d/0x181 [ 1305.308221][T15205] dump_header+0xaa/0x39c [ 1305.312562][T15205] oom_kill_process.cold+0x10/0x15 [ 1305.317758][T15205] out_of_memory+0x231/0xa60 [ 1305.322397][T15205] mem_cgroup_out_of_memory+0x128/0x150 [ 1305.327961][T15205] try_charge+0xb6c/0xbf0 [ 1305.332377][T15205] ? rcu_note_context_switch+0x6d0/0x760 [ 1305.338024][T15205] mem_cgroup_try_charge+0xd2/0x260 [ 1305.343237][T15205] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1305.348937][T15205] wp_page_copy+0x322/0x1040 [ 1305.353588][T15205] ? __read_once_size+0x41/0xe0 [ 1305.358459][T15205] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1305.364394][T15205] do_wp_page+0x192/0xeb0 [ 1305.368735][T15205] __handle_mm_fault+0x1d16/0x2e00 [ 1305.374009][T15205] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1305.380086][T15205] handle_mm_fault+0x21b/0x530 [ 1305.384851][T15205] __do_page_fault+0x456/0x8d0 [ 1305.389620][T15205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1305.395876][T15205] do_page_fault+0x38/0x194 [ 1305.400413][T15205] page_fault+0x34/0x40 [ 1305.404556][T15205] RIP: 0033:0x458f6b [ 1305.408456][T15205] Code: 25 20 06 00 00 b8 90 52 41 00 48 89 15 3e fa 61 00 48 85 c0 74 08 4c 89 cf e8 31 c3 fb ff 45 85 f6 0f 85 58 01 00 00 48 85 db <48> c7 05 1a 20 2c 00 00 00 00 00 48 c7 05 ff 1f 2c 00 00 00 00 00 [ 1305.428228][T15205] RSP: 002b:00007ffec4661c60 EFLAGS: 00010206 [ 1305.434298][T15205] RAX: 0000000000000000 RBX: 00007ffec4661c60 RCX: 00000000004152a3 [ 1305.442265][T15205] RDX: 000002bc7abe6381 RSI: 0000000000000018 RDI: 00000000016b2c20 [ 1305.449010][T15234] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1305.450234][T15205] RBP: 00007ffec4661ca0 R08: 0000000000000001 R09: 00000000016b2940 [ 1305.450246][T15205] R10: 00000000016b2c10 R11: 0000000000000202 R12: 0000000000000001 [ 1305.450256][T15205] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffec4661cf0 [ 1305.698889][T15205] memory: usage 307200kB, limit 307200kB, failcnt 4330 [ 1305.708736][T15205] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1305.726009][T15205] Memory cgroup stats for /syz0: [ 1305.726224][T15205] anon 252444672 [ 1305.726224][T15205] file 106496 [ 1305.726224][T15205] kernel_stack 5640192 [ 1305.726224][T15205] slab 11378688 [ 1305.726224][T15205] sock 0 [ 1305.726224][T15205] shmem 0 [ 1305.726224][T15205] file_mapped 0 [ 1305.726224][T15205] file_dirty 0 [ 1305.726224][T15205] file_writeback 0 [ 1305.726224][T15205] anon_thp 211812352 [ 1305.726224][T15205] inactive_anon 0 [ 1305.726224][T15205] active_anon 252444672 [ 1305.726224][T15205] inactive_file 0 [ 1305.726224][T15205] active_file 40960 [ 1305.726224][T15205] unevictable 0 [ 1305.726224][T15205] slab_reclaimable 1486848 [ 1305.726224][T15205] slab_unreclaimable 9891840 [ 1305.726224][T15205] pgfault 113652 [ 1305.726224][T15205] pgmajfault 0 [ 1305.726224][T15205] workingset_refault 231 [ 1305.726224][T15205] workingset_activate 132 [ 1305.726224][T15205] workingset_nodereclaim 0 [ 1305.726224][T15205] pgrefill 2644 [ 1305.726224][T15205] pgscan 2574 [ 1305.726224][T15205] pgsteal 501 [ 1305.820155][T15205] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=13977,uid=0 [ 1305.844748][T15205] Memory cgroup out of memory: Killed process 13977 (syz-executor.0) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1305.907297][T15214] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1305.923075][T15214] CPU: 0 PID: 15214 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0 [ 1305.931762][T15214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1305.941811][T15214] Call Trace: [ 1305.945114][T15214] dump_stack+0x11d/0x181 [ 1305.949456][T15214] dump_header+0xaa/0x39c [ 1305.953794][T15214] oom_kill_process.cold+0x10/0x15 [ 1305.958693][T15240] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1305.958909][T15214] out_of_memory+0x231/0xa60 [ 1305.958945][T15214] mem_cgroup_out_of_memory+0x128/0x150 [ 1305.978225][T15214] try_charge+0xb6c/0xbf0 [ 1305.982575][T15214] ? __rcu_read_unlock+0x66/0x3d0 [ 1305.987621][T15214] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1305.993097][T15214] __memcg_kmem_charge+0xcf/0x1b0 [ 1305.998136][T15214] __alloc_pages_nodemask+0x26c/0x310 [ 1306.003517][T15214] alloc_pages_current+0xd1/0x170 [ 1306.008547][T15214] pte_alloc_one+0x18/0x50 [ 1306.012959][T15214] __pte_alloc+0x2d/0x220 [ 1306.017310][T15214] copy_page_range+0x135a/0x19b0 [ 1306.022271][T15214] ? __vma_link_rb+0x3f4/0x440 [ 1306.027044][T15214] dup_mm+0x74a/0xba0 [ 1306.031045][T15214] copy_process+0x3138/0x3c40 [ 1306.035740][T15214] _do_fork+0xfe/0x7a0 [ 1306.039809][T15214] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1306.045702][T15214] ? __read_once_size+0x5a/0xe0 [ 1306.050559][T15214] __x64_sys_clone+0x130/0x170 [ 1306.055504][T15214] do_syscall_64+0xcc/0x3a0 [ 1306.060069][T15214] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1306.065947][T15214] RIP: 0033:0x45a919 [ 1306.069828][T15214] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1306.089416][T15214] RSP: 002b:00007f8515872c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1306.097833][T15214] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1306.105795][T15214] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1306.113759][T15214] RBP: 000000000075bfc8 R08: ffffffffffffffff R09: 0000000000000000 [ 1306.121722][T15214] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85158736d4 [ 1306.129673][T15214] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1306.141178][T15214] memory: usage 307200kB, limit 307200kB, failcnt 4091 [ 1306.148029][T15214] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1306.155412][T15214] Memory cgroup stats for /syz3: [ 1306.155499][T15214] anon 245895168 [ 1306.155499][T15214] file 0 [ 1306.155499][T15214] kernel_stack 6266880 [ 1306.155499][T15214] slab 12587008 [ 1306.155499][T15214] sock 0 [ 1306.155499][T15214] shmem 0 [ 1306.155499][T15214] file_mapped 0 [ 1306.155499][T15214] file_dirty 0 [ 1306.155499][T15214] file_writeback 0 [ 1306.155499][T15214] anon_thp 203423744 [ 1306.155499][T15214] inactive_anon 0 [ 1306.155499][T15214] active_anon 245895168 [ 1306.155499][T15214] inactive_file 0 [ 1306.155499][T15214] active_file 53248 [ 1306.155499][T15214] unevictable 0 [ 1306.155499][T15214] slab_reclaimable 1757184 [ 1306.155499][T15214] slab_unreclaimable 10829824 [ 1306.155499][T15214] pgfault 105534 [ 1306.155499][T15214] pgmajfault 0 [ 1306.155499][T15214] workingset_refault 198 [ 1306.155499][T15214] workingset_activate 132 [ 1306.155499][T15214] workingset_nodereclaim 0 [ 1306.155499][T15214] pgrefill 2395 [ 1306.155499][T15214] pgscan 2372 [ 1306.155499][T15214] pgsteal 482 [ 1306.249257][T15214] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=15215,uid=0 [ 1306.264752][T15214] Memory cgroup out of memory: Killed process 15215 (syz-executor.3) total-vm:72716kB, anon-rss:2200kB, file-rss:35808kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1306.284752][T15219] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1306.310474][T15219] CPU: 0 PID: 15219 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1306.319175][T15219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1306.329220][T15219] Call Trace: [ 1306.332578][T15219] dump_stack+0x11d/0x181 [ 1306.336916][T15219] dump_header+0xaa/0x39c [ 1306.341270][T15219] oom_kill_process.cold+0x10/0x15 [ 1306.346399][T15219] out_of_memory+0x231/0xa60 [ 1306.351024][T15219] mem_cgroup_out_of_memory+0x128/0x150 [ 1306.356577][T15219] try_charge+0xb6c/0xbf0 [ 1306.360962][T15219] ? rcu_note_context_switch+0x6d0/0x760 [ 1306.366623][T15219] mem_cgroup_try_charge+0xd2/0x260 [ 1306.371878][T15219] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1306.377515][T15219] __handle_mm_fault+0x197f/0x2e00 [ 1306.382642][T15219] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1306.388717][T15219] handle_mm_fault+0x21b/0x530 [ 1306.393508][T15219] __do_page_fault+0x456/0x8d0 [ 1306.398292][T15219] do_page_fault+0x38/0x194 [ 1306.402797][T15219] page_fault+0x34/0x40 [ 1306.406954][T15219] RIP: 0033:0x441b99 [ 1306.410850][T15219] Code: b7 0e 66 89 0f 48 83 c6 02 48 83 c7 02 0f 1f 40 00 f6 c2 04 74 0c 8b 0e 89 0f 48 83 c6 04 48 83 c7 04 f6 c2 08 74 0e 48 8b 0e <48> 89 0f 48 83 c6 08 48 83 c7 08 81 e2 f0 00 00 00 74 1f 0f 1f 40 [ 1306.430450][T15219] RSP: 002b:00007ffdab4b58a8 EFLAGS: 00010202 [ 1306.436559][T15219] RAX: 0000000020000b00 RBX: 000000000075c9a0 RCX: 0030656c69662f2e [ 1306.444532][T15219] RDX: 0000000000000008 RSI: 0000000000760080 RDI: 0000000020000b00 [ 1306.452506][T15219] RBP: 0000000000760060 R08: 0000000063b54b7f R09: 0000000063b54b83 [ 1306.460587][T15219] R10: 00007ffdab4b5980 R11: 0000000000000246 R12: 000000000075bf20 [ 1306.468608][T15219] R13: 000000000013e95e R14: 0000000000760068 R15: 000000000075bf2c [ 1306.479598][T15219] memory: usage 307192kB, limit 307200kB, failcnt 3512 [ 1306.486729][T15219] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1306.494271][T15219] Memory cgroup stats for /syz1: [ 1306.494541][T15219] anon 268554240 [ 1306.494541][T15219] file 45056 [ 1306.494541][T15219] kernel_stack 4165632 [ 1306.494541][T15219] slab 8634368 [ 1306.494541][T15219] sock 0 [ 1306.494541][T15219] shmem 0 [ 1306.494541][T15219] file_mapped 0 [ 1306.494541][T15219] file_dirty 0 [ 1306.494541][T15219] file_writeback 0 [ 1306.494541][T15219] anon_thp 239075328 [ 1306.494541][T15219] inactive_anon 0 [ 1306.494541][T15219] active_anon 268554240 [ 1306.494541][T15219] inactive_file 0 [ 1306.494541][T15219] active_file 0 [ 1306.494541][T15219] unevictable 0 [ 1306.494541][T15219] slab_reclaimable 1216512 [ 1306.494541][T15219] slab_unreclaimable 7417856 [ 1306.494541][T15219] pgfault 114378 [ 1306.494541][T15219] pgmajfault 0 [ 1306.494541][T15219] workingset_refault 165 [ 1306.494541][T15219] workingset_activate 99 [ 1306.494541][T15219] workingset_nodereclaim 0 [ 1306.494541][T15219] pgrefill 1704 [ 1306.494541][T15219] pgscan 1612 [ 1306.494541][T15219] pgsteal 364 [ 1306.494541][T15219] pgactivate 1221 [ 1306.591737][T15219] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=21243,uid=0 [ 1306.608069][T15219] Memory cgroup out of memory: Killed process 21243 (syz-executor.1) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1306.628335][ T546] oom_reaper: reaped process 21243 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1306.628352][T15232] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1306.628413][T15232] CPU: 0 PID: 15232 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 1306.660157][T15232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1306.670222][T15232] Call Trace: [ 1306.673521][T15232] dump_stack+0x11d/0x181 [ 1306.677852][T15232] dump_header+0xaa/0x39c [ 1306.682202][T15232] oom_kill_process.cold+0x10/0x15 [ 1306.687331][T15232] out_of_memory+0x231/0xa60 [ 1306.691936][T15232] mem_cgroup_out_of_memory+0x128/0x150 [ 1306.697492][T15232] try_charge+0xb6c/0xbf0 [ 1306.701841][T15232] ? __rcu_read_unlock+0x66/0x3d0 [ 1306.706866][T15232] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1306.712325][T15232] __memcg_kmem_charge+0xcf/0x1b0 [ 1306.717355][T15232] __alloc_pages_nodemask+0x26c/0x310 [ 1306.722732][T15232] alloc_pages_current+0xd1/0x170 [ 1306.727745][T15232] pte_alloc_one+0x18/0x50 [ 1306.732213][T15232] __pte_alloc+0x2d/0x220 [ 1306.736535][T15232] copy_page_range+0x135a/0x19b0 [ 1306.741997][T15232] ? __vma_link_rb+0x3f4/0x440 [ 1306.746793][T15232] dup_mm+0x74a/0xba0 [ 1306.750773][T15232] copy_process+0x3138/0x3c40 [ 1306.755483][T15232] _do_fork+0xfe/0x7a0 [ 1306.759544][T15232] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1306.765426][T15232] ? __read_once_size+0x5a/0xe0 [ 1306.770282][T15232] __x64_sys_clone+0x130/0x170 [ 1306.775060][T15232] do_syscall_64+0xcc/0x3a0 [ 1306.779557][T15232] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1306.785453][T15232] RIP: 0033:0x45a919 [ 1306.789344][T15232] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1306.808949][T15232] RSP: 002b:00007f78299edc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1306.817368][T15232] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1306.825329][T15232] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1306.833334][T15232] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1306.841299][T15232] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f78299ee6d4 [ 1306.849272][T15232] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1306.857776][T15232] memory: usage 307176kB, limit 307200kB, failcnt 1290 [ 1306.864899][T15232] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1306.885617][T15232] Memory cgroup stats for /syz5: [ 1306.885756][T15232] anon 271507456 [ 1306.885756][T15232] file 0 [ 1306.885756][T15232] kernel_stack 3907584 [ 1306.885756][T15232] slab 7778304 [ 1306.885756][T15232] sock 0 [ 1306.885756][T15232] shmem 0 [ 1306.885756][T15232] file_mapped 0 [ 1306.885756][T15232] file_dirty 0 [ 1306.885756][T15232] file_writeback 0 [ 1306.885756][T15232] anon_thp 245366784 [ 1306.885756][T15232] inactive_anon 0 [ 1306.885756][T15232] active_anon 271507456 [ 1306.885756][T15232] inactive_file 0 [ 1306.885756][T15232] active_file 45056 [ 1306.885756][T15232] unevictable 0 [ 1306.885756][T15232] slab_reclaimable 1081344 [ 1306.885756][T15232] slab_unreclaimable 6696960 [ 1306.885756][T15232] pgfault 98571 [ 1306.885756][T15232] pgmajfault 0 [ 1306.885756][T15232] workingset_refault 132 [ 1306.885756][T15232] workingset_activate 66 [ 1306.885756][T15232] workingset_nodereclaim 0 [ 1306.885756][T15232] pgrefill 1281 [ 1306.885756][T15232] pgscan 1271 [ 1306.885756][T15232] pgsteal 403 [ 1306.885756][T15232] pgactivate 792 [ 1306.888139][T15222] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1306.890985][T15232] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10574,uid=0 [ 1307.016643][T15232] Memory cgroup out of memory: Killed process 10574 (syz-executor.5) total-vm:72584kB, anon-rss:2204kB, file-rss:35852kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1307.039586][ T546] oom_reaper: reaped process 10574 (syz-executor.5), now anon-rss:0kB, file-rss:34892kB, shmem-rss:0kB 04:19:58 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:58 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:58 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:58 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, 0x0, 0x0) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:58 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:58 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1307.285004][T15255] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1307.311776][T15260] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1307.338932][T15257] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1307.410558][T15269] FS-Cache: Duplicate cookie detected [ 1307.416012][T15269] FS-Cache: O-cookie c=00000000ef94f4fc [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1307.424931][T15269] FS-Cache: O-cookie d=00000000b2421e71 n=000000003a27a8a7 [ 1307.432183][T15269] FS-Cache: O-key=[10] '02000200000000100000' [ 1307.438284][T15269] FS-Cache: N-cookie c=00000000348d0d38 [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1307.447006][T15269] FS-Cache: N-cookie d=00000000b2421e71 n=000000006eeb35d7 [ 1307.454214][T15269] FS-Cache: N-key=[10] '02000200000000100000' [ 1307.460731][T15255] FS-Cache: Duplicate cookie detected [ 1307.466197][T15255] FS-Cache: O-cookie c=00000000ef94f4fc [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1307.475385][T15255] FS-Cache: O-cookie d=00000000b2421e71 n=000000003a27a8a7 [ 1307.482651][T15255] FS-Cache: O-key=[10] '02000200000000100000' [ 1307.489024][T15255] FS-Cache: N-cookie c=0000000029b3e08d [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1307.497749][T15255] FS-Cache: N-cookie d=00000000b2421e71 n=00000000843208f6 [ 1307.505131][T15255] FS-Cache: N-key=[10] '02000200000000100000' 04:19:59 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:59 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:59 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, 0x0, 0x0) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1307.757752][T15252] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 04:19:59 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, 0x0, 0x0) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:19:59 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1307.907126][T15252] CPU: 1 PID: 15252 Comm: syz-executor.0 Not tainted 5.5.0-rc1-syzkaller #0 [ 1307.915840][T15252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1307.925919][T15252] Call Trace: [ 1307.929216][T15252] dump_stack+0x11d/0x181 [ 1307.933566][T15252] dump_header+0xaa/0x39c [ 1307.938169][T15252] oom_kill_process.cold+0x10/0x15 [ 1307.943556][T15252] out_of_memory+0x231/0xa60 [ 1307.948270][T15252] ? __rcu_read_unlock+0x66/0x3d0 [ 1307.953493][T15252] mem_cgroup_out_of_memory+0x128/0x150 [ 1307.959026][T15252] try_charge+0xb6c/0xbf0 [ 1307.963341][T15252] ? rcu_note_context_switch+0x6d0/0x760 [ 1307.968970][T15252] mem_cgroup_try_charge+0xd2/0x260 [ 1307.974289][T15252] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1307.979984][T15252] wp_page_copy+0x322/0x1040 [ 1307.984570][T15252] ? __read_once_size+0x41/0xe0 [ 1307.989407][T15252] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1307.995407][T15252] do_wp_page+0x192/0xeb0 [ 1307.999719][T15252] ? record_times+0x16/0x90 [ 1308.004210][T15252] __handle_mm_fault+0x1d16/0x2e00 [ 1308.009309][T15252] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1308.015372][T15252] handle_mm_fault+0x21b/0x530 [ 1308.020194][T15252] __do_page_fault+0x456/0x8d0 [ 1308.024940][T15252] do_page_fault+0x38/0x194 [ 1308.029464][T15252] page_fault+0x34/0x40 [ 1308.033658][T15252] RIP: 0033:0x40db24 [ 1308.037562][T15252] Code: 00 00 48 63 eb 74 0f 81 fb e7 03 00 00 b8 e8 03 00 00 48 0f 4e e8 e8 6b 4b ff ff bb e8 03 00 00 49 89 c5 4c 8d 74 05 00 eb 10 57 4b ff ff 48 89 c2 4c 29 ea 48 39 d5 72 52 4c 89 f1 31 d2 4c [ 1308.057186][T15252] RSP: 002b:00007ffec4661b00 EFLAGS: 00010246 [ 1308.063306][T15252] RAX: 0000000000000000 RBX: 00000000000003e8 RCX: 000000000045a919 [ 1308.071257][T15252] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bf2c [ 1308.079211][T15252] RBP: 000000000000002d R08: ffffffffffffffff R09: ffffffffffffffff [ 1308.087268][T15252] R10: 00007ffec4661bd0 R11: 0000000000000246 R12: 000000000075bf20 [ 1308.095219][T15252] R13: 000000000013f307 R14: 000000000013f334 R15: 000000000075bf2c [ 1308.109462][T15252] memory: usage 307200kB, limit 307200kB, failcnt 4393 [ 1308.116744][T15252] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1308.182658][T15252] Memory cgroup stats for /syz0: [ 1308.182906][T15252] anon 252424192 [ 1308.182906][T15252] file 106496 [ 1308.182906][T15252] kernel_stack 5677056 [ 1308.182906][T15252] slab 11378688 [ 1308.182906][T15252] sock 0 [ 1308.182906][T15252] shmem 0 [ 1308.182906][T15252] file_mapped 0 [ 1308.182906][T15252] file_dirty 0 [ 1308.182906][T15252] file_writeback 0 [ 1308.182906][T15252] anon_thp 211812352 [ 1308.182906][T15252] inactive_anon 0 [ 1308.182906][T15252] active_anon 252424192 [ 1308.182906][T15252] inactive_file 0 04:19:59 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1308.182906][T15252] active_file 40960 [ 1308.182906][T15252] unevictable 0 [ 1308.182906][T15252] slab_reclaimable 1486848 [ 1308.182906][T15252] slab_unreclaimable 9891840 [ 1308.182906][T15252] pgfault 113817 [ 1308.182906][T15252] pgmajfault 0 [ 1308.182906][T15252] workingset_refault 231 [ 1308.182906][T15252] workingset_activate 132 [ 1308.182906][T15252] workingset_nodereclaim 0 [ 1308.182906][T15252] pgrefill 2644 [ 1308.182906][T15252] pgscan 2574 [ 1308.182906][T15252] pgsteal 501 04:19:59 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(0xffffffffffffffff, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:00 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1308.537435][T15252] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15269,uid=0 [ 1308.628821][T15252] Memory cgroup out of memory: Killed process 15269 (syz-executor.0) total-vm:72716kB, anon-rss:2212kB, file-rss:35808kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1308.722198][ T546] oom_reaper: reaped process 15269 (syz-executor.0), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB [ 1308.728948][T15377] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 04:20:00 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, 0x0, 0x0) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1308.780563][T15377] CPU: 1 PID: 15377 Comm: syz-executor.0 Not tainted 5.5.0-rc1-syzkaller #0 [ 1308.789269][T15377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1308.799323][T15377] Call Trace: [ 1308.802788][T15377] dump_stack+0x11d/0x181 [ 1308.807118][T15377] dump_header+0xaa/0x39c [ 1308.811488][T15377] oom_kill_process.cold+0x10/0x15 [ 1308.816610][T15377] out_of_memory+0x231/0xa60 [ 1308.821222][T15377] mem_cgroup_out_of_memory+0x128/0x150 [ 1308.826774][T15377] try_charge+0x800/0xbf0 [ 1308.831180][T15377] ? __rcu_read_unlock+0x66/0x3d0 [ 1308.836209][T15377] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1308.841669][T15377] __memcg_kmem_charge+0xcf/0x1b0 [ 1308.846703][T15377] __alloc_pages_nodemask+0x26c/0x310 [ 1308.852130][T15377] alloc_pages_current+0xd1/0x170 [ 1308.857322][T15377] pte_alloc_one+0x18/0x50 [ 1308.861723][T15377] __handle_mm_fault+0x2be6/0x2e00 [ 1308.866822][T15377] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1308.872927][T15377] handle_mm_fault+0x21b/0x530 [ 1308.877676][T15377] __do_page_fault+0x456/0x8d0 [ 1308.882528][T15377] do_page_fault+0x38/0x194 [ 1308.887164][T15377] page_fault+0x34/0x40 [ 1308.891346][T15377] RIP: 0033:0x45a919 [ 1308.895229][T15377] Code: Bad RIP value. [ 1308.899274][T15377] RSP: 002b:00007fcace71fc78 EFLAGS: 00010246 [ 1308.905330][T15377] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 000000000045a919 [ 1308.913544][T15377] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1308.921516][T15377] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 04:20:00 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1308.929560][T15377] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcace7206d4 [ 1308.937512][T15377] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1308.954428][T15377] memory: usage 307004kB, limit 307200kB, failcnt 4396 [ 1308.995016][T15377] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1309.018459][T15377] Memory cgroup stats for /syz0: [ 1309.018769][T15377] anon 252424192 [ 1309.018769][T15377] file 106496 [ 1309.018769][T15377] kernel_stack 5677056 [ 1309.018769][T15377] slab 11378688 [ 1309.018769][T15377] sock 0 [ 1309.018769][T15377] shmem 0 [ 1309.018769][T15377] file_mapped 0 [ 1309.018769][T15377] file_dirty 0 [ 1309.018769][T15377] file_writeback 0 [ 1309.018769][T15377] anon_thp 211812352 [ 1309.018769][T15377] inactive_anon 0 [ 1309.018769][T15377] active_anon 252424192 [ 1309.018769][T15377] inactive_file 0 [ 1309.018769][T15377] active_file 40960 [ 1309.018769][T15377] unevictable 0 [ 1309.018769][T15377] slab_reclaimable 1486848 [ 1309.018769][T15377] slab_unreclaimable 9891840 [ 1309.018769][T15377] pgfault 113817 [ 1309.018769][T15377] pgmajfault 0 [ 1309.018769][T15377] workingset_refault 231 [ 1309.018769][T15377] workingset_activate 132 [ 1309.018769][T15377] workingset_nodereclaim 0 [ 1309.018769][T15377] pgrefill 2644 [ 1309.018769][T15377] pgscan 2574 [ 1309.018769][T15377] pgsteal 501 04:20:00 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(0xffffffffffffffff, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1309.410525][T15377] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=13871,uid=0 [ 1309.482374][T15416] FS-Cache: Duplicate cookie detected [ 1309.487927][T15416] FS-Cache: O-cookie c=0000000029b3e08d [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1309.496868][T15416] FS-Cache: O-cookie d=00000000b2421e71 n=000000009b0f6f69 [ 1309.504095][T15416] FS-Cache: O-key=[10] '02000200000000100000' [ 1309.510229][T15416] FS-Cache: N-cookie c=00000000348d0d38 [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1309.518948][T15416] FS-Cache: N-cookie d=00000000b2421e71 n=0000000047bf4571 [ 1309.526219][T15416] FS-Cache: N-key=[10] '02000200000000100000' [ 1309.538757][T15377] Memory cgroup out of memory: Killed process 13871 (syz-executor.0) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 04:20:01 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, 0x0, 0x0) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1309.620715][T15419] __nla_validate_parse: 12 callbacks suppressed [ 1309.620804][T15419] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1309.702432][T15380] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1309.724806][T15380] CPU: 0 PID: 15380 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 1309.733572][T15380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1309.745025][T15380] Call Trace: [ 1309.748338][T15380] dump_stack+0x11d/0x181 [ 1309.752780][T15380] dump_header+0xaa/0x39c [ 1309.757138][T15380] oom_kill_process.cold+0x10/0x15 [ 1309.762260][T15380] out_of_memory+0x231/0xa60 [ 1309.766927][T15380] mem_cgroup_out_of_memory+0x128/0x150 [ 1309.772481][T15380] try_charge+0xb6c/0xbf0 [ 1309.776834][T15380] ? rcu_note_context_switch+0x6d0/0x760 [ 1309.782482][T15380] mem_cgroup_try_charge+0xd2/0x260 [ 1309.787688][T15380] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1309.793357][T15380] wp_page_copy+0x322/0x1040 [ 1309.797958][T15380] ? __this_cpu_preempt_check+0x45/0x140 [ 1309.803628][T15380] ? __read_once_size+0x41/0xe0 [ 1309.808487][T15380] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1309.814398][T15380] do_wp_page+0x192/0xeb0 [ 1309.818737][T15380] ? switch_mm_irqs_off+0x37/0x5f0 [ 1309.823989][T15380] __handle_mm_fault+0x1d16/0x2e00 [ 1309.829115][T15380] handle_mm_fault+0x21b/0x530 [ 1309.833965][T15380] __do_page_fault+0x456/0x8d0 [ 1309.838741][T15380] do_page_fault+0x38/0x194 [ 1309.843243][T15380] page_fault+0x34/0x40 [ 1309.847454][T15380] RIP: 0033:0x415fa3 [ 1309.851425][T15380] Code: e9 4c 89 e2 ff 74 24 48 4c 8b 4c 24 10 89 ee 4c 8b 44 24 18 48 89 df e8 cb f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 48 f7 d8 <64> 89 04 25 d4 ff ff ff 48 83 c8 ff c3 48 81 ec 98 00 00 00 31 ff [ 1309.871104][T15380] RSP: 002b:00007ffcacccff48 EFLAGS: 00010213 [ 1309.877476][T15380] RAX: 000000000000006e RBX: 00000000000003e8 RCX: 000000000045a919 [ 1309.885527][T15380] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bf2c [ 1309.893498][T15380] RBP: 000000000000002d R08: ffffffffffffffff R09: ffffffffffffffff [ 1309.901468][T15380] R10: 00007ffcaccd0020 R11: 0000000000000246 R12: 000000000075bf20 [ 1309.909449][T15380] R13: 000000000013f639 R14: 000000000013f666 R15: 000000000075bf2c [ 1309.927955][T15425] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1309.972409][T15425] FS-Cache: Duplicate cookie detected [ 1309.977925][T15425] FS-Cache: O-cookie c=0000000029b3e08d [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1309.986957][T15425] FS-Cache: O-cookie d=00000000b2421e71 n=000000009b0f6f69 [ 1309.987396][T15380] memory: usage 307200kB, limit 307200kB, failcnt 1352 [ 1309.994203][T15425] FS-Cache: O-key=[10] '02000200000000100000' [ 1310.008698][T15425] FS-Cache: N-cookie c=00000000348d0d38 [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1310.013276][T15380] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1310.017411][T15425] FS-Cache: N-cookie d=00000000b2421e71 n=000000006d5a5868 [ 1310.027240][T15380] Memory cgroup stats for /syz5: [ 1310.027425][T15380] anon 271470592 [ 1310.027425][T15380] file 0 [ 1310.027425][T15380] kernel_stack 3833856 [ 1310.027425][T15380] slab 7778304 [ 1310.027425][T15380] sock 0 [ 1310.027425][T15380] shmem 0 [ 1310.027425][T15380] file_mapped 0 [ 1310.027425][T15380] file_dirty 0 [ 1310.027425][T15380] file_writeback 0 [ 1310.027425][T15380] anon_thp 245366784 [ 1310.027425][T15380] inactive_anon 0 [ 1310.027425][T15380] active_anon 271470592 [ 1310.027425][T15380] inactive_file 0 [ 1310.027425][T15380] active_file 45056 [ 1310.027425][T15380] unevictable 0 [ 1310.027425][T15380] slab_reclaimable 1081344 [ 1310.027425][T15380] slab_unreclaimable 6696960 [ 1310.027425][T15380] pgfault 98769 [ 1310.027425][T15380] pgmajfault 0 [ 1310.027425][T15380] workingset_refault 132 [ 1310.027425][T15380] workingset_activate 66 [ 1310.027425][T15380] workingset_nodereclaim 0 [ 1310.027425][T15380] pgrefill 1281 [ 1310.027425][T15380] pgscan 1271 04:20:01 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1310.027425][T15380] pgsteal 403 [ 1310.027425][T15380] pgactivate 792 [ 1310.031652][T15425] FS-Cache: N-key=[10] '02000200000000100000' [ 1310.036736][T15380] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15237,uid=0 [ 1310.205575][T15380] Memory cgroup out of memory: Killed process 15237 (syz-executor.5) total-vm:72848kB, anon-rss:2220kB, file-rss:35836kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1310.254684][T15387] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1310.266310][T15387] CPU: 1 PID: 15387 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 1310.275067][T15387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1310.280513][T15531] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1310.285134][T15387] Call Trace: [ 1310.285158][T15387] dump_stack+0x11d/0x181 [ 1310.285182][T15387] dump_header+0xaa/0x39c [ 1310.285262][T15387] oom_kill_process.cold+0x10/0x15 [ 1310.285348][T15387] out_of_memory+0x231/0xa60 [ 1310.316225][T15387] mem_cgroup_out_of_memory+0x128/0x150 [ 1310.321797][T15387] try_charge+0x800/0xbf0 [ 1310.326153][T15387] ? rcu_note_context_switch+0x6d0/0x760 [ 1310.331806][T15387] mem_cgroup_try_charge+0xd2/0x260 [ 1310.337020][T15387] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1310.338257][T15531] FS-Cache: Duplicate cookie detected [ 1310.342662][T15387] wp_page_copy+0x322/0x1040 04:20:01 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:01 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, 0x0, 0x0) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1310.342687][T15387] ? __read_once_size+0x41/0xe0 [ 1310.342708][T15387] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1310.342806][T15387] do_wp_page+0x192/0xeb0 [ 1310.342836][T15387] ? record_times+0x16/0x90 [ 1310.348227][T15531] FS-Cache: O-cookie c=0000000029b3e08d [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1310.352806][T15387] __handle_mm_fault+0x1d16/0x2e00 [ 1310.352882][T15387] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1310.352946][T15387] handle_mm_fault+0x21b/0x530 [ 1310.357862][T15531] FS-Cache: O-cookie d=00000000b2421e71 n=000000009b0f6f69 [ 1310.363724][T15387] __do_page_fault+0x456/0x8d0 [ 1310.363747][T15387] do_page_fault+0x38/0x194 [ 1310.363766][T15387] page_fault+0x34/0x40 [ 1310.363777][T15387] RIP: 0033:0x404324 [ 1310.363877][T15387] Code: 48 8b 55 40 48 8b 75 38 48 8b 7d 30 ff 75 70 ff 75 68 ff 75 60 4c 8b 4d 58 4c 8b 45 50 ff d0 48 83 c4 20 48 89 c3 48 83 fb ff <48> 89 5d 78 41 8b 04 24 0f 85 d6 00 00 00 85 c0 0f 85 ce 00 00 00 [ 1310.368178][T15531] FS-Cache: O-key=[10] '02000200000000100000' [ 1310.372674][T15387] RSP: 002b:00007f78299edc90 EFLAGS: 00010213 [ 1310.372686][T15387] RAX: 0000000000000000 RBX: 0000000000003b25 RCX: 000000000045a919 [ 1310.372695][T15387] RDX: 00000000004042dc RSI: 0000000000000000 RDI: 0000000000000000 [ 1310.372705][T15387] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1310.372714][T15387] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f78299ee6d4 [ 1310.372782][T15387] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1310.497837][T15531] FS-Cache: N-cookie c=00000000348d0d38 [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1310.506653][T15531] FS-Cache: N-cookie d=00000000b2421e71 n=00000000013fc99f [ 1310.513997][T15531] FS-Cache: N-key=[10] '02000200000000100000' [ 1310.520398][T15387] memory: usage 304964kB, limit 307200kB, failcnt 1352 [ 1310.527258][T15387] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1310.552216][T15387] Memory cgroup stats for /syz5: [ 1310.552393][T15387] anon 269279232 [ 1310.552393][T15387] file 0 [ 1310.552393][T15387] kernel_stack 3833856 [ 1310.552393][T15387] slab 7778304 [ 1310.552393][T15387] sock 0 [ 1310.552393][T15387] shmem 0 [ 1310.552393][T15387] file_mapped 0 [ 1310.552393][T15387] file_dirty 0 [ 1310.552393][T15387] file_writeback 0 [ 1310.552393][T15387] anon_thp 243269632 [ 1310.552393][T15387] inactive_anon 0 [ 1310.552393][T15387] active_anon 269279232 [ 1310.552393][T15387] inactive_file 0 [ 1310.552393][T15387] active_file 45056 [ 1310.552393][T15387] unevictable 0 [ 1310.552393][T15387] slab_reclaimable 1081344 [ 1310.552393][T15387] slab_unreclaimable 6696960 [ 1310.552393][T15387] pgfault 98802 [ 1310.552393][T15387] pgmajfault 0 [ 1310.552393][T15387] workingset_refault 132 [ 1310.552393][T15387] workingset_activate 66 [ 1310.552393][T15387] workingset_nodereclaim 0 [ 1310.552393][T15387] pgrefill 1281 [ 1310.552393][T15387] pgscan 1271 [ 1310.552393][T15387] pgsteal 403 [ 1310.552393][T15387] pgactivate 792 [ 1310.682507][T15387] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10433,uid=0 [ 1310.695003][T15534] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1310.712556][T15387] Memory cgroup out of memory: Killed process 10433 (syz-executor.5) total-vm:72584kB, anon-rss:2204kB, file-rss:35852kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1310.747628][T15534] FS-Cache: Duplicate cookie detected [ 1310.753273][T15534] FS-Cache: O-cookie c=0000000029b3e08d [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1310.762273][T15534] FS-Cache: O-cookie d=00000000b2421e71 n=000000009b0f6f69 [ 1310.769567][T15534] FS-Cache: O-key=[10] '02000200000000100000' [ 1310.776073][T15534] FS-Cache: N-cookie c=00000000ef94f4fc [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1310.784830][T15534] FS-Cache: N-cookie d=00000000b2421e71 n=0000000047bf4571 [ 1310.792209][T15534] FS-Cache: N-key=[10] '02000200000000100000' [ 1310.822088][T15394] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1310.834785][T15394] CPU: 0 PID: 15394 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 1310.843525][T15394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1310.848402][T15538] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1310.853786][T15394] Call Trace: [ 1310.853821][T15394] dump_stack+0x11d/0x181 [ 1310.853846][T15394] dump_header+0xaa/0x39c [ 1310.853956][T15394] oom_kill_process.cold+0x10/0x15 [ 1310.881771][T15394] out_of_memory+0x231/0xa60 [ 1310.886402][T15394] mem_cgroup_out_of_memory+0x128/0x150 [ 1310.891987][T15394] try_charge+0x800/0xbf0 [ 1310.896332][T15394] ? __rcu_read_unlock+0x66/0x3d0 [ 1310.901366][T15394] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1310.906907][T15394] __memcg_kmem_charge+0xcf/0x1b0 [ 1310.912061][T15394] __alloc_pages_nodemask+0x26c/0x310 [ 1310.913965][T15538] FS-Cache: Duplicate cookie detected [ 1310.917444][T15394] alloc_pages_current+0xd1/0x170 [ 1310.917469][T15394] pte_alloc_one+0x18/0x50 [ 1310.917485][T15394] __handle_mm_fault+0x2be6/0x2e00 [ 1310.917518][T15394] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1310.923057][T15538] FS-Cache: O-cookie c=0000000029b3e08d [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1310.928070][T15394] handle_mm_fault+0x21b/0x530 [ 1310.928098][T15394] __do_page_fault+0x456/0x8d0 [ 1310.933026][T15538] FS-Cache: O-cookie d=00000000b2421e71 n=000000009b0f6f69 [ 1310.938421][T15394] do_page_fault+0x38/0x194 [ 1310.938440][T15394] page_fault+0x34/0x40 [ 1310.938499][T15394] RIP: 0033:0x45a919 [ 1310.945675][T15538] FS-Cache: O-key=[10] '02000200000000100000' [ 1310.955812][T15394] Code: Bad RIP value. [ 1310.955822][T15394] RSP: 002b:00007f78299edc78 EFLAGS: 00010246 [ 1310.955836][T15394] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 000000000045a919 [ 1310.955848][T15394] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1310.955857][T15394] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1310.955914][T15394] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f78299ee6d4 [ 1310.961103][T15538] FS-Cache: N-cookie c=00000000d45d149e [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1310.961177][T15538] FS-Cache: N-cookie d=00000000b2421e71 n=000000009ed34cd0 [ 1310.967705][T15394] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff 04:20:02 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1311.068267][T15538] FS-Cache: N-key=[10] '02000200000000100000' 04:20:02 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1311.203794][T15394] memory: usage 303328kB, limit 307200kB, failcnt 1353 [ 1311.219317][T15394] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1311.261910][T15394] Memory cgroup stats for /syz5: [ 1311.262127][T15394] anon 267329536 [ 1311.262127][T15394] file 0 [ 1311.262127][T15394] kernel_stack 3833856 [ 1311.262127][T15394] slab 7778304 [ 1311.262127][T15394] sock 0 [ 1311.262127][T15394] shmem 0 [ 1311.262127][T15394] file_mapped 0 [ 1311.262127][T15394] file_dirty 0 [ 1311.262127][T15394] file_writeback 0 [ 1311.262127][T15394] anon_thp 241172480 [ 1311.262127][T15394] inactive_anon 0 [ 1311.262127][T15394] active_anon 267329536 [ 1311.262127][T15394] inactive_file 0 [ 1311.262127][T15394] active_file 45056 [ 1311.262127][T15394] unevictable 0 [ 1311.262127][T15394] slab_reclaimable 1081344 [ 1311.262127][T15394] slab_unreclaimable 6696960 [ 1311.262127][T15394] pgfault 98934 [ 1311.262127][T15394] pgmajfault 0 [ 1311.262127][T15394] workingset_refault 132 [ 1311.262127][T15394] workingset_activate 66 [ 1311.262127][T15394] workingset_nodereclaim 0 [ 1311.262127][T15394] pgrefill 1281 [ 1311.262127][T15394] pgscan 1271 [ 1311.262127][T15394] pgsteal 403 [ 1311.262127][T15394] pgactivate 792 [ 1311.371895][T15394] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10394,uid=0 [ 1311.381704][T15646] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1311.388172][T15394] Memory cgroup out of memory: Killed process 10394 (syz-executor.5) total-vm:72584kB, anon-rss:2204kB, file-rss:35852kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1311.445933][T10228] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1311.455020][T15646] FS-Cache: Duplicate cookie detected [ 1311.459160][T10228] CPU: 0 PID: 10228 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1311.464280][T15646] FS-Cache: O-cookie c=0000000029b3e08d [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1311.472983][T10228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1311.472988][T10228] Call Trace: [ 1311.473013][T10228] dump_stack+0x11d/0x181 [ 1311.473038][T10228] dump_header+0xaa/0x39c [ 1311.473065][T10228] oom_kill_process.cold+0x10/0x15 [ 1311.473089][T10228] out_of_memory+0x231/0xa60 [ 1311.473119][T10228] mem_cgroup_out_of_memory+0x128/0x150 [ 1311.473163][T10228] try_charge+0xb6c/0xbf0 [ 1311.482073][T15646] FS-Cache: O-cookie d=00000000b2421e71 n=000000009b0f6f69 [ 1311.492117][T10228] ? __rcu_read_unlock+0x66/0x3d0 [ 1311.492174][T10228] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1311.495520][T15646] FS-Cache: O-key=[10] '02000200000000100000' [ 1311.500105][T10228] __memcg_kmem_charge+0xcf/0x1b0 [ 1311.500142][T10228] __alloc_pages_nodemask+0x26c/0x310 [ 1311.500214][T10228] alloc_pages_current+0xd1/0x170 [ 1311.500291][T10228] pte_alloc_one+0x18/0x50 [ 1311.509088][T15646] FS-Cache: N-cookie c=00000000d45d149e [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1311.514045][T10228] __pte_alloc+0x2d/0x220 [ 1311.514063][T10228] copy_page_range+0x135a/0x19b0 [ 1311.514084][T10228] ? __read_once_size.constprop.0+0x12/0x20 [ 1311.514121][T10228] ? __vma_link_rb+0x3f4/0x440 [ 1311.518960][T15646] FS-Cache: N-cookie d=00000000b2421e71 n=000000009ed34cd0 [ 1311.524329][T10228] dup_mm+0x74a/0xba0 [ 1311.524361][T10228] copy_process+0x3138/0x3c40 [ 1311.528769][T15646] FS-Cache: N-key=[10] '02000200000000100000' [ 1311.536134][T10228] ? do_wp_page+0x19f/0xeb0 [ 1311.536182][T10228] _do_fork+0xfe/0x7a0 [ 1311.633566][T10228] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1311.639468][T10228] ? __read_once_size+0x5a/0xe0 [ 1311.644348][T10228] __x64_sys_clone+0x130/0x170 [ 1311.649135][T10228] do_syscall_64+0xcc/0x3a0 [ 1311.653652][T10228] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1311.659533][T10228] RIP: 0033:0x458eea [ 1311.663435][T10228] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1311.683417][T10228] RSP: 002b:00007ffdab4b5a10 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1311.691860][T10228] RAX: ffffffffffffffda RBX: 00007ffdab4b5a10 RCX: 0000000000458eea [ 1311.699844][T10228] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1311.707829][T10228] RBP: 00007ffdab4b5a50 R08: 0000000000000001 R09: 0000000002634940 [ 1311.715786][T10228] R10: 0000000002634c10 R11: 0000000000000246 R12: 0000000000000001 [ 1311.724626][T10228] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdab4b5aa0 [ 1311.741110][T10228] memory: usage 307200kB, limit 307200kB, failcnt 3558 [ 1311.747987][T10228] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1311.761991][T10228] Memory cgroup stats for /syz1: [ 1311.762223][T10228] anon 268599296 [ 1311.762223][T10228] file 45056 [ 1311.762223][T10228] kernel_stack 4202496 [ 1311.762223][T10228] slab 8634368 [ 1311.762223][T10228] sock 0 [ 1311.762223][T10228] shmem 0 [ 1311.762223][T10228] file_mapped 0 [ 1311.762223][T10228] file_dirty 0 [ 1311.762223][T10228] file_writeback 0 [ 1311.762223][T10228] anon_thp 239075328 [ 1311.762223][T10228] inactive_anon 0 [ 1311.762223][T10228] active_anon 268599296 [ 1311.762223][T10228] inactive_file 0 [ 1311.762223][T10228] active_file 0 [ 1311.762223][T10228] unevictable 0 [ 1311.762223][T10228] slab_reclaimable 1216512 [ 1311.762223][T10228] slab_unreclaimable 7417856 [ 1311.762223][T10228] pgfault 114609 [ 1311.762223][T10228] pgmajfault 0 [ 1311.762223][T10228] workingset_refault 165 [ 1311.762223][T10228] workingset_activate 99 [ 1311.762223][T10228] workingset_nodereclaim 0 [ 1311.762223][T10228] pgrefill 1704 [ 1311.762223][T10228] pgscan 1645 [ 1311.762223][T10228] pgsteal 364 [ 1311.762223][T10228] pgactivate 1221 [ 1311.861566][T10228] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15383,uid=0 [ 1311.877762][T10228] Memory cgroup out of memory: Killed process 15383 (syz-executor.1) total-vm:72584kB, anon-rss:2204kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1311.918265][T15416] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1311.928548][T15416] CPU: 0 PID: 15416 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1311.937222][T15416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1311.947275][T15416] Call Trace: [ 1311.950580][T15416] dump_stack+0x11d/0x181 [ 1311.954922][T15416] dump_header+0xaa/0x39c [ 1311.959350][T15416] oom_kill_process.cold+0x10/0x15 [ 1311.964584][T15416] out_of_memory+0x231/0xa60 [ 1311.969282][T15416] mem_cgroup_out_of_memory+0x128/0x150 [ 1311.974965][T15416] try_charge+0xb6c/0xbf0 [ 1311.979394][T15416] ? rcu_note_context_switch+0x6d0/0x760 [ 1311.984797][T15753] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1311.985662][T15416] mem_cgroup_try_charge+0xd2/0x260 [ 1311.985766][T15416] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1312.006049][T15416] wp_page_copy+0x322/0x1040 [ 1312.010737][T15416] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1312.017122][T15416] ? __read_once_size+0x41/0xe0 [ 1312.021964][T15416] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1312.027844][T15416] do_wp_page+0x192/0xeb0 [ 1312.032513][T15416] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1312.039210][T15416] __handle_mm_fault+0x1d16/0x2e00 [ 1312.044444][T15416] handle_mm_fault+0x21b/0x530 [ 1312.049512][T15416] __do_page_fault+0x456/0x8d0 [ 1312.054443][T15416] do_page_fault+0x38/0x194 [ 1312.058938][T15416] page_fault+0x34/0x40 [ 1312.063777][T15416] RIP: 0033:0x415fa3 [ 1312.067699][T15416] Code: e9 4c 89 e2 ff 74 24 48 4c 8b 4c 24 10 89 ee 4c 8b 44 24 18 48 89 df e8 cb f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 48 f7 d8 <64> 89 04 25 d4 ff ff ff 48 83 c8 ff c3 48 81 ec 98 00 00 00 31 ff [ 1312.087334][T15416] RSP: 002b:00007fa5a3175c78 EFLAGS: 00010217 [ 1312.093610][T15416] RAX: 0000000000000065 RBX: 0000000000000005 RCX: 000000000045a919 [ 1312.101947][T15416] RDX: 00000000200002c0 RSI: 0000000020000500 RDI: 0000000000000000 [ 1312.110603][T15416] RBP: 000000000075bf20 R08: 0000000020000000 R09: 0000000000000000 [ 1312.118689][T15416] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa5a31766d4 [ 1312.126705][T15416] R13: 00000000004c7d30 R14: 00000000004dec28 R15: 00000000ffffffff [ 1312.135097][T15416] memory: usage 307200kB, limit 307200kB, failcnt 3892 [ 1312.142395][T15416] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1312.149328][T15416] Memory cgroup stats for /syz2: [ 1312.149460][T15416] anon 233967616 [ 1312.149460][T15416] file 102400 [ 1312.149460][T15416] kernel_stack 7409664 [ 1312.149460][T15416] slab 14163968 [ 1312.149460][T15416] sock 0 [ 1312.149460][T15416] shmem 0 [ 1312.149460][T15416] file_mapped 0 [ 1312.149460][T15416] file_dirty 0 [ 1312.149460][T15416] file_writeback 0 [ 1312.149460][T15416] anon_thp 184549376 [ 1312.149460][T15416] inactive_anon 0 [ 1312.149460][T15416] active_anon 234020864 [ 1312.149460][T15416] inactive_file 8192 [ 1312.149460][T15416] active_file 0 [ 1312.149460][T15416] unevictable 0 [ 1312.149460][T15416] slab_reclaimable 1757184 [ 1312.149460][T15416] slab_unreclaimable 12406784 [ 1312.149460][T15416] pgfault 113883 [ 1312.149460][T15416] pgmajfault 0 [ 1312.149460][T15416] workingset_refault 231 [ 1312.149460][T15416] workingset_activate 132 [ 1312.149460][T15416] workingset_nodereclaim 0 [ 1312.149460][T15416] pgrefill 2481 [ 1312.149460][T15416] pgscan 14683 [ 1312.149460][T15416] pgsteal 12791 [ 1312.244216][T15416] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=20197,uid=0 [ 1312.261170][T15416] Memory cgroup out of memory: Killed process 20197 (syz-executor.2) total-vm:72716kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1312.280729][ T546] oom_reaper: reaped process 20197 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1312.281826][T15414] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1312.302658][T15414] CPU: 0 PID: 15414 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1312.311335][T15414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1312.321392][T15414] Call Trace: [ 1312.324684][T15414] dump_stack+0x11d/0x181 [ 1312.329022][T15414] dump_header+0xaa/0x39c [ 1312.333360][T15414] oom_kill_process.cold+0x10/0x15 [ 1312.338472][T15414] out_of_memory+0x231/0xa60 [ 1312.343071][T15414] mem_cgroup_out_of_memory+0x128/0x150 [ 1312.348622][T15414] try_charge+0x800/0xbf0 [ 1312.352953][T15414] ? rcu_note_context_switch+0x6d0/0x760 [ 1312.358652][T15414] mem_cgroup_try_charge+0xd2/0x260 [ 1312.363858][T15414] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1312.369500][T15414] wp_page_copy+0x322/0x1040 [ 1312.374107][T15414] ? get_futex_key+0x55e/0xa10 [ 1312.378873][T15414] ? __read_once_size+0x41/0xe0 [ 1312.383934][T15414] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1312.389846][T15414] do_wp_page+0x192/0xeb0 [ 1312.394184][T15414] __handle_mm_fault+0x1d16/0x2e00 [ 1312.399311][T15414] ? _raw_spin_unlock_irqrestore+0x70/0x80 [ 1312.405133][T15414] handle_mm_fault+0x21b/0x530 [ 1312.409949][T15414] __do_page_fault+0x456/0x8d0 [ 1312.414737][T15414] do_page_fault+0x38/0x194 [ 1312.419239][T15414] page_fault+0x34/0x40 [ 1312.423385][T15414] RIP: 0033:0x415fa3 [ 1312.427304][T15414] Code: e9 4c 89 e2 ff 74 24 48 4c 8b 4c 24 10 89 ee 4c 8b 44 24 18 48 89 df e8 cb f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 48 f7 d8 <64> 89 04 25 d4 ff ff ff 48 83 c8 ff c3 48 81 ec 98 00 00 00 31 ff [ 1312.446932][T15414] RSP: 002b:00007fff75c8a408 EFLAGS: 00010213 [ 1312.453021][T15414] RAX: 000000000000006e RBX: 00000000000003e8 RCX: 000000000045a919 [ 1312.460980][T15414] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bfd4 [ 1312.468987][T15414] RBP: 000000000000002d R08: ffffffffffffffff R09: ffffffffffffffff [ 1312.477006][T15414] R10: 00007fff75c8a4e0 R11: 0000000000000246 R12: 000000000075bfc8 [ 1312.484996][T15414] R13: 000000000013fbb4 R14: 000000000013fbe1 R15: 000000000075bfd4 [ 1312.500065][T15414] memory: usage 304984kB, limit 307200kB, failcnt 3892 [ 1312.507208][T15414] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1312.517533][T15414] Memory cgroup stats for /syz2: [ 1312.517739][T15414] anon 231899136 [ 1312.517739][T15414] file 102400 [ 1312.517739][T15414] kernel_stack 7409664 [ 1312.517739][T15414] slab 14163968 [ 1312.517739][T15414] sock 0 [ 1312.517739][T15414] shmem 0 [ 1312.517739][T15414] file_mapped 0 [ 1312.517739][T15414] file_dirty 0 [ 1312.517739][T15414] file_writeback 0 [ 1312.517739][T15414] anon_thp 182452224 [ 1312.517739][T15414] inactive_anon 0 [ 1312.517739][T15414] active_anon 231899136 [ 1312.517739][T15414] inactive_file 8192 [ 1312.517739][T15414] active_file 0 [ 1312.517739][T15414] unevictable 0 [ 1312.517739][T15414] slab_reclaimable 1757184 [ 1312.517739][T15414] slab_unreclaimable 12406784 [ 1312.517739][T15414] pgfault 113883 [ 1312.517739][T15414] pgmajfault 0 [ 1312.517739][T15414] workingset_refault 231 [ 1312.517739][T15414] workingset_activate 132 [ 1312.517739][T15414] workingset_nodereclaim 0 [ 1312.517739][T15414] pgrefill 2481 [ 1312.517739][T15414] pgscan 14683 [ 1312.517739][T15414] pgsteal 12791 [ 1312.612909][T15414] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=19966,uid=0 [ 1312.628741][T15414] Memory cgroup out of memory: Killed process 19966 (syz-executor.2) total-vm:72716kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1312.649451][T15532] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1312.669080][T15532] CPU: 1 PID: 15532 Comm: syz-executor.0 Not tainted 5.5.0-rc1-syzkaller #0 [ 1312.677761][T15532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1312.687804][T15532] Call Trace: [ 1312.691100][T15532] dump_stack+0x11d/0x181 [ 1312.695439][T15532] dump_header+0xaa/0x39c [ 1312.699822][T15532] oom_kill_process.cold+0x10/0x15 [ 1312.704957][T15532] out_of_memory+0x231/0xa60 [ 1312.709606][T15532] mem_cgroup_out_of_memory+0x128/0x150 [ 1312.715213][T15532] try_charge+0xb6c/0xbf0 [ 1312.719923][T15532] ? __rcu_read_unlock+0x66/0x3d0 [ 1312.724929][T15532] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1312.730381][T15532] __memcg_kmem_charge+0xcf/0x1b0 [ 1312.735437][T15532] __alloc_pages_nodemask+0x26c/0x310 [ 1312.740836][T15532] alloc_pages_current+0xd1/0x170 [ 1312.745871][T15532] __get_free_pages+0xc/0x40 [ 1312.750495][T15532] pgd_alloc+0x34/0x220 [ 1312.754642][T15532] mm_init+0x377/0x560 [ 1312.758695][T15532] dup_mm+0x98/0xba0 [ 1312.762640][T15532] ? memcg_kmem_put_cache+0x7c/0xc0 [ 1312.767829][T15532] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1312.774064][T15532] ? __hrtimer_init+0x12f/0x1a0 [ 1312.778932][T15532] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1312.784942][T15532] copy_process+0x3138/0x3c40 [ 1312.789620][T15532] _do_fork+0xfe/0x7a0 [ 1312.793675][T15532] ? cgroup_file_notify+0xff/0x130 [ 1312.798772][T15532] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1312.804646][T15532] ? __read_once_size+0x5a/0xe0 [ 1312.809482][T15532] __x64_sys_clone+0x130/0x170 [ 1312.814273][T15532] do_syscall_64+0xcc/0x3a0 [ 1312.818765][T15532] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1312.824643][T15532] RIP: 0033:0x45a919 [ 1312.828564][T15532] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1312.848165][T15532] RSP: 002b:00007fcace71fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1312.856600][T15532] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1312.864611][T15532] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1312.872747][T15532] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1312.880701][T15532] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcace7206d4 [ 1312.888737][T15532] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1312.901827][T15532] memory: usage 307200kB, limit 307200kB, failcnt 4467 [ 1312.909978][T15532] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1312.921160][T15532] Memory cgroup stats for /syz0: [ 1312.921324][T15532] anon 252534784 [ 1312.921324][T15532] file 106496 [ 1312.921324][T15532] kernel_stack 5677056 [ 1312.921324][T15532] slab 11378688 [ 1312.921324][T15532] sock 0 [ 1312.921324][T15532] shmem 0 [ 1312.921324][T15532] file_mapped 0 [ 1312.921324][T15532] file_dirty 0 [ 1312.921324][T15532] file_writeback 0 [ 1312.921324][T15532] anon_thp 211812352 [ 1312.921324][T15532] inactive_anon 0 [ 1312.921324][T15532] active_anon 252448768 [ 1312.921324][T15532] inactive_file 0 [ 1312.921324][T15532] active_file 40960 [ 1312.921324][T15532] unevictable 0 [ 1312.921324][T15532] slab_reclaimable 1486848 [ 1312.921324][T15532] slab_unreclaimable 9891840 [ 1312.921324][T15532] pgfault 114015 [ 1312.921324][T15532] pgmajfault 0 [ 1312.921324][T15532] workingset_refault 231 [ 1312.921324][T15532] workingset_activate 132 [ 1312.921324][T15532] workingset_nodereclaim 0 [ 1312.921324][T15532] pgrefill 2710 [ 1312.921324][T15532] pgscan 2607 [ 1312.921324][T15532] pgsteal 501 [ 1313.014924][T15532] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15532,uid=0 [ 1313.031221][T15532] Memory cgroup out of memory: Killed process 15532 (syz-executor.0) total-vm:72584kB, anon-rss:2204kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1313.052249][ T546] oom_reaper: reaped process 15532 (syz-executor.0), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB [ 1313.053709][ T7925] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1313.075752][ T7925] CPU: 1 PID: 7925 Comm: syz-executor.0 Not tainted 5.5.0-rc1-syzkaller #0 [ 1313.084342][ T7925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1313.094388][ T7925] Call Trace: [ 1313.097745][ T7925] dump_stack+0x11d/0x181 [ 1313.102071][ T7925] dump_header+0xaa/0x39c [ 1313.106388][ T7925] oom_kill_process.cold+0x10/0x15 [ 1313.111594][ T7925] out_of_memory+0x231/0xa60 [ 1313.116238][ T7925] mem_cgroup_out_of_memory+0x128/0x150 [ 1313.121811][ T7925] try_charge+0x800/0xbf0 [ 1313.126154][ T7925] ? __rcu_read_unlock+0x66/0x3d0 [ 1313.131199][ T7925] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1313.136650][ T7925] __memcg_kmem_charge+0xcf/0x1b0 [ 1313.141663][ T7925] __alloc_pages_nodemask+0x26c/0x310 [ 1313.147020][ T7925] alloc_pages_current+0xd1/0x170 [ 1313.152102][ T7925] pte_alloc_one+0x18/0x50 [ 1313.156505][ T7925] __pte_alloc+0x2d/0x220 [ 1313.160861][ T7925] copy_page_range+0x135a/0x19b0 [ 1313.165883][ T7925] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1313.172275][ T7925] ? __vma_link_rb+0x3f4/0x440 [ 1313.177031][ T7925] dup_mm+0x74a/0xba0 [ 1313.181009][ T7925] copy_process+0x3138/0x3c40 [ 1313.185755][ T7925] ? do_wp_page+0x19f/0xeb0 [ 1313.190279][ T7925] _do_fork+0xfe/0x7a0 [ 1313.194418][ T7925] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1313.200322][ T7925] ? __read_once_size+0x5a/0xe0 [ 1313.205163][ T7925] __x64_sys_clone+0x130/0x170 [ 1313.211264][ T7925] do_syscall_64+0xcc/0x3a0 [ 1313.215771][ T7925] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1313.221650][ T7925] RIP: 0033:0x458eea [ 1313.225609][ T7925] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1313.245200][ T7925] RSP: 002b:00007ffec4661c60 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1313.253598][ T7925] RAX: ffffffffffffffda RBX: 00007ffec4661c60 RCX: 0000000000458eea [ 1313.261556][ T7925] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1313.269531][ T7925] RBP: 00007ffec4661ca0 R08: 0000000000000001 R09: 00000000016b2940 [ 1313.277496][ T7925] R10: 00000000016b2c10 R11: 0000000000000246 R12: 0000000000000001 [ 1313.285521][ T7925] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffec4661cf0 [ 1313.296479][ T7925] memory: usage 304872kB, limit 307200kB, failcnt 4468 [ 1313.303398][ T7925] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1313.310433][ T7925] Memory cgroup stats for /syz0: [ 1313.310683][ T7925] anon 250265600 [ 1313.310683][ T7925] file 106496 [ 1313.310683][ T7925] kernel_stack 5677056 [ 1313.310683][ T7925] slab 11378688 [ 1313.310683][ T7925] sock 0 [ 1313.310683][ T7925] shmem 0 [ 1313.310683][ T7925] file_mapped 0 [ 1313.310683][ T7925] file_dirty 0 [ 1313.310683][ T7925] file_writeback 0 [ 1313.310683][ T7925] anon_thp 209715200 [ 1313.310683][ T7925] inactive_anon 0 [ 1313.310683][ T7925] active_anon 250314752 [ 1313.310683][ T7925] inactive_file 0 [ 1313.310683][ T7925] active_file 40960 [ 1313.310683][ T7925] unevictable 0 [ 1313.310683][ T7925] slab_reclaimable 1486848 [ 1313.310683][ T7925] slab_unreclaimable 9891840 [ 1313.310683][ T7925] pgfault 114015 [ 1313.310683][ T7925] pgmajfault 0 [ 1313.310683][ T7925] workingset_refault 231 [ 1313.310683][ T7925] workingset_activate 132 [ 1313.310683][ T7925] workingset_nodereclaim 0 [ 1313.310683][ T7925] pgrefill 2710 [ 1313.310683][ T7925] pgscan 2607 [ 1313.310683][ T7925] pgsteal 501 [ 1313.405460][ T7925] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15377,uid=0 [ 1313.421014][ T7925] Memory cgroup out of memory: Killed process 15377 (syz-executor.0) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1313.440565][ T546] oom_reaper: reaped process 15377 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1313.452701][T15753] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1313.468910][T15753] CPU: 1 PID: 15753 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1313.477708][T15753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1313.487775][T15753] Call Trace: [ 1313.491223][T15753] dump_stack+0x11d/0x181 [ 1313.494640][T15756] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1313.495612][T15753] dump_header+0xaa/0x39c [ 1313.495643][T15753] oom_kill_process.cold+0x10/0x15 [ 1313.515717][T15753] out_of_memory+0x231/0xa60 [ 1313.520325][T15753] mem_cgroup_out_of_memory+0x128/0x150 [ 1313.525899][T15753] try_charge+0xb6c/0xbf0 [ 1313.530284][T15753] ? setup_fault_attr+0x50/0x120 [ 1313.535280][T15753] ? __rcu_read_unlock+0x66/0x3d0 [ 1313.540295][T15753] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1313.545826][T15753] __memcg_kmem_charge+0xcf/0x1b0 [ 1313.550834][T15753] copy_process+0x11d2/0x3c40 [ 1313.555563][T15753] _do_fork+0xfe/0x7a0 [ 1313.559626][T15753] ? __const_udelay+0x36/0x40 [ 1313.564288][T15753] ? __udelay+0x10/0x20 [ 1313.568513][T15753] __x64_sys_clone+0x130/0x170 [ 1313.573357][T15753] do_syscall_64+0xcc/0x3a0 [ 1313.577932][T15753] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1313.583829][T15753] RIP: 0033:0x45a919 [ 1313.587710][T15753] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1313.607314][T15753] RSP: 002b:00007fd40137cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1313.615735][T15753] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1313.623705][T15753] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000103 [ 1313.631658][T15753] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1313.639708][T15753] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd40137d6d4 [ 1313.647898][T15753] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1313.658109][T15753] memory: usage 307196kB, limit 307200kB, failcnt 3595 [ 1313.665034][T15753] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1313.672459][T15753] Memory cgroup stats for /syz1: [ 1313.672662][T15753] anon 268599296 [ 1313.672662][T15753] file 45056 [ 1313.672662][T15753] kernel_stack 4202496 [ 1313.672662][T15753] slab 8634368 [ 1313.672662][T15753] sock 0 [ 1313.672662][T15753] shmem 0 [ 1313.672662][T15753] file_mapped 0 [ 1313.672662][T15753] file_dirty 0 [ 1313.672662][T15753] file_writeback 0 [ 1313.672662][T15753] anon_thp 239075328 [ 1313.672662][T15753] inactive_anon 0 [ 1313.672662][T15753] active_anon 268599296 [ 1313.672662][T15753] inactive_file 0 [ 1313.672662][T15753] active_file 0 [ 1313.672662][T15753] unevictable 0 [ 1313.672662][T15753] slab_reclaimable 1216512 [ 1313.672662][T15753] slab_unreclaimable 7417856 [ 1313.672662][T15753] pgfault 114675 [ 1313.672662][T15753] pgmajfault 0 [ 1313.672662][T15753] workingset_refault 165 [ 1313.672662][T15753] workingset_activate 99 [ 1313.672662][T15753] workingset_nodereclaim 0 [ 1313.672662][T15753] pgrefill 1704 [ 1313.672662][T15753] pgscan 1645 [ 1313.672662][T15753] pgsteal 364 [ 1313.672662][T15753] pgactivate 1221 [ 1313.770411][T15753] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=20816,uid=0 [ 1313.785883][T15753] Memory cgroup out of memory: Killed process 20816 (syz-executor.1) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1313.806161][T15752] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1313.816641][T15752] CPU: 1 PID: 15752 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1313.825404][T15752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1313.835463][T15752] Call Trace: [ 1313.838748][T15752] dump_stack+0x11d/0x181 [ 1313.843072][T15752] dump_header+0xaa/0x39c [ 1313.847401][T15752] oom_kill_process.cold+0x10/0x15 [ 1313.852707][T15752] out_of_memory+0x231/0xa60 [ 1313.857295][T15752] mem_cgroup_out_of_memory+0x128/0x150 [ 1313.862907][T15752] try_charge+0x800/0xbf0 [ 1313.867265][T15752] ? rcu_note_context_switch+0x6d0/0x760 [ 1313.872904][T15752] mem_cgroup_try_charge+0xd2/0x260 [ 1313.878144][T15752] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1313.883774][T15752] __handle_mm_fault+0x197f/0x2e00 [ 1313.888941][T15752] handle_mm_fault+0x21b/0x530 [ 1313.893789][T15752] __do_page_fault+0x456/0x8d0 [ 1313.898570][T15752] do_page_fault+0x38/0x194 [ 1313.903072][T15752] page_fault+0x34/0x40 [ 1313.907246][T15752] RIP: 0033:0x41210f [ 1313.911227][T15752] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 1313.930982][T15752] RSP: 002b:00007ffdab4b57c0 EFLAGS: 00010206 [ 1313.937043][T15752] RAX: 00007fd40133c000 RBX: 0000000000020000 RCX: 000000000045a96a [ 1313.945003][T15752] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1313.953020][T15752] RBP: 00007ffdab4b58a0 R08: ffffffffffffffff R09: 0000000000000000 [ 1313.961041][T15752] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdab4b5990 [ 1313.968999][T15752] R13: 00007fd40135c700 R14: 0000000000000001 R15: 000000000075bfd4 [ 1313.978171][T15752] memory: usage 305004kB, limit 307200kB, failcnt 3595 [ 1313.985120][T15752] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1313.991983][T15752] Memory cgroup stats for /syz1: [ 1313.992193][T15752] anon 266416128 [ 1313.992193][T15752] file 45056 [ 1313.992193][T15752] kernel_stack 4165632 [ 1313.992193][T15752] slab 8634368 [ 1313.992193][T15752] sock 0 [ 1313.992193][T15752] shmem 0 [ 1313.992193][T15752] file_mapped 0 [ 1313.992193][T15752] file_dirty 0 [ 1313.992193][T15752] file_writeback 0 [ 1313.992193][T15752] anon_thp 236978176 [ 1313.992193][T15752] inactive_anon 0 [ 1313.992193][T15752] active_anon 266416128 [ 1313.992193][T15752] inactive_file 0 [ 1313.992193][T15752] active_file 0 [ 1313.992193][T15752] unevictable 0 [ 1313.992193][T15752] slab_reclaimable 1216512 [ 1313.992193][T15752] slab_unreclaimable 7417856 [ 1313.992193][T15752] pgfault 114675 [ 1313.992193][T15752] pgmajfault 0 [ 1313.992193][T15752] workingset_refault 165 [ 1313.992193][T15752] workingset_activate 99 [ 1313.992193][T15752] workingset_nodereclaim 0 [ 1313.992193][T15752] pgrefill 1704 [ 1313.992193][T15752] pgscan 1645 [ 1313.992193][T15752] pgsteal 364 [ 1313.992193][T15752] pgactivate 1221 [ 1314.089812][T15752] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=20780,uid=0 [ 1314.105569][T15752] Memory cgroup out of memory: Killed process 20780 (syz-executor.1) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 04:20:05 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:05 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080), 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:05 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:05 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(0xffffffffffffffff, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:05 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:05 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1314.124732][ T546] oom_reaper: reaped process 20780 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1314.240751][T15769] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1314.284190][T15768] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 04:20:05 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080), 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:05 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:06 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2820, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$bt_sco(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0xca80) clock_gettime(0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x100000001) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in6=@local, 0x0, 0x0, 0x0, 0x6}}, 0xe8) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) pselect6(0x40, &(0x7f0000000080)={0x4, 0x0, 0x671a, 0x0, 0x9, 0x0, 0x8, 0x6}, &(0x7f0000000280)={0x9, 0x3904d896, 0x5, 0x4, 0x401, 0xfffffffffffffffc, 0x5, 0x51ac}, &(0x7f0000000300)={0x3, 0x5, 0x0, 0x7c7, 0x475, 0x6, 0x81, 0x1}, &(0x7f0000000340)={0x0, 0x1c9c380}, &(0x7f00000004c0)={&(0x7f0000000480)={0x2}, 0x8}) sendmmsg(r0, &(0x7f0000007e00), 0x400000000000058, 0x0) ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000000)={0x8}) socket$inet_tcp(0x2, 0x1, 0x0) [ 1314.638210][T15781] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1314.761683][T15781] CPU: 1 PID: 15781 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0 [ 1314.770706][T15781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1314.780812][T15781] Call Trace: [ 1314.784118][T15781] dump_stack+0x11d/0x181 [ 1314.788460][T15781] dump_header+0xaa/0x39c [ 1314.792843][T15781] oom_kill_process.cold+0x10/0x15 [ 1314.797986][T15781] out_of_memory+0x231/0xa60 [ 1314.802596][T15781] ? __rcu_read_unlock+0x66/0x3d0 [ 1314.807727][T15781] mem_cgroup_out_of_memory+0x128/0x150 [ 1314.813295][T15781] try_charge+0xb6c/0xbf0 [ 1314.817710][T15781] ? __rcu_read_unlock+0x66/0x3d0 [ 1314.822824][T15781] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1314.828316][T15781] __memcg_kmem_charge+0xcf/0x1b0 [ 1314.833360][T15781] __alloc_pages_nodemask+0x26c/0x310 [ 1314.838844][T15781] alloc_pages_current+0xd1/0x170 [ 1314.843878][T15781] pte_alloc_one+0x18/0x50 [ 1314.848340][T15781] __pte_alloc+0x2d/0x220 [ 1314.852766][T15781] copy_page_range+0x135a/0x19b0 [ 1314.858497][T15781] ? __vma_link_rb+0x3f4/0x440 [ 1314.863272][T15781] dup_mm+0x74a/0xba0 [ 1314.867266][T15781] copy_process+0x3138/0x3c40 [ 1314.872027][T15781] _do_fork+0xfe/0x7a0 [ 1314.876135][T15781] ? cgroup_file_notify+0xff/0x130 [ 1314.881365][T15781] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1314.887565][T15781] ? __read_once_size+0x5a/0xe0 [ 1314.892567][T15781] __x64_sys_clone+0x130/0x170 [ 1314.897449][T15781] do_syscall_64+0xcc/0x3a0 [ 1314.902320][T15781] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1314.908396][T15781] RIP: 0033:0x45a919 [ 1314.912365][T15781] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1314.932374][T15781] RSP: 002b:00007f8515893c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1314.941535][T15781] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1314.950278][T15781] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1314.961049][T15781] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1314.971004][T15781] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85158946d4 [ 1314.980121][T15781] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1315.023607][T15789] __nla_validate_parse: 4 callbacks suppressed [ 1315.023636][T15789] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1315.083620][T15781] memory: usage 307200kB, limit 307200kB, failcnt 4213 [ 1315.109139][T15781] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 04:20:06 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1315.249064][T15781] Memory cgroup stats for /syz3: [ 1315.249287][T15781] anon 245968896 [ 1315.249287][T15781] file 0 [ 1315.249287][T15781] kernel_stack 6303744 [ 1315.249287][T15781] slab 12587008 [ 1315.249287][T15781] sock 0 [ 1315.249287][T15781] shmem 0 [ 1315.249287][T15781] file_mapped 0 [ 1315.249287][T15781] file_dirty 0 [ 1315.249287][T15781] file_writeback 0 [ 1315.249287][T15781] anon_thp 203423744 [ 1315.249287][T15781] inactive_anon 0 [ 1315.249287][T15781] active_anon 245886976 [ 1315.249287][T15781] inactive_file 0 [ 1315.249287][T15781] active_file 53248 [ 1315.249287][T15781] unevictable 0 [ 1315.249287][T15781] slab_reclaimable 1757184 [ 1315.249287][T15781] slab_unreclaimable 10829824 [ 1315.249287][T15781] pgfault 106029 [ 1315.249287][T15781] pgmajfault 0 [ 1315.249287][T15781] workingset_refault 231 [ 1315.249287][T15781] workingset_activate 132 [ 1315.249287][T15781] workingset_nodereclaim 0 [ 1315.249287][T15781] pgrefill 2428 [ 1315.249287][T15781] pgscan 2372 [ 1315.249287][T15781] pgsteal 482 04:20:06 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1315.497999][T15803] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 04:20:07 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080), 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1315.715672][T15808] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 04:20:07 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2820, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$bt_sco(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0xca80) clock_gettime(0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x100000001) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in6=@local, 0x0, 0x0, 0x0, 0x6}}, 0xe8) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) pselect6(0x40, &(0x7f0000000080)={0x4, 0x0, 0x671a, 0x0, 0x9, 0x0, 0x8, 0x6}, &(0x7f0000000280)={0x9, 0x3904d896, 0x5, 0x4, 0x401, 0xfffffffffffffffc, 0x5, 0x51ac}, &(0x7f0000000300)={0x3, 0x5, 0x0, 0x7c7, 0x475, 0x6, 0x81, 0x1}, &(0x7f0000000340)={0x0, 0x1c9c380}, &(0x7f00000004c0)={&(0x7f0000000480)={0x2}, 0x8}) sendmmsg(r0, &(0x7f0000007e00), 0x400000000000058, 0x0) ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000000)={0x8}) socket$inet_tcp(0x2, 0x1, 0x0) 04:20:07 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1315.861507][T15781] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=15781,uid=0 [ 1315.894741][T15910] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. 04:20:07 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2820, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$bt_sco(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0xca80) clock_gettime(0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x100000001) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in6=@local, 0x0, 0x0, 0x0, 0x6}}, 0xe8) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) pselect6(0x40, &(0x7f0000000080)={0x4, 0x0, 0x671a, 0x0, 0x9, 0x0, 0x8, 0x6}, &(0x7f0000000280)={0x9, 0x3904d896, 0x5, 0x4, 0x401, 0xfffffffffffffffc, 0x5, 0x51ac}, &(0x7f0000000300)={0x3, 0x5, 0x0, 0x7c7, 0x475, 0x6, 0x81, 0x1}, &(0x7f0000000340)={0x0, 0x1c9c380}, &(0x7f00000004c0)={&(0x7f0000000480)={0x2}, 0x8}) sendmmsg(r0, &(0x7f0000007e00), 0x400000000000058, 0x0) ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000000)={0x8}) socket$inet_tcp(0x2, 0x1, 0x0) [ 1315.987308][T15781] Memory cgroup out of memory: Killed process 15781 (syz-executor.3) total-vm:72584kB, anon-rss:2200kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 04:20:07 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:07 executing program 3: keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0) [ 1316.351131][T15922] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1316.395337][T15969] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1316.399532][ T546] oom_reaper: reaped process 15781 (syz-executor.3), now anon-rss:0kB, file-rss:34924kB, shmem-rss:0kB [ 1316.427037][T15922] CPU: 1 PID: 15922 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1316.437826][T15922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1316.447961][T15922] Call Trace: [ 1316.451384][T15922] dump_stack+0x11d/0x181 [ 1316.455831][T15922] dump_header+0xaa/0x39c [ 1316.460187][T15922] oom_kill_process.cold+0x10/0x15 [ 1316.465418][T15922] out_of_memory+0x231/0xa60 [ 1316.470200][T15922] ? __rcu_read_unlock+0x66/0x3d0 [ 1316.475942][T15922] mem_cgroup_out_of_memory+0x128/0x150 [ 1316.484619][T15922] try_charge+0xb6c/0xbf0 [ 1316.489119][T15922] ? __rcu_read_unlock+0x66/0x3d0 [ 1316.496279][T15922] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1316.502109][T15922] __memcg_kmem_charge+0xcf/0x1b0 [ 1316.507162][T15922] __alloc_pages_nodemask+0x26c/0x310 [ 1316.516092][T15922] alloc_pages_current+0xd1/0x170 [ 1316.521140][T15922] pte_alloc_one+0x18/0x50 [ 1316.525574][T15922] __pte_alloc+0x2d/0x220 [ 1316.529924][T15922] __handle_mm_fault+0x1ffb/0x2e00 [ 1316.535117][T15922] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1316.541246][T15922] handle_mm_fault+0x21b/0x530 [ 1316.546209][T15922] __do_page_fault+0x456/0x8d0 [ 1316.551334][T15922] do_page_fault+0x38/0x194 [ 1316.555861][T15922] page_fault+0x34/0x40 [ 1316.560087][T15922] RIP: 0033:0x441b99 [ 1316.564251][T15922] Code: b7 0e 66 89 0f 48 83 c6 02 48 83 c7 02 0f 1f 40 00 f6 c2 04 74 0c 8b 0e 89 0f 48 83 c6 04 48 83 c7 04 f6 c2 08 74 0e 48 8b 0e <48> 89 0f 48 83 c6 08 48 83 c7 08 81 e2 f0 00 00 00 74 1f 0f 1f 40 [ 1316.584022][T15922] RSP: 002b:00007ffdab4b58a8 EFLAGS: 00010202 [ 1316.590203][T15922] RAX: 0000000020000b00 RBX: 000000000075c9a0 RCX: 0030656c69662f2e 04:20:08 executing program 2: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe8476071") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000880)=[{0x0, 0x0, 0x0}, {&(0x7f0000000200)=@abs, 0x6e, &(0x7f00000007c0)}], 0x2, 0x0) [ 1316.598189][T15922] RDX: 0000000000000008 RSI: 0000000000760080 RDI: 0000000020000b00 [ 1316.606582][T15922] RBP: 0000000000760060 R08: 0000000063b54b7f R09: 0000000063b54b83 [ 1316.614737][T15922] R10: 00007ffdab4b5980 R11: 0000000000000246 R12: 000000000075bf20 [ 1316.623511][T15922] R13: 000000000014159c R14: 0000000000760068 R15: 000000000075bf2c 04:20:08 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:08 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(0xffffffffffffffff, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1316.768725][T15922] memory: usage 307200kB, limit 307200kB, failcnt 3638 [ 1316.775911][T15922] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 04:20:08 executing program 3: bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) unshare(0x20600) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f00000004c0), 0x6}, 0x0, 0x3, 0x0, 0x8, 0x0, 0x0, 0xfff5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r1 = getpid() tkill(r1, 0x9) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000040)={'filter\x00', 0x4}, 0x68) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet6(0xa, 0x400000000803, 0x5f) close(r3) r4 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r4) ioctl$TIOCL_GETKMSGREDIRECT(r4, 0x541c, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x400000001, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x1}) setfsgid(0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f00000006c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6\xf23F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0_\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\xa9\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&k\x80K\xd1>\xa6\xff(\xb1\x01\xe7\xa5\xce-A\xb0\xec\x190r-q\x83\xb3mN\x91\'\xc5\xf8\xfe\x18\x16\xb7R6\xa9R\xf4H\xa7\x84\x98\xfc\xf9\xa6\xd6\x8d\xa7\xd5_\xc0\x93\xde\x1f`\xff\xcf\xe1)N\x85&\x8b\x06I\xa2\x13\x02\x00\x00\x00\x00\x00\x00\x00[\xae5\x82}\xb7h!\xd9\xce\xe9\x06\b\rs^\x8d\x14\xc1\x97m@6\x1d\xfc\x92@-\xb6\xe5N\x84\xbc\xc0\x1f\xfbI\'M\xdd\xc6*\x06&\f\b\xa6\x92)D}\x87\x80\xea\xb9l\x80H\xea\x82o6\xfa)\x15\xdc@\xf4\x86\xd6_\xf9+/Q\xd5\x8a;\x8b\xe1\x1d\xd0\xec\x8ek\xdb\xa8\xf3Ir\xdb1`B&\xe8A\xd1\xea\xb4$5%aL\xc1\xbd\x91\xc3\x90\x06i <1\xaa\"\xd5\xbb\xe9\xc7SX\xbfm{>\xd4\xc3(E[\xb0J13\xbbG\x8a\xb4\x8aMs\x9f\xcf\xb8g\xab\x12\x8cj\x95}\xb1\bc\xc4u\xf4\xe2\x88\xfa\xde\xec\xdf\xb9\x98\x84\x028\xd9_n\x9f\x86\x88\xe6\x15b\x01]\x01a\xe7\xb9\xb0\xbdk\xaa\xa1\xc1') socket$packet(0x11, 0x3, 0x300) r6 = open(&(0x7f0000000100)='./file1\x00', 0x143042, 0x0) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000280)=ANY=[@ANYBLOB="ac1efdf903001f00ab1414bbe000ede3abb4ea1548000106009047cfe39be792cff6fbeadc41b9c9c3a93b52df9d03bb6385d965367e519ca55d0e0bfdc159c2eb5cd7091bf4a9b9782eede56dda868f1cd1463d573e0000000000004e3632a0594d9ac9e0e1625466ff7c8ab45e4d1e2f895c7ee0904e64609249264f0c4ce5175bfb36fad8690826b7160654753b5ae694e5178a87cb89d2d19c3b8ceef7e35ce210e022ab8dd830dbf9c17b785cbcedb281f3b5390d0e45"], 0x1c) ftruncate(r6, 0x200004) sendfile(r3, r6, 0x0, 0x80001d00c0d0) [ 1316.885526][T15922] Memory cgroup stats for /syz1: [ 1316.885797][T15922] anon 268656640 [ 1316.885797][T15922] file 45056 [ 1316.885797][T15922] kernel_stack 4165632 [ 1316.885797][T15922] slab 8634368 [ 1316.885797][T15922] sock 0 [ 1316.885797][T15922] shmem 0 [ 1316.885797][T15922] file_mapped 0 [ 1316.885797][T15922] file_dirty 0 [ 1316.885797][T15922] file_writeback 0 [ 1316.885797][T15922] anon_thp 239075328 [ 1316.885797][T15922] inactive_anon 0 [ 1316.885797][T15922] active_anon 268656640 [ 1316.885797][T15922] inactive_file 0 [ 1316.885797][T15922] active_file 0 [ 1316.885797][T15922] unevictable 0 [ 1316.885797][T15922] slab_reclaimable 1216512 [ 1316.885797][T15922] slab_unreclaimable 7417856 [ 1316.885797][T15922] pgfault 114972 [ 1316.885797][T15922] pgmajfault 0 [ 1316.885797][T15922] workingset_refault 165 [ 1316.885797][T15922] workingset_activate 99 [ 1316.885797][T15922] workingset_nodereclaim 0 [ 1316.885797][T15922] pgrefill 1737 [ 1316.885797][T15922] pgscan 1645 [ 1316.885797][T15922] pgsteal 364 [ 1316.885797][T15922] pgactivate 1221 04:20:08 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000280)='/dev/sg#\x00', 0x0, 0x10008a02) write(r0, &(0x7f0000000140)="b63db86b1e8d080000000000003ef0011dcc606aed69d2bc7037cebc9bc2fefffffffeffffffe22c9b4c", 0xf5) 04:20:08 executing program 4: sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x20402) ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f0000000140)=""/78) io_submit(0x0, 0x0, 0x0) [ 1317.094852][T16046] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1317.109124][T16045] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1317.192902][T16045] FS-Cache: Duplicate cookie detected [ 1317.199734][T16045] FS-Cache: O-cookie c=00000000417170c6 [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1317.210906][T16045] FS-Cache: O-cookie d=00000000b2421e71 n=000000003d27b3d9 [ 1317.219951][T16045] FS-Cache: O-key=[10] '02000200000000100000' [ 1317.227621][T16045] FS-Cache: N-cookie c=000000009a95d5df [p=0000000057c56a86 fl=2 nc=0 na=1] 04:20:08 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1317.238308][T16045] FS-Cache: N-cookie d=00000000b2421e71 n=0000000064eee1e5 [ 1317.245757][T16045] FS-Cache: N-key=[10] '02000200000000100000' 04:20:08 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(0xffffffffffffffff, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1317.290426][T16057] sg_write: data in/out 560378/197 bytes for SCSI command 0xff-- guessing data in; [ 1317.290426][T16057] program syz-executor.2 not setting count and/or reply_len properly [ 1317.418725][T15922] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=15800,uid=0 [ 1317.494953][T15922] Memory cgroup out of memory: Killed process 15800 (syz-executor.1) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1317.501086][T16065] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1317.662961][T15930] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 04:20:09 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:09 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f0000000140)=""/78) 04:20:09 executing program 2: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) perf_event_open(0x0, 0x0, 0x10000000, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x0) ioctl$TIOCL_GETKMSGREDIRECT(0xffffffffffffffff, 0x541c, 0x0) syz_open_dev$vcsa(0x0, 0x3, 0x40800) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f00000005c0)=""/2, 0x2}], 0x1, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) creat(0x0, 0x0) dup(0xffffffffffffffff) r1 = syz_open_procfs(0x0, &(0x7f0000000380)='net/route\x00') preadv(r1, &(0x7f00000017c0), 0x1a0, 0xf0ffff) listen(r0, 0x0) 04:20:09 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x0, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:09 executing program 4: sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x0, 0x20402) ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f0000000140)=""/78) io_submit(0x0, 0x0, 0x0) 04:20:09 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(0xffffffffffffffff, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:09 executing program 4: r0 = perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f00000028c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x80000000, 0x0) write(r2, &(0x7f0000000340), 0x41395527) openat$null(0xffffffffffffff9c, &(0x7f0000000180)='/dev/null\x00', 0x48570a556ba3f538, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)="1400000052008102a00f80854a36b8ab959916fb", 0x14}], 0x1}, 0x0) splice(r0, 0x0, r3, 0x0, 0x19406, 0x6) [ 1318.088076][T16188] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. 04:20:09 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:09 executing program 2: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) perf_event_open(0x0, 0x0, 0x10000000, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x0) ioctl$TIOCL_GETKMSGREDIRECT(0xffffffffffffffff, 0x541c, 0x0) syz_open_dev$vcsa(0x0, 0x3, 0x40800) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f00000005c0)=""/2, 0x2}], 0x1, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) creat(0x0, 0x0) dup(0xffffffffffffffff) r1 = syz_open_procfs(0x0, &(0x7f0000000380)='net/route\x00') preadv(r1, &(0x7f00000017c0), 0x1a0, 0xf0ffff) listen(r0, 0x0) 04:20:09 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:09 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x0, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:09 executing program 4: syz_open_dev$evdev(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r0 = getpid() tkill(r0, 0x9) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000007, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) munlockall() socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(0xffffffffffffffff) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) 04:20:09 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x444, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x9) recvmmsg(r0, &(0x7f0000002b40)=[{{0x0, 0x40000, 0x0}}], 0x4000000000003be, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000000)=0x8, 0x4) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) socket$inet6(0xa, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) [ 1318.423288][ T7925] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1318.573004][ T7925] CPU: 1 PID: 7925 Comm: syz-executor.0 Not tainted 5.5.0-rc1-syzkaller #0 [ 1318.581916][ T7925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1318.592139][ T7925] Call Trace: [ 1318.595465][ T7925] dump_stack+0x11d/0x181 [ 1318.599937][ T7925] dump_header+0xaa/0x39c [ 1318.604310][ T7925] oom_kill_process.cold+0x10/0x15 [ 1318.609447][ T7925] out_of_memory+0x231/0xa60 [ 1318.614153][ T7925] ? __rcu_read_unlock+0x66/0x3d0 04:20:10 executing program 4: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_setup(0x64, &(0x7f0000000140)) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x10004000010) r0 = syz_open_dev$usbmon(0x0, 0x4, 0x100) ioctl$GIO_FONTX(r0, 0x4b6b, &(0x7f0000000500)) r1 = accept(0xffffffffffffff9c, &(0x7f0000000280)=@isdn, &(0x7f0000000080)=0x80) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000140)) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet(0x2, 0x3, 0x0) eventfd2(0xfff, 0x1) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000440)={0x0, @loopback, @initdev}, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cast5)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000008c0)="0a0775b005", 0x5) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) sendmmsg$unix(r5, &(0x7f0000007600)=[{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000900)="fad88bd0608b6e1b", 0x8}], 0x1}], 0x1, 0x0) ioctl$KVM_SET_PIT(r5, 0x8048ae66, &(0x7f0000000540)={[{0x3ff, 0x101, 0x0, 0x9, 0x6, 0x4f, 0x3, 0x1, 0xff, 0x20, 0x7, 0x8, 0x8c8}, {0xaec, 0x9, 0x7f, 0x20, 0x40, 0xfc, 0x34, 0x6, 0x5b, 0x3, 0x7f, 0x40, 0x8}, {0x1, 0x0, 0x2, 0x0, 0x7f, 0x3f, 0x0, 0x3, 0x1, 0x1, 0x3b, 0x80, 0x7}], 0x56}) accept4$packet(0xffffffffffffff9c, &(0x7f00000006c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000700)=0x14, 0x80800) openat$full(0xffffffffffffff9c, &(0x7f0000000300)='/dev/full\x00', 0x2, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000005740)={{{@in=@initdev, @in=@multicast1}}, {{@in=@initdev}, 0x0, @in=@local}}, &(0x7f0000005840)=0xe8) syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_int(r6, &(0x7f00000001c0)='memory.high\x00f\xe0\a\xbc\x19W\x95\bY\xe6\x1a\x10L\x84Q\xcd\xf5\xa1c\x8f\xe9I5R=\xad\xfa\x9c\aY\xef\x01,\xc25K\x8b\xf9\x0e\x90\xff<\x00\xa9\xe0x\xfaq\xd7-Z\f\x85&\"<\xb8Y\x8aD\xc7\x00\xe7\xe4 \xa2\xb6g(Z\xd5w\x84\xd1\x99X\xdaQ+-\xf1\v$\xcdv\xe6`\\\xc4\xdf\x1eN\x8c\\\x9c\xe8T\x06\x8eLk\x88\x9d2d\xe0:3S\xef\x8b\x10\xa8\x89\xa4\xfe\xea\x01\x05\xfb\x81\x7f\x15\xe4b\xf0\x9c[\x91\x1d \xc0>\xaeg\xaa\r\xe5\r\xc7x.\x8c8\x83\x8eIO\xb8\\N1#H\xf2\x8f\x03V\xcf\xdb\xc8\xda\xa7)\x7f\xe6\xe3[\xf3', 0x2, 0x0) [ 1318.619248][ T7925] mem_cgroup_out_of_memory+0x128/0x150 [ 1318.624856][ T7925] try_charge+0xb6c/0xbf0 [ 1318.629225][ T7925] ? __rcu_read_unlock+0x66/0x3d0 [ 1318.634885][ T7925] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1318.640499][ T7925] __memcg_kmem_charge+0xcf/0x1b0 [ 1318.645851][ T7925] __alloc_pages_nodemask+0x26c/0x310 [ 1318.651676][ T7925] alloc_pages_current+0xd1/0x170 [ 1318.656944][ T7925] get_zeroed_page+0x14/0x50 [ 1318.661563][ T7925] __pud_alloc+0x48/0x250 [ 1318.666143][ T7925] ? preempt_count_add+0x6f/0xb0 [ 1318.671174][ T7925] pud_alloc+0xc3/0x100 [ 1318.675365][ T7925] copy_page_range+0x270/0x19b0 [ 1318.680344][ T7925] ? __read_once_size.constprop.0+0x12/0x20 [ 1318.686260][ T7925] ? __read_once_size.constprop.0+0x12/0x20 [ 1318.692451][ T7925] ? __rcu_read_unlock+0x66/0x3d0 [ 1318.697598][ T7925] ? __rcu_read_unlock+0x66/0x3d0 [ 1318.702632][ T7925] ? __rb_rotate_set_parents+0x9a/0xf0 [ 1318.708236][ T7925] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1318.714009][ T7925] ? vma_gap_callbacks_rotate+0x126/0x190 [ 1318.720070][ T7925] ? __rb_insert_augmented+0x11a/0x370 [ 1318.726041][ T7925] ? vm_get_page_prot+0x90/0x90 [ 1318.731391][ T7925] ? __vma_link_rb+0x3f4/0x440 [ 1318.736623][ T7925] dup_mm+0x74a/0xba0 [ 1318.740825][ T7925] copy_process+0x3138/0x3c40 [ 1318.746053][ T7925] ? do_wp_page+0x19f/0xeb0 [ 1318.752034][ T7925] _do_fork+0xfe/0x7a0 [ 1318.756528][ T7925] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1318.763014][ T7925] ? __read_once_size+0x5a/0xe0 [ 1318.768155][ T7925] __x64_sys_clone+0x130/0x170 [ 1318.774398][ T7925] do_syscall_64+0xcc/0x3a0 [ 1318.780255][ T7925] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1318.786868][ T7925] RIP: 0033:0x458eea [ 1318.790894][ T7925] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1318.814544][ T7925] RSP: 002b:00007ffec4661c60 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 04:20:10 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1318.823752][ T7925] RAX: ffffffffffffffda RBX: 00007ffec4661c60 RCX: 0000000000458eea [ 1318.832915][ T7925] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1318.842196][ T7925] RBP: 00007ffec4661ca0 R08: 0000000000000001 R09: 00000000016b2940 [ 1318.850476][ T7925] R10: 00000000016b2c10 R11: 0000000000000246 R12: 0000000000000001 [ 1318.860647][ T7925] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffec4661cf0 [ 1319.138723][ T7925] memory: usage 307200kB, limit 307200kB, failcnt 4517 [ 1319.152602][ T7925] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1319.187327][ T7925] Memory cgroup stats for /syz0: [ 1319.187504][ T7925] anon 251129856 [ 1319.187504][ T7925] file 106496 [ 1319.187504][ T7925] kernel_stack 5824512 [ 1319.187504][ T7925] slab 11653120 [ 1319.187504][ T7925] sock 0 [ 1319.187504][ T7925] shmem 0 [ 1319.187504][ T7925] file_mapped 0 [ 1319.187504][ T7925] file_dirty 0 [ 1319.187504][ T7925] file_writeback 0 [ 1319.187504][ T7925] anon_thp 209715200 [ 1319.187504][ T7925] inactive_anon 0 [ 1319.187504][ T7925] active_anon 251129856 [ 1319.187504][ T7925] inactive_file 0 [ 1319.187504][ T7925] active_file 40960 [ 1319.187504][ T7925] unevictable 0 [ 1319.187504][ T7925] slab_reclaimable 1486848 [ 1319.187504][ T7925] slab_unreclaimable 10166272 [ 1319.187504][ T7925] pgfault 114708 [ 1319.187504][ T7925] pgmajfault 0 [ 1319.187504][ T7925] workingset_refault 231 [ 1319.187504][ T7925] workingset_activate 132 [ 1319.187504][ T7925] workingset_nodereclaim 0 [ 1319.187504][ T7925] pgrefill 2743 [ 1319.187504][ T7925] pgscan 2640 [ 1319.187504][ T7925] pgsteal 501 04:20:10 executing program 4: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_setup(0x64, &(0x7f0000000140)) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x10004000010) r0 = syz_open_dev$usbmon(0x0, 0x4, 0x100) ioctl$GIO_FONTX(r0, 0x4b6b, &(0x7f0000000500)) r1 = accept(0xffffffffffffff9c, &(0x7f0000000280)=@isdn, &(0x7f0000000080)=0x80) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000140)) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet(0x2, 0x3, 0x0) eventfd2(0xfff, 0x1) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000440)={0x0, @loopback, @initdev}, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cast5)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000008c0)="0a0775b005", 0x5) r4 = accept$alg(r3, 0x0, 0x0) r5 = dup(r4) sendmmsg$unix(r5, &(0x7f0000007600)=[{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000900)="fad88bd0608b6e1b", 0x8}], 0x1}], 0x1, 0x0) ioctl$KVM_SET_PIT(r5, 0x8048ae66, &(0x7f0000000540)={[{0x3ff, 0x101, 0x0, 0x9, 0x6, 0x4f, 0x3, 0x1, 0xff, 0x20, 0x7, 0x8, 0x8c8}, {0xaec, 0x9, 0x7f, 0x20, 0x40, 0xfc, 0x34, 0x6, 0x5b, 0x3, 0x7f, 0x40, 0x8}, {0x1, 0x0, 0x2, 0x0, 0x7f, 0x3f, 0x0, 0x3, 0x1, 0x1, 0x3b, 0x80, 0x7}], 0x56}) accept4$packet(0xffffffffffffff9c, &(0x7f00000006c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000700)=0x14, 0x80800) openat$full(0xffffffffffffff9c, &(0x7f0000000300)='/dev/full\x00', 0x2, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000005740)={{{@in=@initdev, @in=@multicast1}}, {{@in=@initdev}, 0x0, @in=@local}}, &(0x7f0000005840)=0xe8) syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_int(r6, &(0x7f00000001c0)='memory.high\x00f\xe0\a\xbc\x19W\x95\bY\xe6\x1a\x10L\x84Q\xcd\xf5\xa1c\x8f\xe9I5R=\xad\xfa\x9c\aY\xef\x01,\xc25K\x8b\xf9\x0e\x90\xff<\x00\xa9\xe0x\xfaq\xd7-Z\f\x85&\"<\xb8Y\x8aD\xc7\x00\xe7\xe4 \xa2\xb6g(Z\xd5w\x84\xd1\x99X\xdaQ+-\xf1\v$\xcdv\xe6`\\\xc4\xdf\x1eN\x8c\\\x9c\xe8T\x06\x8eLk\x88\x9d2d\xe0:3S\xef\x8b\x10\xa8\x89\xa4\xfe\xea\x01\x05\xfb\x81\x7f\x15\xe4b\xf0\x9c[\x91\x1d \xc0>\xaeg\xaa\r\xe5\r\xc7x.\x8c8\x83\x8eIO\xb8\\N1#H\xf2\x8f\x03V\xcf\xdb\xc8\xda\xa7)\x7f\xe6\xe3[\xf3', 0x2, 0x0) 04:20:10 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:10 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1319.567093][ T7925] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15757,uid=0 [ 1319.603980][ T7925] Memory cgroup out of memory: Killed process 15757 (syz-executor.0) total-vm:72584kB, anon-rss:2204kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 04:20:11 executing program 2: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) perf_event_open(0x0, 0x0, 0x10000000, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xc, 0xffffffffffffffff, 0x0) ioctl$TIOCL_GETKMSGREDIRECT(0xffffffffffffffff, 0x541c, 0x0) syz_open_dev$vcsa(0x0, 0x3, 0x40800) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{&(0x7f00000005c0)=""/2, 0x2}], 0x1, 0x0) sigaltstack(&(0x7f0000ffe000/0x1000)=nil, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) creat(0x0, 0x0) dup(0xffffffffffffffff) r1 = syz_open_procfs(0x0, &(0x7f0000000380)='net/route\x00') preadv(r1, &(0x7f00000017c0), 0x1a0, 0xf0ffff) listen(r0, 0x0) 04:20:11 executing program 4: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1042, 0x0) execve(&(0x7f0000000500)='./file0\x00', 0x0, 0x0) clone(0x3102001ff2, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000740)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) clone(0x1ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x200001e4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000240), 0x14) creat(&(0x7f0000000080)='./file0\x00', 0x0) 04:20:11 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1319.866391][T16472] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1319.891414][T16472] CPU: 0 PID: 16472 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 1319.900736][T16472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1319.910873][T16472] Call Trace: [ 1319.914345][T16472] dump_stack+0x11d/0x181 [ 1319.918771][T16472] dump_header+0xaa/0x39c [ 1319.923205][T16472] oom_kill_process.cold+0x10/0x15 [ 1319.928373][T16472] out_of_memory+0x231/0xa60 [ 1319.933163][T16472] mem_cgroup_out_of_memory+0x128/0x150 [ 1319.938997][T16472] try_charge+0xb6c/0xbf0 [ 1319.943408][T16472] ? __rcu_read_unlock+0x66/0x3d0 [ 1319.948506][T16472] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1319.954079][T16472] __memcg_kmem_charge+0xcf/0x1b0 [ 1319.959133][T16472] __alloc_pages_nodemask+0x26c/0x310 [ 1319.964592][T16472] alloc_pages_current+0xd1/0x170 [ 1319.969642][T16472] pte_alloc_one+0x18/0x50 [ 1319.974131][T16472] __pte_alloc+0x2d/0x220 [ 1319.978521][T16472] copy_page_range+0x135a/0x19b0 [ 1319.983486][T16472] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1319.989772][T16472] ? __vma_link_rb+0x3f4/0x440 [ 1319.995191][T16472] dup_mm+0x74a/0xba0 [ 1319.999405][T16472] copy_process+0x3138/0x3c40 [ 1320.004099][T16472] _do_fork+0xfe/0x7a0 [ 1320.008242][T16472] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1320.015028][T16472] ? __read_once_size+0x5a/0xe0 [ 1320.019959][T16472] __x64_sys_clone+0x130/0x170 [ 1320.024763][T16472] do_syscall_64+0xcc/0x3a0 [ 1320.029627][T16472] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1320.035536][T16472] RIP: 0033:0x45a919 [ 1320.039455][T16472] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1320.059164][T16472] RSP: 002b:00007f78299edc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1320.067575][T16472] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1320.075644][T16472] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1320.084920][T16472] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1320.092920][T16472] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f78299ee6d4 [ 1320.100947][T16472] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff 04:20:11 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x2c5, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x2, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_REGS(r2, 0x8090ae81, &(0x7f00000002c0)) [ 1320.299606][T16472] memory: usage 307200kB, limit 307200kB, failcnt 1385 [ 1320.348215][T16472] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1320.375992][T16472] Memory cgroup stats for /syz5: [ 1320.376160][T16472] anon 270282752 [ 1320.376160][T16472] file 0 [ 1320.376160][T16472] kernel_stack 3981312 [ 1320.376160][T16472] slab 7778304 [ 1320.376160][T16472] sock 0 [ 1320.376160][T16472] shmem 0 [ 1320.376160][T16472] file_mapped 0 [ 1320.376160][T16472] file_dirty 0 [ 1320.376160][T16472] file_writeback 0 [ 1320.376160][T16472] anon_thp 243269632 [ 1320.376160][T16472] inactive_anon 0 [ 1320.376160][T16472] active_anon 270282752 [ 1320.376160][T16472] inactive_file 0 [ 1320.376160][T16472] active_file 45056 [ 1320.376160][T16472] unevictable 0 [ 1320.376160][T16472] slab_reclaimable 1081344 [ 1320.376160][T16472] slab_unreclaimable 6696960 [ 1320.376160][T16472] pgfault 99759 [ 1320.376160][T16472] pgmajfault 0 [ 1320.376160][T16472] workingset_refault 165 [ 1320.376160][T16472] workingset_activate 99 [ 1320.376160][T16472] workingset_nodereclaim 0 [ 1320.376160][T16472] pgrefill 1347 [ 1320.376160][T16472] pgscan 1271 [ 1320.376160][T16472] pgsteal 403 [ 1320.376160][T16472] pgactivate 858 [ 1320.508009][T16472] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10945,uid=0 [ 1320.548640][T16472] Memory cgroup out of memory: Killed process 10945 (syz-executor.5) total-vm:72584kB, anon-rss:2204kB, file-rss:35848kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1320.561354][T16586] __nla_validate_parse: 7 callbacks suppressed [ 1320.561449][T16586] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1320.602352][ T546] oom_reaper: reaped process 10945 (syz-executor.5), now anon-rss:0kB, file-rss:34888kB, shmem-rss:0kB [ 1320.602789][T16334] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1320.628824][T16334] CPU: 0 PID: 16334 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0 [ 1320.637544][T16334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1320.647702][T16334] Call Trace: [ 1320.651041][T16334] dump_stack+0x11d/0x181 [ 1320.655412][T16334] dump_header+0xaa/0x39c [ 1320.659815][T16334] oom_kill_process.cold+0x10/0x15 [ 1320.664943][T16334] out_of_memory+0x231/0xa60 [ 1320.669566][T16334] mem_cgroup_out_of_memory+0x128/0x150 [ 1320.675127][T16334] try_charge+0xb6c/0xbf0 [ 1320.679524][T16334] ? __rcu_read_unlock+0x66/0x3d0 [ 1320.684628][T16334] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1320.690110][T16334] __memcg_kmem_charge+0xcf/0x1b0 [ 1320.695169][T16334] copy_process+0x11d2/0x3c40 [ 1320.699845][T16334] ? record_times+0x16/0x90 [ 1320.704367][T16334] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1320.710534][T16334] _do_fork+0xfe/0x7a0 [ 1320.714628][T16334] ? cgroup_file_notify+0xff/0x130 [ 1320.719757][T16334] ? blkcg_maybe_throttle_current+0x23d/0x580 [ 1320.725900][T16334] __x64_sys_clone+0x130/0x170 [ 1320.730736][T16334] do_syscall_64+0xcc/0x3a0 [ 1320.735269][T16334] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1320.741179][T16334] RIP: 0033:0x45d2e9 [ 1320.745085][T16334] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1320.764816][T16334] RSP: 002b:00007ffdb9b63648 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1320.773356][T16334] RAX: ffffffffffffffda RBX: 00007f8515810700 RCX: 000000000045d2e9 [ 1320.781328][T16334] RDX: 00007f85158109d0 RSI: 00007f851580fdb0 RDI: 00000000003d0f00 [ 1320.789311][T16334] RBP: 00007ffdb9b63860 R08: 00007f8515810700 R09: 00007f8515810700 [ 1320.797470][T16334] R10: 00007f85158109d0 R11: 0000000000000202 R12: 0000000000000000 [ 1320.805969][T16334] R13: 00007ffdb9b636ff R14: 00007f85158109c0 R15: 000000000075c1cc [ 1320.927039][T16334] memory: usage 307200kB, limit 307200kB, failcnt 4272 [ 1320.948874][T16334] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1320.965273][T16334] Memory cgroup stats for /syz3: [ 1320.965503][T16334] anon 245923840 [ 1320.965503][T16334] file 0 [ 1320.965503][T16334] kernel_stack 6303744 [ 1320.965503][T16334] slab 12587008 [ 1320.965503][T16334] sock 0 [ 1320.965503][T16334] shmem 0 [ 1320.965503][T16334] file_mapped 0 [ 1320.965503][T16334] file_dirty 0 [ 1320.965503][T16334] file_writeback 0 [ 1320.965503][T16334] anon_thp 203423744 [ 1320.965503][T16334] inactive_anon 0 [ 1320.965503][T16334] active_anon 245841920 [ 1320.965503][T16334] inactive_file 0 [ 1320.965503][T16334] active_file 53248 [ 1320.965503][T16334] unevictable 0 [ 1320.965503][T16334] slab_reclaimable 1757184 [ 1320.965503][T16334] slab_unreclaimable 10829824 [ 1320.965503][T16334] pgfault 106326 [ 1320.965503][T16334] pgmajfault 0 [ 1320.965503][T16334] workingset_refault 231 [ 1320.965503][T16334] workingset_activate 132 [ 1320.965503][T16334] workingset_nodereclaim 0 [ 1320.965503][T16334] pgrefill 2461 [ 1320.965503][T16334] pgscan 2438 [ 1320.965503][T16334] pgsteal 482 [ 1321.093910][T16334] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=16334,uid=0 [ 1321.109976][T16334] Memory cgroup out of memory: Killed process 16334 (syz-executor.3) total-vm:73112kB, anon-rss:2224kB, file-rss:35788kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1321.130107][ T546] oom_reaper: reaped process 16334 (syz-executor.3), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB [ 1321.139928][T16588] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1321.158545][T16588] CPU: 0 PID: 16588 Comm: syz-executor.0 Not tainted 5.5.0-rc1-syzkaller #0 [ 1321.167330][T16588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1321.177423][T16588] Call Trace: [ 1321.180751][T16588] dump_stack+0x11d/0x181 [ 1321.185105][T16588] dump_header+0xaa/0x39c [ 1321.189443][T16588] oom_kill_process.cold+0x10/0x15 [ 1321.194657][T16588] out_of_memory+0x231/0xa60 [ 1321.199291][T16588] mem_cgroup_out_of_memory+0x128/0x150 [ 1321.204959][T16588] try_charge+0xb6c/0xbf0 [ 1321.211773][T16588] ? rcu_note_context_switch+0x6d0/0x760 [ 1321.217421][T16588] mem_cgroup_try_charge+0xd2/0x260 [ 1321.222712][T16588] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1321.228356][T16588] wp_page_copy+0x322/0x1040 [ 1321.233010][T16588] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1321.239337][T16588] ? debug_smp_processor_id+0x43/0x137 [ 1321.244895][T16588] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1321.250684][T16588] do_wp_page+0x192/0xeb0 [ 1321.255021][T16588] ? __udelay+0x10/0x20 [ 1321.259209][T16588] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1321.265098][T16588] __handle_mm_fault+0x1d16/0x2e00 [ 1321.270369][T16588] handle_mm_fault+0x21b/0x530 [ 1321.275152][T16588] __do_page_fault+0x456/0x8d0 [ 1321.279928][T16588] do_page_fault+0x38/0x194 [ 1321.284490][T16588] page_fault+0x34/0x40 [ 1321.288638][T16588] RIP: 0033:0x40f968 [ 1321.292610][T16588] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf fa 00 4c 00 31 c0 e8 43 25 ff ff 31 ff e8 8c 21 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d de 2c 66 00 [ 1321.312691][T16588] RSP: 002b:00007ffec4661a30 EFLAGS: 00010246 [ 1321.320224][T16588] RAX: 00000000dbdfc292 RBX: 000000003d65db6b RCX: 0000001b34020000 [ 1321.328278][T16588] RDX: 0000000000000000 RSI: 0000000000000292 RDI: ffffffffdbdfc292 [ 1321.336523][T16588] RBP: 000000000000000b R08: 00000000dbdfc292 R09: 00000000dbdfc296 [ 1321.344497][T16588] R10: 00007ffec4661bd0 R11: 0000000000000246 R12: 000000000075bfa8 [ 1321.352459][T16588] R13: 0000000080000000 R14: 00007fcad0721008 R15: 000000000000000b [ 1321.376873][T16588] memory: usage 307196kB, limit 307200kB, failcnt 4541 [ 1321.383975][T16588] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1321.398357][T16588] Memory cgroup stats for /syz0: [ 1321.398683][T16588] anon 251129856 [ 1321.398683][T16588] file 106496 [ 1321.398683][T16588] kernel_stack 5787648 [ 1321.398683][T16588] slab 11653120 [ 1321.398683][T16588] sock 0 [ 1321.398683][T16588] shmem 0 [ 1321.398683][T16588] file_mapped 0 [ 1321.398683][T16588] file_dirty 0 [ 1321.398683][T16588] file_writeback 0 [ 1321.398683][T16588] anon_thp 209715200 [ 1321.398683][T16588] inactive_anon 0 [ 1321.398683][T16588] active_anon 251129856 [ 1321.398683][T16588] inactive_file 0 [ 1321.398683][T16588] active_file 40960 [ 1321.398683][T16588] unevictable 0 [ 1321.398683][T16588] slab_reclaimable 1486848 [ 1321.398683][T16588] slab_unreclaimable 10166272 [ 1321.398683][T16588] pgfault 114774 [ 1321.398683][T16588] pgmajfault 0 [ 1321.398683][T16588] workingset_refault 231 [ 1321.398683][T16588] workingset_activate 132 [ 1321.398683][T16588] workingset_nodereclaim 0 [ 1321.398683][T16588] pgrefill 2743 [ 1321.398683][T16588] pgscan 2640 [ 1321.398683][T16588] pgsteal 501 [ 1321.492886][T16588] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19557,uid=0 [ 1321.508556][T16588] Memory cgroup out of memory: Killed process 19557 (syz-executor.0) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 04:20:13 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x0, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:13 executing program 2: r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x19, &(0x7f0000000080)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_VLAN_DEFAULT_PVID={0x8, 0x27, 0x5}]}}}]}, 0x3c}}, 0x0) 04:20:13 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:13 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:13 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f00000011c0)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f0000000080)='\x00\x00\x00\x01\x00\x00\x00\x05\x00x\x92\x12\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c') ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f00000011c0)) 04:20:13 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x444, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x9) recvmmsg(r0, &(0x7f0000002b40)=[{{0x0, 0x40000, 0x0}}], 0x4000000000003be, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000000)=0x8, 0x4) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) socket$inet6(0xa, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) [ 1321.545470][T16589] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1321.608595][T16707] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1321.644980][T16713] netlink: 'syz-executor.2': attribute type 39 has an invalid length. [ 1321.687729][T16712] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1321.742717][T16714] syz-executor.5 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=1000 04:20:13 executing program 2: r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x19, &(0x7f0000000080)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_VLAN_DEFAULT_PVID={0x8, 0x27, 0x5}]}}}]}, 0x3c}}, 0x0) [ 1321.849694][T16714] CPU: 0 PID: 16714 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 1321.858898][T16714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1321.868954][T16714] Call Trace: [ 1321.872258][T16714] dump_stack+0x11d/0x181 [ 1321.876745][T16714] dump_header+0xaa/0x39c [ 1321.881182][T16714] oom_kill_process.cold+0x10/0x15 [ 1321.886803][T16714] out_of_memory+0x231/0xa60 [ 1321.892830][T16714] ? __rcu_read_unlock+0x66/0x3d0 [ 1321.897959][T16714] mem_cgroup_out_of_memory+0x128/0x150 [ 1321.903744][T16714] try_charge+0xb6c/0xbf0 [ 1321.908262][T16714] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1321.913920][T16714] cache_grow_begin+0x3bb/0x5c0 [ 1321.919432][T16714] fallback_alloc+0x161/0x1f0 [ 1321.924115][T16714] ____cache_alloc_node+0x1b1/0x1c0 [ 1321.929311][T16714] ? memcg_kmem_get_cache+0x1b1/0x320 [ 1321.937471][T16714] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1321.943779][T16714] kmem_cache_alloc+0x179/0x5d0 [ 1321.948635][T16714] vm_area_dup+0x49/0xf0 [ 1321.952976][T16714] dup_mm+0x330/0xba0 [ 1321.956984][T16714] copy_process+0x3138/0x3c40 [ 1321.961697][T16714] _do_fork+0xfe/0x7a0 [ 1321.966156][T16714] ? cgroup_file_notify+0xff/0x130 [ 1321.971497][T16714] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1321.977449][T16714] ? __read_once_size+0x5a/0xe0 [ 1321.982298][T16714] __x64_sys_clone+0x130/0x170 [ 1321.987080][T16714] do_syscall_64+0xcc/0x3a0 [ 1321.991691][T16714] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1321.997783][T16714] RIP: 0033:0x45a919 [ 1322.001764][T16714] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1322.021435][T16714] RSP: 002b:00007f78299edc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1322.029836][T16714] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1322.037915][T16714] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 04:20:13 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1322.045893][T16714] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1322.053865][T16714] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f78299ee6d4 [ 1322.063228][T16714] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1322.130543][T16830] netlink: 'syz-executor.2': attribute type 39 has an invalid length. 04:20:13 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x444, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x9) recvmmsg(r0, &(0x7f0000002b40)=[{{0x0, 0x40000, 0x0}}], 0x4000000000003be, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000000)=0x8, 0x4) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) socket$inet6(0xa, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) 04:20:13 executing program 4: creat(&(0x7f0000000040)='./file0\x00', 0x0) open(&(0x7f0000000100)='./file0\x00', 0x2200, 0x3) unlinkat(0xffffffffffffffff, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 1322.418651][T16714] memory: usage 307200kB, limit 307200kB, failcnt 1427 [ 1322.425834][T16714] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1322.453885][ T27] audit: type=1804 audit(1576815613.907:36): pid=16838 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir088588616/syzkaller.dBgGpf/384/file0" dev="sda1" ino=17898 res=1 [ 1322.459095][T16714] Memory cgroup stats for /syz5: [ 1322.469112][T16714] anon 270348288 [ 1322.469112][T16714] file 0 [ 1322.469112][T16714] kernel_stack 3981312 [ 1322.469112][T16714] slab 7778304 [ 1322.469112][T16714] sock 0 [ 1322.469112][T16714] shmem 0 [ 1322.469112][T16714] file_mapped 0 [ 1322.469112][T16714] file_dirty 0 [ 1322.469112][T16714] file_writeback 0 [ 1322.469112][T16714] anon_thp 243269632 [ 1322.469112][T16714] inactive_anon 0 [ 1322.469112][T16714] active_anon 270348288 [ 1322.469112][T16714] inactive_file 0 [ 1322.469112][T16714] active_file 45056 [ 1322.469112][T16714] unevictable 0 [ 1322.469112][T16714] slab_reclaimable 1081344 [ 1322.469112][T16714] slab_unreclaimable 6696960 [ 1322.469112][T16714] pgfault 99891 [ 1322.469112][T16714] pgmajfault 0 [ 1322.469112][T16714] workingset_refault 165 [ 1322.469112][T16714] workingset_activate 99 [ 1322.469112][T16714] workingset_nodereclaim 0 [ 1322.469112][T16714] pgrefill 1347 [ 1322.469112][T16714] pgscan 1304 [ 1322.469112][T16714] pgsteal 403 [ 1322.469112][T16714] pgactivate 858 [ 1322.591492][ T27] audit: type=1804 audit(1576815614.047:37): pid=16838 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir088588616/syzkaller.dBgGpf/384/file0" dev="sda1" ino=17898 res=1 04:20:14 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1322.724785][T16839] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 04:20:14 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000040), 0x4) [ 1322.842850][T16947] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 04:20:14 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:14 executing program 3: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() getpid() openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x30840, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(0xffffffffffffffff, 0xc04c5349, &(0x7f00000003c0)={0x3f, 0x33d1}) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f00000028c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) splice(r2, 0x0, 0xffffffffffffffff, 0x0, 0x80000000, 0x0) ioctl$RTC_EPOCH_READ(0xffffffffffffffff, 0x8008700d, &(0x7f0000000480)) write(r1, &(0x7f0000000340), 0x41395527) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000180)='/dev/null\x00', 0x48570a556ba3f538, 0x0) ioctl$VHOST_GET_FEATURES(r4, 0x8008af00, &(0x7f00000002c0)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440), 0x11}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) close(0xffffffffffffffff) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)="1400000052008102a00f80854a36b8ab959916fb", 0x14}], 0x1}, 0x0) 04:20:14 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x1, 0x0, 0x0, 0x3, 0x0, 0x8}, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) recvmmsg(r0, &(0x7f0000005540)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0xfffffffffffffd62}]}}], 0x50f, 0x0, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x400080, 0x0) open(&(0x7f000054eff8)='./file0\x00', 0x0, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) lseek(0xffffffffffffffff, 0x836a, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_snmp6\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffe}) sendto$inet(r0, &(0x7f00000012c0)='\f', 0x1, 0x11, 0x0, 0x0) [ 1323.145931][T16956] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1323.164739][T16714] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10365,uid=0 [ 1323.232620][T16714] Memory cgroup out of memory: Killed process 10365 (syz-executor.5) total-vm:72716kB, anon-rss:2212kB, file-rss:35840kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1323.371216][T16832] syz-executor.1 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=1000 [ 1323.391801][T16832] CPU: 0 PID: 16832 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1323.400538][T16832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1323.410592][T16832] Call Trace: [ 1323.413897][T16832] dump_stack+0x11d/0x181 [ 1323.418267][T16832] dump_header+0xaa/0x39c [ 1323.422673][T16832] oom_kill_process.cold+0x10/0x15 [ 1323.427793][T16832] out_of_memory+0x231/0xa60 [ 1323.432404][T16832] mem_cgroup_out_of_memory+0x128/0x150 [ 1323.438046][T16832] try_charge+0xb6c/0xbf0 [ 1323.442583][T16832] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1323.448165][T16832] cache_grow_begin+0x3bb/0x5c0 [ 1323.453048][T16832] fallback_alloc+0x161/0x1f0 [ 1323.457742][T16832] ____cache_alloc_node+0x1b1/0x1c0 [ 1323.462957][T16832] ? memcg_kmem_get_cache+0x1b1/0x320 [ 1323.473343][T16832] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1323.480121][T16832] kmem_cache_alloc_node+0xbb/0x660 [ 1323.485497][T16832] copy_process+0x2dd/0x3c40 [ 1323.490182][T16832] ? record_times+0x16/0x90 [ 1323.495859][T16832] ? psi_task_change+0x1ad/0x2d0 [ 1323.500827][T16832] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1323.507240][T16832] _do_fork+0xfe/0x7a0 [ 1323.512312][T16832] ? cgroup_file_notify+0xff/0x130 [ 1323.518203][T16832] ? blkcg_maybe_throttle_current+0x23d/0x580 [ 1323.524836][T16832] __x64_sys_clone+0x130/0x170 [ 1323.529685][T16832] do_syscall_64+0xcc/0x3a0 [ 1323.535708][T16832] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1323.541804][T16832] RIP: 0033:0x45d2e9 [ 1323.545828][T16832] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1323.569853][T16832] RSP: 002b:00007ffdab4b5778 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1323.578923][T16832] RAX: ffffffffffffffda RBX: 00007fd40135c700 RCX: 000000000045d2e9 [ 1323.587511][T16832] RDX: 00007fd40135c9d0 RSI: 00007fd40135bdb0 RDI: 00000000003d0f00 [ 1323.599436][T16832] RBP: 00007ffdab4b5990 R08: 00007fd40135c700 R09: 00007fd40135c700 [ 1323.607420][T16832] R10: 00007fd40135c9d0 R11: 0000000000000202 R12: 0000000000000000 04:20:15 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x1}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:15 executing program 4: pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x628a4fb531ac22e7) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket(0x10, 0x80002, 0x0) connect$netlink(r2, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) getpeername$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000180)=0x14) sendto$packet(r1, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @dev}, 0x14) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00') r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_NODE_GET(r4, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="68030000", @ANYRES16=r5, @ANYBLOB="020027bd7000fcdbdf250d0000004c00020008000200cf020000040004006f010100010000000400040008000100030000000800020020000000080001007f00000008000200040000000000040008000200200000004000050008000100756470000800010069620000080001007564700008000100657468005cfd020008000300ff01000008000400050002000800010065746800340009000800010001000000080002000700000008000200020000000800010004000000080002000300000008000200ff0700005c0007000c000400ff030000000000000c000400050000000000000008000200ffffffff0c00030006000000000000000c000400205a000000000000080002000d44000000000300030000000000000000000200010000003800020008000100ff0100000800010005000000040004000800020003000000080001000600000008000100760000000800020020000000"], 0x3}, 0x1, 0x0, 0x0, 0x4004090}, 0x8080) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f00000002c0)={@mcast2, 0x3f, 0x1, 0xff, 0x8, 0x40, 0x7}, &(0x7f0000000300)=0x20) ioctl$TIOCGWINSZ(r4, 0x5413, &(0x7f0000000340)) ioctl$BLKGETSIZE(r4, 0x1260, &(0x7f0000000380)) ioctl$VT_SETMODE(r4, 0x5602, &(0x7f00000003c0)={0xd, 0x8, 0x5, 0x1, 0xc53}) setsockopt$inet_group_source_req(r4, 0x0, 0x2f, &(0x7f0000000400)={0x7, {{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {{0x2, 0x4e24, @broadcast}}}, 0x108) getsockopt$IP_VS_SO_GET_SERVICE(r4, 0x0, 0x483, &(0x7f0000000540), &(0x7f00000005c0)=0x68) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000640)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r4, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0xc8008000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x1c, r6, 0x540b0d874c943398, 0x70bd2c, 0x25dfdbfd, {}, [""]}, 0x1c}}, 0x4000000) stat(&(0x7f0000000740)='./file0\x00', &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setgid(r8) fchdir(r4) ioctl$BLKROTATIONAL(r4, 0x127e, &(0x7f0000000800)) getsockopt$inet6_mtu(r4, 0x29, 0x17, &(0x7f0000000840), &(0x7f0000000880)=0x4) ioctl$sock_SIOCSIFBR(r4, 0x8941, &(0x7f0000000980)=@get={0x1, &(0x7f00000008c0)=""/131, 0x6}) stat(&(0x7f00000009c0)='./file0\x00', &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$bt_hci(r4, 0x0, 0x0, &(0x7f0000000a80)=""/63, &(0x7f0000000ac0)=0x3f) r11 = semget$private(0x0, 0x3, 0x1) getsockopt$ARPT_SO_GET_ENTRIES(r4, 0x0, 0x61, &(0x7f0000000cc0)={'filter\x00', 0xd0, "3dda506780a8ca872e7522c7f473755f398a365aa17ed4d0c4c57eea3568b140553181fb9e223cfedec4ff1900b69cc0001428101917311007cf6d4232b04be94eb035f4a0af760148d3ad0913badfa19f73909a2e18a1afc963d19a681aff82b1d78137dc87f8d45eb8c4cc2fd4126af9269aff49607f4ccf011b753222d433c5a232c6dd785fd140b5c4089cd2fef8345119fb9b91a6a9b77af526c3a946c18e96fdceb27d47aca4f1a7a23755eb97a8883d829c6a79085f1d5d4ad611e5c659a7288e798a93d9527ed4d56281afc4"}, &(0x7f0000000dc0)=0xf4) semctl$SEM_INFO(r11, 0x2, 0x13, &(0x7f0000000b00)=""/127) ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000b80)=0x0) r13 = gettid() msgctl$IPC_SET(r11, 0x1, &(0x7f0000000bc0)={{0x81, r9, r10, r7, r8, 0x20, 0x1}, 0x5, 0x4, 0x0, 0x80000001, 0x0, 0x9, r12, r13}) ioprio_get$uid(0x5, r9) setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000040)={{{@in6=@mcast2, @in=@multicast2, 0x4e24, 0x800, 0x4e21, 0x8, 0x2, 0xffc64695ea206852, 0x0, 0x5c, r3, r9}, {0x9, 0x8000, 0x4, 0xa29, 0x9, 0x1f, 0x100000001, 0x3ff}, {0xffffffff, 0x2929, 0x4, 0x100000001}, 0x8001, 0x6e6bbb, 0x0, 0x1, 0x2, 0x21f004e4b13bf8dd}, {{@in=@empty, 0x4d3}, 0xa, @in6=@rand_addr="b0770adced7db00c3d74dc15289d025c", 0x0, 0x1, 0x3, 0xfa, 0xdab6, 0x1000}}, 0xe8) prctl$PR_SET_PDEATHSIG(0x1c, 0x800000000000041) 04:20:15 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000280)='/dev/sg#\x00', 0x0, 0x10008a02) write(r0, &(0x7f0000000140)="b63db86b1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2fefffffffeffffffe22c9b4c", 0xf5) 04:20:15 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1323.616191][T16832] R13: 00007ffdab4b582f R14: 00007fd40135c9c0 R15: 000000000075bfd4 [ 1323.726994][T16832] memory: usage 307200kB, limit 307200kB, failcnt 3711 [ 1323.769024][T16832] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1323.769727][T17077] sg_write: data in/out 167162/197 bytes for SCSI command 0xff-- guessing data in; [ 1323.769727][T17077] program syz-executor.2 not setting count and/or reply_len properly [ 1323.789497][T17075] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1323.811313][T16832] Memory cgroup stats for /syz1: [ 1323.811503][T16832] anon 267341824 [ 1323.811503][T16832] file 45056 [ 1323.811503][T16832] kernel_stack 4276224 [ 1323.811503][T16832] slab 8908800 [ 1323.811503][T16832] sock 0 [ 1323.811503][T16832] shmem 0 [ 1323.811503][T16832] file_mapped 0 [ 1323.811503][T16832] file_dirty 0 [ 1323.811503][T16832] file_writeback 0 [ 1323.811503][T16832] anon_thp 236978176 [ 1323.811503][T16832] inactive_anon 0 [ 1323.811503][T16832] active_anon 267341824 [ 1323.811503][T16832] inactive_file 0 [ 1323.811503][T16832] active_file 0 [ 1323.811503][T16832] unevictable 0 [ 1323.811503][T16832] slab_reclaimable 1216512 [ 1323.811503][T16832] slab_unreclaimable 7692288 [ 1323.811503][T16832] pgfault 115764 [ 1323.811503][T16832] pgmajfault 0 [ 1323.811503][T16832] workingset_refault 165 [ 1323.811503][T16832] workingset_activate 132 [ 1323.811503][T16832] workingset_nodereclaim 0 [ 1323.811503][T16832] pgrefill 1836 [ 1323.811503][T16832] pgscan 1778 [ 1323.811503][T16832] pgsteal 397 [ 1323.980168][T16832] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=20745,uid=0 [ 1324.000449][T16832] Memory cgroup out of memory: Killed process 20745 (syz-executor.1) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1324.045333][ T546] oom_reaper: reaped process 20745 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1324.046425][T16962] syz-executor.3 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 1324.129821][T16962] CPU: 1 PID: 16962 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0 [ 1324.142769][T16962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1324.154307][T16962] Call Trace: [ 1324.157711][T16962] dump_stack+0x11d/0x181 [ 1324.163643][T16962] dump_header+0xaa/0x39c [ 1324.168102][T16962] oom_kill_process.cold+0x10/0x15 [ 1324.173523][T16962] out_of_memory+0x231/0xa60 [ 1324.178221][T16962] mem_cgroup_out_of_memory+0x128/0x150 [ 1324.184501][T16962] try_charge+0xb6c/0xbf0 [ 1324.189047][T16962] ? __rcu_read_unlock+0x66/0x3d0 [ 1324.194885][T16962] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1324.201950][T16962] __memcg_kmem_charge+0xcf/0x1b0 [ 1324.208174][T16962] __alloc_pages_nodemask+0x26c/0x310 [ 1324.213582][T16962] alloc_pages_current+0xd1/0x170 [ 1324.218926][T16962] pipe_write+0x72d/0xca0 [ 1324.223564][T16962] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1324.230313][T16962] ? iov_iter_init+0xe2/0x120 [ 1324.235701][T16962] new_sync_write+0x388/0x4a0 [ 1324.240475][T16962] __vfs_write+0xb1/0xc0 [ 1324.245551][T16962] vfs_write+0x18a/0x390 [ 1324.250243][T16962] ksys_write+0x17b/0x1b0 [ 1324.254954][T16962] __x64_sys_write+0x4c/0x60 [ 1324.260063][T16962] do_syscall_64+0xcc/0x3a0 [ 1324.265802][T16962] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1324.273874][T16962] RIP: 0033:0x45a919 [ 1324.277797][T16962] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1324.299614][T16962] RSP: 002b:00007f8515872c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1324.308732][T16962] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a919 [ 1324.318976][T16962] RDX: 0000000041395527 RSI: 0000000020000340 RDI: 0000000000000005 04:20:15 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x1}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:15 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000280)='/dev/sg#\x00', 0x0, 0x10008a02) write(r0, &(0x7f0000000140)="b63db86b1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2fefffffffeffffffe22c9b4c", 0xf5) 04:20:15 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:15 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x444, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) pipe(0x0) r0 = socket$inet6(0xa, 0x3, 0x9) recvmmsg(r0, &(0x7f0000002b40)=[{{0x0, 0x40000, 0x0}}], 0x4000000000003be, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000000)=0x8, 0x4) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) 04:20:15 executing program 1: socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f00000012c0), 0x0) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1324.327957][T16962] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1324.336575][T16962] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85158736d4 [ 1324.344780][T16962] R13: 00000000004c7c83 R14: 00000000004e4e08 R15: 00000000ffffffff [ 1324.375459][T17194] sg_write: data in/out 167162/197 bytes for SCSI command 0xff-- guessing data in; [ 1324.375459][T17194] program syz-executor.2 not setting count and/or reply_len properly 04:20:15 executing program 2: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe8476071") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000880)=[{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000100)='4', 0x1}], 0x1}, {&(0x7f0000000200)=@abs, 0x6e, &(0x7f00000007c0)}], 0x2, 0x0) [ 1324.443520][T16962] memory: usage 307188kB, limit 307200kB, failcnt 4308 [ 1324.488839][T16962] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1324.506838][T17197] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1324.517768][T17199] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1324.531899][T16962] Memory cgroup stats for /syz3: [ 1324.532537][T16962] anon 245800960 [ 1324.532537][T16962] file 0 [ 1324.532537][T16962] kernel_stack 6266880 [ 1324.532537][T16962] slab 12722176 [ 1324.532537][T16962] sock 0 [ 1324.532537][T16962] shmem 0 [ 1324.532537][T16962] file_mapped 0 [ 1324.532537][T16962] file_dirty 0 [ 1324.532537][T16962] file_writeback 0 [ 1324.532537][T16962] anon_thp 203423744 [ 1324.532537][T16962] inactive_anon 0 [ 1324.532537][T16962] active_anon 245800960 [ 1324.532537][T16962] inactive_file 135168 [ 1324.532537][T16962] active_file 53248 [ 1324.532537][T16962] unevictable 0 [ 1324.532537][T16962] slab_reclaimable 1757184 [ 1324.532537][T16962] slab_unreclaimable 10964992 [ 1324.532537][T16962] pgfault 106491 [ 1324.532537][T16962] pgmajfault 0 [ 1324.532537][T16962] workingset_refault 231 [ 1324.532537][T16962] workingset_activate 132 [ 1324.532537][T16962] workingset_nodereclaim 0 [ 1324.532537][T16962] pgrefill 2461 [ 1324.532537][T16962] pgscan 2438 [ 1324.532537][T16962] pgsteal 482 [ 1324.689040][T16962] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=20534,uid=0 [ 1324.719066][T17203] FS-Cache: Duplicate cookie detected [ 1324.724549][T17203] FS-Cache: O-cookie c=000000004aa8604a [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1324.733548][T17203] FS-Cache: O-cookie d=00000000b2421e71 n=000000004d693403 [ 1324.740888][T17203] FS-Cache: O-key=[10] '02000200000000100000' [ 1324.747295][T17203] FS-Cache: N-cookie c=00000000161fe5b3 [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1324.756254][T17203] FS-Cache: N-cookie d=00000000b2421e71 n=000000000f707f35 [ 1324.763527][T17203] FS-Cache: N-key=[10] '02000200000000100000' [ 1324.880150][T16962] Memory cgroup out of memory: Killed process 20534 (syz-executor.3) total-vm:72716kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1325.088143][T16957] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1325.098728][T16957] CPU: 0 PID: 16957 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0 [ 1325.107403][T16957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1325.117457][T16957] Call Trace: [ 1325.120754][T16957] dump_stack+0x11d/0x181 [ 1325.125101][T16957] dump_header+0xaa/0x39c [ 1325.129446][T16957] oom_kill_process.cold+0x10/0x15 [ 1325.134642][T16957] out_of_memory+0x231/0xa60 [ 1325.139361][T16957] mem_cgroup_out_of_memory+0x128/0x150 [ 1325.144925][T16957] try_charge+0x800/0xbf0 [ 1325.149275][T16957] ? rcu_note_context_switch+0x6d0/0x760 [ 1325.154922][T16957] mem_cgroup_try_charge+0xd2/0x260 [ 1325.160169][T16957] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1325.165831][T16957] __handle_mm_fault+0x197f/0x2e00 [ 1325.170969][T16957] handle_mm_fault+0x21b/0x530 [ 1325.175728][T16957] __do_page_fault+0x456/0x8d0 [ 1325.180564][T16957] do_page_fault+0x38/0x194 [ 1325.185053][T16957] page_fault+0x34/0x40 [ 1325.189198][T16957] RIP: 0033:0x41210f [ 1325.193121][T16957] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 1325.212720][T16957] RSP: 002b:00007ffdb9b63690 EFLAGS: 00010206 [ 1325.218784][T16957] RAX: 00007f8515832000 RBX: 0000000000020000 RCX: 000000000045a96a [ 1325.226800][T16957] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1325.234805][T16957] RBP: 00007ffdb9b63770 R08: ffffffffffffffff R09: 0000000000000000 [ 1325.242782][T16957] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdb9b63860 [ 1325.250903][T16957] R13: 00007f8515852700 R14: 0000000000000002 R15: 000000000075c07c [ 1325.262075][T16957] memory: usage 304916kB, limit 307200kB, failcnt 4308 [ 1325.269355][T16957] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1325.276280][T16957] Memory cgroup stats for /syz3: [ 1325.276492][T16957] anon 243679232 [ 1325.276492][T16957] file 0 [ 1325.276492][T16957] kernel_stack 6266880 [ 1325.276492][T16957] slab 12722176 [ 1325.276492][T16957] sock 0 [ 1325.276492][T16957] shmem 0 [ 1325.276492][T16957] file_mapped 0 [ 1325.276492][T16957] file_dirty 0 [ 1325.276492][T16957] file_writeback 0 [ 1325.276492][T16957] anon_thp 201326592 [ 1325.276492][T16957] inactive_anon 0 [ 1325.276492][T16957] active_anon 243679232 [ 1325.276492][T16957] inactive_file 135168 [ 1325.276492][T16957] active_file 53248 [ 1325.276492][T16957] unevictable 0 [ 1325.276492][T16957] slab_reclaimable 1757184 [ 1325.276492][T16957] slab_unreclaimable 10964992 [ 1325.276492][T16957] pgfault 106491 [ 1325.276492][T16957] pgmajfault 0 [ 1325.276492][T16957] workingset_refault 231 [ 1325.276492][T16957] workingset_activate 132 [ 1325.276492][T16957] workingset_nodereclaim 0 [ 1325.276492][T16957] pgrefill 2461 [ 1325.276492][T16957] pgscan 2438 [ 1325.276492][T16957] pgsteal 482 [ 1325.370105][T16957] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=20500,uid=0 [ 1325.385713][T16957] Memory cgroup out of memory: Killed process 20500 (syz-executor.3) total-vm:72716kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1325.411034][ T546] oom_reaper: reaped process 20500 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:20:17 executing program 3: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() getpid() openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x30840, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(0xffffffffffffffff, 0xc04c5349, &(0x7f00000003c0)={0x3f, 0x33d1}) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f00000028c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) splice(r2, 0x0, 0xffffffffffffffff, 0x0, 0x80000000, 0x0) ioctl$RTC_EPOCH_READ(0xffffffffffffffff, 0x8008700d, &(0x7f0000000480)) write(r1, &(0x7f0000000340), 0x41395527) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000180)='/dev/null\x00', 0x48570a556ba3f538, 0x0) ioctl$VHOST_GET_FEATURES(r4, 0x8008af00, &(0x7f00000002c0)) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440), 0x11}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) close(0xffffffffffffffff) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)="1400000052008102a00f80854a36b8ab959916fb", 0x14}], 0x1}, 0x0) 04:20:17 executing program 4: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe8476071") r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f00000002c0)={@multicast2, @remote}, 0xc) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000340)={0x1, {{0x2, 0x0, @multicast2}}, 0x0, 0x2, [{{0x2, 0x0, @empty}}, {}]}, 0x190) close(r1) 04:20:17 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/dev\x00') preadv(r0, &(0x7f00000017c0), 0x351, 0x100800100000000) 04:20:17 executing program 1: socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f00000012c0), 0x0) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:17 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x1}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:17 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1325.596253][T17323] __nla_validate_parse: 1 callbacks suppressed [ 1325.596284][T17323] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1325.699830][T17335] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1325.744873][T17333] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1325.813118][T17443] FS-Cache: Duplicate cookie detected [ 1325.818791][T17443] FS-Cache: O-cookie c=00000000161fe5b3 [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1325.827668][T17443] FS-Cache: O-cookie d=00000000b2421e71 n=000000001b65f6c1 [ 1325.835086][T17443] FS-Cache: O-key=[10] '02000200000000100000' [ 1325.841349][T17443] FS-Cache: N-cookie c=000000004aa8604a [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1325.850057][T17443] FS-Cache: N-cookie d=00000000b2421e71 n=0000000099dbb011 [ 1325.857250][T17443] FS-Cache: N-key=[10] '02000200000000100000' 04:20:17 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:17 executing program 4: 04:20:17 executing program 2: 04:20:17 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:17 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000040), 0x4) 04:20:17 executing program 2: ptrace$getregset(0x4204, 0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=""/129, 0x81}) clone(0x28b84900, 0x0, 0x0, 0x0, &(0x7f0000000300)) ioctl$sock_proto_private(0xffffffffffffffff, 0x0, 0x0) [ 1326.296225][T17453] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. 04:20:17 executing program 3: 04:20:17 executing program 1: socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f00000012c0), 0x0) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:17 executing program 2: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe8476071") bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x10000000012, 0x4, &(0x7f00000000c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x2, 0x1, 0x8}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0xb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 04:20:17 executing program 4: [ 1326.597033][T17459] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1326.675410][T17477] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 04:20:18 executing program 4: 04:20:18 executing program 3: 04:20:18 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:18 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:18 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(0xffffffffffffffff, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:18 executing program 3: 04:20:18 executing program 4: 04:20:18 executing program 2: 04:20:18 executing program 4: [ 1327.251169][T17498] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1327.305304][T17499] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 04:20:18 executing program 3: 04:20:18 executing program 2: [ 1327.364343][T17505] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 04:20:18 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:19 executing program 4: 04:20:19 executing program 3: 04:20:19 executing program 2: [ 1327.843294][T17519] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. 04:20:19 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:19 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(0xffffffffffffffff, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:19 executing program 4: 04:20:19 executing program 3: 04:20:19 executing program 2: 04:20:19 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x1}}], 0x48}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:19 executing program 3: 04:20:19 executing program 4: 04:20:19 executing program 2: [ 1328.510687][T17539] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1328.558545][T17539] CPU: 1 PID: 17539 Comm: syz-executor.0 Not tainted 5.5.0-rc1-syzkaller #0 [ 1328.567267][T17539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1328.577394][T17539] Call Trace: [ 1328.580694][T17539] dump_stack+0x11d/0x181 [ 1328.586082][T17539] dump_header+0xaa/0x39c [ 1328.590475][T17539] oom_kill_process.cold+0x10/0x15 [ 1328.595642][T17539] out_of_memory+0x231/0xa60 [ 1328.600242][T17539] ? __rcu_read_unlock+0x66/0x3d0 [ 1328.605288][T17539] mem_cgroup_out_of_memory+0x128/0x150 [ 1328.610859][T17539] try_charge+0xb6c/0xbf0 [ 1328.615203][T17539] ? __rcu_read_unlock+0x66/0x3d0 [ 1328.620347][T17539] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1328.625889][T17539] __memcg_kmem_charge+0xcf/0x1b0 [ 1328.630977][T17539] __alloc_pages_nodemask+0x26c/0x310 [ 1328.636369][T17539] alloc_pages_current+0xd1/0x170 [ 1328.641415][T17539] pte_alloc_one+0x18/0x50 [ 1328.646020][T17539] __pte_alloc+0x2d/0x220 [ 1328.650362][T17539] copy_page_range+0x135a/0x19b0 [ 1328.655431][T17539] ? __vma_link_rb+0x3f4/0x440 [ 1328.660208][T17539] dup_mm+0x74a/0xba0 [ 1328.664208][T17539] copy_process+0x3138/0x3c40 [ 1328.668912][T17539] _do_fork+0xfe/0x7a0 [ 1328.672998][T17539] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1328.678900][T17539] ? __read_once_size+0x5a/0xe0 [ 1328.683827][T17539] __x64_sys_clone+0x130/0x170 [ 1328.688609][T17539] do_syscall_64+0xcc/0x3a0 [ 1328.693196][T17539] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1328.699088][T17539] RIP: 0033:0x45a919 [ 1328.702992][T17539] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1328.722598][T17539] RSP: 002b:00007fcace71fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1328.731024][T17539] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1328.739445][T17539] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1328.747428][T17539] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 04:20:20 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:20 executing program 4: 04:20:20 executing program 3: [ 1328.755580][T17539] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcace7206d4 [ 1328.763550][T17539] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff 04:20:20 executing program 2: [ 1328.821354][T17539] memory: usage 307200kB, limit 307200kB, failcnt 4590 [ 1328.871439][T17539] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1328.934009][T17539] Memory cgroup stats for /syz0: [ 1328.934171][T17539] anon 249851904 [ 1328.934171][T17539] file 106496 [ 1328.934171][T17539] kernel_stack 5898240 [ 1328.934171][T17539] slab 11923456 [ 1328.934171][T17539] sock 0 [ 1328.934171][T17539] shmem 0 [ 1328.934171][T17539] file_mapped 0 [ 1328.934171][T17539] file_dirty 0 [ 1328.934171][T17539] file_writeback 0 [ 1328.934171][T17539] anon_thp 207618048 [ 1328.934171][T17539] inactive_anon 0 [ 1328.934171][T17539] active_anon 249851904 [ 1328.934171][T17539] inactive_file 0 [ 1328.934171][T17539] active_file 40960 [ 1328.934171][T17539] unevictable 0 [ 1328.934171][T17539] slab_reclaimable 1622016 [ 1328.934171][T17539] slab_unreclaimable 10301440 [ 1328.934171][T17539] pgfault 115698 [ 1328.934171][T17539] pgmajfault 0 [ 1328.934171][T17539] workingset_refault 264 [ 1328.934171][T17539] workingset_activate 132 [ 1328.934171][T17539] workingset_nodereclaim 0 [ 1328.934171][T17539] pgrefill 2776 [ 1328.934171][T17539] pgscan 2673 [ 1328.934171][T17539] pgsteal 501 [ 1329.263070][T17539] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19499,uid=0 [ 1329.280059][T17539] Memory cgroup out of memory: Killed process 19499 (syz-executor.0) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1329.300581][ T546] oom_reaper: reaped process 19499 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:20:20 executing program 3: 04:20:20 executing program 4: 04:20:20 executing program 2: 04:20:20 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) write(0xffffffffffffffff, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:20 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(0xffffffffffffffff, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:20 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x1}}], 0x48}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:20 executing program 4: 04:20:21 executing program 3: 04:20:21 executing program 2: 04:20:21 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x1}}], 0x48}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:21 executing program 4: [ 1329.797704][T17581] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1329.852515][T17581] CPU: 1 PID: 17581 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 1329.861285][T17581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1329.871905][T17581] Call Trace: [ 1329.875300][T17581] dump_stack+0x11d/0x181 [ 1329.879651][T17581] dump_header+0xaa/0x39c [ 1329.884360][T17581] oom_kill_process.cold+0x10/0x15 [ 1329.889491][T17581] out_of_memory+0x231/0xa60 [ 1329.894094][T17581] ? __rcu_read_unlock+0x66/0x3d0 [ 1329.899230][T17581] mem_cgroup_out_of_memory+0x128/0x150 [ 1329.904789][T17581] try_charge+0xb6c/0xbf0 [ 1329.909132][T17581] ? __rcu_read_unlock+0x66/0x3d0 [ 1329.914466][T17581] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1329.919940][T17581] __memcg_kmem_charge+0xcf/0x1b0 [ 1329.925026][T17581] __alloc_pages_nodemask+0x26c/0x310 [ 1329.930411][T17581] alloc_pages_current+0xd1/0x170 [ 1329.935523][T17581] pte_alloc_one+0x18/0x50 [ 1329.939957][T17581] __pte_alloc+0x2d/0x220 [ 1329.944373][T17581] copy_page_range+0x135a/0x19b0 [ 1329.949371][T17581] ? delay_tsc+0x8f/0xc0 [ 1329.953716][T17581] dup_mm+0x74a/0xba0 [ 1329.957730][T17581] copy_process+0x3138/0x3c40 [ 1329.962441][T17581] _do_fork+0xfe/0x7a0 [ 1329.966522][T17581] ? cgroup_file_notify+0xff/0x130 [ 1329.971728][T17581] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1329.977732][T17581] ? __read_once_size+0x5a/0xe0 [ 1329.983014][T17581] __x64_sys_clone+0x130/0x170 [ 1329.987821][T17581] do_syscall_64+0xcc/0x3a0 [ 1329.992347][T17581] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1329.998311][T17581] RIP: 0033:0x45a919 04:20:21 executing program 4: 04:20:21 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) write(0xffffffffffffffff, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:21 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, 0x0) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1330.002214][T17581] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1330.021822][T17581] RSP: 002b:00007f78299edc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1330.031508][T17581] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1330.039518][T17581] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1330.047571][T17581] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1330.055606][T17581] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f78299ee6d4 [ 1330.063579][T17581] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff 04:20:21 executing program 2: 04:20:21 executing program 4: [ 1330.093850][T17581] memory: usage 307200kB, limit 307200kB, failcnt 1503 [ 1330.100832][T17581] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1330.117102][T17581] Memory cgroup stats for /syz5: [ 1330.117383][T17581] anon 269127680 [ 1330.117383][T17581] file 0 [ 1330.117383][T17581] kernel_stack 4091904 [ 1330.117383][T17581] slab 8187904 [ 1330.117383][T17581] sock 0 [ 1330.117383][T17581] shmem 0 04:20:21 executing program 3: [ 1330.117383][T17581] file_mapped 0 [ 1330.117383][T17581] file_dirty 0 [ 1330.117383][T17581] file_writeback 0 [ 1330.117383][T17581] anon_thp 241172480 [ 1330.117383][T17581] inactive_anon 0 [ 1330.117383][T17581] active_anon 269127680 [ 1330.117383][T17581] inactive_file 0 [ 1330.117383][T17581] active_file 45056 [ 1330.117383][T17581] unevictable 0 [ 1330.117383][T17581] slab_reclaimable 1081344 [ 1330.117383][T17581] slab_unreclaimable 7106560 [ 1330.117383][T17581] pgfault 100815 [ 1330.117383][T17581] pgmajfault 0 [ 1330.117383][T17581] workingset_refault 165 [ 1330.117383][T17581] workingset_activate 99 [ 1330.117383][T17581] workingset_nodereclaim 0 [ 1330.117383][T17581] pgrefill 1413 [ 1330.117383][T17581] pgscan 1337 [ 1330.117383][T17581] pgsteal 403 [ 1330.117383][T17581] pgactivate 891 [ 1330.258564][T17581] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10536,uid=0 [ 1330.324252][T17581] Memory cgroup out of memory: Killed process 10536 (syz-executor.5) total-vm:72584kB, anon-rss:2204kB, file-rss:35844kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 04:20:21 executing program 2: 04:20:21 executing program 4: 04:20:21 executing program 3: 04:20:21 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) write(0xffffffffffffffff, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1330.560944][ T7943] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1330.629050][ T7943] CPU: 0 PID: 7943 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 1330.637672][ T7943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1330.647808][ T7943] Call Trace: [ 1330.651126][ T7943] dump_stack+0x11d/0x181 [ 1330.655473][ T7943] dump_header+0xaa/0x39c [ 1330.659864][ T7943] oom_kill_process.cold+0x10/0x15 [ 1330.664985][ T7943] out_of_memory+0x231/0xa60 [ 1330.669695][ T7943] mem_cgroup_out_of_memory+0x128/0x150 [ 1330.675280][ T7943] try_charge+0x800/0xbf0 [ 1330.679620][ T7943] ? rcu_note_context_switch+0x6d0/0x760 [ 1330.685258][ T7943] mem_cgroup_try_charge+0xd2/0x260 [ 1330.690468][ T7943] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1330.696113][ T7943] wp_page_copy+0x322/0x1040 [ 1330.700762][ T7943] ? __read_once_size+0x41/0xe0 [ 1330.705622][ T7943] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1330.711961][ T7943] do_wp_page+0x192/0xeb0 [ 1330.716376][ T7943] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1330.722238][ T7943] __handle_mm_fault+0x1d16/0x2e00 [ 1330.727370][ T7943] handle_mm_fault+0x21b/0x530 [ 1330.732148][ T7943] __do_page_fault+0x456/0x8d0 [ 1330.736939][ T7943] do_page_fault+0x38/0x194 [ 1330.741446][ T7943] page_fault+0x34/0x40 [ 1330.745595][ T7943] RIP: 0033:0x4319fa [ 1330.749496][ T7943] Code: 48 29 e8 31 c9 48 81 fb 40 a6 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 48 89 4a 08 <48> 89 46 08 48 8d 4a 10 8b 05 4c 57 64 00 85 c0 0f 84 3a f7 ff ff [ 1330.769648][ T7943] RSP: 002b:00007ffcacccdd80 EFLAGS: 00010206 [ 1330.775727][ T7943] RAX: 0000000000010651 RBX: 000000000071a640 RCX: 0000000000008041 [ 1330.783696][ T7943] RDX: 0000000001ead970 RSI: 0000000001eb59b0 RDI: 0000000000000003 [ 1330.792030][ T7943] RBP: 0000000000008041 R08: 0000000000000000 R09: 000000000000000c [ 1330.800012][ T7943] R10: 0000000000000005 R11: 0000000000000246 R12: 000000000071a698 [ 1330.807990][ T7943] R13: 000000000071a698 R14: 0000000000000000 R15: 0000000000002710 [ 1330.834359][ T7943] memory: usage 304728kB, limit 307200kB, failcnt 1503 [ 1330.841327][ T7943] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1330.848379][ T7943] Memory cgroup stats for /syz5: [ 1330.849017][ T7943] anon 266833920 [ 1330.849017][ T7943] file 0 [ 1330.849017][ T7943] kernel_stack 4055040 [ 1330.849017][ T7943] slab 8187904 [ 1330.849017][ T7943] sock 0 [ 1330.849017][ T7943] shmem 0 [ 1330.849017][ T7943] file_mapped 0 [ 1330.849017][ T7943] file_dirty 0 [ 1330.849017][ T7943] file_writeback 0 [ 1330.849017][ T7943] anon_thp 239075328 [ 1330.849017][ T7943] inactive_anon 0 [ 1330.849017][ T7943] active_anon 266833920 [ 1330.849017][ T7943] inactive_file 0 [ 1330.849017][ T7943] active_file 45056 [ 1330.849017][ T7943] unevictable 0 [ 1330.849017][ T7943] slab_reclaimable 1081344 [ 1330.849017][ T7943] slab_unreclaimable 7106560 [ 1330.849017][ T7943] pgfault 100815 [ 1330.849017][ T7943] pgmajfault 0 [ 1330.849017][ T7943] workingset_refault 165 [ 1330.849017][ T7943] workingset_activate 99 [ 1330.849017][ T7943] workingset_nodereclaim 0 [ 1330.849017][ T7943] pgrefill 1413 [ 1330.849017][ T7943] pgscan 1337 [ 1330.849017][ T7943] pgsteal 403 [ 1330.849017][ T7943] pgactivate 891 [ 1330.947150][ T7943] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10506,uid=0 [ 1330.962977][ T7943] Memory cgroup out of memory: Killed process 10506 (syz-executor.5) total-vm:72584kB, anon-rss:2204kB, file-rss:35844kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1330.983783][ T546] oom_reaper: reaped process 10506 (syz-executor.5), now anon-rss:0kB, file-rss:34884kB, shmem-rss:0kB [ 1330.996647][T10228] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1331.018540][T10228] CPU: 0 PID: 10228 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1331.030024][T10228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1331.040178][T10228] Call Trace: [ 1331.043473][T10228] dump_stack+0x11d/0x181 [ 1331.047854][T10228] dump_header+0xaa/0x39c [ 1331.052226][T10228] oom_kill_process.cold+0x10/0x15 [ 1331.057336][T10228] out_of_memory+0x231/0xa60 [ 1331.062015][T10228] mem_cgroup_out_of_memory+0x128/0x150 [ 1331.067588][T10228] try_charge+0xb6c/0xbf0 [ 1331.071912][T10228] ? __rcu_read_unlock+0x66/0x3d0 [ 1331.076936][T10228] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1331.082403][T10228] __memcg_kmem_charge+0xcf/0x1b0 [ 1331.087428][T10228] __alloc_pages_nodemask+0x26c/0x310 [ 1331.092880][T10228] alloc_pages_current+0xd1/0x170 [ 1331.097899][T10228] pte_alloc_one+0x18/0x50 [ 1331.102303][T10228] __pte_alloc+0x2d/0x220 [ 1331.106688][T10228] copy_page_range+0x135a/0x19b0 [ 1331.111685][T10228] ? __vma_link_rb+0x3f4/0x440 [ 1331.116452][T10228] dup_mm+0x74a/0xba0 [ 1331.120565][T10228] copy_process+0x3138/0x3c40 [ 1331.125242][T10228] ? do_wp_page+0x19f/0xeb0 [ 1331.129843][T10228] _do_fork+0xfe/0x7a0 [ 1331.133903][T10228] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1331.139783][T10228] ? __read_once_size+0x5a/0xe0 [ 1331.144683][T10228] __x64_sys_clone+0x130/0x170 [ 1331.149458][T10228] do_syscall_64+0xcc/0x3a0 [ 1331.153968][T10228] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1331.159870][T10228] RIP: 0033:0x458eea [ 1331.163848][T10228] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1331.183452][T10228] RSP: 002b:00007ffdab4b5a10 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1331.191894][T10228] RAX: ffffffffffffffda RBX: 00007ffdab4b5a10 RCX: 0000000000458eea [ 1331.199850][T10228] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1331.207802][T10228] RBP: 00007ffdab4b5a50 R08: 0000000000000001 R09: 0000000002634940 [ 1331.215819][T10228] R10: 0000000002634c10 R11: 0000000000000246 R12: 0000000000000001 [ 1331.223771][T10228] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdab4b5aa0 [ 1331.236354][T10228] memory: usage 307200kB, limit 307200kB, failcnt 3764 [ 1331.243522][T10228] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1331.250746][T10228] Memory cgroup stats for /syz1: [ 1331.250961][T10228] anon 265949184 [ 1331.250961][T10228] file 45056 [ 1331.250961][T10228] kernel_stack 4386816 [ 1331.250961][T10228] slab 9043968 [ 1331.250961][T10228] sock 0 [ 1331.250961][T10228] shmem 0 [ 1331.250961][T10228] file_mapped 0 [ 1331.250961][T10228] file_dirty 0 [ 1331.250961][T10228] file_writeback 0 [ 1331.250961][T10228] anon_thp 234881024 [ 1331.250961][T10228] inactive_anon 0 [ 1331.250961][T10228] active_anon 265949184 [ 1331.250961][T10228] inactive_file 0 [ 1331.250961][T10228] active_file 32768 [ 1331.250961][T10228] unevictable 0 [ 1331.250961][T10228] slab_reclaimable 1216512 [ 1331.250961][T10228] slab_unreclaimable 7827456 [ 1331.250961][T10228] pgfault 116622 [ 1331.250961][T10228] pgmajfault 0 [ 1331.250961][T10228] workingset_refault 198 [ 1331.250961][T10228] workingset_activate 132 [ 1331.250961][T10228] workingset_nodereclaim 0 [ 1331.250961][T10228] pgrefill 1902 [ 1331.250961][T10228] pgscan 1811 [ 1331.250961][T10228] pgsteal 397 [ 1331.257327][T17621] __nla_validate_parse: 8 callbacks suppressed [ 1331.257357][T17621] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1331.344572][T10228] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=20723,uid=0 [ 1331.376140][T10228] Memory cgroup out of memory: Killed process 20723 (syz-executor.1) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1331.432670][T17625] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 04:20:23 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x48}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:23 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, 0x0) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:23 executing program 2: 04:20:23 executing program 3: 04:20:23 executing program 4: 04:20:23 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1331.636585][T17632] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 04:20:23 executing program 4: 04:20:23 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1331.796626][T17638] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 04:20:23 executing program 3: 04:20:23 executing program 2: [ 1331.864663][T17640] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. 04:20:23 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, 0x0) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:23 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x48}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:23 executing program 4: 04:20:23 executing program 3: [ 1332.118025][T17655] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 04:20:23 executing program 1: r0 = socket(0x200000000010, 0x5, 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1332.271939][T17656] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1332.322434][T17656] CPU: 0 PID: 17656 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 1332.331153][T17656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1332.341216][T17656] Call Trace: [ 1332.344535][T17656] dump_stack+0x11d/0x181 [ 1332.348877][T17656] dump_header+0xaa/0x39c [ 1332.353222][T17656] oom_kill_process.cold+0x10/0x15 [ 1332.358365][T17656] out_of_memory+0x231/0xa60 [ 1332.359497][T17667] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1332.363085][T17656] ? __rcu_read_unlock+0x66/0x3d0 [ 1332.363200][T17656] mem_cgroup_out_of_memory+0x128/0x150 [ 1332.382912][T17656] try_charge+0xb6c/0xbf0 [ 1332.387308][T17656] ? rcu_note_context_switch+0x6d0/0x760 [ 1332.392955][T17656] mem_cgroup_try_charge+0xd2/0x260 [ 1332.398212][T17656] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1332.403882][T17656] wp_page_copy+0x322/0x1040 [ 1332.408484][T17656] ? __read_once_size+0x41/0xe0 [ 1332.413428][T17656] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1332.419329][T17656] do_wp_page+0x192/0xeb0 [ 1332.423672][T17656] __handle_mm_fault+0x1d16/0x2e00 [ 1332.428797][T17656] ? __perf_event_task_sched_out+0x14d/0xb00 [ 1332.429652][T17670] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1332.434794][T17656] handle_mm_fault+0x21b/0x530 [ 1332.434845][T17656] __do_page_fault+0x456/0x8d0 [ 1332.434877][T17656] do_page_fault+0x38/0x194 [ 1332.460506][T17656] page_fault+0x34/0x40 [ 1332.464659][T17656] RIP: 0033:0x40d318 [ 1332.468560][T17656] Code: d9 48 8b 47 78 48 83 f8 ff 0f 84 0b 01 00 00 48 8b 73 18 48 83 fe ff 74 29 48 81 fe e7 03 00 00 0f 87 67 01 00 00 48 c1 e6 04 86 80 80 75 00 01 48 89 86 88 80 75 00 66 2e 0f 1f 84 00 00 00 [ 1332.488360][T17656] RSP: 002b:00007ffcacccff20 EFLAGS: 00010202 [ 1332.496340][T17656] RAX: 0000000000000003 RBX: 000000000075bf20 RCX: 0000000000000001 [ 1332.505575][T17656] RDX: 0000000000000001 RSI: 0000000000000010 RDI: 000000000075bf20 [ 1332.514161][T17656] RBP: 000000000000002d R08: ffffffffffffffff R09: ffffffffffffffff 04:20:23 executing program 2: 04:20:23 executing program 3: 04:20:24 executing program 4: [ 1332.522486][T17656] R10: 00007ffcaccd0020 R11: 0000000000000246 R12: 000000000075bf20 [ 1332.530722][T17656] R13: 0000000000145408 R14: 0000000000145435 R15: 000000000075bf2c 04:20:24 executing program 4: 04:20:24 executing program 3: 04:20:24 executing program 2: [ 1332.719170][T17656] memory: usage 307204kB, limit 307200kB, failcnt 1538 [ 1332.750433][T17656] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1332.790064][T17656] Memory cgroup stats for /syz5: [ 1332.790280][T17656] anon 269049856 [ 1332.790280][T17656] file 0 [ 1332.790280][T17656] kernel_stack 4055040 [ 1332.790280][T17656] slab 8187904 [ 1332.790280][T17656] sock 0 [ 1332.790280][T17656] shmem 0 [ 1332.790280][T17656] file_mapped 0 [ 1332.790280][T17656] file_dirty 0 [ 1332.790280][T17656] file_writeback 0 [ 1332.790280][T17656] anon_thp 241172480 [ 1332.790280][T17656] inactive_anon 0 [ 1332.790280][T17656] active_anon 269049856 [ 1332.790280][T17656] inactive_file 0 [ 1332.790280][T17656] active_file 45056 [ 1332.790280][T17656] unevictable 0 [ 1332.790280][T17656] slab_reclaimable 1081344 [ 1332.790280][T17656] slab_unreclaimable 7106560 [ 1332.790280][T17656] pgfault 101046 [ 1332.790280][T17656] pgmajfault 0 [ 1332.790280][T17656] workingset_refault 165 [ 1332.790280][T17656] workingset_activate 99 [ 1332.790280][T17656] workingset_nodereclaim 0 [ 1332.790280][T17656] pgrefill 1446 [ 1332.790280][T17656] pgscan 1370 [ 1332.790280][T17656] pgsteal 436 [ 1332.790280][T17656] pgactivate 924 04:20:24 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, 0x0, &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:24 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_netfilter(r1, &(0x7f00000002c0)={&(0x7f0000000000), 0xc, &(0x7f0000000280)={&(0x7f0000002140)=ANY=[@ANYBLOB="1400000000000000000000000008000000000000"], 0x20002154}}, 0x0) mmap(&(0x7f000034d000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0) [ 1333.078592][T17656] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16714,uid=0 [ 1333.272968][T17694] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1333.320627][T17656] Memory cgroup out of memory: Killed process 16714 (syz-executor.5) total-vm:72584kB, anon-rss:2204kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1333.451973][T17658] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. 04:20:25 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x48}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:25 executing program 4: syz_emit_ethernet(0x5e, &(0x7f0000000380)={@broadcast, @random="78ea6d9fede3", [], {@ipv6={0x86dd, {0x0, 0x6, "00eeff", 0x28, 0x3a, 0x86ddffff, @remote={0xfe, 0x80, [0x3, 0x543, 0x700, 0x5, 0x50000000000000d, 0x8848000000f0ffff, 0x0, 0x0, 0x0, 0x60], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@ndisc_redir={0x89, 0x0, 0x0, [], @empty, @empty}}}}}}, 0x0) 04:20:25 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:25 executing program 3: r0 = open(&(0x7f0000000500)='./bus\x00', 0x8143242, 0x0) close(r0) r1 = syz_open_dev$loop(&(0x7f0000000540)='/dev/loop#\x00', 0x0, 0x105082) r2 = memfd_create(&(0x7f0000000000)='}#*nodev\xee\xb8em2N,\x00', 0x0) pwritev(r2, &(0x7f0000000040)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x800) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r0, 0x0, 0x80005) 04:20:25 executing program 2: clone(0x3102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x40000000013, &(0x7f0000000280)=0x100000001, 0x4) clone(0x1fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0xfdf2) setsockopt$inet_mreq(r1, 0x0, 0x23, 0x0, 0x0) close(r0) openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$EVIOCGBITSW(r1, 0x80404525, 0x0) ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, 0x0) 04:20:25 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, 0x0, &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:25 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x1fe, &(0x7f0000000540)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001800dd8d0000800000000000020000000000fe020000000008000500", @ANYRES32], 0x24}}, 0x0) 04:20:25 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x48}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1334.044629][T17734] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1334.106794][T17734] CPU: 1 PID: 17734 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 1334.115596][T17734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1334.125741][T17734] Call Trace: [ 1334.129049][T17734] dump_stack+0x11d/0x181 [ 1334.133393][T17734] dump_header+0xaa/0x39c [ 1334.137840][T17734] oom_kill_process.cold+0x10/0x15 [ 1334.143039][T17734] out_of_memory+0x231/0xa60 [ 1334.147828][T17734] ? __rcu_read_unlock+0x66/0x3d0 [ 1334.152890][T17734] mem_cgroup_out_of_memory+0x128/0x150 [ 1334.158964][T17734] try_charge+0xb6c/0xbf0 [ 1334.163323][T17734] ? __rcu_read_unlock+0x66/0x3d0 [ 1334.168710][T17734] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1334.174185][T17734] __memcg_kmem_charge+0xcf/0x1b0 [ 1334.179245][T17734] __alloc_pages_nodemask+0x26c/0x310 [ 1334.185052][T17734] alloc_pages_current+0xd1/0x170 [ 1334.190450][T17734] pte_alloc_one+0x18/0x50 [ 1334.195064][T17734] __pte_alloc+0x2d/0x220 [ 1334.199997][T17734] copy_page_range+0x135a/0x19b0 [ 1334.204945][T17734] ? __vma_link_rb+0x3f4/0x440 [ 1334.209718][T17734] dup_mm+0x74a/0xba0 [ 1334.213718][T17734] copy_process+0x3138/0x3c40 [ 1334.218616][T17734] _do_fork+0xfe/0x7a0 [ 1334.222679][T17734] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1334.228921][T17734] ? __read_once_size+0x5a/0xe0 [ 1334.233772][T17734] __x64_sys_clone+0x130/0x170 [ 1334.238998][T17734] do_syscall_64+0xcc/0x3a0 [ 1334.243778][T17734] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1334.249657][T17734] RIP: 0033:0x45a919 [ 1334.253549][T17734] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1334.273143][T17734] RSP: 002b:00007f78299edc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1334.281547][T17734] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1334.289982][T17734] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1334.298464][T17734] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 04:20:25 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:25 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, 0x0, &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:25 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1334.307220][T17734] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f78299ee6d4 [ 1334.315187][T17734] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff 04:20:25 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x48}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1334.528586][T17734] memory: usage 307088kB, limit 307200kB, failcnt 1570 [ 1334.535889][T17734] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1334.558731][T17734] Memory cgroup stats for /syz5: [ 1334.558871][T17734] anon 268898304 [ 1334.558871][T17734] file 0 [ 1334.558871][T17734] kernel_stack 4055040 [ 1334.558871][T17734] slab 8187904 [ 1334.558871][T17734] sock 0 [ 1334.558871][T17734] shmem 0 [ 1334.558871][T17734] file_mapped 0 [ 1334.558871][T17734] file_dirty 0 [ 1334.558871][T17734] file_writeback 0 [ 1334.558871][T17734] anon_thp 241172480 [ 1334.558871][T17734] inactive_anon 0 [ 1334.558871][T17734] active_anon 268914688 [ 1334.558871][T17734] inactive_file 0 [ 1334.558871][T17734] active_file 45056 [ 1334.558871][T17734] unevictable 0 [ 1334.558871][T17734] slab_reclaimable 1081344 [ 1334.558871][T17734] slab_unreclaimable 7106560 [ 1334.558871][T17734] pgfault 101178 [ 1334.558871][T17734] pgmajfault 0 [ 1334.558871][T17734] workingset_refault 165 [ 1334.558871][T17734] workingset_activate 99 [ 1334.558871][T17734] workingset_nodereclaim 0 [ 1334.558871][T17734] pgrefill 1446 [ 1334.558871][T17734] pgscan 1403 [ 1334.558871][T17734] pgsteal 436 [ 1334.558871][T17734] pgactivate 924 [ 1334.674466][T17734] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15387,uid=0 [ 1335.028782][T17734] Memory cgroup out of memory: Killed process 15387 (syz-executor.5) total-vm:72584kB, anon-rss:2204kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 04:20:26 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:26 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, 0x0) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:26 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:26 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) write(0xffffffffffffffff, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:26 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, 0x0, &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1335.075888][T17847] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1335.132359][T17847] CPU: 1 PID: 17847 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1335.143434][T17847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1335.154181][T17847] Call Trace: [ 1335.157491][T17847] dump_stack+0x11d/0x181 [ 1335.162880][T17847] dump_header+0xaa/0x39c [ 1335.167228][T17847] oom_kill_process.cold+0x10/0x15 [ 1335.173614][T17847] out_of_memory+0x231/0xa60 [ 1335.178777][T17847] mem_cgroup_out_of_memory+0x128/0x150 [ 1335.185036][T17847] try_charge+0xb6c/0xbf0 [ 1335.189473][T17847] ? rcu_note_context_switch+0x6d0/0x760 [ 1335.195332][T17847] mem_cgroup_try_charge+0xd2/0x260 [ 1335.201674][T17847] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1335.207728][T17847] wp_page_copy+0x322/0x1040 [ 1335.212330][T17847] ? __read_once_size+0x41/0xe0 [ 1335.218721][T17847] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1335.225404][T17847] do_wp_page+0x192/0xeb0 [ 1335.229787][T17847] ? record_times+0x16/0x90 [ 1335.234650][T17847] __handle_mm_fault+0x1d16/0x2e00 [ 1335.239806][T17847] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1335.246004][T17847] handle_mm_fault+0x21b/0x530 [ 1335.250867][T17847] __do_page_fault+0x456/0x8d0 [ 1335.255765][T17847] do_page_fault+0x38/0x194 [ 1335.261160][T17847] page_fault+0x34/0x40 [ 1335.265354][T17847] RIP: 0033:0x40d426 [ 1335.269279][T17847] Code: e8 1f 47 ff ff 0f 1f 80 00 00 00 00 80 3d f1 2b 55 00 00 75 06 80 7b 20 00 74 2e 8b 05 e7 2b 55 00 c6 43 21 00 8d 70 ff 85 f6 <89> 35 d8 2b 55 00 78 5e 48 8b 44 24 08 64 48 33 04 25 28 00 00 00 [ 1335.291969][T17847] RSP: 002b:00007ffdab4b5880 EFLAGS: 00010246 [ 1335.298116][T17847] RAX: 0000000000000001 RBX: 000000000075bf20 RCX: 0000001b33c20000 [ 1335.306370][T17847] RDX: 0000001b32c20000 RSI: 0000000000000000 RDI: ffffffffc62a086b [ 1335.314348][T17847] RBP: 0000000000000001 R08: 00000000c62a086b R09: 00000000c62a086f [ 1335.322825][T17847] R10: 00007ffdab4b5980 R11: 0000000000000000 R12: 000000000075bf20 [ 1335.330808][T17847] R13: 000000000075c9a0 R14: 0000000000762b58 R15: 000000000075bf2c [ 1335.439813][T17847] memory: usage 307200kB, limit 307200kB, failcnt 3810 [ 1335.458787][T17847] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1335.507235][T17847] Memory cgroup stats for /syz1: [ 1335.507417][T17847] anon 264687616 [ 1335.507417][T17847] file 45056 [ 1335.507417][T17847] kernel_stack 4534272 [ 1335.507417][T17847] slab 9183232 [ 1335.507417][T17847] sock 0 [ 1335.507417][T17847] shmem 0 [ 1335.507417][T17847] file_mapped 0 [ 1335.507417][T17847] file_dirty 0 [ 1335.507417][T17847] file_writeback 0 [ 1335.507417][T17847] anon_thp 232783872 [ 1335.507417][T17847] inactive_anon 0 [ 1335.507417][T17847] active_anon 264687616 [ 1335.507417][T17847] inactive_file 0 04:20:27 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(0xffffffffffffffff, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1335.507417][T17847] active_file 32768 [ 1335.507417][T17847] unevictable 0 [ 1335.507417][T17847] slab_reclaimable 1216512 [ 1335.507417][T17847] slab_unreclaimable 7966720 [ 1335.507417][T17847] pgfault 117216 [ 1335.507417][T17847] pgmajfault 0 [ 1335.507417][T17847] workingset_refault 198 [ 1335.507417][T17847] workingset_activate 132 [ 1335.507417][T17847] workingset_nodereclaim 0 [ 1335.507417][T17847] pgrefill 1935 [ 1335.507417][T17847] pgscan 1844 [ 1335.507417][T17847] pgsteal 397 04:20:27 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) write(0xffffffffffffffff, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:27 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:27 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:27 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) write(0xffffffffffffffff, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1336.128164][T17847] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=20638,uid=0 [ 1336.185457][T17847] Memory cgroup out of memory: Killed process 20638 (syz-executor.1) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1336.303979][T17856] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1336.315248][T17904] __nla_validate_parse: 16 callbacks suppressed [ 1336.318158][T17904] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1336.438730][T17856] CPU: 0 PID: 17856 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1336.447448][T17856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1336.457653][T17856] Call Trace: [ 1336.460975][T17856] dump_stack+0x11d/0x181 [ 1336.465374][T17856] dump_header+0xaa/0x39c [ 1336.469729][T17856] oom_kill_process.cold+0x10/0x15 [ 1336.474851][T17856] out_of_memory+0x231/0xa60 [ 1336.479460][T17856] mem_cgroup_out_of_memory+0x128/0x150 [ 1336.485105][T17856] try_charge+0x800/0xbf0 [ 1336.489536][T17856] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1336.495438][T17856] ? __rcu_read_unlock+0x66/0x3d0 [ 1336.500679][T17856] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1336.506249][T17856] __memcg_kmem_charge+0xcf/0x1b0 [ 1336.511320][T17856] __alloc_pages_nodemask+0x26c/0x310 [ 1336.516741][T17856] alloc_pages_current+0xd1/0x170 [ 1336.521757][T17856] pte_alloc_one+0x18/0x50 [ 1336.526153][T17856] __handle_mm_fault+0x2be6/0x2e00 [ 1336.531430][T17856] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1336.539202][T17856] handle_mm_fault+0x21b/0x530 [ 1336.544237][T17856] __do_page_fault+0x456/0x8d0 [ 1336.549376][T17856] do_page_fault+0x38/0x194 [ 1336.554153][T17856] page_fault+0x34/0x40 [ 1336.558416][T17856] RIP: 0033:0x45a919 [ 1336.562771][T17856] Code: Bad RIP value. [ 1336.566859][T17856] RSP: 002b:00007fd40137cc78 EFLAGS: 00010246 [ 1336.574162][T17856] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 000000000045a919 04:20:28 executing program 1: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1336.583184][T17856] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1336.592329][T17856] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1336.600661][T17856] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd40137d6d4 [ 1336.609826][T17856] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff 04:20:28 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(0xffffffffffffffff, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:28 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:28 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) write(0xffffffffffffffff, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(0xffffffffffffffff, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1336.633988][T17856] memory: usage 304988kB, limit 307200kB, failcnt 3810 [ 1336.667551][T17856] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1336.714287][T17856] Memory cgroup stats for /syz1: [ 1336.714441][T17856] anon 262545408 [ 1336.714441][T17856] file 45056 [ 1336.714441][T17856] kernel_stack 4534272 [ 1336.714441][T17856] slab 9183232 [ 1336.714441][T17856] sock 0 [ 1336.714441][T17856] shmem 0 [ 1336.714441][T17856] file_mapped 0 [ 1336.714441][T17856] file_dirty 0 [ 1336.714441][T17856] file_writeback 0 [ 1336.714441][T17856] anon_thp 230686720 [ 1336.714441][T17856] inactive_anon 0 [ 1336.714441][T17856] active_anon 262545408 [ 1336.714441][T17856] inactive_file 0 [ 1336.714441][T17856] active_file 32768 [ 1336.714441][T17856] unevictable 0 [ 1336.714441][T17856] slab_reclaimable 1216512 [ 1336.714441][T17856] slab_unreclaimable 7966720 [ 1336.714441][T17856] pgfault 117249 [ 1336.714441][T17856] pgmajfault 0 [ 1336.714441][T17856] workingset_refault 198 [ 1336.714441][T17856] workingset_activate 132 [ 1336.714441][T17856] workingset_nodereclaim 0 [ 1336.714441][T17856] pgrefill 1935 [ 1336.714441][T17856] pgscan 1844 [ 1336.714441][T17856] pgsteal 397 [ 1336.752558][T17911] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1336.905686][T17856] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=20089,uid=0 [ 1336.922784][T17856] Memory cgroup out of memory: Killed process 20089 (syz-executor.1) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1336.952340][T17916] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1337.010195][T17880] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1337.058797][T17880] CPU: 0 PID: 17880 Comm: syz-executor.0 Not tainted 5.5.0-rc1-syzkaller #0 [ 1337.067519][T17880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1337.077567][T17880] Call Trace: [ 1337.080867][T17880] dump_stack+0x11d/0x181 [ 1337.085210][T17880] dump_header+0xaa/0x39c [ 1337.089551][T17880] oom_kill_process.cold+0x10/0x15 [ 1337.094719][T17880] out_of_memory+0x231/0xa60 [ 1337.099328][T17880] mem_cgroup_out_of_memory+0x128/0x150 [ 1337.104893][T17880] try_charge+0xb6c/0xbf0 [ 1337.109257][T17880] ? __rcu_read_unlock+0x66/0x3d0 [ 1337.114326][T17880] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1337.119799][T17880] __memcg_kmem_charge+0xcf/0x1b0 [ 1337.124852][T17880] __alloc_pages_nodemask+0x26c/0x310 [ 1337.130240][T17880] alloc_pages_current+0xd1/0x170 [ 1337.139270][T17880] pte_alloc_one+0x18/0x50 [ 1337.143693][T17880] __pte_alloc+0x2d/0x220 [ 1337.148127][T17880] copy_page_range+0x135a/0x19b0 [ 1337.153087][T17880] ? __vma_link_rb+0x3f4/0x440 [ 1337.157874][T17880] dup_mm+0x74a/0xba0 [ 1337.161880][T17880] copy_process+0x3138/0x3c40 [ 1337.166712][T17880] _do_fork+0xfe/0x7a0 [ 1337.170792][T17880] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1337.176694][T17880] ? __read_once_size+0x5a/0xe0 [ 1337.181554][T17880] __x64_sys_clone+0x130/0x170 [ 1337.186471][T17880] do_syscall_64+0xcc/0x3a0 [ 1337.191049][T17880] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1337.196953][T17880] RIP: 0033:0x45a919 [ 1337.200859][T17880] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1337.222906][T17880] RSP: 002b:00007fcace71fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1337.231677][T17880] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1337.239849][T17880] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1337.248375][T17880] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1337.256398][T17880] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcace7206d4 [ 1337.264651][T17880] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1337.277060][T17880] memory: usage 307200kB, limit 307200kB, failcnt 4634 [ 1337.284853][T17880] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1337.294130][T17880] Memory cgroup stats for /syz0: [ 1337.296892][T17880] anon 248561664 [ 1337.296892][T17880] file 106496 [ 1337.296892][T17880] kernel_stack 6045696 [ 1337.296892][T17880] slab 12197888 [ 1337.296892][T17880] sock 0 [ 1337.296892][T17880] shmem 0 [ 1337.296892][T17880] file_mapped 0 [ 1337.296892][T17880] file_dirty 0 [ 1337.296892][T17880] file_writeback 0 [ 1337.296892][T17880] anon_thp 205520896 [ 1337.296892][T17880] inactive_anon 0 [ 1337.296892][T17880] active_anon 248602624 [ 1337.296892][T17880] inactive_file 0 [ 1337.296892][T17880] active_file 40960 [ 1337.296892][T17880] unevictable 0 [ 1337.296892][T17880] slab_reclaimable 1622016 [ 1337.296892][T17880] slab_unreclaimable 10575872 [ 1337.296892][T17880] pgfault 116490 [ 1337.296892][T17880] pgmajfault 0 [ 1337.296892][T17880] workingset_refault 264 [ 1337.296892][T17880] workingset_activate 165 [ 1337.296892][T17880] workingset_nodereclaim 0 [ 1337.296892][T17880] pgrefill 2842 [ 1337.296892][T17880] pgscan 2739 [ 1337.296892][T17880] pgsteal 567 [ 1337.400575][T17880] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19501,uid=0 [ 1337.423664][T17880] Memory cgroup out of memory: Killed process 19501 (syz-executor.0) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 04:20:28 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:28 executing program 2: mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:28 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:28 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1337.451597][ T7943] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1337.479234][ T7943] CPU: 0 PID: 7943 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 1337.487854][ T7943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1337.498439][ T7943] Call Trace: [ 1337.501736][ T7943] dump_stack+0x11d/0x181 [ 1337.507380][ T7943] dump_header+0xaa/0x39c [ 1337.511798][ T7943] oom_kill_process.cold+0x10/0x15 [ 1337.517747][ T7943] out_of_memory+0x231/0xa60 [ 1337.522658][ T7943] mem_cgroup_out_of_memory+0x128/0x150 [ 1337.528539][ T7943] try_charge+0xb6c/0xbf0 [ 1337.532904][ T7943] ? rcu_note_context_switch+0x6d0/0x760 [ 1337.539426][ T7943] mem_cgroup_try_charge+0xd2/0x260 [ 1337.544645][ T7943] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1337.550288][ T7943] wp_page_copy+0x322/0x1040 [ 1337.555302][ T7943] ? __read_once_size+0x41/0xe0 [ 1337.560370][ T7943] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1337.566515][ T7943] do_wp_page+0x192/0xeb0 [ 1337.570895][ T7943] ? record_times+0x16/0x90 [ 1337.575422][ T7943] __handle_mm_fault+0x1d16/0x2e00 [ 1337.580561][ T7943] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1337.586650][ T7943] handle_mm_fault+0x21b/0x530 [ 1337.591433][ T7943] __do_page_fault+0x456/0x8d0 [ 1337.596213][ T7943] do_page_fault+0x38/0x194 [ 1337.600793][ T7943] page_fault+0x34/0x40 [ 1337.604977][ T7943] RIP: 0033:0x45904a [ 1337.608924][ T7943] Code: 48 85 db 74 b6 41 bc ca 00 00 00 eb 0c 0f 1f 00 48 8b 5b 08 48 85 db 74 a2 48 8b 3b 48 8b 47 10 48 85 c0 74 05 ff d0 48 8b 3b ff 4f 28 0f 94 c0 84 c0 74 db 8b 47 2c 85 c0 74 d4 45 31 d2 ba [ 1337.614012][T18035] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1337.628627][ T7943] RSP: 002b:00007ffcaccd00b0 EFLAGS: 00010246 [ 1337.628642][ T7943] RAX: 0000000000000000 RBX: 00007ffcaccd00b0 RCX: 0000000000458eea [ 1337.628651][ T7943] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000a771a8 [ 1337.628661][ T7943] RBP: 00007ffcaccd00f0 R08: 0000000000000001 R09: 0000000001ea4940 [ 1337.628672][ T7943] R10: 0000000001ea4c10 R11: 0000000000000246 R12: 00000000000000ca [ 1337.628682][ T7943] R13: 0000000000003b8b R14: 0000000000000000 R15: 00007ffcaccd0140 [ 1337.739917][T18036] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1337.758402][T18038] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1337.817132][T18041] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1337.888813][T18038] FS-Cache: Duplicate cookie detected [ 1337.894346][T18038] FS-Cache: O-cookie c=000000004aa8604a [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1337.903402][T18038] FS-Cache: O-cookie d=00000000b2421e71 n=0000000076576876 [ 1337.910822][T18038] FS-Cache: O-key=[10] '02000200000000100000' [ 1337.917167][T18038] FS-Cache: N-cookie c=00000000161fe5b3 [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1337.925969][T18038] FS-Cache: N-cookie d=00000000b2421e71 n=000000009e458169 04:20:29 executing program 4: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1337.933403][T18038] FS-Cache: N-key=[10] '02000200000000100000' [ 1337.941303][ T7943] memory: usage 307188kB, limit 307200kB, failcnt 1607 [ 1337.948155][ T7943] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1338.022935][ T7943] Memory cgroup stats for /syz5: [ 1338.023605][ T7943] anon 268898304 [ 1338.023605][ T7943] file 0 [ 1338.023605][ T7943] kernel_stack 4055040 [ 1338.023605][ T7943] slab 8187904 [ 1338.023605][ T7943] sock 0 [ 1338.023605][ T7943] shmem 0 [ 1338.023605][ T7943] file_mapped 0 [ 1338.023605][ T7943] file_dirty 0 [ 1338.023605][ T7943] file_writeback 0 [ 1338.023605][ T7943] anon_thp 241172480 [ 1338.023605][ T7943] inactive_anon 0 [ 1338.023605][ T7943] active_anon 268914688 [ 1338.023605][ T7943] inactive_file 0 [ 1338.023605][ T7943] active_file 45056 [ 1338.023605][ T7943] unevictable 0 [ 1338.023605][ T7943] slab_reclaimable 1081344 [ 1338.023605][ T7943] slab_unreclaimable 7106560 [ 1338.023605][ T7943] pgfault 101310 [ 1338.023605][ T7943] pgmajfault 0 [ 1338.023605][ T7943] workingset_refault 165 [ 1338.023605][ T7943] workingset_activate 99 [ 1338.023605][ T7943] workingset_nodereclaim 0 [ 1338.023605][ T7943] pgrefill 1512 [ 1338.023605][ T7943] pgscan 1469 [ 1338.023605][ T7943] pgsteal 436 [ 1338.023605][ T7943] pgactivate 990 [ 1338.100727][T18151] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1338.131299][ T7943] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=2619,uid=0 [ 1338.178628][ T7943] Memory cgroup out of memory: Killed process 2619 (syz-executor.5) total-vm:72716kB, anon-rss:2212kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1338.273206][T17893] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1338.289499][T17893] CPU: 0 PID: 17893 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 1338.298281][T17893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1338.308334][T17893] Call Trace: [ 1338.311634][T17893] dump_stack+0x11d/0x181 [ 1338.316010][T17893] dump_header+0xaa/0x39c [ 1338.320352][T17893] oom_kill_process.cold+0x10/0x15 [ 1338.325536][T17893] out_of_memory+0x231/0xa60 [ 1338.330248][T17893] mem_cgroup_out_of_memory+0x128/0x150 [ 1338.335898][T17893] try_charge+0x800/0xbf0 [ 1338.340247][T17893] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1338.346192][T17893] ? __rcu_read_unlock+0x66/0x3d0 [ 1338.351237][T17893] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1338.356893][T17893] __memcg_kmem_charge+0xcf/0x1b0 [ 1338.361942][T17893] __alloc_pages_nodemask+0x26c/0x310 [ 1338.367433][T17893] alloc_pages_current+0xd1/0x170 [ 1338.372478][T17893] pte_alloc_one+0x18/0x50 [ 1338.376902][T17893] __handle_mm_fault+0x2be6/0x2e00 [ 1338.382178][T17893] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1338.391444][T17893] handle_mm_fault+0x21b/0x530 [ 1338.396224][T17893] __do_page_fault+0x456/0x8d0 [ 1338.401014][T17893] do_page_fault+0x38/0x194 [ 1338.405791][T17893] page_fault+0x34/0x40 [ 1338.410000][T17893] RIP: 0033:0x458eea [ 1338.413901][T17893] Code: Bad RIP value. [ 1338.417964][T17893] RSP: 002b:00007ffcaccd00b0 EFLAGS: 00010246 [ 1338.424040][T17893] RAX: 0000000000000000 RBX: 00007ffcaccd00b0 RCX: 0000000000458eea [ 1338.432014][T17893] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1338.439991][T17893] RBP: 00007ffcaccd00f0 R08: 0000000000000001 R09: 0000000001ea4940 [ 1338.448065][T17893] R10: 0000000001ea4c10 R11: 0000000000000246 R12: 0000000000000001 [ 1338.456331][T17893] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffcaccd0140 [ 1338.467277][T17893] memory: usage 306956kB, limit 307200kB, failcnt 1607 [ 1338.475620][T17893] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1338.483015][T17893] Memory cgroup stats for /syz5: [ 1338.483192][T17893] anon 268898304 [ 1338.483192][T17893] file 0 [ 1338.483192][T17893] kernel_stack 4055040 [ 1338.483192][T17893] slab 8187904 [ 1338.483192][T17893] sock 0 [ 1338.483192][T17893] shmem 0 [ 1338.483192][T17893] file_mapped 0 [ 1338.483192][T17893] file_dirty 0 [ 1338.483192][T17893] file_writeback 0 [ 1338.483192][T17893] anon_thp 241172480 [ 1338.483192][T17893] inactive_anon 0 [ 1338.483192][T17893] active_anon 268914688 [ 1338.483192][T17893] inactive_file 0 [ 1338.483192][T17893] active_file 45056 [ 1338.483192][T17893] unevictable 0 [ 1338.483192][T17893] slab_reclaimable 1081344 [ 1338.483192][T17893] slab_unreclaimable 7106560 [ 1338.483192][T17893] pgfault 101310 [ 1338.483192][T17893] pgmajfault 0 [ 1338.483192][T17893] workingset_refault 165 [ 1338.483192][T17893] workingset_activate 99 [ 1338.483192][T17893] workingset_nodereclaim 0 [ 1338.483192][T17893] pgrefill 1512 [ 1338.483192][T17893] pgscan 1469 [ 1338.483192][T17893] pgsteal 436 [ 1338.483192][T17893] pgactivate 990 [ 1338.588593][T17893] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17623,uid=0 [ 1338.604198][T17893] Memory cgroup out of memory: Killed process 17623 (syz-executor.5) total-vm:72716kB, anon-rss:2212kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1338.648404][T18001] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1338.667126][T18156] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1338.673923][T18001] CPU: 0 PID: 18001 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1338.685105][T18001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1338.695188][T18001] Call Trace: [ 1338.698489][T18001] dump_stack+0x11d/0x181 [ 1338.703025][T18001] dump_header+0xaa/0x39c [ 1338.708219][T18001] oom_kill_process.cold+0x10/0x15 [ 1338.713369][T18001] out_of_memory+0x231/0xa60 [ 1338.717978][T18001] mem_cgroup_out_of_memory+0x128/0x150 [ 1338.723730][T18001] try_charge+0xb6c/0xbf0 [ 1338.728079][T18001] ? __rcu_read_unlock+0x66/0x3d0 [ 1338.733261][T18001] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1338.738725][T18001] __memcg_kmem_charge+0xcf/0x1b0 [ 1338.743757][T18001] copy_process+0x11d2/0x3c40 [ 1338.748447][T18001] ? record_times+0x16/0x90 [ 1338.753004][T18001] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1338.759214][T18001] _do_fork+0xfe/0x7a0 [ 1338.763361][T18001] ? cgroup_file_notify+0xff/0x130 [ 1338.768539][T18001] ? blkcg_maybe_throttle_current+0x23d/0x580 [ 1338.774678][T18001] __x64_sys_clone+0x130/0x170 [ 1338.779461][T18001] do_syscall_64+0xcc/0x3a0 [ 1338.783986][T18001] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1338.789877][T18001] RIP: 0033:0x45d2e9 [ 1338.793852][T18001] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1338.813625][T18001] RSP: 002b:00007ffdab4b5778 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1338.822058][T18001] RAX: ffffffffffffffda RBX: 00007fd40135c700 RCX: 000000000045d2e9 [ 1338.830059][T18001] RDX: 00007fd40135c9d0 RSI: 00007fd40135bdb0 RDI: 00000000003d0f00 [ 1338.838048][T18001] RBP: 00007ffdab4b5990 R08: 00007fd40135c700 R09: 00007fd40135c700 04:20:30 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:30 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:30 executing program 2: socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f00000012c0), 0x0) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1338.846060][T18001] R10: 00007fd40135c9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1338.854022][T18001] R13: 00007ffdab4b582f R14: 00007fd40135c9c0 R15: 000000000075bfd4 [ 1338.963379][T18161] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1339.018731][T18001] memory: usage 304892kB, limit 307200kB, failcnt 3820 [ 1339.028450][T18001] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1339.053174][T18001] Memory cgroup stats for /syz1: [ 1339.053388][T18001] anon 262529024 [ 1339.053388][T18001] file 45056 [ 1339.053388][T18001] kernel_stack 4534272 [ 1339.053388][T18001] slab 9183232 [ 1339.053388][T18001] sock 0 [ 1339.053388][T18001] shmem 0 [ 1339.053388][T18001] file_mapped 0 [ 1339.053388][T18001] file_dirty 0 [ 1339.053388][T18001] file_writeback 0 [ 1339.053388][T18001] anon_thp 230686720 [ 1339.053388][T18001] inactive_anon 0 [ 1339.053388][T18001] active_anon 262529024 [ 1339.053388][T18001] inactive_file 0 [ 1339.053388][T18001] active_file 32768 [ 1339.053388][T18001] unevictable 0 [ 1339.053388][T18001] slab_reclaimable 1216512 [ 1339.053388][T18001] slab_unreclaimable 7966720 [ 1339.053388][T18001] pgfault 117315 [ 1339.053388][T18001] pgmajfault 0 [ 1339.053388][T18001] workingset_refault 198 [ 1339.053388][T18001] workingset_activate 132 [ 1339.053388][T18001] workingset_nodereclaim 0 [ 1339.053388][T18001] pgrefill 1968 [ 1339.053388][T18001] pgscan 1877 [ 1339.053388][T18001] pgsteal 397 [ 1339.087537][T18163] FS-Cache: Duplicate cookie detected [ 1339.152458][T18163] FS-Cache: O-cookie c=00000000161fe5b3 [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1339.161518][T18163] FS-Cache: O-cookie d=00000000b2421e71 n=000000004d693403 [ 1339.168869][T18163] FS-Cache: O-key=[10] '02000200000000100000' [ 1339.175162][T18163] FS-Cache: N-cookie c=00000000b2148213 [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1339.183921][T18163] FS-Cache: N-cookie d=00000000b2421e71 n=0000000099dbb011 [ 1339.191306][T18163] FS-Cache: N-key=[10] '02000200000000100000' [ 1339.197638][T18166] FS-Cache: Duplicate cookie detected [ 1339.203231][T18166] FS-Cache: O-cookie c=00000000161fe5b3 [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1339.212323][T18166] FS-Cache: O-cookie d=00000000b2421e71 n=000000004d693403 [ 1339.219625][T18166] FS-Cache: O-key=[10] '02000200000000100000' [ 1339.226030][T18166] FS-Cache: N-cookie c=000000004aa8604a [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1339.234881][T18166] FS-Cache: N-cookie d=00000000b2421e71 n=0000000076576876 [ 1339.242208][T18166] FS-Cache: N-key=[10] '02000200000000100000' [ 1339.274698][T18001] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=19967,uid=0 [ 1339.306556][T18001] Memory cgroup out of memory: Killed process 19967 (syz-executor.1) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1339.332535][T18145] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1339.348421][T18145] CPU: 0 PID: 18145 Comm: syz-executor.0 Not tainted 5.5.0-rc1-syzkaller #0 [ 1339.357119][T18145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1339.367176][T18145] Call Trace: [ 1339.370478][T18145] dump_stack+0x11d/0x181 [ 1339.374825][T18145] dump_header+0xaa/0x39c [ 1339.379284][T18145] oom_kill_process.cold+0x10/0x15 [ 1339.384458][T18145] out_of_memory+0x231/0xa60 [ 1339.389069][T18145] mem_cgroup_out_of_memory+0x128/0x150 [ 1339.394660][T18145] try_charge+0xb6c/0xbf0 [ 1339.399019][T18145] ? __rcu_read_unlock+0x66/0x3d0 [ 1339.404065][T18145] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1339.409676][T18145] __memcg_kmem_charge+0xcf/0x1b0 [ 1339.414725][T18145] __alloc_pages_nodemask+0x26c/0x310 [ 1339.420110][T18145] alloc_pages_current+0xd1/0x170 [ 1339.425174][T18145] pte_alloc_one+0x18/0x50 [ 1339.429606][T18145] __pte_alloc+0x2d/0x220 [ 1339.433951][T18145] copy_page_range+0x135a/0x19b0 [ 1339.438954][T18145] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1339.445343][T18145] ? __vma_link_rb+0x3f4/0x440 [ 1339.450132][T18145] dup_mm+0x74a/0xba0 [ 1339.454198][T18145] copy_process+0x3138/0x3c40 [ 1339.458941][T18145] _do_fork+0xfe/0x7a0 [ 1339.463031][T18145] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1339.469173][T18145] ? __read_once_size+0x5a/0xe0 [ 1339.478041][T18145] __x64_sys_clone+0x130/0x170 [ 1339.482940][T18145] do_syscall_64+0xcc/0x3a0 [ 1339.487469][T18145] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1339.493372][T18145] RIP: 0033:0x45a919 [ 1339.497398][T18145] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1339.517107][T18145] RSP: 002b:00007fcace71fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1339.525543][T18145] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 04:20:30 executing program 1: r0 = socket(0x0, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:30 executing program 4: socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f00000012c0), 0x0) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:31 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1339.533528][T18145] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1339.541533][T18145] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1339.549622][T18145] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcace7206d4 [ 1339.558415][T18145] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1339.741566][T18145] memory: usage 307200kB, limit 307200kB, failcnt 4666 [ 1339.749135][T18145] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1339.757551][T18145] Memory cgroup stats for /syz0: [ 1339.757770][T18145] anon 248684544 [ 1339.757770][T18145] file 106496 [ 1339.757770][T18145] kernel_stack 6045696 [ 1339.757770][T18145] slab 12197888 [ 1339.757770][T18145] sock 0 [ 1339.757770][T18145] shmem 0 [ 1339.757770][T18145] file_mapped 0 [ 1339.757770][T18145] file_dirty 0 [ 1339.757770][T18145] file_writeback 0 [ 1339.757770][T18145] anon_thp 205520896 [ 1339.757770][T18145] inactive_anon 0 [ 1339.757770][T18145] active_anon 248725504 [ 1339.757770][T18145] inactive_file 0 [ 1339.757770][T18145] active_file 40960 [ 1339.757770][T18145] unevictable 0 [ 1339.757770][T18145] slab_reclaimable 1622016 [ 1339.757770][T18145] slab_unreclaimable 10575872 [ 1339.757770][T18145] pgfault 116622 [ 1339.757770][T18145] pgmajfault 0 [ 1339.757770][T18145] workingset_refault 264 [ 1339.757770][T18145] workingset_activate 165 [ 1339.757770][T18145] workingset_nodereclaim 0 [ 1339.757770][T18145] pgrefill 2842 [ 1339.757770][T18145] pgscan 2739 [ 1339.757770][T18145] pgsteal 567 [ 1339.863477][T18145] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18145,uid=0 04:20:31 executing program 1: r0 = socket(0x0, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1339.888584][T18145] Memory cgroup out of memory: Killed process 18145 (syz-executor.0) total-vm:72584kB, anon-rss:2204kB, file-rss:35812kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1339.924016][T18170] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1339.948553][T18170] CPU: 1 PID: 18170 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 1339.957352][T18170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1339.967843][T18170] Call Trace: [ 1339.971181][T18170] dump_stack+0x11d/0x181 [ 1339.976252][T18170] dump_header+0xaa/0x39c [ 1339.980725][T18170] oom_kill_process.cold+0x10/0x15 [ 1339.985943][T18170] out_of_memory+0x231/0xa60 [ 1339.991207][T18170] mem_cgroup_out_of_memory+0x128/0x150 [ 1339.999199][T18170] try_charge+0xb6c/0xbf0 [ 1340.004488][T18170] ? __rcu_read_unlock+0x66/0x3d0 [ 1340.009690][T18170] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1340.015254][T18170] __memcg_kmem_charge+0xcf/0x1b0 [ 1340.020487][T18170] __alloc_pages_nodemask+0x26c/0x310 [ 1340.026589][T18170] alloc_pages_current+0xd1/0x170 [ 1340.029473][ T546] oom_reaper: reaped process 18145 (syz-executor.0), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB [ 1340.031827][T18170] pte_alloc_one+0x18/0x50 [ 1340.032004][T18170] __pte_alloc+0x2d/0x220 [ 1340.053118][T18170] copy_page_range+0x135a/0x19b0 [ 1340.058086][T18170] ? __read_once_size.constprop.0+0x12/0x20 [ 1340.064043][T18170] ? __rcu_read_unlock+0x66/0x3d0 [ 1340.069103][T18170] ? vma_gap_callbacks_rotate+0x126/0x190 [ 1340.075066][T18170] dup_mm+0x74a/0xba0 [ 1340.079182][T18170] copy_process+0x3138/0x3c40 [ 1340.084499][T18170] _do_fork+0xfe/0x7a0 [ 1340.088590][T18170] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1340.094875][T18170] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1340.101550][T18170] ? __read_once_size+0x5a/0xe0 [ 1340.107460][T18170] __x64_sys_clone+0x130/0x170 [ 1340.112914][T18170] do_syscall_64+0xcc/0x3a0 [ 1340.117791][T18170] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1340.123859][T18170] RIP: 0033:0x45a919 [ 1340.127838][T18170] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1340.148333][T18170] RSP: 002b:00007f78299ccc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1340.157486][T18170] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1340.165551][T18170] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1340.174930][T18170] RBP: 000000000075bfc8 R08: ffffffffffffffff R09: 0000000000000000 [ 1340.183021][T18170] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f78299cd6d4 04:20:31 executing program 4: socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f00000012c0), 0x0) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:31 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1340.191307][T18170] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1340.205134][T18170] memory: usage 307200kB, limit 307200kB, failcnt 1630 [ 1340.213510][T18170] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1340.221276][T18170] Memory cgroup stats for /syz5: [ 1340.221489][T18170] anon 268894208 [ 1340.221489][T18170] file 0 [ 1340.221489][T18170] kernel_stack 4055040 [ 1340.221489][T18170] slab 8187904 [ 1340.221489][T18170] sock 0 [ 1340.221489][T18170] shmem 0 [ 1340.221489][T18170] file_mapped 0 [ 1340.221489][T18170] file_dirty 0 [ 1340.221489][T18170] file_writeback 0 [ 1340.221489][T18170] anon_thp 241172480 [ 1340.221489][T18170] inactive_anon 0 [ 1340.221489][T18170] active_anon 268910592 [ 1340.221489][T18170] inactive_file 0 [ 1340.221489][T18170] active_file 45056 [ 1340.221489][T18170] unevictable 0 [ 1340.221489][T18170] slab_reclaimable 1081344 [ 1340.221489][T18170] slab_unreclaimable 7106560 [ 1340.221489][T18170] pgfault 101475 [ 1340.221489][T18170] pgmajfault 0 [ 1340.221489][T18170] workingset_refault 165 [ 1340.221489][T18170] workingset_activate 99 [ 1340.221489][T18170] workingset_nodereclaim 0 [ 1340.221489][T18170] pgrefill 1512 [ 1340.221489][T18170] pgscan 1469 [ 1340.221489][T18170] pgsteal 436 [ 1340.221489][T18170] pgactivate 990 [ 1340.375339][T18170] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=3540,uid=0 [ 1340.394681][T18170] Memory cgroup out of memory: Killed process 3540 (syz-executor.5) total-vm:72716kB, anon-rss:2212kB, file-rss:35820kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1340.480701][T18167] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1340.536201][T18167] CPU: 1 PID: 18167 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1340.545013][T18167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1340.555074][T18167] Call Trace: [ 1340.558377][T18167] dump_stack+0x11d/0x181 [ 1340.562729][T18167] dump_header+0xaa/0x39c [ 1340.567084][T18167] oom_kill_process.cold+0x10/0x15 [ 1340.572218][T18167] out_of_memory+0x231/0xa60 [ 1340.576830][T18167] mem_cgroup_out_of_memory+0x128/0x150 [ 1340.582448][T18167] try_charge+0xb6c/0xbf0 [ 1340.586804][T18167] ? __rcu_read_unlock+0x66/0x3d0 [ 1340.591928][T18167] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1340.594305][T18194] FS-Cache: Duplicate cookie detected [ 1340.597457][T18167] __memcg_kmem_charge+0xcf/0x1b0 [ 1340.597482][T18167] __alloc_pages_nodemask+0x26c/0x310 [ 1340.597509][T18167] alloc_pages_current+0xd1/0x170 [ 1340.603026][T18194] FS-Cache: O-cookie c=00000000b2148213 [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1340.608007][T18167] pte_alloc_one+0x18/0x50 [ 1340.608032][T18167] __pte_alloc+0x2d/0x220 [ 1340.613561][T18194] FS-Cache: O-cookie d=00000000b2421e71 n=00000000b440db26 [ 1340.618429][T18167] copy_page_range+0x135a/0x19b0 [ 1340.618515][T18167] ? __read_once_size.constprop.0+0x12/0x20 [ 1340.618604][T18167] dup_mm+0x74a/0xba0 [ 1340.627915][T18194] FS-Cache: O-key=[10] '02000200000000100000' [ 1340.632175][T18167] copy_process+0x3138/0x3c40 [ 1340.632292][T18167] _do_fork+0xfe/0x7a0 [ 1340.637473][T18194] FS-Cache: N-cookie c=00000000161fe5b3 [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1340.644678][T18167] ? cgroup_file_notify+0xff/0x130 [ 1340.644703][T18167] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1340.644721][T18167] ? __read_once_size+0x5a/0xe0 [ 1340.644745][T18167] __x64_sys_clone+0x130/0x170 [ 1340.644803][T18167] do_syscall_64+0xcc/0x3a0 [ 1340.644832][T18167] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1340.644845][T18167] RIP: 0033:0x45a919 04:20:32 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:32 executing program 1: r0 = socket(0x0, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1340.644869][T18167] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1340.644888][T18167] RSP: 002b:00007fa5a3175c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1340.650060][T18194] FS-Cache: N-cookie d=00000000b2421e71 n=000000001fe4de82 [ 1340.655919][T18167] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1340.655930][T18167] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1340.655942][T18167] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1340.655952][T18167] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa5a31766d4 [ 1340.655976][T18167] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1340.660056][T18194] FS-Cache: N-key=[10] '02000200000000100000' [ 1340.725555][T18167] memory: usage 307200kB, limit 307200kB, failcnt 3955 [ 1340.839010][T18167] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1340.884841][T18167] Memory cgroup stats for /syz2: [ 1340.885036][T18167] anon 232800256 [ 1340.885036][T18167] file 102400 [ 1340.885036][T18167] kernel_stack 7557120 [ 1340.885036][T18167] slab 14303232 [ 1340.885036][T18167] sock 0 [ 1340.885036][T18167] shmem 0 [ 1340.885036][T18167] file_mapped 0 [ 1340.885036][T18167] file_dirty 135168 [ 1340.885036][T18167] file_writeback 0 [ 1340.885036][T18167] anon_thp 182452224 [ 1340.885036][T18167] inactive_anon 0 [ 1340.885036][T18167] active_anon 232935424 04:20:32 executing program 4: socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f00000012c0), 0x0) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1340.885036][T18167] inactive_file 8192 [ 1340.885036][T18167] active_file 81920 [ 1340.885036][T18167] unevictable 0 [ 1340.885036][T18167] slab_reclaimable 1757184 [ 1340.885036][T18167] slab_unreclaimable 12546048 [ 1340.885036][T18167] pgfault 117876 [ 1340.885036][T18167] pgmajfault 0 [ 1340.885036][T18167] workingset_refault 231 [ 1340.885036][T18167] workingset_activate 132 [ 1340.885036][T18167] workingset_nodereclaim 0 [ 1340.885036][T18167] pgrefill 2547 [ 1340.885036][T18167] pgscan 14783 [ 1340.885036][T18167] pgsteal 12824 04:20:32 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1341.058534][T18167] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=19894,uid=0 [ 1341.096368][T18167] Memory cgroup out of memory: Killed process 19894 (syz-executor.2) total-vm:72716kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:1000 [ 1341.143072][ T546] oom_reaper: reaped process 19894 (syz-executor.2), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 1341.160459][T18186] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1341.230052][T18186] CPU: 1 PID: 18186 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0 [ 1341.238776][T18186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1341.248884][T18186] Call Trace: [ 1341.252181][T18186] dump_stack+0x11d/0x181 [ 1341.256596][T18186] dump_header+0xaa/0x39c [ 1341.260950][T18186] oom_kill_process.cold+0x10/0x15 [ 1341.264253][T18339] FS-Cache: Duplicate cookie detected [ 1341.266165][T18186] out_of_memory+0x231/0xa60 [ 1341.266195][T18186] mem_cgroup_out_of_memory+0x128/0x150 [ 1341.266221][T18186] try_charge+0xb6c/0xbf0 [ 1341.271884][T18339] FS-Cache: O-cookie c=000000004aa8604a [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1341.276405][T18186] ? __rcu_read_unlock+0x66/0x3d0 [ 1341.281973][T18339] FS-Cache: O-cookie d=00000000b2421e71 n=0000000006bdf422 [ 1341.286493][T18186] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1341.286515][T18186] __memcg_kmem_charge+0xcf/0x1b0 [ 1341.286574][T18186] __alloc_pages_nodemask+0x26c/0x310 [ 1341.295551][T18339] FS-Cache: O-key=[10] '02000200000000100000' [ 1341.301443][T18186] alloc_pages_current+0xd1/0x170 [ 1341.301466][T18186] pte_alloc_one+0x18/0x50 [ 1341.301483][T18186] __pte_alloc+0x2d/0x220 [ 1341.301548][T18186] copy_page_range+0x135a/0x19b0 [ 1341.308781][T18339] FS-Cache: N-cookie c=00000000161fe5b3 [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1341.314259][T18186] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1341.314298][T18186] ? __vma_link_rb+0x3f4/0x440 [ 1341.319347][T18339] FS-Cache: N-cookie d=00000000b2421e71 n=000000003a27a8a7 04:20:32 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1341.324787][T18186] dup_mm+0x74a/0xba0 [ 1341.331533][T18339] FS-Cache: N-key=[10] '02000200000000100000' [ 1341.336645][T18186] copy_process+0x3138/0x3c40 [ 1341.359084][T18347] __nla_validate_parse: 12 callbacks suppressed [ 1341.359164][T18347] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1341.365197][T18186] _do_fork+0xfe/0x7a0 [ 1341.365230][T18186] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1341.417628][T18186] ? __read_once_size+0x5a/0xe0 [ 1341.422568][T18186] __x64_sys_clone+0x130/0x170 [ 1341.427551][T18186] do_syscall_64+0xcc/0x3a0 [ 1341.433124][T18186] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1341.440835][T18186] RIP: 0033:0x45a919 [ 1341.445399][T18186] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1341.465308][T18186] RSP: 002b:00007f8515893c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 04:20:32 executing program 2: socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f00000012c0), 0x0) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:32 executing program 1: r0 = socket(0x200000000010, 0x0, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1341.473798][T18186] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1341.481780][T18186] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1341.489820][T18186] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1341.497805][T18186] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85158946d4 [ 1341.505809][T18186] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff 04:20:33 executing program 4: socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f00000012c0), 0x0) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) [ 1341.658570][T18186] memory: usage 307196kB, limit 307200kB, failcnt 4344 [ 1341.686141][T18484] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1341.699908][T18186] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1341.752719][T18186] Memory cgroup stats for /syz3: [ 1341.752966][T18186] anon 244469760 [ 1341.752966][T18186] file 0 [ 1341.752966][T18186] kernel_stack 6377472 [ 1341.752966][T18186] slab 12857344 [ 1341.752966][T18186] sock 0 [ 1341.752966][T18186] shmem 0 [ 1341.752966][T18186] file_mapped 0 [ 1341.752966][T18186] file_dirty 0 [ 1341.752966][T18186] file_writeback 0 [ 1341.752966][T18186] anon_thp 201326592 [ 1341.752966][T18186] inactive_anon 0 [ 1341.752966][T18186] active_anon 244469760 [ 1341.752966][T18186] inactive_file 0 [ 1341.752966][T18186] active_file 53248 [ 1341.752966][T18186] unevictable 0 [ 1341.752966][T18186] slab_reclaimable 1757184 [ 1341.752966][T18186] slab_unreclaimable 11100160 [ 1341.752966][T18186] pgfault 108174 [ 1341.752966][T18186] pgmajfault 0 [ 1341.752966][T18186] workingset_refault 231 [ 1341.752966][T18186] workingset_activate 132 [ 1341.752966][T18186] workingset_nodereclaim 0 [ 1341.752966][T18186] pgrefill 2494 [ 1341.752966][T18186] pgscan 2438 [ 1341.752966][T18186] pgsteal 482 [ 1341.787053][T18493] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1341.858249][T18186] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17873,uid=0 [ 1341.900795][T18186] Memory cgroup out of memory: Killed process 17873 (syz-executor.3) total-vm:72584kB, anon-rss:2200kB, file-rss:35872kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1341.945772][T18490] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1341.965078][T18498] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1342.024145][T18354] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1342.089189][T18354] CPU: 0 PID: 18354 Comm: syz-executor.0 Not tainted 5.5.0-rc1-syzkaller #0 [ 1342.097913][T18354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1342.107964][T18354] Call Trace: [ 1342.111262][T18354] dump_stack+0x11d/0x181 [ 1342.115607][T18354] dump_header+0xaa/0x39c [ 1342.120018][T18354] oom_kill_process.cold+0x10/0x15 [ 1342.125206][T18354] out_of_memory+0x231/0xa60 [ 1342.130177][T18354] mem_cgroup_out_of_memory+0x128/0x150 [ 1342.136592][T18354] try_charge+0xb6c/0xbf0 [ 1342.140949][T18354] ? __rcu_read_unlock+0x66/0x3d0 [ 1342.146015][T18354] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1342.152391][T18354] __memcg_kmem_charge+0xcf/0x1b0 [ 1342.157473][T18354] __alloc_pages_nodemask+0x26c/0x310 [ 1342.162908][T18354] alloc_pages_current+0xd1/0x170 [ 1342.168643][T18354] pte_alloc_one+0x18/0x50 [ 1342.174098][T18354] __pte_alloc+0x2d/0x220 [ 1342.178434][T18354] copy_page_range+0x135a/0x19b0 [ 1342.183522][T18354] ? anon_vma_interval_tree_insert+0x1d6/0x260 [ 1342.189683][T18354] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1342.196294][T18354] dup_mm+0x74a/0xba0 [ 1342.201189][T18354] copy_process+0x3138/0x3c40 [ 1342.205941][T18354] _do_fork+0xfe/0x7a0 [ 1342.210144][T18354] ? cgroup_file_notify+0xff/0x130 [ 1342.217093][T18354] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1342.223224][T18354] ? __read_once_size+0x5a/0xe0 [ 1342.228173][T18354] __x64_sys_clone+0x130/0x170 [ 1342.233824][T18354] do_syscall_64+0xcc/0x3a0 [ 1342.238343][T18354] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1342.244411][T18354] RIP: 0033:0x45a919 [ 1342.248392][T18354] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1342.271448][T18354] RSP: 002b:00007fcace6ddc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1342.280648][T18354] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1342.289444][T18354] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1342.297509][T18354] RBP: 000000000075c070 R08: ffffffffffffffff R09: 0000000000000000 [ 1342.305587][T18354] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcace6de6d4 [ 1342.313554][T18354] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1342.328907][T18354] memory: usage 307192kB, limit 307200kB, failcnt 4718 [ 1342.352017][T18354] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1342.368598][T18354] Memory cgroup stats for /syz0: [ 1342.368941][T18354] anon 248754176 [ 1342.368941][T18354] file 106496 [ 1342.368941][T18354] kernel_stack 6045696 [ 1342.368941][T18354] slab 12197888 [ 1342.368941][T18354] sock 0 [ 1342.368941][T18354] shmem 0 [ 1342.368941][T18354] file_mapped 0 [ 1342.368941][T18354] file_dirty 0 [ 1342.368941][T18354] file_writeback 0 [ 1342.368941][T18354] anon_thp 205520896 [ 1342.368941][T18354] inactive_anon 0 [ 1342.368941][T18354] active_anon 248672256 [ 1342.368941][T18354] inactive_file 0 [ 1342.368941][T18354] active_file 40960 [ 1342.368941][T18354] unevictable 0 [ 1342.368941][T18354] slab_reclaimable 1622016 [ 1342.368941][T18354] slab_unreclaimable 10575872 [ 1342.368941][T18354] pgfault 116787 [ 1342.368941][T18354] pgmajfault 0 [ 1342.368941][T18354] workingset_refault 264 [ 1342.368941][T18354] workingset_activate 165 04:20:33 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:33 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:33 executing program 1: r0 = socket(0x200000000010, 0x0, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:33 executing program 2: r0 = socket(0x200000000010, 0x0, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:33 executing program 4: socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f00000012c0), 0x0) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) [ 1342.368941][T18354] workingset_nodereclaim 0 [ 1342.368941][T18354] pgrefill 2909 [ 1342.368941][T18354] pgscan 2839 [ 1342.368941][T18354] pgsteal 567 [ 1342.525156][T18354] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18354,uid=0 [ 1342.541312][T18354] Memory cgroup out of memory: Killed process 18354 (syz-executor.0) total-vm:72848kB, anon-rss:2212kB, file-rss:35808kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1342.544023][T18515] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1342.609749][T18521] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1342.678793][T18523] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1342.698807][T18522] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 04:20:34 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1342.733444][T18515] FS-Cache: Duplicate cookie detected [ 1342.739177][T18515] FS-Cache: O-cookie c=000000004aa8604a [p=0000000057c56a86 fl=212 nc=0 na=0] [ 1342.749545][T18515] FS-Cache: O-cookie d=000000003d936bc0 n=000000003d936bc0 [ 1342.756799][T18515] FS-Cache: O-key=[10] '02000200000000100000' [ 1342.763221][T18515] FS-Cache: N-cookie c=00000000161fe5b3 [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1342.771961][T18515] FS-Cache: N-cookie d=00000000b2421e71 n=000000003a27a8a7 [ 1342.779307][T18515] FS-Cache: N-key=[10] '02000200000000100000' 04:20:34 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{0x0}], 0x1}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1342.838371][T18524] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1342.876627][T18524] CPU: 1 PID: 18524 Comm: syz-executor.3 Not tainted 5.5.0-rc1-syzkaller #0 [ 1342.886307][T18524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1342.899261][T18524] Call Trace: [ 1342.902561][T18524] dump_stack+0x11d/0x181 [ 1342.907065][T18524] dump_header+0xaa/0x39c [ 1342.911497][T18524] oom_kill_process.cold+0x10/0x15 [ 1342.918200][T18524] out_of_memory+0x231/0xa60 [ 1342.923251][T18524] ? __rcu_read_unlock+0x66/0x3d0 [ 1342.928316][T18524] mem_cgroup_out_of_memory+0x128/0x150 [ 1342.935559][T18524] try_charge+0xb6c/0xbf0 [ 1342.939998][T18524] ? rcu_note_context_switch+0x6d0/0x760 [ 1342.945652][T18524] mem_cgroup_try_charge+0xd2/0x260 [ 1342.950870][T18524] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1342.956580][T18524] __handle_mm_fault+0x197f/0x2e00 [ 1342.961705][T18524] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1342.967794][T18524] handle_mm_fault+0x21b/0x530 [ 1342.972571][T18524] __do_page_fault+0x456/0x8d0 [ 1342.977346][T18524] do_page_fault+0x38/0x194 [ 1342.981863][T18524] page_fault+0x34/0x40 [ 1342.986027][T18524] RIP: 0033:0x400644 [ 1342.990052][T18524] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 21 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 1343.003149][T18541] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1343.010731][T18524] RSP: 002b:00007ffdb9b63740 EFLAGS: 00010202 [ 1343.010746][T18524] RAX: 0000000000000001 RBX: 000000000075c9a0 RCX: 0000000000000000 04:20:34 executing program 4: socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f00000012c0), 0x0) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r5, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) 04:20:34 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1343.010831][T18524] RDX: 0000000000000000 RSI: 000000002001d000 RDI: 0000000000000001 [ 1343.010843][T18524] RBP: 00000000007603f0 R08: 0000000000000000 R09: 0000000000000000 [ 1343.010854][T18524] R10: 00007ffdb9b63850 R11: 0000000000000246 R12: 000000000075bf20 [ 1343.010865][T18524] R13: 0000000000147d50 R14: 00000000007603f8 R15: 000000000075bf2c [ 1343.169044][T18524] memory: usage 307200kB, limit 307200kB, failcnt 4357 [ 1343.193795][T18524] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1343.225893][T18524] Memory cgroup stats for /syz3: [ 1343.226144][T18524] anon 244604928 [ 1343.226144][T18524] file 0 [ 1343.226144][T18524] kernel_stack 6377472 [ 1343.226144][T18524] slab 12857344 [ 1343.226144][T18524] sock 0 [ 1343.226144][T18524] shmem 0 [ 1343.226144][T18524] file_mapped 0 [ 1343.226144][T18524] file_dirty 0 [ 1343.226144][T18524] file_writeback 0 [ 1343.226144][T18524] anon_thp 201326592 [ 1343.226144][T18524] inactive_anon 0 [ 1343.226144][T18524] active_anon 244604928 [ 1343.226144][T18524] inactive_file 0 04:20:34 executing program 1: r0 = socket(0x200000000010, 0x0, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1343.226144][T18524] active_file 53248 [ 1343.226144][T18524] unevictable 0 [ 1343.226144][T18524] slab_reclaimable 1757184 [ 1343.226144][T18524] slab_unreclaimable 11100160 [ 1343.226144][T18524] pgfault 108273 [ 1343.226144][T18524] pgmajfault 0 [ 1343.226144][T18524] workingset_refault 231 [ 1343.226144][T18524] workingset_activate 132 [ 1343.226144][T18524] workingset_nodereclaim 0 [ 1343.226144][T18524] pgrefill 2527 [ 1343.226144][T18524] pgscan 2438 [ 1343.226144][T18524] pgsteal 482 04:20:34 executing program 4: socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f00000012c0), 0x0) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1343.398715][T18524] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17852,uid=0 04:20:34 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1343.489114][T18524] Memory cgroup out of memory: Killed process 17852 (syz-executor.3) total-vm:72584kB, anon-rss:2200kB, file-rss:35848kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 1343.559130][ T43] rpcbind: server  not responding, timed out 04:20:35 executing program 3: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:35 executing program 0: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:35 executing program 4: socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f00000012c0), 0x0) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r1, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{&(0x7f0000000280)=""/12, 0xc}], 0x10000000000000f5}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r3, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000000c0)) r4 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000800)={0x0, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:35 executing program 5: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)=[{0x0}], 0x1}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 04:20:35 executing program 2: r0 = socket(0x200000000010, 0x5, 0x0) mkdir(&(0x7f0000000b00)='./file0\x00', 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f00000012c0), 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000600)=""/143, &(0x7f0000000280)=0x8f) socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$x25(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000700)='rpc_pipefs\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x200, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00)='TIPCv2\x00') syz_open_dev$midi(&(0x7f0000000380)='/dev/midi#\x00', 0x3, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000080)=0x9, 0x4) sendmsg$rds(r2, &(0x7f0000001380)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000001240)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000880)}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r4, 0x401, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xffffffffffffff21, 0x1, 0xffff}]}]}, 0x20}}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000000c0)) r5 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000800)={0x2, 0x0, @pic={0xff, 0xc, 0xfc, 0x1, 0x3, 0x1, 0x0, 0x81, 0x0, 0x63, 0x3, 0x0, 0x8, 0x0, 0x1a, 0x45}}) request_key(&(0x7f00000004c0)='cifs.spnego\x00', &(0x7f00000005c0)={'syz', 0x0}, 0x0, 0xffffffffffffffff) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0x3}, 0x200000000, 0x1000, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) timerfd_gettime(r6, &(0x7f0000000300)) mount(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f00000002c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1344.353208][T18714] FS-Cache: Duplicate cookie detected [ 1344.359223][T18714] FS-Cache: O-cookie c=000000000337426d [p=0000000057c56a86 fl=222 nc=0 na=1] [ 1344.368119][T18714] FS-Cache: O-cookie d=00000000b2421e71 n=00000000b440db26 [ 1344.375376][T18714] FS-Cache: O-key=[10] '02000200000000100000' [ 1344.381630][T18714] FS-Cache: N-cookie c=00000000161fe5b3 [p=0000000057c56a86 fl=2 nc=0 na=1] [ 1344.382147][T18694] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1344.391560][T18714] FS-Cache: N-cookie d=00000000b2421e71 n=0000000013bb9fff [ 1344.391567][T18714] FS-Cache: N-key=[10] '02000200000000100000' [ 1344.422025][T18694] CPU: 1 PID: 18694 Comm: syz-executor.1 Not tainted 5.5.0-rc1-syzkaller #0 [ 1344.431159][T18694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1344.441226][T18694] Call Trace: [ 1344.445153][T18694] dump_stack+0x11d/0x181 [ 1344.449528][T18694] dump_header+0xaa/0x39c [ 1344.453869][T18694] oom_kill_process.cold+0x10/0x15 [ 1344.460150][T18694] out_of_memory+0x231/0xa60 [ 1344.464756][T18694] ? __rcu_read_unlock+0x66/0x3d0 [ 1344.472248][T18694] mem_cgroup_out_of_memory+0x128/0x150 [ 1344.477805][T18694] try_charge+0xb6c/0xbf0 [ 1344.482418][T18694] ? apic_timer_interrupt+0xa/0x20 [ 1344.487586][T18694] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1344.493146][T18694] __memcg_kmem_charge+0xcf/0x1b0 [ 1344.498276][T18694] __alloc_pages_nodemask+0x26c/0x310 [ 1344.503740][T18694] alloc_pages_current+0xd1/0x170 [ 1344.508900][T18694] pte_alloc_one+0x18/0x50 [ 1344.513591][T18694] __pte_alloc+0x2d/0x220 [ 1344.517935][T18694] copy_page_range+0x135a/0x19b0 [ 1344.523698][T18694] ? __vma_link_rb+0x3f4/0x440 [ 1344.528927][T18694] dup_mm+0x74a/0xba0 [ 1344.533109][T18694] copy_process+0x3138/0x3c40 [ 1344.537833][T18694] _do_fork+0xfe/0x7a0 [ 1344.542834][T18694] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1344.548806][T18694] ? __read_once_size+0x5a/0xe0 [ 1344.555422][T18694] __x64_sys_clone+0x130/0x170 [ 1344.560811][T18694] do_syscall_64+0xcc/0x3a0 [ 1344.566073][T18694] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1344.574598][T18694] RIP: 0033:0x45a919 [ 1344.579041][T18694] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1344.600286][T18694] RSP: 002b:00007fd40137cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1344.610031][T18694] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1344.618097][T18694] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1344.626604][T18694] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1344.635693][T18694] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd40137d6d4 [ 1344.643878][T18694] R13: 00000000004c1007 R14: 00000000004d4d28 R15: 00000000ffffffff [ 1344.669813][T18714] ================================================================== [ 1344.681129][T18714] BUG: KCSAN: data-race in del_timer / detach_if_pending [ 1344.688237][T18714] [ 1344.691054][T18714] write to 0xffff888056ac4150 of 8 bytes by task 7971 on cpu 0: [ 1344.698782][T18714] detach_if_pending+0xcd/0x290 [ 1344.705306][T18714] del_timer+0x67/0xb0 [ 1344.711040][T18714] try_to_grab_pending+0x22d/0x3e0 [ 1344.719461][T18714] cancel_delayed_work+0x45/0x1c0 [ 1344.724670][T18714] rpc_wake_up_task_on_wq_queue_action_locked+0x614/0x6d0 [ 1344.731934][T18714] rpc_wake_up_status+0xca/0x120 [ 1344.737347][T18714] xprt_wake_pending_tasks+0x5f/0x70 [ 1344.742636][T18714] xs_tcp_setup_socket+0x21e/0x710 [ 1344.748452][T18714] process_one_work+0x3d4/0x890 [ 1344.753390][T18714] worker_thread+0xa0/0x800 [ 1344.759290][T18714] kthread+0x1d4/0x200 [ 1344.763480][T18714] ret_from_fork+0x1f/0x30 [ 1344.768155][T18714] [ 1344.770481][T18714] read to 0xffff888056ac4150 of 8 bytes by task 18714 on cpu 1: [ 1344.778107][T18714] del_timer+0x3b/0xb0 [ 1344.782175][T18714] try_to_grab_pending+0x22d/0x3e0 [ 1344.787904][T18714] cancel_delayed_work+0x45/0x1c0 [ 1344.793219][T18714] rpc_wake_up_task_on_wq_queue_action_locked+0x614/0x6d0 [ 1344.800341][T18714] rpc_wake_up_queued_task+0x81/0xa0 [ 1344.806060][T18714] __rpc_execute+0x236/0x640 [ 1344.810742][T18714] rpc_execute+0x1b5/0x1c0 [ 1344.815504][T18714] rpc_run_task+0x379/0x440 [ 1344.820975][T18714] rpc_call_sync+0xa7/0x130 [ 1344.825479][T18714] rpc_create_xprt+0x376/0x3d0 [ 1344.830242][T18714] rpc_create+0x2e4/0x4e0 [ 1344.834584][T18714] nfs_create_rpc_client+0x3d7/0x450 [ 1344.841001][T18714] nfs_init_client+0x69/0xc0 [ 1344.845584][T18714] nfs_get_client+0x91d/0xa00 [ 1344.850254][T18714] nfs_init_server+0x1d8/0x7a0 [ 1344.855037][T18714] nfs_create_server+0xcc/0x3d0 [ 1344.860168][T18714] nfs_try_mount+0xa0/0x560 [ 1344.865808][T18714] nfs_fs_mount+0x7e7/0x15c0 [ 1344.870549][T18714] legacy_get_tree+0x7e/0xf0 [ 1344.875243][T18714] vfs_get_tree+0x56/0x1a0 [ 1344.879658][T18714] do_mount+0x1004/0x14f0 [ 1344.884288][T18714] ksys_mount+0xe8/0x160 [ 1344.888535][T18714] __x64_sys_mount+0x70/0x90 [ 1344.893135][T18714] do_syscall_64+0xcc/0x3a0 [ 1344.898865][T18714] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1344.905232][T18714] [ 1344.907831][T18714] Reported by Kernel Concurrency Sanitizer on: [ 1344.913981][T18714] CPU: 1 PID: 18714 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 1344.922641][T18714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1344.935226][T18714] ================================================================== [ 1344.944118][T18714] Kernel panic - not syncing: panic_on_warn set ... [ 1344.950702][T18714] CPU: 1 PID: 18714 Comm: syz-executor.5 Not tainted 5.5.0-rc1-syzkaller #0 [ 1344.959796][T18714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1344.969968][T18714] Call Trace: [ 1344.973268][T18714] dump_stack+0x11d/0x181 [ 1344.977609][T18714] panic+0x210/0x640 [ 1344.981511][T18714] ? vprintk_func+0x8d/0x140 [ 1344.986450][T18714] kcsan_report.cold+0xc/0xd [ 1344.991139][T18714] kcsan_setup_watchpoint+0x3fe/0x460 [ 1344.996693][T18714] __tsan_read8+0xc6/0x100 [ 1345.001295][T18714] del_timer+0x3b/0xb0 [ 1345.005364][T18714] try_to_grab_pending+0x22d/0x3e0 [ 1345.011723][T18714] cancel_delayed_work+0x45/0x1c0 [ 1345.017371][T18714] rpc_wake_up_task_on_wq_queue_action_locked+0x614/0x6d0 [ 1345.024569][T18714] ? __wait_on_bit+0x79/0x90 [ 1345.029857][T18714] rpc_wake_up_queued_task+0x81/0xa0 [ 1345.035160][T18714] __rpc_execute+0x236/0x640 [ 1345.040880][T18714] ? wake_up_bit+0x3d/0x40 [ 1345.045570][T18714] ? rpc_make_runnable+0x104/0x140 [ 1345.051115][T18714] rpc_execute+0x1b5/0x1c0 [ 1345.055636][T18714] rpc_run_task+0x379/0x440 [ 1345.060255][T18714] rpc_call_sync+0xa7/0x130 [ 1345.064758][T18714] rpc_create_xprt+0x376/0x3d0 [ 1345.069953][T18714] rpc_create+0x2e4/0x4e0 [ 1345.075937][T18714] ? fscache_free_cookie+0xda/0x140 [ 1345.081242][T18714] nfs_create_rpc_client+0x3d7/0x450 [ 1345.086529][T18714] nfs_init_client+0x69/0xc0 [ 1345.091142][T18714] nfs_get_client+0x91d/0xa00 [ 1345.095919][T18714] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1345.101826][T18714] nfs_init_server+0x1d8/0x7a0 [ 1345.106876][T18714] ? debug_smp_processor_id+0x43/0x137 [ 1345.112337][T18714] nfs_create_server+0xcc/0x3d0 [ 1345.117190][T18714] nfs_try_mount+0xa0/0x560 [ 1345.122568][T18714] ? __kmalloc_track_caller+0x230/0x690 [ 1345.128114][T18714] ? kmem_cache_alloc_trace+0x1e9/0x5d0 [ 1345.133683][T18714] ? should_fail+0xd4/0x45d [ 1345.138184][T18714] ? preempt_count_add+0x6f/0xb0 [ 1345.143121][T18714] ? _raw_spin_unlock+0x4b/0x60 [ 1345.147975][T18714] ? find_nfs_version+0xc9/0xe0 [ 1345.152835][T18714] ? try_module_get+0x2f/0x40 [ 1345.158482][T18714] nfs_fs_mount+0x7e7/0x15c0 [ 1345.163172][T18714] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1345.169549][T18714] ? nfs_clone_super+0x280/0x280 [ 1345.174581][T18714] ? nfs_parse_mount_options+0x1800/0x1800 [ 1345.181182][T18714] ? nfs_remount+0xb40/0xb40 [ 1345.185789][T18714] legacy_get_tree+0x7e/0xf0 [ 1345.190381][T18714] vfs_get_tree+0x56/0x1a0 [ 1345.194884][T18714] do_mount+0x1004/0x14f0 [ 1345.199244][T18714] ksys_mount+0xe8/0x160 [ 1345.203492][T18714] __x64_sys_mount+0x70/0x90 [ 1345.208110][T18714] do_syscall_64+0xcc/0x3a0 [ 1345.212808][T18714] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1345.218878][T18714] RIP: 0033:0x45a919 [ 1345.222796][T18714] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1345.243295][T18714] RSP: 002b:00007f78299edc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1345.252426][T18714] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045a919 [ 1345.261002][T18714] RDX: 00000000200002c0 RSI: 0000000020000500 RDI: 0000000000000000 [ 1345.269329][T18714] RBP: 000000000075bf20 R08: 0000000020000000 R09: 0000000000000000 [ 1345.277903][T18714] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f78299ee6d4 [ 1345.285871][T18714] R13: 00000000004c7d30 R14: 00000000004dec28 R15: 00000000ffffffff [ 1345.296053][T18714] Kernel Offset: disabled [ 1345.300398][T18714] Rebooting in 86400 seconds..