ded mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 790.466338][T28944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 790.476137][T28944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 790.486576][T28944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 790.496417][T28944] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 18:43:26 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x100) mount(&(0x7f0000000080)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='ufs\x00', 0x0, &(0x7f0000000180)='cgroup2\x00') mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 18:43:26 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x25, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:26 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb00", 0x6, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:26 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async, rerun: 32) getresgid(&(0x7f0000003500), &(0x7f0000003c00)=0x0, &(0x7f0000003c40)) (rerun: 32) fchownat(r0, &(0x7f0000003480)='./file0\x00', 0x0, r1, 0x1000) (async, rerun: 32) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async, rerun: 32) r2 = inotify_init() close(r2) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x200002, 0x0) r4 = openat$cgroup(r3, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000007680)=ANY=[@ANYBLOB="58000000020601040000000000000000000000000500040000000000050001000700000011000300686173683a69702c706f7274000000000c00078008001240090000000900020073797a300000000005000500020000000713dfc917bd802e6d2948d0df53a97ea559b54f009f10f823706c640141d30134a5f7c967de464d7fcf1a3013262ecb4eea7496be3714d00f"], 0x58}}, 0x0) clock_gettime(0x0, &(0x7f0000007e00)={0x0, 0x0}) recvmmsg(r6, &(0x7f0000007b80)=[{{&(0x7f00000002c0)=@x25, 0x80, &(0x7f0000000680)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f0000000240)=""/34, 0x22}, {&(0x7f00000003c0)=""/93, 0x5d}, {&(0x7f0000000440)=""/213, 0xd5}, {&(0x7f0000000540)=""/217, 0xd9}, {&(0x7f0000000640)=""/64, 0x40}], 0x6, &(0x7f0000000700)=""/222, 0xde}, 0x7}, {{&(0x7f0000000800)=@in6={0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @initdev}}, 0x80, &(0x7f0000000c40)=[{&(0x7f0000000880)=""/65, 0x41}, {&(0x7f0000000900)=""/179, 0xb3}, {&(0x7f00000009c0)=""/41, 0x29}, {&(0x7f0000000a00)=""/69, 0x45}, {&(0x7f0000007e80)=""/180, 0xb4}, {&(0x7f0000000b40)=""/255, 0xff}], 0x6, &(0x7f0000000cc0)=""/132, 0x84}, 0x9d}, {{&(0x7f0000000d80), 0x80, &(0x7f0000003280)=[{&(0x7f0000000e00)=""/4096, 0x1000}, {&(0x7f0000001e00)=""/205, 0xcd}, {&(0x7f0000001f00)=""/149, 0x95}, {&(0x7f0000001fc0)=""/211, 0xd3}, {&(0x7f00000020c0)=""/188, 0xbc}, {&(0x7f0000002180)=""/48, 0x30}, {&(0x7f00000021c0)=""/153, 0x99}, {&(0x7f0000002280)=""/4096, 0x1000}], 0x8, &(0x7f0000003300)=""/121, 0x79}, 0x200}, {{&(0x7f0000003380)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000003600)=[{&(0x7f0000003400)=""/92, 0x5c}, {&(0x7f0000003480)}, {&(0x7f00000034c0)=""/55, 0x37}, {&(0x7f0000003540)=""/189, 0xbd}], 0x4, &(0x7f0000003640)=""/189, 0xbd}}, {{&(0x7f0000003700)=@pptp={0x18, 0x2, {0x0, @remote}}, 0x80, &(0x7f0000003a80)=[{&(0x7f0000003780)=""/168, 0xa8}, {&(0x7f0000003840)=""/208, 0xd0}, {&(0x7f0000003940)=""/12, 0xc}, {&(0x7f0000003980)=""/124, 0x7c}, {&(0x7f0000003a00)=""/112, 0x70}], 0x5, &(0x7f0000003b00)=""/208, 0xd0}, 0xffff}, {{&(0x7f0000000ac0)=@l2tp6={0xa, 0x0, 0x0, @local}, 0x80, &(0x7f0000005f40)=[{&(0x7f0000003c80)=""/137, 0x89}, {&(0x7f0000003d40)=""/4096, 0x1000}, {&(0x7f0000004d40)=""/108, 0x6c}, {&(0x7f0000004dc0)=""/4096, 0x1000}, {&(0x7f0000005dc0)=""/252, 0xfc}, {&(0x7f0000005ec0)=""/2, 0x2}, {&(0x7f0000005f00)=""/51, 0x33}], 0x7, &(0x7f0000005fc0)=""/92, 0x5c}, 0x2312}, {{0x0, 0x0, &(0x7f0000007080)=[{&(0x7f0000007600)=""/33, 0x21}, {&(0x7f0000006080)=""/4096, 0x1000}], 0x2}, 0x9}, {{&(0x7f00000070c0)=@caif=@util, 0x80, &(0x7f0000007300)=[{&(0x7f0000007140)=""/217, 0xd9}, {&(0x7f0000007240)=""/150, 0x96}], 0x2, &(0x7f0000007340)=""/130, 0x82}, 0x40}, {{&(0x7f0000007400)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, &(0x7f0000007540)=[{&(0x7f0000007480)=""/134, 0x86}], 0x1}, 0x10000}, {{&(0x7f0000007580)=@pppol2tpin6, 0x80, &(0x7f0000007a00)=[{&(0x7f0000007600)}, {&(0x7f0000007640)=""/32, 0x20}, {&(0x7f0000007f40)=""/183, 0xb7}, {&(0x7f0000007740)=""/102, 0x66}, {&(0x7f00000077c0)=""/254, 0xfe}, {&(0x7f00000078c0)=""/202, 0xca}, {&(0x7f0000000a80)=""/17, 0x11}], 0x7, &(0x7f0000007a80)=""/249, 0xf9}, 0x4}], 0xa, 0x1, &(0x7f0000007e40)={r7, r8+10000000}) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) mknodat$null(r0, &(0x7f00000000c0)='./file0\x00', 0x4, 0x103) (async) openat$cgroup_procs(r3, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) (async) write$cgroup_int(r5, &(0x7f0000000080), 0x12) 18:43:26 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x200, 0x22) mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='iso9660\x00', 0x200000, &(0x7f00000002c0)='\x00') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) r4 = fcntl$dupfd(r1, 0x406, r1) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0x40, 0x6, 0x100, 0x84, r4, 0x23bc, '\x00', 0x0, r3, 0x1, 0x3, 0x3, 0xa}, 0x48) 18:43:26 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCFLSH(r0, 0x5608, 0x0) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x2, 0x0, 0x5, 0x1000, 0x0, 0xf}}) [ 790.506881][T28944] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 790.517881][T28944] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 790.526858][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 790.535742][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 18:43:26 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCFLSH(r0, 0x5608, 0x0) (async) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0x2, 0x0, 0x5, 0x1000, 0x0, 0xf}}) [ 790.588192][T28989] loop5: detected capacity change from 0 to 1024 [ 790.592122][T28983] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 790.604590][T28983] CPU: 1 PID: 28983 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 790.615674][T28983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 790.625467][T28988] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 790.625723][T28983] Call Trace: 18:43:26 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async, rerun: 64) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async, rerun: 64) getresgid(&(0x7f0000003500), &(0x7f0000003c00)=0x0, &(0x7f0000003c40)) fchownat(r0, &(0x7f0000003480)='./file0\x00', 0x0, r1, 0x1000) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r2 = inotify_init() close(r2) (async) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x200002, 0x0) r4 = openat$cgroup(r3, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000007680)=ANY=[@ANYBLOB="58000000020601040000000000000000000000000500040000000000050001000700000011000300686173683a69702c706f7274000000000c00078008001240090000000900020073797a300000000005000500020000000713dfc917bd802e6d2948d0df53a97ea559b54f009f10f823706c640141d30134a5f7c967de464d7fcf1a3013262ecb4eea7496be3714d00f"], 0x58}}, 0x0) clock_gettime(0x0, &(0x7f0000007e00)={0x0, 0x0}) recvmmsg(r6, &(0x7f0000007b80)=[{{&(0x7f00000002c0)=@x25, 0x80, &(0x7f0000000680)=[{&(0x7f0000000340)=""/124, 0x7c}, {&(0x7f0000000240)=""/34, 0x22}, {&(0x7f00000003c0)=""/93, 0x5d}, {&(0x7f0000000440)=""/213, 0xd5}, {&(0x7f0000000540)=""/217, 0xd9}, {&(0x7f0000000640)=""/64, 0x40}], 0x6, &(0x7f0000000700)=""/222, 0xde}, 0x7}, {{&(0x7f0000000800)=@in6={0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @initdev}}, 0x80, &(0x7f0000000c40)=[{&(0x7f0000000880)=""/65, 0x41}, {&(0x7f0000000900)=""/179, 0xb3}, {&(0x7f00000009c0)=""/41, 0x29}, {&(0x7f0000000a00)=""/69, 0x45}, {&(0x7f0000007e80)=""/180, 0xb4}, {&(0x7f0000000b40)=""/255, 0xff}], 0x6, &(0x7f0000000cc0)=""/132, 0x84}, 0x9d}, {{&(0x7f0000000d80), 0x80, &(0x7f0000003280)=[{&(0x7f0000000e00)=""/4096, 0x1000}, {&(0x7f0000001e00)=""/205, 0xcd}, {&(0x7f0000001f00)=""/149, 0x95}, {&(0x7f0000001fc0)=""/211, 0xd3}, {&(0x7f00000020c0)=""/188, 0xbc}, {&(0x7f0000002180)=""/48, 0x30}, {&(0x7f00000021c0)=""/153, 0x99}, {&(0x7f0000002280)=""/4096, 0x1000}], 0x8, &(0x7f0000003300)=""/121, 0x79}, 0x200}, {{&(0x7f0000003380)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000003600)=[{&(0x7f0000003400)=""/92, 0x5c}, {&(0x7f0000003480)}, {&(0x7f00000034c0)=""/55, 0x37}, {&(0x7f0000003540)=""/189, 0xbd}], 0x4, &(0x7f0000003640)=""/189, 0xbd}}, {{&(0x7f0000003700)=@pptp={0x18, 0x2, {0x0, @remote}}, 0x80, &(0x7f0000003a80)=[{&(0x7f0000003780)=""/168, 0xa8}, {&(0x7f0000003840)=""/208, 0xd0}, {&(0x7f0000003940)=""/12, 0xc}, {&(0x7f0000003980)=""/124, 0x7c}, {&(0x7f0000003a00)=""/112, 0x70}], 0x5, &(0x7f0000003b00)=""/208, 0xd0}, 0xffff}, {{&(0x7f0000000ac0)=@l2tp6={0xa, 0x0, 0x0, @local}, 0x80, &(0x7f0000005f40)=[{&(0x7f0000003c80)=""/137, 0x89}, {&(0x7f0000003d40)=""/4096, 0x1000}, {&(0x7f0000004d40)=""/108, 0x6c}, {&(0x7f0000004dc0)=""/4096, 0x1000}, {&(0x7f0000005dc0)=""/252, 0xfc}, {&(0x7f0000005ec0)=""/2, 0x2}, {&(0x7f0000005f00)=""/51, 0x33}], 0x7, &(0x7f0000005fc0)=""/92, 0x5c}, 0x2312}, {{0x0, 0x0, &(0x7f0000007080)=[{&(0x7f0000007600)=""/33, 0x21}, {&(0x7f0000006080)=""/4096, 0x1000}], 0x2}, 0x9}, {{&(0x7f00000070c0)=@caif=@util, 0x80, &(0x7f0000007300)=[{&(0x7f0000007140)=""/217, 0xd9}, {&(0x7f0000007240)=""/150, 0x96}], 0x2, &(0x7f0000007340)=""/130, 0x82}, 0x40}, {{&(0x7f0000007400)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, &(0x7f0000007540)=[{&(0x7f0000007480)=""/134, 0x86}], 0x1}, 0x10000}, {{&(0x7f0000007580)=@pppol2tpin6, 0x80, &(0x7f0000007a00)=[{&(0x7f0000007600)}, {&(0x7f0000007640)=""/32, 0x20}, {&(0x7f0000007f40)=""/183, 0xb7}, {&(0x7f0000007740)=""/102, 0x66}, {&(0x7f00000077c0)=""/254, 0xfe}, {&(0x7f00000078c0)=""/202, 0xca}, {&(0x7f0000000a80)=""/17, 0x11}], 0x7, &(0x7f0000007a80)=""/249, 0xf9}, 0x4}], 0xa, 0x1, &(0x7f0000007e40)={r7, r8+10000000}) (async) prlimit64(0x0, 0x0, 0x0, 0x0) mknodat$null(r0, &(0x7f00000000c0)='./file0\x00', 0x4, 0x103) (async, rerun: 64) openat$cgroup_procs(r3, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) (rerun: 64) write$cgroup_int(r5, &(0x7f0000000080), 0x12) 18:43:26 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x48, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 790.625731][T28983] [ 790.625737][T28983] dump_stack_lvl+0xd6/0x122 [ 790.643448][T28983] dump_stack+0x11/0x12 [ 790.643479][T28983] dump_header+0x98/0x410 [ 790.643503][T28983] oom_kill_process+0xfe/0x550 [ 790.643535][T28983] out_of_memory+0x620/0x880 [ 790.643561][T28983] memory_max_write+0x31b/0x420 [ 790.643604][T28983] ? memory_max_show+0x70/0x70 [ 790.643681][T28983] cgroup_file_write+0x167/0x300 [ 790.643708][T28983] ? __check_object_size+0x235/0x380 [ 790.643729][T28983] ? cgroup_seqfile_stop+0x70/0x70 18:43:26 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x4c, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 790.643755][T28983] kernfs_fop_write_iter+0x1d3/0x2c0 [ 790.643860][T28983] vfs_write+0x71c/0x890 [ 790.643888][T28983] ksys_write+0xe8/0x1a0 [ 790.643913][T28983] __x64_sys_write+0x3e/0x50 [ 790.643988][T28983] do_syscall_64+0x2b/0x70 [ 790.644013][T28983] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 790.644042][T28983] RIP: 0033:0x7f682d3270e9 [ 790.644058][T28983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 790.644079][T28983] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 790.644102][T28983] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 790.644117][T28983] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 790.644225][T28983] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 790.644240][T28983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 790.644255][T28983] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 790.644295][T28983] [ 790.644334][T28983] memory: usage 172kB, limit 0kB, failcnt 6611 [ 790.644348][T28983] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 790.644361][T28983] Memory cgroup stats for /syz0: [ 790.650893][T28983] anon 45056 [ 790.650893][T28983] file 53248 [ 790.650893][T28983] kernel 65536 [ 790.650893][T28983] kernel_stack 0 [ 790.650893][T28983] pagetables 8192 [ 790.650893][T28983] percpu 0 [ 790.650893][T28983] sock 0 [ 790.650893][T28983] vmalloc 0 [ 790.650893][T28983] shmem 53248 [ 790.650893][T28983] file_mapped 53248 [ 790.650893][T28983] file_dirty 0 [ 790.650893][T28983] file_writeback 0 [ 790.650893][T28983] swapcached 0 [ 790.650893][T28983] inactive_anon 45056 [ 790.650893][T28983] active_anon 53248 [ 790.650893][T28983] inactive_file 0 [ 790.650893][T28983] active_file 0 [ 790.650893][T28983] unevictable 0 [ 790.650893][T28983] slab_reclaimable 14632 [ 790.650893][T28983] slab_unreclaimable 33912 [ 790.650893][T28983] slab 48544 [ 790.650893][T28983] workingset_refault_anon 0 [ 790.650893][T28983] workingset_refault_file 7 [ 790.650893][T28983] workingset_activate_anon 0 [ 790.650893][T28983] workingset_activate_file 0 [ 790.667897][T28999] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 790.672127][T28983] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset= [ 790.684675][T28989] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 790.687464][T28983] syz4,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=28944,uid=0 [ 790.709836][T29004] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 18:43:27 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb00", 0x6, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:27 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x60, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 790.710279][T28983] Memory cgroup out of memory: Killed process 28944 (syz-executor.0) total-vm:42336kB, anon-rss:364kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:0 [ 790.720049][T28944] socket: no more sockets [ 790.939278][T29006] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 790.987315][T28983] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 790.997346][T28983] CPU: 0 PID: 28983 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 791.008558][T28983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 791.018590][T28983] Call Trace: [ 791.021848][T28983] [ 791.024757][T28983] dump_stack_lvl+0xd6/0x122 [ 791.029332][T28983] dump_stack+0x11/0x12 [ 791.033514][T28983] dump_header+0x98/0x410 [ 791.037827][T28983] out_of_memory+0x65e/0x880 [ 791.042458][T28983] memory_max_write+0x31b/0x420 [ 791.047296][T28983] ? memory_max_show+0x70/0x70 [ 791.052091][T28983] cgroup_file_write+0x167/0x300 [ 791.057023][T28983] ? __check_object_size+0x235/0x380 [ 791.062289][T28983] ? cgroup_seqfile_stop+0x70/0x70 [ 791.067483][T28983] kernfs_fop_write_iter+0x1d3/0x2c0 [ 791.072897][T28983] vfs_write+0x71c/0x890 [ 791.077123][T28983] ksys_write+0xe8/0x1a0 [ 791.081376][T28983] __x64_sys_write+0x3e/0x50 [ 791.085959][T28983] do_syscall_64+0x2b/0x70 [ 791.090370][T28983] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 791.096240][T28983] RIP: 0033:0x7f682d3270e9 [ 791.100637][T28983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 791.120348][T28983] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 791.128751][T28983] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 791.136737][T28983] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 791.144715][T28983] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 791.152684][T28983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 791.160696][T28983] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 791.168675][T28983] [ 791.172024][T28983] memory: usage 80kB, limit 0kB, failcnt 6628 [ 791.178108][T28983] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 791.184953][T28983] Memory cgroup stats for /syz0: [ 791.185749][T28983] anon 0 [ 791.185749][T28983] file 53248 [ 791.185749][T28983] kernel 28672 [ 791.185749][T28983] kernel_stack 0 [ 791.185749][T28983] pagetables 0 [ 791.185749][T28983] percpu 0 [ 791.185749][T28983] sock 0 [ 791.185749][T28983] vmalloc 0 [ 791.185749][T28983] shmem 53248 [ 791.185749][T28983] file_mapped 53248 [ 791.185749][T28983] file_dirty 0 [ 791.185749][T28983] file_writeback 0 [ 791.185749][T28983] swapcached 0 [ 791.185749][T28983] inactive_anon 0 [ 791.185749][T28983] active_anon 53248 [ 791.185749][T28983] inactive_file 0 [ 791.185749][T28983] active_file 0 [ 791.185749][T28983] unevictable 0 [ 791.185749][T28983] slab_reclaimable 3408 [ 791.185749][T28983] slab_unreclaimable 18216 [ 791.185749][T28983] slab 21624 [ 791.185749][T28983] workingset_refault_anon 0 [ 791.185749][T28983] workingset_refault_file 7 [ 791.185749][T28983] workingset_activate_anon 0 [ 791.185749][T28983] workingset_activate_file 0 [ 791.204408][T29013] loop5: detected capacity change from 0 to 1024 [ 791.277840][T28983] Out of memory and no killable processes... 18:43:27 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x100) mount(&(0x7f0000000080)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='ufs\x00', 0x0, &(0x7f0000000180)='cgroup2\x00') mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) creat(&(0x7f0000000000)='./file0\x00', 0x100) (async) mount(&(0x7f0000000080)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='ufs\x00', 0x0, &(0x7f0000000180)='cgroup2\x00') (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) (async) 18:43:27 executing program 2: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) openat(r0, &(0x7f00000000c0)='./file0\x00', 0x4a882, 0xe5) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00)={0x0, 0x0}, 0x8) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = dup(0xffffffffffffffff) getpeername$packet(r6, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = dup(r7) getpeername$packet(r8, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xb, &(0x7f0000000540)=ANY=[@ANYBLOB="0c663600010000008500000008000000185200000f0000000000000000000000dd170800f0ffffff3bb404000800000018620000060000000000000003000000852000000100000018170000", @ANYRES32, @ANYBLOB="ff088e0000ffff7fc60daf4fc447108af2b80b5ab7cd2cc253ef307b64b970d38d4888f102d517bfb3c29281561093d5"], &(0x7f00000002c0)='syzkaller\x00', 0x3b, 0xf1, &(0x7f0000000300)=""/241, 0x41100, 0x10, '\x00', 0x0, 0xf, r6, 0x8, &(0x7f0000000400)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000440)={0x0, 0x0, 0x9, 0x10000}, 0x10, r4, r5, 0x0, &(0x7f0000000480)=[r8]}, 0x80) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:43:27 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(r3, 0x0, 0x0, 0x0) prlimit64(r3, 0xd, &(0x7f00000000c0)={0x7ff, 0x8}, &(0x7f0000000100)) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:43:27 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x68, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:27 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x200, 0x22) mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='iso9660\x00', 0x200000, &(0x7f00000002c0)='\x00') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) r4 = fcntl$dupfd(r1, 0x406, r1) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0x40, 0x6, 0x100, 0x84, r4, 0x23bc, '\x00', 0x0, r3, 0x1, 0x3, 0x3, 0xa}, 0x48) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) open(&(0x7f00000000c0)='./file0\x00', 0x200, 0x22) (async) mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='iso9660\x00', 0x200000, &(0x7f00000002c0)='\x00') (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) (async) fcntl$dupfd(r1, 0x406, r1) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0x40, 0x6, 0x100, 0x84, r4, 0x23bc, '\x00', 0x0, r3, 0x1, 0x3, 0x3, 0xa}, 0x48) (async) 18:43:27 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb000102", 0x8, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) [ 791.306569][T29013] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 791.341213][T29019] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 791.355570][T29018] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 791.365771][T29018] CPU: 1 PID: 29018 Comm: syz-executor.2 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 791.376867][T29018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 791.380232][T29026] loop5: detected capacity change from 0 to 1024 [ 791.386916][T29018] Call Trace: [ 791.386924][T29018] [ 791.386931][T29018] dump_stack_lvl+0xd6/0x122 [ 791.403989][T29018] dump_stack+0x11/0x12 [ 791.408143][T29018] dump_header+0x98/0x410 [ 791.412500][T29018] out_of_memory+0x65e/0x880 [ 791.417077][T29018] memory_max_write+0x31b/0x420 [ 791.421918][T29018] ? memory_max_show+0x70/0x70 [ 791.426740][T29018] cgroup_file_write+0x167/0x300 [ 791.431666][T29018] ? __check_object_size+0x235/0x380 [ 791.436975][T29018] ? cgroup_seqfile_stop+0x70/0x70 [ 791.442142][T29018] kernfs_fop_write_iter+0x1d3/0x2c0 [ 791.447419][T29018] vfs_write+0x71c/0x890 [ 791.451650][T29018] ksys_write+0xe8/0x1a0 [ 791.455899][T29018] __x64_sys_write+0x3e/0x50 [ 791.460506][T29018] do_syscall_64+0x2b/0x70 [ 791.464913][T29018] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 791.470850][T29018] RIP: 0033:0x7fa3a19bf0e9 [ 791.475288][T29018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 791.494881][T29018] RSP: 002b:00007fa3a1135168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 791.503340][T29018] RAX: ffffffffffffffda RBX: 00007fa3a1ad1f60 RCX: 00007fa3a19bf0e9 [ 791.511297][T29018] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 791.519252][T29018] RBP: 00007fa3a1a1908d R08: 0000000000000000 R09: 0000000000000000 [ 791.527241][T29018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 791.535195][T29018] R13: 00007ffd19fac9bf R14: 00007fa3a1135300 R15: 0000000000022000 [ 791.543154][T29018] [ 791.546268][T29018] memory: usage 72kB, limit 0kB, failcnt 6628 18:43:27 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) creat(&(0x7f0000000000)='./file0\x00', 0x100) (async) mount(&(0x7f0000000080)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='ufs\x00', 0x0, &(0x7f0000000180)='cgroup2\x00') (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 791.552377][T29018] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 791.559231][T29018] Memory cgroup stats for /syz0: [ 791.569426][T29018] anon 0 [ 791.569426][T29018] file 53248 [ 791.569426][T29018] kernel 20480 [ 791.569426][T29018] kernel_stack 0 [ 791.569426][T29018] pagetables 0 [ 791.569426][T29018] percpu 0 [ 791.569426][T29018] sock 0 [ 791.569426][T29018] vmalloc 0 [ 791.569426][T29018] shmem 53248 [ 791.569426][T29018] file_mapped 53248 [ 791.569426][T29018] file_dirty 0 [ 791.569426][T29018] file_writeback 0 [ 791.569426][T29018] swapcached 0 [ 791.569426][T29018] inactive_anon 0 [ 791.569426][T29018] active_anon 53248 [ 791.569426][T29018] inactive_file 0 [ 791.569426][T29018] active_file 0 [ 791.569426][T29018] unevictable 0 [ 791.569426][T29018] slab_reclaimable 2232 [ 791.569426][T29018] slab_unreclaimable 14936 [ 791.569426][T29018] slab 17168 [ 791.569426][T29018] workingset_refault_anon 0 [ 791.569426][T29018] workingset_refault_file 7 [ 791.569426][T29018] workingset_activate_anon 0 [ 791.569426][T29018] workingset_activate_file 0 [ 791.626418][T29026] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 791.661730][T29018] Out of memory and no killable processes... [ 791.677477][T29022] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 791.687750][T29022] CPU: 1 PID: 29022 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 791.698847][T29022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 791.709243][T29022] Call Trace: [ 791.712514][T29022] [ 791.715437][T29022] dump_stack_lvl+0xd6/0x122 [ 791.720032][T29022] dump_stack+0x11/0x12 [ 791.724204][T29022] dump_header+0x98/0x410 [ 791.728564][T29022] out_of_memory+0x65e/0x880 [ 791.733154][T29022] memory_max_write+0x31b/0x420 [ 791.738008][T29022] ? memory_max_show+0x70/0x70 [ 791.742801][T29022] cgroup_file_write+0x167/0x300 [ 791.747739][T29022] ? __check_object_size+0x235/0x380 [ 791.753091][T29022] ? cgroup_seqfile_stop+0x70/0x70 [ 791.758221][T29022] kernfs_fop_write_iter+0x1d3/0x2c0 [ 791.763515][T29022] vfs_write+0x71c/0x890 [ 791.767761][T29022] ksys_write+0xe8/0x1a0 [ 791.772010][T29022] __x64_sys_write+0x3e/0x50 [ 791.776604][T29022] do_syscall_64+0x2b/0x70 [ 791.781111][T29022] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 791.787003][T29022] RIP: 0033:0x7ff0acc260e9 18:43:27 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x6c, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 791.791410][T29022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 791.811047][T29022] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 791.819512][T29022] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 791.827482][T29022] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 791.835445][T29022] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 791.843465][T29022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 791.851494][T29022] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 791.859469][T29022] [ 791.862673][T29022] memory: usage 72kB, limit 0kB, failcnt 6628 [ 791.868750][T29022] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 791.875720][T29022] Memory cgroup stats for /syz0: [ 791.880922][T29049] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 791.885970][T29022] anon 0 [ 791.885970][T29022] file 53248 [ 791.885970][T29022] kernel 20480 [ 791.885970][T29022] kernel_stack 0 [ 791.885970][T29022] pagetables 0 18:43:28 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb000102", 0x8, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:28 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x74, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 791.885970][T29022] percpu 0 [ 791.885970][T29022] sock 0 [ 791.885970][T29022] vmalloc 0 [ 791.885970][T29022] shmem 53248 [ 791.885970][T29022] file_mapped 53248 [ 791.885970][T29022] file_dirty 0 [ 791.885970][T29022] file_writeback 0 [ 791.885970][T29022] swapcached 0 [ 791.885970][T29022] inactive_anon 0 [ 791.885970][T29022] active_anon 53248 [ 791.885970][T29022] inactive_file 0 [ 791.885970][T29022] active_file 0 [ 791.885970][T29022] unevictable 0 [ 791.885970][T29022] slab_reclaimable 2232 [ 791.885970][T29022] slab_unreclaimable 14936 18:43:28 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x200, 0x22) mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='iso9660\x00', 0x200000, &(0x7f00000002c0)='\x00') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) (async) r4 = fcntl$dupfd(r1, 0x406, r1) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0x40, 0x6, 0x100, 0x84, r4, 0x23bc, '\x00', 0x0, r3, 0x1, 0x3, 0x3, 0xa}, 0x48) 18:43:28 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async, rerun: 64) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (rerun: 64) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(r3, 0x0, 0x0, 0x0) (async) prlimit64(r3, 0xd, &(0x7f00000000c0)={0x7ff, 0x8}, &(0x7f0000000100)) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:43:28 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x2c, r1, 0x9, 0x0, 0x0, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0) r2 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f00000001c0)={@loopback, @private1={0xfc, 0x1, '\x00', 0x1}, @remote, 0x0, 0x0, 0x0, 0x0, 0x9, 0x20c301e2, r5}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'erspan0\x00', &(0x7f0000000340)={'gre0\x00', 0x0, 0x1, 0x10, 0x7, 0x7f, {{0x9, 0x4, 0x0, 0xc, 0x24, 0x64, 0x0, 0x8, 0x2f, 0x0, @loopback, @multicast1, {[@ssrr={0x89, 0x7, 0xd8, [@loopback]}, @end, @noop, @generic={0x86, 0x5, "521d61"}]}}}}}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="30010000", @ANYRES16=r1, @ANYBLOB="000127bd7000fedbdf250d0000001c0001800800030000000000080003000300000008000100", @ANYRES32=0x0, @ANYBLOB="0c00018008000100", @ANYRES32=0x0, @ANYBLOB="18000180140002007465616d5f736c6176655f31000000006800018008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="080003000200000014000200776c616e310000000000000000000000080003000300000014000200766c616e3000000000000000030000001400020069703665727370616e300000000000000c00018008000300010000001800018014000200736974300000000000000000000000005000018014000200776c616e3000000000000000000000001400020067726574617030000000000000000000140002006873723000000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB], 0x130}, 0x1, 0x0, 0x0, 0x90}, 0x4008051) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x4e21, 0x9, @private2={0xfc, 0x2, '\x00', 0x1}, 0x552}, 0x1c) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="2400000003010102e5ffffff0000000002000000040002800c00198008000200400c0000"], 0x24}, 0x1, 0x0, 0x0, 0x400c000}, 0x20000004) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r9) sendmsg$IEEE802154_ADD_IFACE(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010026bd7000ffdbdf252100000009001f0070687931000000000c0005000202aaaaaaaaaaaa050020000100000024001f007068793020"], 0x58}}, 0x0) sendmsg$IEEE802154_LIST_PHY(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x14, r10, 0x8, 0x70bd2c, 0x25dfdbfe, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4004) [ 791.885970][T29022] slab 17168 [ 791.885970][T29022] workingset_refault_anon 0 [ 791.885970][T29022] workingset_refault_file 7 [ 791.885970][T29022] workingset_activate_anon 0 [ 791.885970][T29022] workingset_activate_file 0 [ 791.973900][T29051] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 791.979897][T29022] Out of memory and no killable processes... 18:43:28 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(r3, 0x0, 0x0, 0x0) (async) prlimit64(r3, 0xd, &(0x7f00000000c0)={0x7ff, 0x8}, &(0x7f0000000100)) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:43:28 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) mount$bpf(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x102c080, &(0x7f0000000240)={[{@mode={'mode', 0x3d, 0x6}}, {@mode={'mode', 0x3d, 0x20}}], [{@appraise_type}, {@audit}, {@uid_gt}, {@subj_user={'subj_user', 0x3d, '+!-('}}]}) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000440), 0x200800, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r5, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x8, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000005c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000600), &(0x7f0000000640), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000680)}}, 0x10) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000800)='/proc/tty/ldiscs\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000840)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'}) r11 = pidfd_getfd(r0, r6, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000008c0)=@bpf_lsm={0x1d, 0xf, &(0x7f00000002c0)=@raw=[@alu={0x4, 0x1, 0xa, 0x9, 0x4, 0x106, 0x8}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x3}, @cb_func={0x18, 0xb, 0x4, 0x0, 0x7}, @alu={0x7, 0x1, 0x4, 0x1, 0x1, 0xfffffffffffffff0, 0x10}, @jmp={0x5, 0x1, 0x7, 0xa, 0x1, 0x10, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x2}, @exit, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}, @generic={0x6, 0x7, 0x4, 0x7, 0xca4}, @cb_func={0x18, 0x6, 0x4, 0x0, 0x5}], &(0x7f0000000340)='GPL\x00', 0x1800000, 0x94, &(0x7f0000000380)=""/148, 0x0, 0x2, '\x00', 0x0, 0x1b, r7, 0x8, &(0x7f0000000480)={0x3, 0x1}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0x2, 0x800, 0x7ff}, 0x10, r8, 0x0, 0x0, &(0x7f0000000880)=[r0, r4, r4, r9, r10, r11, r0]}, 0x80) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:43:28 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x2c, r1, 0x9, 0x0, 0x0, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0) r2 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f00000001c0)={@loopback, @private1={0xfc, 0x1, '\x00', 0x1}, @remote, 0x0, 0x0, 0x0, 0x0, 0x9, 0x20c301e2, r5}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'erspan0\x00', &(0x7f0000000340)={'gre0\x00', 0x0, 0x1, 0x10, 0x7, 0x7f, {{0x9, 0x4, 0x0, 0xc, 0x24, 0x64, 0x0, 0x8, 0x2f, 0x0, @loopback, @multicast1, {[@ssrr={0x89, 0x7, 0xd8, [@loopback]}, @end, @noop, @generic={0x86, 0x5, "521d61"}]}}}}}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="30010000", @ANYRES16=r1, @ANYBLOB="000127bd7000fedbdf250d0000001c0001800800030000000000080003000300000008000100", @ANYRES32=0x0, @ANYBLOB="0c00018008000100", @ANYRES32=0x0, @ANYBLOB="18000180140002007465616d5f736c6176655f31000000006800018008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="080003000200000014000200776c616e310000000000000000000000080003000300000014000200766c616e3000000000000000030000001400020069703665727370616e300000000000000c00018008000300010000001800018014000200736974300000000000000000000000005000018014000200776c616e3000000000000000000000001400020067726574617030000000000000000000140002006873723000000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB], 0x130}, 0x1, 0x0, 0x0, 0x90}, 0x4008051) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x4e21, 0x9, @private2={0xfc, 0x2, '\x00', 0x1}, 0x552}, 0x1c) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="2400000003010102e5ffffff0000000002000000040002800c00198008000200400c0000"], 0x24}, 0x1, 0x0, 0x0, 0x400c000}, 0x20000004) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r9) sendmsg$IEEE802154_ADD_IFACE(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010026bd7000ffdbdf252100000009001f0070687931000000000c0005000202aaaaaaaaaaaa050020000100000024001f007068793020"], 0x58}}, 0x0) sendmsg$IEEE802154_LIST_PHY(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x14, r10, 0x8, 0x70bd2c, 0x25dfdbfe, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4004) syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) (async) sendmsg$ETHTOOL_MSG_DEBUG_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x2c, r1, 0x9, 0x0, 0x0, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0) (async) socket$inet6(0xa, 0x3, 0x6) (async) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async) dup(r3) (async) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f00000001c0)={@loopback, @private1={0xfc, 0x1, '\x00', 0x1}, @remote, 0x0, 0x0, 0x0, 0x0, 0x9, 0x20c301e2, r5}) (async) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'erspan0\x00', &(0x7f0000000340)={'gre0\x00', 0x0, 0x1, 0x10, 0x7, 0x7f, {{0x9, 0x4, 0x0, 0xc, 0x24, 0x64, 0x0, 0x8, 0x2f, 0x0, @loopback, @multicast1, {[@ssrr={0x89, 0x7, 0xd8, [@loopback]}, @end, @noop, @generic={0x86, 0x5, "521d61"}]}}}}}) (async) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="30010000", @ANYRES16=r1, @ANYBLOB="000127bd7000fedbdf250d0000001c0001800800030000000000080003000300000008000100", @ANYRES32=0x0, @ANYBLOB="0c00018008000100", @ANYRES32=0x0, @ANYBLOB="18000180140002007465616d5f736c6176655f31000000006800018008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="080003000200000014000200776c616e310000000000000000000000080003000300000014000200766c616e3000000000000000030000001400020069703665727370616e300000000000000c00018008000300010000001800018014000200736974300000000000000000000000005000018014000200776c616e3000000000000000000000001400020067726574617030000000000000000000140002006873723000000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB], 0x130}, 0x1, 0x0, 0x0, 0x90}, 0x4008051) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) bind$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x4e21, 0x9, @private2={0xfc, 0x2, '\x00', 0x1}, 0x552}, 0x1c) (async) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="2400000003010102e5ffffff0000000002000000040002800c00198008000200400c0000"], 0x24}, 0x1, 0x0, 0x0, 0x400c000}, 0x20000004) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r9) (async) sendmsg$IEEE802154_ADD_IFACE(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010026bd7000ffdbdf252100000009001f0070687931000000000c0005000202aaaaaaaaaaaa050020000100000024001f007068793020"], 0x58}}, 0x0) (async) sendmsg$IEEE802154_LIST_PHY(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x14, r10, 0x8, 0x70bd2c, 0x25dfdbfe, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4004) (async) 18:43:28 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x7a, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:28 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0xa2) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r0, 0xc018937a, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r2, {0x54b0}}, './file0\x00'}) r4 = openat$cgroup_int(r3, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r4, &(0x7f0000000080), 0x12) [ 792.074417][T29074] loop5: detected capacity change from 0 to 1024 [ 792.095363][T29073] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 792.102284][T29079] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 792.105330][T29073] CPU: 0 PID: 29073 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 792.123255][T29073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 792.133307][T29073] Call Trace: [ 792.136584][T29073] [ 792.139507][T29073] dump_stack_lvl+0xd6/0x122 [ 792.144113][T29073] dump_stack+0x11/0x12 [ 792.148312][T29073] dump_header+0x98/0x410 [ 792.152648][T29073] out_of_memory+0x65e/0x880 [ 792.157243][T29073] memory_max_write+0x31b/0x420 [ 792.162115][T29073] ? memory_max_show+0x70/0x70 [ 792.166957][T29073] cgroup_file_write+0x167/0x300 [ 792.171969][T29073] ? __check_object_size+0x235/0x380 [ 792.177298][T29073] ? cgroup_seqfile_stop+0x70/0x70 [ 792.182419][T29073] kernfs_fop_write_iter+0x1d3/0x2c0 [ 792.187776][T29073] vfs_write+0x71c/0x890 [ 792.192059][T29073] ksys_write+0xe8/0x1a0 [ 792.196374][T29073] __x64_sys_write+0x3e/0x50 [ 792.200969][T29073] do_syscall_64+0x2b/0x70 [ 792.205392][T29073] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 792.211370][T29073] RIP: 0033:0x7f682d3270e9 [ 792.215783][T29073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 792.235387][T29073] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 792.243852][T29073] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 792.251836][T29073] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 792.259828][T29073] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 792.267815][T29073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 792.275781][T29073] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 792.283765][T29073] [ 792.286959][T29073] memory: usage 72kB, limit 0kB, failcnt 6628 [ 792.293049][T29073] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 792.299975][T29073] Memory cgroup stats for /syz0: [ 792.318279][T29073] anon 0 [ 792.318279][T29073] file 53248 [ 792.318279][T29073] kernel 20480 [ 792.318279][T29073] kernel_stack 0 [ 792.318279][T29073] pagetables 0 [ 792.318279][T29073] percpu 0 [ 792.318279][T29073] sock 0 [ 792.318279][T29073] vmalloc 0 [ 792.318279][T29073] shmem 53248 [ 792.318279][T29073] file_mapped 53248 [ 792.318279][T29073] file_dirty 0 [ 792.318279][T29073] file_writeback 0 [ 792.318279][T29073] swapcached 0 [ 792.318279][T29073] inactive_anon 0 [ 792.318279][T29073] active_anon 53248 [ 792.318279][T29073] inactive_file 0 [ 792.318279][T29073] active_file 0 [ 792.318279][T29073] unevictable 0 [ 792.318279][T29073] slab_reclaimable 2232 [ 792.318279][T29073] slab_unreclaimable 14936 [ 792.318279][T29073] slab 17168 [ 792.318279][T29073] workingset_refault_anon 0 [ 792.318279][T29073] workingset_refault_file 7 [ 792.318279][T29073] workingset_activate_anon 0 [ 792.318279][T29073] workingset_activate_file 0 [ 792.411449][T29073] Out of memory and no killable processes... [ 792.415075][T29074] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 792.730619][ T1867] device hsr_slave_0 left promiscuous mode [ 792.736788][ T1867] device hsr_slave_1 left promiscuous mode [ 792.743191][ T1867] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 792.750652][ T1867] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 792.758617][ T1867] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 792.766016][ T1867] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 792.773517][ T1867] device bridge_slave_1 left promiscuous mode [ 792.779713][ T1867] bridge0: port 2(bridge_slave_1) entered disabled state [ 792.787204][ T1867] device bridge_slave_0 left promiscuous mode [ 792.793416][ T1867] bridge0: port 1(bridge_slave_0) entered disabled state [ 792.802891][ T1867] device veth1_macvtap left promiscuous mode [ 792.808971][ T1867] device veth0_macvtap left promiscuous mode [ 792.814972][ T1867] device veth1_vlan left promiscuous mode [ 792.820750][ T1867] device veth0_vlan left promiscuous mode [ 792.898314][ T1867] team0 (unregistering): Port device team_slave_1 removed [ 792.908528][ T1867] team0 (unregistering): Port device team_slave_0 removed [ 792.917645][ T1867] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 792.928728][ T1867] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 792.955222][ T1867] bond0 (unregistering): Released all slaves [ 793.589839][T29107] chnl_net:caif_netlink_parms(): no params data found [ 793.620417][T29107] bridge0: port 1(bridge_slave_0) entered blocking state [ 793.627616][T29107] bridge0: port 1(bridge_slave_0) entered disabled state [ 793.635430][T29107] device bridge_slave_0 entered promiscuous mode [ 793.643345][T29107] bridge0: port 2(bridge_slave_1) entered blocking state [ 793.650497][T29107] bridge0: port 2(bridge_slave_1) entered disabled state [ 793.658314][T29107] device bridge_slave_1 entered promiscuous mode [ 793.673712][T29107] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 793.684117][T29107] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 793.700916][T29107] team0: Port device team_slave_0 added [ 793.707150][T29107] team0: Port device team_slave_1 added [ 793.720731][T29107] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 793.727652][T29107] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 793.753591][T29107] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 793.765415][T29107] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 793.772470][T29107] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 793.798429][T29107] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 793.819966][T29107] device hsr_slave_0 entered promiscuous mode [ 793.826550][T29107] device hsr_slave_1 entered promiscuous mode [ 793.832911][T29107] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 793.840459][T29107] Cannot create hsr debugfs directory [ 793.867991][T29107] bridge0: port 2(bridge_slave_1) entered blocking state [ 793.875024][T29107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 793.882295][T29107] bridge0: port 1(bridge_slave_0) entered blocking state [ 793.889426][T29107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 793.916102][T29107] 8021q: adding VLAN 0 to HW filter on device bond0 [ 793.926668][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 793.934864][ T77] bridge0: port 1(bridge_slave_0) entered disabled state [ 793.942652][ T77] bridge0: port 2(bridge_slave_1) entered disabled state [ 793.954489][T29107] 8021q: adding VLAN 0 to HW filter on device team0 [ 793.963649][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 793.972052][ T40] bridge0: port 1(bridge_slave_0) entered blocking state [ 793.979100][ T40] bridge0: port 1(bridge_slave_0) entered forwarding state [ 793.988587][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 793.997630][ T893] bridge0: port 2(bridge_slave_1) entered blocking state [ 794.004691][ T893] bridge0: port 2(bridge_slave_1) entered forwarding state [ 794.014390][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 794.029237][T29107] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 794.039575][T29107] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 794.050927][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 794.059857][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 794.068261][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 794.077026][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 794.085407][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 794.094100][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 794.102463][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 794.110881][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 794.119295][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 794.127399][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 794.135366][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 794.147739][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 794.155872][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 794.165532][T29107] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 794.241518][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 794.250264][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 794.285313][T29107] device veth0_vlan entered promiscuous mode [ 794.291807][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 794.299932][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 794.308791][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 794.316479][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 794.325813][T29107] device veth1_vlan entered promiscuous mode [ 794.337365][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 794.345233][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 794.353073][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 794.361371][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 794.371054][T29107] device veth0_macvtap entered promiscuous mode [ 794.379486][T29107] device veth1_macvtap entered promiscuous mode [ 794.390327][T29107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 794.400859][T29107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 794.410661][T29107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 794.421095][T29107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 794.430888][T29107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 794.441352][T29107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 794.451163][T29107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 794.461574][T29107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 794.471392][T29107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 794.481802][T29107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 794.492813][T29107] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 794.501772][T29107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 794.512342][T29107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 794.522214][T29107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 794.532622][T29107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 794.542416][T29107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 794.552818][T29107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 794.562703][T29107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 794.573115][T29107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 794.582994][T29107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 794.593478][T29107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 794.604980][T29107] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 794.613253][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 794.621355][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 794.629847][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready 18:43:30 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000300)='v7\x00', 0x0, 0x0) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) 18:43:30 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x300, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:30 executing program 2: syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x2c, r1, 0x9, 0x0, 0x0, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0) r2 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f00000001c0)={@loopback, @private1={0xfc, 0x1, '\x00', 0x1}, @remote, 0x0, 0x0, 0x0, 0x0, 0x9, 0x20c301e2, r5}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'erspan0\x00', &(0x7f0000000340)={'gre0\x00', 0x0, 0x1, 0x10, 0x7, 0x7f, {{0x9, 0x4, 0x0, 0xc, 0x24, 0x64, 0x0, 0x8, 0x2f, 0x0, @loopback, @multicast1, {[@ssrr={0x89, 0x7, 0xd8, [@loopback]}, @end, @noop, @generic={0x86, 0x5, "521d61"}]}}}}}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="30010000", @ANYRES16=r1, @ANYBLOB="000127bd7000fedbdf250d0000001c0001800800030000000000080003000300000008000100", @ANYRES32=0x0, @ANYBLOB="0c00018008000100", @ANYRES32=0x0, @ANYBLOB="18000180140002007465616d5f736c6176655f31000000006800018008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="080003000200000014000200776c616e310000000000000000000000080003000300000014000200766c616e3000000000000000030000001400020069703665727370616e300000000000000c00018008000300010000001800018014000200736974300000000000000000000000005000018014000200776c616e3000000000000000000000001400020067726574617030000000000000000000140002006873723000000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB], 0x130}, 0x1, 0x0, 0x0, 0x90}, 0x4008051) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x4e21, 0x9, @private2={0xfc, 0x2, '\x00', 0x1}, 0x552}, 0x1c) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="2400000003010102e5ffffff0000000002000000040002800c00198008000200400c0000"], 0x24}, 0x1, 0x0, 0x0, 0x400c000}, 0x20000004) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r9) sendmsg$IEEE802154_ADD_IFACE(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010026bd7000ffdbdf252100000009001f0070687931000000000c0005000202aaaaaaaaaaaa050020000100000024001f007068793020"], 0x58}}, 0x0) sendmsg$IEEE802154_LIST_PHY(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x14, r10, 0x8, 0x70bd2c, 0x25dfdbfe, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4004) syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) (async) sendmsg$ETHTOOL_MSG_DEBUG_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x2c, r1, 0x9, 0x0, 0x0, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0) (async) socket$inet6(0xa, 0x3, 0x6) (async) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async) dup(r3) (async) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f00000001c0)={@loopback, @private1={0xfc, 0x1, '\x00', 0x1}, @remote, 0x0, 0x0, 0x0, 0x0, 0x9, 0x20c301e2, r5}) (async) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'erspan0\x00', &(0x7f0000000340)={'gre0\x00', 0x0, 0x1, 0x10, 0x7, 0x7f, {{0x9, 0x4, 0x0, 0xc, 0x24, 0x64, 0x0, 0x8, 0x2f, 0x0, @loopback, @multicast1, {[@ssrr={0x89, 0x7, 0xd8, [@loopback]}, @end, @noop, @generic={0x86, 0x5, "521d61"}]}}}}}) (async) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="30010000", @ANYRES16=r1, @ANYBLOB="000127bd7000fedbdf250d0000001c0001800800030000000000080003000300000008000100", @ANYRES32=0x0, @ANYBLOB="0c00018008000100", @ANYRES32=0x0, @ANYBLOB="18000180140002007465616d5f736c6176655f31000000006800018008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="080003000200000014000200776c616e310000000000000000000000080003000300000014000200766c616e3000000000000000030000001400020069703665727370616e300000000000000c00018008000300010000001800018014000200736974300000000000000000000000005000018014000200776c616e3000000000000000000000001400020067726574617030000000000000000000140002006873723000000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB], 0x130}, 0x1, 0x0, 0x0, 0x90}, 0x4008051) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) bind$inet6(0xffffffffffffffff, &(0x7f0000000580)={0xa, 0x4e21, 0x9, @private2={0xfc, 0x2, '\x00', 0x1}, 0x552}, 0x1c) (async) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="2400000003010102e5ffffff0000000002000000040002800c00198008000200400c0000"], 0x24}, 0x1, 0x0, 0x0, 0x400c000}, 0x20000004) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r9) (async) sendmsg$IEEE802154_ADD_IFACE(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010026bd7000ffdbdf252100000009001f0070687931000000000c0005000202aaaaaaaaaaaa050020000100000024001f007068793020"], 0x58}}, 0x0) (async) sendmsg$IEEE802154_LIST_PHY(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x14, r10, 0x8, 0x70bd2c, 0x25dfdbfe, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4004) (async) 18:43:30 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0xa2) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r0, 0xc018937a, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r2, {0x54b0}}, './file0\x00'}) r4 = openat$cgroup_int(r3, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r4, &(0x7f0000000080), 0x12) 18:43:30 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) mount$bpf(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x102c080, &(0x7f0000000240)={[{@mode={'mode', 0x3d, 0x6}}, {@mode={'mode', 0x3d, 0x20}}], [{@appraise_type}, {@audit}, {@uid_gt}, {@subj_user={'subj_user', 0x3d, '+!-('}}]}) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000440), 0x200800, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r5, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x8, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000005c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000600), &(0x7f0000000640), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000680)}}, 0x10) (async) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000800)='/proc/tty/ldiscs\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000840)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'}) (async) r11 = pidfd_getfd(r0, r6, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000008c0)=@bpf_lsm={0x1d, 0xf, &(0x7f00000002c0)=@raw=[@alu={0x4, 0x1, 0xa, 0x9, 0x4, 0x106, 0x8}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x3}, @cb_func={0x18, 0xb, 0x4, 0x0, 0x7}, @alu={0x7, 0x1, 0x4, 0x1, 0x1, 0xfffffffffffffff0, 0x10}, @jmp={0x5, 0x1, 0x7, 0xa, 0x1, 0x10, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x2}, @exit, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}, @generic={0x6, 0x7, 0x4, 0x7, 0xca4}, @cb_func={0x18, 0x6, 0x4, 0x0, 0x5}], &(0x7f0000000340)='GPL\x00', 0x1800000, 0x94, &(0x7f0000000380)=""/148, 0x0, 0x2, '\x00', 0x0, 0x1b, r7, 0x8, &(0x7f0000000480)={0x3, 0x1}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0x2, 0x800, 0x7ff}, 0x10, r8, 0x0, 0x0, &(0x7f0000000880)=[r0, r4, r4, r9, r10, r11, r0]}, 0x80) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) [ 794.638283][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 794.646873][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 794.657410][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 18:43:30 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb000102", 0x8, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:30 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async, rerun: 32) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) (async, rerun: 32) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) mount$bpf(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x102c080, &(0x7f0000000240)={[{@mode={'mode', 0x3d, 0x6}}, {@mode={'mode', 0x3d, 0x20}}], [{@appraise_type}, {@audit}, {@uid_gt}, {@subj_user={'subj_user', 0x3d, '+!-('}}]}) (async, rerun: 64) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async, rerun: 64) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) (async, rerun: 32) r7 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000440), 0x200800, 0x0) (rerun: 32) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r5, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x8, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000005c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000600), &(0x7f0000000640), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000680)}}, 0x10) (async, rerun: 64) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000800)='/proc/tty/ldiscs\x00', 0x0, 0x0) (async, rerun: 64) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc018937e, &(0x7f0000000840)={{0x1, 0x1, 0x18, r0, {0x4}}, './file0\x00'}) (async) r11 = pidfd_getfd(r0, r6, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000008c0)=@bpf_lsm={0x1d, 0xf, &(0x7f00000002c0)=@raw=[@alu={0x4, 0x1, 0xa, 0x9, 0x4, 0x106, 0x8}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x3}, @cb_func={0x18, 0xb, 0x4, 0x0, 0x7}, @alu={0x7, 0x1, 0x4, 0x1, 0x1, 0xfffffffffffffff0, 0x10}, @jmp={0x5, 0x1, 0x7, 0xa, 0x1, 0x10, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x2}, @exit, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}, @generic={0x6, 0x7, 0x4, 0x7, 0xca4}, @cb_func={0x18, 0x6, 0x4, 0x0, 0x5}], &(0x7f0000000340)='GPL\x00', 0x1800000, 0x94, &(0x7f0000000380)=""/148, 0x0, 0x2, '\x00', 0x0, 0x1b, r7, 0x8, &(0x7f0000000480)={0x3, 0x1}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0x2, 0x800, 0x7ff}, 0x10, r8, 0x0, 0x0, &(0x7f0000000880)=[r0, r4, r4, r9, r10, r11, r0]}, 0x80) (async, rerun: 64) write$cgroup_int(r3, &(0x7f0000000080), 0x12) (rerun: 64) 18:43:30 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0xa2) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r0, 0xc018937a, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r2, {0x54b0}}, './file0\x00'}) r4 = openat$cgroup_int(r3, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) prlimit64(0x0, 0x0, 0x0, 0x0) (async, rerun: 64) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r4, &(0x7f0000000080), 0x12) 18:43:30 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x500, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 794.702552][T29154] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 794.711536][T29161] loop5: detected capacity change from 0 to 1024 18:43:30 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000300)='v7\x00', 0x0, 0x0) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000300)='v7\x00', 0x0, 0x0) (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) (async) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) (async) 18:43:31 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="850000002f0000008400000000000000950000000000000043fe880a42a1855d33cc931d5eb79216cb6381e562bfab957abe302caea68e7826d13b964e3383c266c92243fa3b8c96220e644ee87a7842019f086c82369b5f8329c492651c50bcc9ff92534f2d0f9980c4fc4d79c6b14c97dfdbb86ea9cc98b657ca71f594c46717"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x51}, 0x48) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000e40)) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000002b80)=r2, 0x4) r3 = signalfd(r0, &(0x7f00000001c0)={[0x7]}, 0x8) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={0xffffffffffffffff, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280), ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f0000000a00)=[0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={0xffffffffffffffff, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000280)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000cc0), 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) r8 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0x8, 0x7f}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000b80)={0x1, &(0x7f0000000a40)="eeac80c81249a3410f541e995aad39e18244976f8d26bf4ae97ea0ddcc625d9a0e1aed5b69221eca30bf40922ece197e3417b9f81d7e6122c86c37abaaa283f23c8a35bc7be1d0503a757cf9faf2de89600b4e00e8d9db4ce247bda20634d9f8231b9c9893c335274fa23153338542f6f648e420978f01b227b20af8c51f91557ccd4a282bb636636bf7542443a0b36b89e41f86c4924901231605c116fd0f588325844f", &(0x7f0000000b00)=""/104}, 0x20) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000680)=ANY=[@ANYBLOB="18080000000000000000000000002000851000000600000018100000", @ANYRES32=r8, @ANYBLOB="00000000000000002e080000000000001800000000000000000000000000000095000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@bloom_filter={0x1e, 0x63f61aba, 0xb9, 0x5, 0x100, 0xffffffffffffffff, 0x10001, '\x00', r6, r3, 0x2, 0x3, 0x5, 0x295}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x1f, 0x8, &(0x7f0000000bc0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xbb3, 0x0, 0x0, 0x0, 0xff}, [@call={0x85, 0x0, 0x0, 0x16}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x2}, @ldst={0x1, 0x2, 0x1, 0x5, 0x3, 0x100}, @generic={0x81, 0x4, 0xf, 0x1, 0x6}]}, &(0x7f0000000c00)='GPL\x00', 0x8723, 0x0, 0x0, 0x41000, 0x4, '\x00', r6, 0x15, r3, 0x8, &(0x7f0000000c40)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000d00)={0x3, 0x0, 0x6226, 0x6}, 0x10, r5, 0xffffffffffffffff, 0x0, &(0x7f0000000d40)=[0x1]}, 0x80) r10 = open_tree(r3, &(0x7f0000000700)='./file0\x00', 0x800) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x1c, 0x3, &(0x7f00000004c0)=@raw=[@jmp={0x5, 0x1, 0x7, 0x4, 0x2, 0x4}, @cb_func={0x18, 0x5, 0x4, 0x0, 0x6}], &(0x7f0000000540)='syzkaller\x00', 0xfffffffa, 0x0, 0x0, 0x41100, 0x12, '\x00', 0x0, 0x26, r10, 0x8, &(0x7f0000000780)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000940)={0x2, 0xc, 0xffffff81, 0x5c49}, 0x10, r7}, 0x80) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00)={0x0, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0xf, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000632c00000000000002000000c50202000100000095000000000000009500000000000000183000000100000000000000000000001850000000000000000004000000000085100000fcffffff9500000000000000d57cdfeff89c4a183fc6094d6551"], &(0x7f00000001c0)='syzkaller\x00', 0x1, 0x49, &(0x7f0000000c80)=""/73, 0x40f00, 0xa, '\x00', r6, 0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000ec0)={0x1, 0xd, 0xa54}, 0x10, r11, r9, 0x0, &(0x7f0000000f40)=[r8]}, 0x80) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x0, &(0x7f00000004c0), &(0x7f0000000500)='GPL\x00', 0x7e, 0x0, &(0x7f0000000540), 0x0, 0x6, '\x00', r4, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x1}, 0x8, 0x10, &(0x7f00000005c0)={0x0, 0x7, 0x81, 0x23}, 0x10, r11}, 0x80) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x11, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7}, [@btf_id={0x18, 0x0, 0x3, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x8}, @generic={0x2, 0x4, 0x3}, @ldst={0x0, 0x0, 0x4, 0xb, 0x3, 0x2, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x5}, @cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffffffffffffc}, @map_val={0x18, 0x2, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x2}, @map_idx={0x18, 0x3}]}, &(0x7f0000000300)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000380)={0x4, 0x7, 0xffffffff, 0x7}, 0x10, r11}, 0x80) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000200)="d8", 0x1}], 0x1}, 0x0) 18:43:31 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x40, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:43:31 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x600, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 794.794095][T29161] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 794.805154][T29208] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 18:43:31 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x140) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="58000000020601040000000086000000000000000500040000000000050001000700000011000300686173683a69702c706f7274000000000c00078008001240090000000900020073797a30000000000500050002000000"], 0x58}}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000000c0)="3ee4c9f862803177f7c127e005f74e1b4223", 0x12}, {&(0x7f0000000240)="343b05771474a402da48d8c1139dbfd371ef0802be73f8a55222c255a507bbb5b18c8066f8cc9c1d76cd2c8e862533dd9ffbdda2db438209c2b509b2a314d68195de71cec7781e4838baab0deb", 0x4d}, {&(0x7f0000000100)="aeff6600604c28c6cc7c29193c4dc052d58224c323b069b9944a65d6fad9", 0x1e}, {&(0x7f00000002c0)="c0ec3a00235c42a096a5c8e3f1d866bc95ad52f2c33c827ef65d570aac18a1f9005dc8482bee7f962a106aaa1900bab0ff6accd9f31aad101ede4541751a036fb74c5d791cc79b1430f4eb764feb587b8577d7686626944d96f4f37f87f8a5cbb1fceeae5d5e895d02531a9b1099c60fb1442d8834ab586c4bcacf8e5794f01862b086998f68a778c0", 0x89}, {&(0x7f0000000380)="d5de4e5e65a714b8eb66751eb2b5e5575c0e46d7fe350c23710ce69b689fdd945cba26718194c9c1afaa68889df8d17857d84a25e3a7ec4497a83e5ac2410395dd131d3d4fd2f8655f44371e8fbbdd7a505bea3f2b326e871c634fd66267102b468a3b1a994935c7ebfe34f45776a4866cd65b0065d5250b0e59f4bb5c1ac29520a07192490c4632bfbe826e0c62dc0783aedc8008521acdde6ac90dd8b72da5076facb1f764f62aecd34db5c15f6cf71b6d1435334f4faa9f4394239f9c68621950f472d37331dfa32840e9e0995fcd8195ad82750cb1a0e2a758c3a3d31b9d40b16dd49695496dd4407a9128c185471319f2b24da504fa0a474452", 0xfc}, {&(0x7f0000000480)="30f2cd928052937a35228bd4f5d2cf5c13ba6a8ebee04cf9d8a68c1cbd928dc955d82b9eb105195785dcbf2bc093e0bb215957b9da692511871882c89baac36b16c7d92b52efce3e734adbe7ab6d0026cc8e40944eb546932046643c8639d2dfc06d9e902544a346e22b1e3e98ae237aadeb19fc2b239b08a9bf915157b7ad1cab422287e780cbcdf2a72ccfc1e8eaa1e8c9fd406c6febe78ab4c8813877be05f0dd0444baf1d71992ec26a383b8e6a3d003261dac18f8c44353b2a0cadeda9bbab86e429659f673001458d8de887697414ca8dab45f0d73553ce5c8d68ea87d50a5e7514330c7fe75dd65", 0xeb}, {&(0x7f0000000580)="fadec8b5e1aa6d325edd745b54d7a4a2936c9f47cdcaf21d1a7ef714b7586231", 0x20}], 0x7, &(0x7f0000000640)=[@rights={{0x10}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee00}}}, @rights={{0x1c, 0x1, 0x1, [r3, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [r0, 0xffffffffffffffff, r1, r2, r1, 0xffffffffffffffff, r1, r1, r1, 0xffffffffffffffff]}}], 0x88, 0x8000}}, {{&(0x7f0000000700)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000bc0)=[{&(0x7f0000000780)="2f0efd047d73c65e4ac0ecdb05e303b6d0758073e8e252b829b3f4f83e3c662b4fe1841ced159ba792b78d08d1ee4a5a3678d04fae68d040d9e9541be32b02d84c248bb03cdcc4d87b881c6e51b4f17afee3f2cb9c3998a37996b686a46faa773a53ce7b812e3a4365789878476c032d17c666f3b8331eb45cd206b4fbea66a219000b65f91ca4795851dba5c5aab8772dc84b0427f71b0dc91002a52dca", 0x9e}, {&(0x7f0000000840)="a9a341782383", 0x6}, {&(0x7f0000000880)="f308d6f264250a5bf4a866efe74aaf978cb139b14ac2ea3f31a0ee871100226141c64384f2a3387f57a13f44f989fa24866263dba03c0bb89911dbcd69f81d668563f017b5e214368edc326d5be4b8e074d20b8f75284cd86ae7198435459b3e77350d3a7a0412e4507ec6d5bfa57c3f3bbf4dc889448521395f55a5fd6ecb3d74f4d507866f445466f0ed83bcf9dde465b11433af2f01585e21f684148a3cf9105c86cc2daf3b58cbe57f4b63b718fa3a3e30599b32169b59c31fdb2a1bc335623e", 0xc2}, {&(0x7f0000000980)="d41fac9b0bf5f3b22d684e52b12813ba59b9429008c8fbbd0e21c360a2012a768a4fb25b604b03657e2b849d7d68fa49b3fbd4ce096edb122470dd1a095765ccdd86b51badef4a211b7f0defdf2b6279cbb19b66b07c23d7c8c51f40947d571eca31df67c2dea835cc5c3de3031574e2ff14359a479df0a812cea7e2265430c875b5a6a5147e29fff178652a7935bffcffb67de7d1be1c68c3b20cb1e89c35c78151f7fc834495dc8a370bd2eaaeb259bf26a0d07bc486e857eadf68ea57d7d1efb87c593f7e1161e8b82794b8273a90f9ae48e61f97c4125e10d1474dd3155b", 0xe0}, {&(0x7f0000000a80)="5560ceb4c822f972beed89c86a5dbd395d495845aaae7805d5402134106ba8970f42a5729353cfb82ea07a347a2fb6a4c98921919b44e5f557239f736ef0d289913e70993c96f775de43cd0402c2afda63973d10dce10648f2ee315a754796eea06a43067f8bbb2664be7802dc07305530", 0x71}, {&(0x7f0000000b00)="8d86941886374c2f909091188f1fe49bd8339bccd43b7ee3fa37ca3c4561de83218e1e37e3a9adcdeb", 0x29}, {&(0x7f0000000b40)="3ac13eb9fd7223d04c10f07fcece1f59e71d380208f6b46c6d006c9ae5075aaa264ec0a666185b3fbeea9ae7f8b1c18397eb0b5695feec78d2166fa156923f7d410fbfbe10e37b7141ccc5f813dca8518d340ce7097e4f3d8b85cfdc1da530", 0x5f}], 0x7, 0x0, 0x0, 0x814}}, {{&(0x7f0000000c40)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000000cc0)="420db7231e18eb26edb4c42308ab78958de1f764e8a3e15e9143ac04a700a3bf841c95b70ddd8b79294aa66c574ea36f4831ab87c28524799007d2650ffbb43e1a7ac0e2e3a0c8f4db40872348cd8c8ce3f0b1bf456d2143c11d64310e59d7fcb4cc6126908d57f5d5e6c9af4a068849d32220581aa1a9f9f7fc6ed666", 0x7d}, {&(0x7f0000000d40)="ea259d916444014d12bbb54ba3f780e7e49569a89d51dd6e4f3edaa475bd5d54833a06d7685a1d8804a44c9962e56696a3c05ba271986f2c379bd33b41b9b12991284676934023f13c", 0x49}, {&(0x7f0000000dc0)="8a52a06bc8d9c5dfff68d0de8a5e9796fc8d6dc9834d650c5e0bd982e479b7c044ccdbd322180ee435f5b65bd7ef6d3f89a4cb8f9f99669d04c08e316f335b577e82c3f31e12897caa076fd505569e1bfada9a3111e6207575498c998525fbd33e38fa52086a3b2c7c1f3b9c4a70987a81b2131ae19e917a3c8ba81deb4ef55b2d7a58717777c419278d4f40fab181a95758393423f2325731d8c1f0fbf0bddf6688898da07d5582b82cd13dea2c0a6922b9f75bd3656091f15738a16fd53f3cda68b81d244dbddaa14025089504aae6a5193f17d58400acae1cdc9995b4fc53a751c48eaab4d7", 0xe7}, {&(0x7f0000000f40)="e0b1a08adc99c8f276f7af32e03f3d4acb0af80cd7521f3bf07c66d68925f9b4ce41281f782ab5766167cb029a0498fddbf4afd66f8815cb5c8c226b6b9e0e67028eee517a235b2ad3367e4867cf8a9c0d119b95da072781568c12378471f499bf7ba9414acaf8d51502715f21493abaeaeb47472264130eb742829f1b2d5d7fc7dbd711aacab05bdd2b8e2d82c81f25ea7a20edc476c3be5bb0fc390d767e36ee098d931a1d5ff9f89a7f2f9be33112b43cf4bfd48a54d0eec6161a561afa12375234a8f465e00a480daa3634635f43a5fb88919861b8c528408c7eed231715d0c8a8413a4f388ea7d398e430a17b693501491d28", 0xf5}, {&(0x7f0000000ec0)="a522078743451ad0609eb6fae50bad7e4d795a0bdb686f58eab6986a3a26a0503c491ad08bfbe0e744c20767e23d478e85", 0x31}, {&(0x7f0000001040)="67ee69", 0x3}], 0x6, &(0x7f0000001180)=[@rights={{0x34, 0x1, 0x1, [r0, 0xffffffffffffffff, r4, 0xffffffffffffffff, r4, r2, 0xffffffffffffffff, r3, r3]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01, 0xffffffffffffffff}}}], 0x58, 0x40800}}, {{0x0, 0x0, &(0x7f0000001240)=[{&(0x7f0000001200)="f9", 0x1}], 0x1, &(0x7f00000014c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}}, @cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r2, r3, 0xffffffffffffffff, r5, r4, r2, r6, r7]}}], 0x88, 0x2004c000}}, {{&(0x7f0000001580)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001700)=[{&(0x7f0000001600)="623f5f45c5fb200f747c4435f06f0f34d6730e409dff3cd4acb678078f735e3ca8191908cb832e380e74280c1147bdb0694dfd6c0359c274726d186af2d838e719ccc439bb045900ab856c2db3467e472d6f28ee82ed6206bb9bb2a85ad0686079bf6256ca6c115494a5dab3c241a551a95893e342161a05e26df81409a6eefc21dcd7f92c7fe27d16d07b954aa89bbc5cb7b744f2a5770f86d754e0840eff762c1cc6e17c2ecde5aabf1209125ffe5ea1ecc19b46e4fa2c4d6576879e07f41646db645c77cab9b2f7b1134cb58b27cf1e9daa99", 0xd4}], 0x1, 0x0, 0x0, 0x40014}}], 0x5, 0x8800) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:43:31 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) [ 794.841450][T29216] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 794.861005][T29218] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 794.871067][T29218] CPU: 0 PID: 29218 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 794.882089][T29218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 794.892142][T29218] Call Trace: [ 794.895484][T29218] [ 794.898402][T29218] dump_stack_lvl+0xd6/0x122 [ 794.902996][T29218] dump_stack+0x11/0x12 [ 794.907139][T29218] dump_header+0x98/0x410 [ 794.911568][T29218] oom_kill_process+0xfe/0x550 [ 794.916392][T29218] out_of_memory+0x620/0x880 [ 794.921038][T29218] memory_max_write+0x31b/0x420 [ 794.925960][T29218] ? memory_max_show+0x70/0x70 [ 794.930811][T29218] cgroup_file_write+0x167/0x300 [ 794.935749][T29218] ? __check_object_size+0x235/0x380 [ 794.941085][T29218] ? cgroup_seqfile_stop+0x70/0x70 [ 794.946197][T29218] kernfs_fop_write_iter+0x1d3/0x2c0 [ 794.951524][T29218] vfs_write+0x71c/0x890 [ 794.955811][T29218] ksys_write+0xe8/0x1a0 [ 794.960040][T29218] __x64_sys_write+0x3e/0x50 [ 794.964659][T29218] do_syscall_64+0x2b/0x70 [ 794.969064][T29218] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 794.974986][T29218] RIP: 0033:0x7f682d3270e9 [ 794.979387][T29218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 794.999029][T29218] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 795.007433][T29218] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 795.015429][T29218] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 795.023420][T29218] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 795.031442][T29218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 18:43:31 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="850000002f0000008400000000000000950000000000000043fe880a42a1855d33cc931d5eb79216cb6381e562bfab957abe302caea68e7826d13b964e3383c266c92243fa3b8c96220e644ee87a7842019f086c82369b5f8329c492651c50bcc9ff92534f2d0f9980c4fc4d79c6b14c97dfdbb86ea9cc98b657ca71f594c46717"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x51}, 0x48) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000e40)) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000002b80)=r2, 0x4) r3 = signalfd(r0, &(0x7f00000001c0)={[0x7]}, 0x8) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={0xffffffffffffffff, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280), ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f0000000a00)=[0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={0xffffffffffffffff, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000280)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000cc0), 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) r8 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0x8, 0x7f}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000b80)={0x1, &(0x7f0000000a40)="eeac80c81249a3410f541e995aad39e18244976f8d26bf4ae97ea0ddcc625d9a0e1aed5b69221eca30bf40922ece197e3417b9f81d7e6122c86c37abaaa283f23c8a35bc7be1d0503a757cf9faf2de89600b4e00e8d9db4ce247bda20634d9f8231b9c9893c335274fa23153338542f6f648e420978f01b227b20af8c51f91557ccd4a282bb636636bf7542443a0b36b89e41f86c4924901231605c116fd0f588325844f", &(0x7f0000000b00)=""/104}, 0x20) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000680)=ANY=[@ANYBLOB="18080000000000000000000000002000851000000600000018100000", @ANYRES32=r8, @ANYBLOB="00000000000000002e080000000000001800000000000000000000000000000095000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@bloom_filter={0x1e, 0x63f61aba, 0xb9, 0x5, 0x100, 0xffffffffffffffff, 0x10001, '\x00', r6, r3, 0x2, 0x3, 0x5, 0x295}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x1f, 0x8, &(0x7f0000000bc0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xbb3, 0x0, 0x0, 0x0, 0xff}, [@call={0x85, 0x0, 0x0, 0x16}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x2}, @ldst={0x1, 0x2, 0x1, 0x5, 0x3, 0x100}, @generic={0x81, 0x4, 0xf, 0x1, 0x6}]}, &(0x7f0000000c00)='GPL\x00', 0x8723, 0x0, 0x0, 0x41000, 0x4, '\x00', r6, 0x15, r3, 0x8, &(0x7f0000000c40)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000d00)={0x3, 0x0, 0x6226, 0x6}, 0x10, r5, 0xffffffffffffffff, 0x0, &(0x7f0000000d40)=[0x1]}, 0x80) r10 = open_tree(r3, &(0x7f0000000700)='./file0\x00', 0x800) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x1c, 0x3, &(0x7f00000004c0)=@raw=[@jmp={0x5, 0x1, 0x7, 0x4, 0x2, 0x4}, @cb_func={0x18, 0x5, 0x4, 0x0, 0x6}], &(0x7f0000000540)='syzkaller\x00', 0xfffffffa, 0x0, 0x0, 0x41100, 0x12, '\x00', 0x0, 0x26, r10, 0x8, &(0x7f0000000780)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000940)={0x2, 0xc, 0xffffff81, 0x5c49}, 0x10, r7}, 0x80) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00)={0x0, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0xf, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000632c00000000000002000000c50202000100000095000000000000009500000000000000183000000100000000000000000000001850000000000000000004000000000085100000fcffffff9500000000000000d57cdfeff89c4a183fc6094d6551"], &(0x7f00000001c0)='syzkaller\x00', 0x1, 0x49, &(0x7f0000000c80)=""/73, 0x40f00, 0xa, '\x00', r6, 0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000ec0)={0x1, 0xd, 0xa54}, 0x10, r11, r9, 0x0, &(0x7f0000000f40)=[r8]}, 0x80) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x0, &(0x7f00000004c0), &(0x7f0000000500)='GPL\x00', 0x7e, 0x0, &(0x7f0000000540), 0x0, 0x6, '\x00', r4, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x1}, 0x8, 0x10, &(0x7f00000005c0)={0x0, 0x7, 0x81, 0x23}, 0x10, r11}, 0x80) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x11, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7}, [@btf_id={0x18, 0x0, 0x3, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x8}, @generic={0x2, 0x4, 0x3}, @ldst={0x0, 0x0, 0x4, 0xb, 0x3, 0x2, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x5}, @cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffffffffffffc}, @map_val={0x18, 0x2, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x2}, @map_idx={0x18, 0x3}]}, &(0x7f0000000300)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000380)={0x4, 0x7, 0xffffffff, 0x7}, 0x10, r11}, 0x80) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000200)="d8", 0x1}], 0x1}, 0x0) socket$kcm(0x10, 0x2, 0x0) (async) socket$packet(0x11, 0x2, 0x300) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="850000002f0000008400000000000000950000000000000043fe880a42a1855d33cc931d5eb79216cb6381e562bfab957abe302caea68e7826d13b964e3383c266c92243fa3b8c96220e644ee87a7842019f086c82369b5f8329c492651c50bcc9ff92534f2d0f9980c4fc4d79c6b14c97dfdbb86ea9cc98b657ca71f594c46717"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x51}, 0x48) (async) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000e40)) (async) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000002b80)=r2, 0x4) (async) signalfd(r0, &(0x7f00000001c0)={[0x7]}, 0x8) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={0xffffffffffffffff, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280), ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f0000000a00)=[0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={0xffffffffffffffff, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000280)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000cc0), 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) (async) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0x8, 0x7f}, 0x48) (async) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000b80)={0x1, &(0x7f0000000a40)="eeac80c81249a3410f541e995aad39e18244976f8d26bf4ae97ea0ddcc625d9a0e1aed5b69221eca30bf40922ece197e3417b9f81d7e6122c86c37abaaa283f23c8a35bc7be1d0503a757cf9faf2de89600b4e00e8d9db4ce247bda20634d9f8231b9c9893c335274fa23153338542f6f648e420978f01b227b20af8c51f91557ccd4a282bb636636bf7542443a0b36b89e41f86c4924901231605c116fd0f588325844f", &(0x7f0000000b00)=""/104}, 0x20) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000680)=ANY=[@ANYBLOB="18080000000000000000000000002000851000000600000018100000", @ANYRES32=r8, @ANYBLOB="00000000000000002e080000000000001800000000000000000000000000000095000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@bloom_filter={0x1e, 0x63f61aba, 0xb9, 0x5, 0x100, 0xffffffffffffffff, 0x10001, '\x00', r6, r3, 0x2, 0x3, 0x5, 0x295}, 0x48) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x1f, 0x8, &(0x7f0000000bc0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xbb3, 0x0, 0x0, 0x0, 0xff}, [@call={0x85, 0x0, 0x0, 0x16}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x2}, @ldst={0x1, 0x2, 0x1, 0x5, 0x3, 0x100}, @generic={0x81, 0x4, 0xf, 0x1, 0x6}]}, &(0x7f0000000c00)='GPL\x00', 0x8723, 0x0, 0x0, 0x41000, 0x4, '\x00', r6, 0x15, r3, 0x8, &(0x7f0000000c40)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000d00)={0x3, 0x0, 0x6226, 0x6}, 0x10, r5, 0xffffffffffffffff, 0x0, &(0x7f0000000d40)=[0x1]}, 0x80) (async) open_tree(r3, &(0x7f0000000700)='./file0\x00', 0x800) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x1c, 0x3, &(0x7f00000004c0)=@raw=[@jmp={0x5, 0x1, 0x7, 0x4, 0x2, 0x4}, @cb_func={0x18, 0x5, 0x4, 0x0, 0x6}], &(0x7f0000000540)='syzkaller\x00', 0xfffffffa, 0x0, 0x0, 0x41100, 0x12, '\x00', 0x0, 0x26, r10, 0x8, &(0x7f0000000780)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000940)={0x2, 0xc, 0xffffff81, 0x5c49}, 0x10, r7}, 0x80) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0xf, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000632c00000000000002000000c50202000100000095000000000000009500000000000000183000000100000000000000000000001850000000000000000004000000000085100000fcffffff9500000000000000d57cdfeff89c4a183fc6094d6551"], &(0x7f00000001c0)='syzkaller\x00', 0x1, 0x49, &(0x7f0000000c80)=""/73, 0x40f00, 0xa, '\x00', r6, 0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000ec0)={0x1, 0xd, 0xa54}, 0x10, r11, r9, 0x0, &(0x7f0000000f40)=[r8]}, 0x80) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x0, &(0x7f00000004c0), &(0x7f0000000500)='GPL\x00', 0x7e, 0x0, &(0x7f0000000540), 0x0, 0x6, '\x00', r4, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x1}, 0x8, 0x10, &(0x7f00000005c0)={0x0, 0x7, 0x81, 0x23}, 0x10, r11}, 0x80) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x11, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7}, [@btf_id={0x18, 0x0, 0x3, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x8}, @generic={0x2, 0x4, 0x3}, @ldst={0x0, 0x0, 0x4, 0xb, 0x3, 0x2, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x5}, @cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffffffffffffc}, @map_val={0x18, 0x2, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x2}, @map_idx={0x18, 0x3}]}, &(0x7f0000000300)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000380)={0x4, 0x7, 0xffffffff, 0x7}, 0x10, r11}, 0x80) (async) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000200)="d8", 0x1}], 0x1}, 0x0) (async) 18:43:31 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x700, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 795.039395][T29218] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 795.047352][T29218] [ 795.050404][T29218] memory: usage 344kB, limit 0kB, failcnt 6647 [ 795.056565][T29218] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 795.063473][T29218] Memory cgroup stats for /syz0: [ 795.066733][T29218] anon 102400 [ 795.066733][T29218] file 53248 [ 795.066733][T29218] kernel 188416 [ 795.066733][T29218] kernel_stack 32768 [ 795.066733][T29218] pagetables 77824 [ 795.066733][T29218] percpu 0 [ 795.066733][T29218] sock 0 [ 795.066733][T29218] vmalloc 0 [ 795.066733][T29218] shmem 53248 [ 795.066733][T29218] file_mapped 53248 [ 795.066733][T29218] file_dirty 0 [ 795.066733][T29218] file_writeback 0 [ 795.066733][T29218] swapcached 0 [ 795.066733][T29218] inactive_anon 102400 [ 795.066733][T29218] active_anon 53248 [ 795.066733][T29218] inactive_file 0 [ 795.066733][T29218] active_file 0 [ 795.066733][T29218] unevictable 0 [ 795.066733][T29218] slab_reclaimable 6776 [ 795.066733][T29218] slab_unreclaimable 41008 [ 795.066733][T29218] slab 47784 [ 795.066733][T29218] workingset_refault_anon 0 [ 795.066733][T29218] workingset_refault_file 7 [ 795.066733][T29218] workingset_activate_anon 0 [ 795.066733][T29218] workingset_activate_file 0 [ 795.160549][T29218] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=29207,uid=0 [ 795.175856][T29218] Memory cgroup out of memory: Killed process 29207 (syz-executor.0) total-vm:42600kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 18:43:31 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x900, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 795.195326][T29232] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 795.208493][T29218] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 795.218696][T29218] CPU: 0 PID: 29218 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 795.229735][T29218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 18:43:31 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xa00, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:31 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000300)='v7\x00', 0x0, 0x0) (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) (async) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) 18:43:31 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xb00, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 795.229964][T29236] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 795.239786][T29218] Call Trace: [ 795.239793][T29218] [ 795.239800][T29218] dump_stack_lvl+0xd6/0x122 [ 795.239829][T29218] dump_stack+0x11/0x12 [ 795.262005][T29218] dump_header+0x98/0x410 [ 795.266375][T29218] oom_kill_process+0xfe/0x550 [ 795.266632][T29238] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 795.271138][T29218] out_of_memory+0x620/0x880 [ 795.282693][T29218] memory_max_write+0x31b/0x420 [ 795.287643][T29218] ? memory_max_show+0x70/0x70 18:43:31 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xc00, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:31 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xd00, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 795.292415][T29218] cgroup_file_write+0x167/0x300 [ 795.297418][T29218] ? __check_object_size+0x235/0x380 [ 795.299860][T29240] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 795.302701][T29218] ? cgroup_seqfile_stop+0x70/0x70 [ 795.314719][T29218] kernfs_fop_write_iter+0x1d3/0x2c0 [ 795.320077][T29218] vfs_write+0x71c/0x890 [ 795.324460][T29218] ksys_write+0xe8/0x1a0 [ 795.328094][T29242] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 795.328779][T29218] __x64_sys_write+0x3e/0x50 [ 795.340301][T29218] do_syscall_64+0x2b/0x70 [ 795.344716][T29218] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 795.350622][T29218] RIP: 0033:0x7f682d3270e9 [ 795.351099][T29244] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 795.355033][T29218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 795.381556][T29218] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 795.390005][T29218] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 795.397953][T29218] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 795.405929][T29218] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 795.413875][T29218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 795.421857][T29218] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 795.429809][T29218] [ 795.432861][T29218] memory: usage 152kB, limit 0kB, failcnt 6719 [ 795.439031][T29218] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 795.445867][T29218] Memory cgroup stats for /syz0: [ 795.446151][T29218] anon 40960 [ 795.446151][T29218] file 53248 [ 795.446151][T29218] kernel 61440 [ 795.446151][T29218] kernel_stack 0 [ 795.446151][T29218] pagetables 8192 [ 795.446151][T29218] percpu 0 [ 795.446151][T29218] sock 0 [ 795.446151][T29218] vmalloc 0 [ 795.446151][T29218] shmem 53248 [ 795.446151][T29218] file_mapped 53248 [ 795.446151][T29218] file_dirty 0 [ 795.446151][T29218] file_writeback 0 [ 795.446151][T29218] swapcached 0 [ 795.446151][T29218] inactive_anon 40960 [ 795.446151][T29218] active_anon 53248 [ 795.446151][T29218] inactive_file 0 [ 795.446151][T29218] active_file 0 [ 795.446151][T29218] unevictable 0 [ 795.446151][T29218] slab_reclaimable 11104 [ 795.446151][T29218] slab_unreclaimable 29784 [ 795.446151][T29218] slab 40888 [ 795.446151][T29218] workingset_refault_anon 0 [ 795.446151][T29218] workingset_refault_file 7 [ 795.446151][T29218] workingset_activate_anon 0 [ 795.446151][T29218] workingset_activate_file 0 [ 795.539319][T29218] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=29107,uid=0 [ 795.554659][T29218] Memory cgroup out of memory: Killed process 29107 (syz-executor.0) total-vm:42336kB, anon-rss:384kB, file-rss:9088kB, shmem-rss:56kB, UID:0 pgtables:72kB oom_score_adj:0 [ 795.577406][T29219] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 795.584666][T29246] loop5: detected capacity change from 0 to 1024 [ 795.587735][T29219] CPU: 0 PID: 29219 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 795.601130][T29246] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 795.605041][T29219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 795.605055][T29219] Call Trace: [ 795.605061][T29219] [ 795.605068][T29219] dump_stack_lvl+0xd6/0x122 [ 795.634697][T29219] dump_stack+0x11/0x12 [ 795.638856][T29219] dump_header+0x98/0x410 [ 795.643191][T29219] out_of_memory+0x65e/0x880 [ 795.647768][T29219] memory_max_write+0x31b/0x420 [ 795.652683][T29219] ? memory_max_show+0x70/0x70 [ 795.657571][T29219] cgroup_file_write+0x167/0x300 [ 795.662508][T29219] ? __check_object_size+0x235/0x380 [ 795.667777][T29219] ? cgroup_seqfile_stop+0x70/0x70 [ 795.672879][T29219] kernfs_fop_write_iter+0x1d3/0x2c0 [ 795.678252][T29219] vfs_write+0x71c/0x890 [ 795.682495][T29219] ksys_write+0xe8/0x1a0 [ 795.686734][T29219] __x64_sys_write+0x3e/0x50 [ 795.691342][T29219] do_syscall_64+0x2b/0x70 [ 795.695836][T29219] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 795.701749][T29219] RIP: 0033:0x7ff0acc260e9 [ 795.706164][T29219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 795.725827][T29219] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 795.734232][T29219] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 795.742234][T29219] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 795.750195][T29219] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 795.760246][T29219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 795.768220][T29219] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 795.776193][T29219] [ 795.779237][T29219] memory: usage 96kB, limit 0kB, failcnt 6736 [ 795.785307][T29219] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 795.792171][T29219] Memory cgroup stats for /syz0: [ 795.794787][T29219] anon 0 [ 795.794787][T29219] file 53248 [ 795.794787][T29219] kernel 40960 [ 795.794787][T29219] kernel_stack 0 [ 795.794787][T29219] pagetables 0 [ 795.794787][T29219] percpu 0 [ 795.794787][T29219] sock 0 [ 795.794787][T29219] vmalloc 0 [ 795.794787][T29219] shmem 53248 [ 795.794787][T29219] file_mapped 53248 [ 795.794787][T29219] file_dirty 0 [ 795.794787][T29219] file_writeback 0 [ 795.794787][T29219] swapcached 0 [ 795.794787][T29219] inactive_anon 0 [ 795.794787][T29219] active_anon 53248 18:43:32 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x40, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:43:32 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xe00, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:32 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="850000002f0000008400000000000000950000000000000043fe880a42a1855d33cc931d5eb79216cb6381e562bfab957abe302caea68e7826d13b964e3383c266c92243fa3b8c96220e644ee87a7842019f086c82369b5f8329c492651c50bcc9ff92534f2d0f9980c4fc4d79c6b14c97dfdbb86ea9cc98b657ca71f594c46717"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x51}, 0x48) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000e40)) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000002b80)=r2, 0x4) r3 = signalfd(r0, &(0x7f00000001c0)={[0x7]}, 0x8) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={0xffffffffffffffff, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280), ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f0000000a00)=[0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={0xffffffffffffffff, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000280)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000cc0), 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) r8 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0x8, 0x7f}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000b80)={0x1, &(0x7f0000000a40)="eeac80c81249a3410f541e995aad39e18244976f8d26bf4ae97ea0ddcc625d9a0e1aed5b69221eca30bf40922ece197e3417b9f81d7e6122c86c37abaaa283f23c8a35bc7be1d0503a757cf9faf2de89600b4e00e8d9db4ce247bda20634d9f8231b9c9893c335274fa23153338542f6f648e420978f01b227b20af8c51f91557ccd4a282bb636636bf7542443a0b36b89e41f86c4924901231605c116fd0f588325844f", &(0x7f0000000b00)=""/104}, 0x20) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000680)=ANY=[@ANYBLOB="18080000000000000000000000002000851000000600000018100000", @ANYRES32=r8, @ANYBLOB="00000000000000002e080000000000001800000000000000000000000000000095000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@bloom_filter={0x1e, 0x63f61aba, 0xb9, 0x5, 0x100, 0xffffffffffffffff, 0x10001, '\x00', r6, r3, 0x2, 0x3, 0x5, 0x295}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x1f, 0x8, &(0x7f0000000bc0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xbb3, 0x0, 0x0, 0x0, 0xff}, [@call={0x85, 0x0, 0x0, 0x16}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x2}, @ldst={0x1, 0x2, 0x1, 0x5, 0x3, 0x100}, @generic={0x81, 0x4, 0xf, 0x1, 0x6}]}, &(0x7f0000000c00)='GPL\x00', 0x8723, 0x0, 0x0, 0x41000, 0x4, '\x00', r6, 0x15, r3, 0x8, &(0x7f0000000c40)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000d00)={0x3, 0x0, 0x6226, 0x6}, 0x10, r5, 0xffffffffffffffff, 0x0, &(0x7f0000000d40)=[0x1]}, 0x80) r10 = open_tree(r3, &(0x7f0000000700)='./file0\x00', 0x800) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x1c, 0x3, &(0x7f00000004c0)=@raw=[@jmp={0x5, 0x1, 0x7, 0x4, 0x2, 0x4}, @cb_func={0x18, 0x5, 0x4, 0x0, 0x6}], &(0x7f0000000540)='syzkaller\x00', 0xfffffffa, 0x0, 0x0, 0x41100, 0x12, '\x00', 0x0, 0x26, r10, 0x8, &(0x7f0000000780)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000940)={0x2, 0xc, 0xffffff81, 0x5c49}, 0x10, r7}, 0x80) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00)={0x0, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0xf, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000632c00000000000002000000c50202000100000095000000000000009500000000000000183000000100000000000000000000001850000000000000000004000000000085100000fcffffff9500000000000000d57cdfeff89c4a183fc6094d6551"], &(0x7f00000001c0)='syzkaller\x00', 0x1, 0x49, &(0x7f0000000c80)=""/73, 0x40f00, 0xa, '\x00', r6, 0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000ec0)={0x1, 0xd, 0xa54}, 0x10, r11, r9, 0x0, &(0x7f0000000f40)=[r8]}, 0x80) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x0, &(0x7f00000004c0), &(0x7f0000000500)='GPL\x00', 0x7e, 0x0, &(0x7f0000000540), 0x0, 0x6, '\x00', r4, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x1}, 0x8, 0x10, &(0x7f00000005c0)={0x0, 0x7, 0x81, 0x23}, 0x10, r11}, 0x80) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x11, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7}, [@btf_id={0x18, 0x0, 0x3, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x8}, @generic={0x2, 0x4, 0x3}, @ldst={0x0, 0x0, 0x4, 0xb, 0x3, 0x2, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x5}, @cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffffffffffffc}, @map_val={0x18, 0x2, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x2}, @map_idx={0x18, 0x3}]}, &(0x7f0000000300)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000380)={0x4, 0x7, 0xffffffff, 0x7}, 0x10, r11}, 0x80) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000200)="d8", 0x1}], 0x1}, 0x0) socket$kcm(0x10, 0x2, 0x0) (async) socket$packet(0x11, 0x2, 0x300) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="850000002f0000008400000000000000950000000000000043fe880a42a1855d33cc931d5eb79216cb6381e562bfab957abe302caea68e7826d13b964e3383c266c92243fa3b8c96220e644ee87a7842019f086c82369b5f8329c492651c50bcc9ff92534f2d0f9980c4fc4d79c6b14c97dfdbb86ea9cc98b657ca71f594c46717"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x51}, 0x48) (async) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000e40)) (async) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000002b80)=r2, 0x4) (async) signalfd(r0, &(0x7f00000001c0)={[0x7]}, 0x8) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={0xffffffffffffffff, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280), ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f0000000a00)=[0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={0xffffffffffffffff, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000280)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000cc0), 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) (async) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0x8, 0x7f}, 0x48) (async) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000b80)={0x1, &(0x7f0000000a40)="eeac80c81249a3410f541e995aad39e18244976f8d26bf4ae97ea0ddcc625d9a0e1aed5b69221eca30bf40922ece197e3417b9f81d7e6122c86c37abaaa283f23c8a35bc7be1d0503a757cf9faf2de89600b4e00e8d9db4ce247bda20634d9f8231b9c9893c335274fa23153338542f6f648e420978f01b227b20af8c51f91557ccd4a282bb636636bf7542443a0b36b89e41f86c4924901231605c116fd0f588325844f", &(0x7f0000000b00)=""/104}, 0x20) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000680)=ANY=[@ANYBLOB="18080000000000000000000000002000851000000600000018100000", @ANYRES32=r8, @ANYBLOB="00000000000000002e080000000000001800000000000000000000000000000095000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@bloom_filter={0x1e, 0x63f61aba, 0xb9, 0x5, 0x100, 0xffffffffffffffff, 0x10001, '\x00', r6, r3, 0x2, 0x3, 0x5, 0x295}, 0x48) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x1f, 0x8, &(0x7f0000000bc0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xbb3, 0x0, 0x0, 0x0, 0xff}, [@call={0x85, 0x0, 0x0, 0x16}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x2}, @ldst={0x1, 0x2, 0x1, 0x5, 0x3, 0x100}, @generic={0x81, 0x4, 0xf, 0x1, 0x6}]}, &(0x7f0000000c00)='GPL\x00', 0x8723, 0x0, 0x0, 0x41000, 0x4, '\x00', r6, 0x15, r3, 0x8, &(0x7f0000000c40)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000d00)={0x3, 0x0, 0x6226, 0x6}, 0x10, r5, 0xffffffffffffffff, 0x0, &(0x7f0000000d40)=[0x1]}, 0x80) (async) open_tree(r3, &(0x7f0000000700)='./file0\x00', 0x800) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x1c, 0x3, &(0x7f00000004c0)=@raw=[@jmp={0x5, 0x1, 0x7, 0x4, 0x2, 0x4}, @cb_func={0x18, 0x5, 0x4, 0x0, 0x6}], &(0x7f0000000540)='syzkaller\x00', 0xfffffffa, 0x0, 0x0, 0x41100, 0x12, '\x00', 0x0, 0x26, r10, 0x8, &(0x7f0000000780)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000940)={0x2, 0xc, 0xffffff81, 0x5c49}, 0x10, r7}, 0x80) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0xf, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000632c00000000000002000000c50202000100000095000000000000009500000000000000183000000100000000000000000000001850000000000000000004000000000085100000fcffffff9500000000000000d57cdfeff89c4a183fc6094d6551"], &(0x7f00000001c0)='syzkaller\x00', 0x1, 0x49, &(0x7f0000000c80)=""/73, 0x40f00, 0xa, '\x00', r6, 0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000ec0)={0x1, 0xd, 0xa54}, 0x10, r11, r9, 0x0, &(0x7f0000000f40)=[r8]}, 0x80) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x0, &(0x7f00000004c0), &(0x7f0000000500)='GPL\x00', 0x7e, 0x0, &(0x7f0000000540), 0x0, 0x6, '\x00', r4, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x1}, 0x8, 0x10, &(0x7f00000005c0)={0x0, 0x7, 0x81, 0x23}, 0x10, r11}, 0x80) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x11, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7}, [@btf_id={0x18, 0x0, 0x3, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x8}, @generic={0x2, 0x4, 0x3}, @ldst={0x0, 0x0, 0x4, 0xb, 0x3, 0x2, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x5}, @cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffffffffffffc}, @map_val={0x18, 0x2, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x2}, @map_idx={0x18, 0x3}]}, &(0x7f0000000300)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000380)={0x4, 0x7, 0xffffffff, 0x7}, 0x10, r11}, 0x80) (async) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000200)="d8", 0x1}], 0x1}, 0x0) (async) 18:43:32 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x140) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) (async, rerun: 64) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 64) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) (async) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="58000000020601040000000086000000000000000500040000000000050001000700000011000300686173683a69702c706f7274000000000c00078008001240090000000900020073797a30000000000500050002000000"], 0x58}}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000000c0)="3ee4c9f862803177f7c127e005f74e1b4223", 0x12}, {&(0x7f0000000240)="343b05771474a402da48d8c1139dbfd371ef0802be73f8a55222c255a507bbb5b18c8066f8cc9c1d76cd2c8e862533dd9ffbdda2db438209c2b509b2a314d68195de71cec7781e4838baab0deb", 0x4d}, {&(0x7f0000000100)="aeff6600604c28c6cc7c29193c4dc052d58224c323b069b9944a65d6fad9", 0x1e}, {&(0x7f00000002c0)="c0ec3a00235c42a096a5c8e3f1d866bc95ad52f2c33c827ef65d570aac18a1f9005dc8482bee7f962a106aaa1900bab0ff6accd9f31aad101ede4541751a036fb74c5d791cc79b1430f4eb764feb587b8577d7686626944d96f4f37f87f8a5cbb1fceeae5d5e895d02531a9b1099c60fb1442d8834ab586c4bcacf8e5794f01862b086998f68a778c0", 0x89}, {&(0x7f0000000380)="d5de4e5e65a714b8eb66751eb2b5e5575c0e46d7fe350c23710ce69b689fdd945cba26718194c9c1afaa68889df8d17857d84a25e3a7ec4497a83e5ac2410395dd131d3d4fd2f8655f44371e8fbbdd7a505bea3f2b326e871c634fd66267102b468a3b1a994935c7ebfe34f45776a4866cd65b0065d5250b0e59f4bb5c1ac29520a07192490c4632bfbe826e0c62dc0783aedc8008521acdde6ac90dd8b72da5076facb1f764f62aecd34db5c15f6cf71b6d1435334f4faa9f4394239f9c68621950f472d37331dfa32840e9e0995fcd8195ad82750cb1a0e2a758c3a3d31b9d40b16dd49695496dd4407a9128c185471319f2b24da504fa0a474452", 0xfc}, {&(0x7f0000000480)="30f2cd928052937a35228bd4f5d2cf5c13ba6a8ebee04cf9d8a68c1cbd928dc955d82b9eb105195785dcbf2bc093e0bb215957b9da692511871882c89baac36b16c7d92b52efce3e734adbe7ab6d0026cc8e40944eb546932046643c8639d2dfc06d9e902544a346e22b1e3e98ae237aadeb19fc2b239b08a9bf915157b7ad1cab422287e780cbcdf2a72ccfc1e8eaa1e8c9fd406c6febe78ab4c8813877be05f0dd0444baf1d71992ec26a383b8e6a3d003261dac18f8c44353b2a0cadeda9bbab86e429659f673001458d8de887697414ca8dab45f0d73553ce5c8d68ea87d50a5e7514330c7fe75dd65", 0xeb}, {&(0x7f0000000580)="fadec8b5e1aa6d325edd745b54d7a4a2936c9f47cdcaf21d1a7ef714b7586231", 0x20}], 0x7, &(0x7f0000000640)=[@rights={{0x10}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee00}}}, @rights={{0x1c, 0x1, 0x1, [r3, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [r0, 0xffffffffffffffff, r1, r2, r1, 0xffffffffffffffff, r1, r1, r1, 0xffffffffffffffff]}}], 0x88, 0x8000}}, {{&(0x7f0000000700)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000bc0)=[{&(0x7f0000000780)="2f0efd047d73c65e4ac0ecdb05e303b6d0758073e8e252b829b3f4f83e3c662b4fe1841ced159ba792b78d08d1ee4a5a3678d04fae68d040d9e9541be32b02d84c248bb03cdcc4d87b881c6e51b4f17afee3f2cb9c3998a37996b686a46faa773a53ce7b812e3a4365789878476c032d17c666f3b8331eb45cd206b4fbea66a219000b65f91ca4795851dba5c5aab8772dc84b0427f71b0dc91002a52dca", 0x9e}, {&(0x7f0000000840)="a9a341782383", 0x6}, {&(0x7f0000000880)="f308d6f264250a5bf4a866efe74aaf978cb139b14ac2ea3f31a0ee871100226141c64384f2a3387f57a13f44f989fa24866263dba03c0bb89911dbcd69f81d668563f017b5e214368edc326d5be4b8e074d20b8f75284cd86ae7198435459b3e77350d3a7a0412e4507ec6d5bfa57c3f3bbf4dc889448521395f55a5fd6ecb3d74f4d507866f445466f0ed83bcf9dde465b11433af2f01585e21f684148a3cf9105c86cc2daf3b58cbe57f4b63b718fa3a3e30599b32169b59c31fdb2a1bc335623e", 0xc2}, {&(0x7f0000000980)="d41fac9b0bf5f3b22d684e52b12813ba59b9429008c8fbbd0e21c360a2012a768a4fb25b604b03657e2b849d7d68fa49b3fbd4ce096edb122470dd1a095765ccdd86b51badef4a211b7f0defdf2b6279cbb19b66b07c23d7c8c51f40947d571eca31df67c2dea835cc5c3de3031574e2ff14359a479df0a812cea7e2265430c875b5a6a5147e29fff178652a7935bffcffb67de7d1be1c68c3b20cb1e89c35c78151f7fc834495dc8a370bd2eaaeb259bf26a0d07bc486e857eadf68ea57d7d1efb87c593f7e1161e8b82794b8273a90f9ae48e61f97c4125e10d1474dd3155b", 0xe0}, {&(0x7f0000000a80)="5560ceb4c822f972beed89c86a5dbd395d495845aaae7805d5402134106ba8970f42a5729353cfb82ea07a347a2fb6a4c98921919b44e5f557239f736ef0d289913e70993c96f775de43cd0402c2afda63973d10dce10648f2ee315a754796eea06a43067f8bbb2664be7802dc07305530", 0x71}, {&(0x7f0000000b00)="8d86941886374c2f909091188f1fe49bd8339bccd43b7ee3fa37ca3c4561de83218e1e37e3a9adcdeb", 0x29}, {&(0x7f0000000b40)="3ac13eb9fd7223d04c10f07fcece1f59e71d380208f6b46c6d006c9ae5075aaa264ec0a666185b3fbeea9ae7f8b1c18397eb0b5695feec78d2166fa156923f7d410fbfbe10e37b7141ccc5f813dca8518d340ce7097e4f3d8b85cfdc1da530", 0x5f}], 0x7, 0x0, 0x0, 0x814}}, {{&(0x7f0000000c40)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000000cc0)="420db7231e18eb26edb4c42308ab78958de1f764e8a3e15e9143ac04a700a3bf841c95b70ddd8b79294aa66c574ea36f4831ab87c28524799007d2650ffbb43e1a7ac0e2e3a0c8f4db40872348cd8c8ce3f0b1bf456d2143c11d64310e59d7fcb4cc6126908d57f5d5e6c9af4a068849d32220581aa1a9f9f7fc6ed666", 0x7d}, {&(0x7f0000000d40)="ea259d916444014d12bbb54ba3f780e7e49569a89d51dd6e4f3edaa475bd5d54833a06d7685a1d8804a44c9962e56696a3c05ba271986f2c379bd33b41b9b12991284676934023f13c", 0x49}, {&(0x7f0000000dc0)="8a52a06bc8d9c5dfff68d0de8a5e9796fc8d6dc9834d650c5e0bd982e479b7c044ccdbd322180ee435f5b65bd7ef6d3f89a4cb8f9f99669d04c08e316f335b577e82c3f31e12897caa076fd505569e1bfada9a3111e6207575498c998525fbd33e38fa52086a3b2c7c1f3b9c4a70987a81b2131ae19e917a3c8ba81deb4ef55b2d7a58717777c419278d4f40fab181a95758393423f2325731d8c1f0fbf0bddf6688898da07d5582b82cd13dea2c0a6922b9f75bd3656091f15738a16fd53f3cda68b81d244dbddaa14025089504aae6a5193f17d58400acae1cdc9995b4fc53a751c48eaab4d7", 0xe7}, {&(0x7f0000000f40)="e0b1a08adc99c8f276f7af32e03f3d4acb0af80cd7521f3bf07c66d68925f9b4ce41281f782ab5766167cb029a0498fddbf4afd66f8815cb5c8c226b6b9e0e67028eee517a235b2ad3367e4867cf8a9c0d119b95da072781568c12378471f499bf7ba9414acaf8d51502715f21493abaeaeb47472264130eb742829f1b2d5d7fc7dbd711aacab05bdd2b8e2d82c81f25ea7a20edc476c3be5bb0fc390d767e36ee098d931a1d5ff9f89a7f2f9be33112b43cf4bfd48a54d0eec6161a561afa12375234a8f465e00a480daa3634635f43a5fb88919861b8c528408c7eed231715d0c8a8413a4f388ea7d398e430a17b693501491d28", 0xf5}, {&(0x7f0000000ec0)="a522078743451ad0609eb6fae50bad7e4d795a0bdb686f58eab6986a3a26a0503c491ad08bfbe0e744c20767e23d478e85", 0x31}, {&(0x7f0000001040)="67ee69", 0x3}], 0x6, &(0x7f0000001180)=[@rights={{0x34, 0x1, 0x1, [r0, 0xffffffffffffffff, r4, 0xffffffffffffffff, r4, r2, 0xffffffffffffffff, r3, r3]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01, 0xffffffffffffffff}}}], 0x58, 0x40800}}, {{0x0, 0x0, &(0x7f0000001240)=[{&(0x7f0000001200)="f9", 0x1}], 0x1, &(0x7f00000014c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}}, @cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r2, r3, 0xffffffffffffffff, r5, r4, r2, r6, r7]}}], 0x88, 0x2004c000}}, {{&(0x7f0000001580)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001700)=[{&(0x7f0000001600)="623f5f45c5fb200f747c4435f06f0f34d6730e409dff3cd4acb678078f735e3ca8191908cb832e380e74280c1147bdb0694dfd6c0359c274726d186af2d838e719ccc439bb045900ab856c2db3467e472d6f28ee82ed6206bb9bb2a85ad0686079bf6256ca6c115494a5dab3c241a551a95893e342161a05e26df81409a6eefc21dcd7f92c7fe27d16d07b954aa89bbc5cb7b744f2a5770f86d754e0840eff762c1cc6e17c2ecde5aabf1209125ffe5ea1ecc19b46e4fa2c4d6576879e07f41646db645c77cab9b2f7b1134cb58b27cf1e9daa99", 0xd4}], 0x1, 0x0, 0x0, 0x40014}}], 0x5, 0x8800) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:43:32 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) [ 795.794787][T29219] inactive_file 0 [ 795.794787][T29219] active_file 0 [ 795.794787][T29219] unevictable 0 [ 795.794787][T29219] slab_reclaimable 3608 [ 795.794787][T29219] slab_unreclaimable 25080 [ 795.794787][T29219] slab 28688 [ 795.794787][T29219] workingset_refault_anon 0 [ 795.794787][T29219] workingset_refault_file 7 [ 795.794787][T29219] workingset_activate_anon 0 [ 795.794787][T29219] workingset_activate_file 0 [ 795.887398][T29219] Out of memory and no killable processes... 18:43:32 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xe62, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:32 executing program 2: r0 = socket(0x1e, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000001900)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000001940)=0x14) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001ac0)={0x0, 0x3, &(0x7f00000019c0)=@framed, &(0x7f0000001a00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) 18:43:32 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x40, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) [ 795.904614][T29251] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 18:43:32 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) link(&(0x7f0000000180)='./file0/file0\x00', &(0x7f00000001c0)='./file1\x00') mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) mount(&(0x7f0000000200)=@loop={'/dev/loop', 0x0}, &(0x7f0000000240)='./file1\x00', &(0x7f00000002c0)='hostfs\x00', 0x0, &(0x7f0000000340)='\x00') listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000000)=ANY=[@ANYBLOB="2f6465762f04003000"], &(0x7f0000000080)='./file0/file0\x00', &(0x7f00000000c0)='efivarfs\x00', 0x80000, &(0x7f0000000100)=')((@}$\x00') 18:43:32 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x140) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="58000000020601040000000086000000000000000500040000000000050001000700000011000300686173683a69702c706f7274000000000c00078008001240090000000900020073797a30000000000500050002000000"], 0x58}}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000000c0)="3ee4c9f862803177f7c127e005f74e1b4223", 0x12}, {&(0x7f0000000240)="343b05771474a402da48d8c1139dbfd371ef0802be73f8a55222c255a507bbb5b18c8066f8cc9c1d76cd2c8e862533dd9ffbdda2db438209c2b509b2a314d68195de71cec7781e4838baab0deb", 0x4d}, {&(0x7f0000000100)="aeff6600604c28c6cc7c29193c4dc052d58224c323b069b9944a65d6fad9", 0x1e}, {&(0x7f00000002c0)="c0ec3a00235c42a096a5c8e3f1d866bc95ad52f2c33c827ef65d570aac18a1f9005dc8482bee7f962a106aaa1900bab0ff6accd9f31aad101ede4541751a036fb74c5d791cc79b1430f4eb764feb587b8577d7686626944d96f4f37f87f8a5cbb1fceeae5d5e895d02531a9b1099c60fb1442d8834ab586c4bcacf8e5794f01862b086998f68a778c0", 0x89}, {&(0x7f0000000380)="d5de4e5e65a714b8eb66751eb2b5e5575c0e46d7fe350c23710ce69b689fdd945cba26718194c9c1afaa68889df8d17857d84a25e3a7ec4497a83e5ac2410395dd131d3d4fd2f8655f44371e8fbbdd7a505bea3f2b326e871c634fd66267102b468a3b1a994935c7ebfe34f45776a4866cd65b0065d5250b0e59f4bb5c1ac29520a07192490c4632bfbe826e0c62dc0783aedc8008521acdde6ac90dd8b72da5076facb1f764f62aecd34db5c15f6cf71b6d1435334f4faa9f4394239f9c68621950f472d37331dfa32840e9e0995fcd8195ad82750cb1a0e2a758c3a3d31b9d40b16dd49695496dd4407a9128c185471319f2b24da504fa0a474452", 0xfc}, {&(0x7f0000000480)="30f2cd928052937a35228bd4f5d2cf5c13ba6a8ebee04cf9d8a68c1cbd928dc955d82b9eb105195785dcbf2bc093e0bb215957b9da692511871882c89baac36b16c7d92b52efce3e734adbe7ab6d0026cc8e40944eb546932046643c8639d2dfc06d9e902544a346e22b1e3e98ae237aadeb19fc2b239b08a9bf915157b7ad1cab422287e780cbcdf2a72ccfc1e8eaa1e8c9fd406c6febe78ab4c8813877be05f0dd0444baf1d71992ec26a383b8e6a3d003261dac18f8c44353b2a0cadeda9bbab86e429659f673001458d8de887697414ca8dab45f0d73553ce5c8d68ea87d50a5e7514330c7fe75dd65", 0xeb}, {&(0x7f0000000580)="fadec8b5e1aa6d325edd745b54d7a4a2936c9f47cdcaf21d1a7ef714b7586231", 0x20}], 0x7, &(0x7f0000000640)=[@rights={{0x10}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee00}}}, @rights={{0x1c, 0x1, 0x1, [r3, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [r0, 0xffffffffffffffff, r1, r2, r1, 0xffffffffffffffff, r1, r1, r1, 0xffffffffffffffff]}}], 0x88, 0x8000}}, {{&(0x7f0000000700)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000bc0)=[{&(0x7f0000000780)="2f0efd047d73c65e4ac0ecdb05e303b6d0758073e8e252b829b3f4f83e3c662b4fe1841ced159ba792b78d08d1ee4a5a3678d04fae68d040d9e9541be32b02d84c248bb03cdcc4d87b881c6e51b4f17afee3f2cb9c3998a37996b686a46faa773a53ce7b812e3a4365789878476c032d17c666f3b8331eb45cd206b4fbea66a219000b65f91ca4795851dba5c5aab8772dc84b0427f71b0dc91002a52dca", 0x9e}, {&(0x7f0000000840)="a9a341782383", 0x6}, {&(0x7f0000000880)="f308d6f264250a5bf4a866efe74aaf978cb139b14ac2ea3f31a0ee871100226141c64384f2a3387f57a13f44f989fa24866263dba03c0bb89911dbcd69f81d668563f017b5e214368edc326d5be4b8e074d20b8f75284cd86ae7198435459b3e77350d3a7a0412e4507ec6d5bfa57c3f3bbf4dc889448521395f55a5fd6ecb3d74f4d507866f445466f0ed83bcf9dde465b11433af2f01585e21f684148a3cf9105c86cc2daf3b58cbe57f4b63b718fa3a3e30599b32169b59c31fdb2a1bc335623e", 0xc2}, {&(0x7f0000000980)="d41fac9b0bf5f3b22d684e52b12813ba59b9429008c8fbbd0e21c360a2012a768a4fb25b604b03657e2b849d7d68fa49b3fbd4ce096edb122470dd1a095765ccdd86b51badef4a211b7f0defdf2b6279cbb19b66b07c23d7c8c51f40947d571eca31df67c2dea835cc5c3de3031574e2ff14359a479df0a812cea7e2265430c875b5a6a5147e29fff178652a7935bffcffb67de7d1be1c68c3b20cb1e89c35c78151f7fc834495dc8a370bd2eaaeb259bf26a0d07bc486e857eadf68ea57d7d1efb87c593f7e1161e8b82794b8273a90f9ae48e61f97c4125e10d1474dd3155b", 0xe0}, {&(0x7f0000000a80)="5560ceb4c822f972beed89c86a5dbd395d495845aaae7805d5402134106ba8970f42a5729353cfb82ea07a347a2fb6a4c98921919b44e5f557239f736ef0d289913e70993c96f775de43cd0402c2afda63973d10dce10648f2ee315a754796eea06a43067f8bbb2664be7802dc07305530", 0x71}, {&(0x7f0000000b00)="8d86941886374c2f909091188f1fe49bd8339bccd43b7ee3fa37ca3c4561de83218e1e37e3a9adcdeb", 0x29}, {&(0x7f0000000b40)="3ac13eb9fd7223d04c10f07fcece1f59e71d380208f6b46c6d006c9ae5075aaa264ec0a666185b3fbeea9ae7f8b1c18397eb0b5695feec78d2166fa156923f7d410fbfbe10e37b7141ccc5f813dca8518d340ce7097e4f3d8b85cfdc1da530", 0x5f}], 0x7, 0x0, 0x0, 0x814}}, {{&(0x7f0000000c40)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000000cc0)="420db7231e18eb26edb4c42308ab78958de1f764e8a3e15e9143ac04a700a3bf841c95b70ddd8b79294aa66c574ea36f4831ab87c28524799007d2650ffbb43e1a7ac0e2e3a0c8f4db40872348cd8c8ce3f0b1bf456d2143c11d64310e59d7fcb4cc6126908d57f5d5e6c9af4a068849d32220581aa1a9f9f7fc6ed666", 0x7d}, {&(0x7f0000000d40)="ea259d916444014d12bbb54ba3f780e7e49569a89d51dd6e4f3edaa475bd5d54833a06d7685a1d8804a44c9962e56696a3c05ba271986f2c379bd33b41b9b12991284676934023f13c", 0x49}, {&(0x7f0000000dc0)="8a52a06bc8d9c5dfff68d0de8a5e9796fc8d6dc9834d650c5e0bd982e479b7c044ccdbd322180ee435f5b65bd7ef6d3f89a4cb8f9f99669d04c08e316f335b577e82c3f31e12897caa076fd505569e1bfada9a3111e6207575498c998525fbd33e38fa52086a3b2c7c1f3b9c4a70987a81b2131ae19e917a3c8ba81deb4ef55b2d7a58717777c419278d4f40fab181a95758393423f2325731d8c1f0fbf0bddf6688898da07d5582b82cd13dea2c0a6922b9f75bd3656091f15738a16fd53f3cda68b81d244dbddaa14025089504aae6a5193f17d58400acae1cdc9995b4fc53a751c48eaab4d7", 0xe7}, {&(0x7f0000000f40)="e0b1a08adc99c8f276f7af32e03f3d4acb0af80cd7521f3bf07c66d68925f9b4ce41281f782ab5766167cb029a0498fddbf4afd66f8815cb5c8c226b6b9e0e67028eee517a235b2ad3367e4867cf8a9c0d119b95da072781568c12378471f499bf7ba9414acaf8d51502715f21493abaeaeb47472264130eb742829f1b2d5d7fc7dbd711aacab05bdd2b8e2d82c81f25ea7a20edc476c3be5bb0fc390d767e36ee098d931a1d5ff9f89a7f2f9be33112b43cf4bfd48a54d0eec6161a561afa12375234a8f465e00a480daa3634635f43a5fb88919861b8c528408c7eed231715d0c8a8413a4f388ea7d398e430a17b693501491d28", 0xf5}, {&(0x7f0000000ec0)="a522078743451ad0609eb6fae50bad7e4d795a0bdb686f58eab6986a3a26a0503c491ad08bfbe0e744c20767e23d478e85", 0x31}, {&(0x7f0000001040)="67ee69", 0x3}], 0x6, &(0x7f0000001180)=[@rights={{0x34, 0x1, 0x1, [r0, 0xffffffffffffffff, r4, 0xffffffffffffffff, r4, r2, 0xffffffffffffffff, r3, r3]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01, 0xffffffffffffffff}}}], 0x58, 0x40800}}, {{0x0, 0x0, &(0x7f0000001240)=[{&(0x7f0000001200)="f9", 0x1}], 0x1, &(0x7f00000014c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}}, @cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r2, r3, 0xffffffffffffffff, r5, r4, r2, r6, r7]}}], 0x88, 0x2004c000}}, {{&(0x7f0000001580)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001700)=[{&(0x7f0000001600)="623f5f45c5fb200f747c4435f06f0f34d6730e409dff3cd4acb678078f735e3ca8191908cb832e380e74280c1147bdb0694dfd6c0359c274726d186af2d838e719ccc439bb045900ab856c2db3467e472d6f28ee82ed6206bb9bb2a85ad0686079bf6256ca6c115494a5dab3c241a551a95893e342161a05e26df81409a6eefc21dcd7f92c7fe27d16d07b954aa89bbc5cb7b744f2a5770f86d754e0840eff762c1cc6e17c2ecde5aabf1209125ffe5ea1ecc19b46e4fa2c4d6576879e07f41646db645c77cab9b2f7b1134cb58b27cf1e9daa99", 0xd4}], 0x1, 0x0, 0x0, 0x40014}}], 0x5, 0x8800) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x140) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="58000000020601040000000086000000000000000500040000000000050001000700000011000300686173683a69702c706f7274000000000c00078008001240090000000900020073797a30000000000500050002000000"], 0x58}}, 0x0) (async) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000000c0)="3ee4c9f862803177f7c127e005f74e1b4223", 0x12}, {&(0x7f0000000240)="343b05771474a402da48d8c1139dbfd371ef0802be73f8a55222c255a507bbb5b18c8066f8cc9c1d76cd2c8e862533dd9ffbdda2db438209c2b509b2a314d68195de71cec7781e4838baab0deb", 0x4d}, {&(0x7f0000000100)="aeff6600604c28c6cc7c29193c4dc052d58224c323b069b9944a65d6fad9", 0x1e}, {&(0x7f00000002c0)="c0ec3a00235c42a096a5c8e3f1d866bc95ad52f2c33c827ef65d570aac18a1f9005dc8482bee7f962a106aaa1900bab0ff6accd9f31aad101ede4541751a036fb74c5d791cc79b1430f4eb764feb587b8577d7686626944d96f4f37f87f8a5cbb1fceeae5d5e895d02531a9b1099c60fb1442d8834ab586c4bcacf8e5794f01862b086998f68a778c0", 0x89}, {&(0x7f0000000380)="d5de4e5e65a714b8eb66751eb2b5e5575c0e46d7fe350c23710ce69b689fdd945cba26718194c9c1afaa68889df8d17857d84a25e3a7ec4497a83e5ac2410395dd131d3d4fd2f8655f44371e8fbbdd7a505bea3f2b326e871c634fd66267102b468a3b1a994935c7ebfe34f45776a4866cd65b0065d5250b0e59f4bb5c1ac29520a07192490c4632bfbe826e0c62dc0783aedc8008521acdde6ac90dd8b72da5076facb1f764f62aecd34db5c15f6cf71b6d1435334f4faa9f4394239f9c68621950f472d37331dfa32840e9e0995fcd8195ad82750cb1a0e2a758c3a3d31b9d40b16dd49695496dd4407a9128c185471319f2b24da504fa0a474452", 0xfc}, {&(0x7f0000000480)="30f2cd928052937a35228bd4f5d2cf5c13ba6a8ebee04cf9d8a68c1cbd928dc955d82b9eb105195785dcbf2bc093e0bb215957b9da692511871882c89baac36b16c7d92b52efce3e734adbe7ab6d0026cc8e40944eb546932046643c8639d2dfc06d9e902544a346e22b1e3e98ae237aadeb19fc2b239b08a9bf915157b7ad1cab422287e780cbcdf2a72ccfc1e8eaa1e8c9fd406c6febe78ab4c8813877be05f0dd0444baf1d71992ec26a383b8e6a3d003261dac18f8c44353b2a0cadeda9bbab86e429659f673001458d8de887697414ca8dab45f0d73553ce5c8d68ea87d50a5e7514330c7fe75dd65", 0xeb}, {&(0x7f0000000580)="fadec8b5e1aa6d325edd745b54d7a4a2936c9f47cdcaf21d1a7ef714b7586231", 0x20}], 0x7, &(0x7f0000000640)=[@rights={{0x10}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee00}}}, @rights={{0x1c, 0x1, 0x1, [r3, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [r0, 0xffffffffffffffff, r1, r2, r1, 0xffffffffffffffff, r1, r1, r1, 0xffffffffffffffff]}}], 0x88, 0x8000}}, {{&(0x7f0000000700)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000bc0)=[{&(0x7f0000000780)="2f0efd047d73c65e4ac0ecdb05e303b6d0758073e8e252b829b3f4f83e3c662b4fe1841ced159ba792b78d08d1ee4a5a3678d04fae68d040d9e9541be32b02d84c248bb03cdcc4d87b881c6e51b4f17afee3f2cb9c3998a37996b686a46faa773a53ce7b812e3a4365789878476c032d17c666f3b8331eb45cd206b4fbea66a219000b65f91ca4795851dba5c5aab8772dc84b0427f71b0dc91002a52dca", 0x9e}, {&(0x7f0000000840)="a9a341782383", 0x6}, {&(0x7f0000000880)="f308d6f264250a5bf4a866efe74aaf978cb139b14ac2ea3f31a0ee871100226141c64384f2a3387f57a13f44f989fa24866263dba03c0bb89911dbcd69f81d668563f017b5e214368edc326d5be4b8e074d20b8f75284cd86ae7198435459b3e77350d3a7a0412e4507ec6d5bfa57c3f3bbf4dc889448521395f55a5fd6ecb3d74f4d507866f445466f0ed83bcf9dde465b11433af2f01585e21f684148a3cf9105c86cc2daf3b58cbe57f4b63b718fa3a3e30599b32169b59c31fdb2a1bc335623e", 0xc2}, {&(0x7f0000000980)="d41fac9b0bf5f3b22d684e52b12813ba59b9429008c8fbbd0e21c360a2012a768a4fb25b604b03657e2b849d7d68fa49b3fbd4ce096edb122470dd1a095765ccdd86b51badef4a211b7f0defdf2b6279cbb19b66b07c23d7c8c51f40947d571eca31df67c2dea835cc5c3de3031574e2ff14359a479df0a812cea7e2265430c875b5a6a5147e29fff178652a7935bffcffb67de7d1be1c68c3b20cb1e89c35c78151f7fc834495dc8a370bd2eaaeb259bf26a0d07bc486e857eadf68ea57d7d1efb87c593f7e1161e8b82794b8273a90f9ae48e61f97c4125e10d1474dd3155b", 0xe0}, {&(0x7f0000000a80)="5560ceb4c822f972beed89c86a5dbd395d495845aaae7805d5402134106ba8970f42a5729353cfb82ea07a347a2fb6a4c98921919b44e5f557239f736ef0d289913e70993c96f775de43cd0402c2afda63973d10dce10648f2ee315a754796eea06a43067f8bbb2664be7802dc07305530", 0x71}, {&(0x7f0000000b00)="8d86941886374c2f909091188f1fe49bd8339bccd43b7ee3fa37ca3c4561de83218e1e37e3a9adcdeb", 0x29}, {&(0x7f0000000b40)="3ac13eb9fd7223d04c10f07fcece1f59e71d380208f6b46c6d006c9ae5075aaa264ec0a666185b3fbeea9ae7f8b1c18397eb0b5695feec78d2166fa156923f7d410fbfbe10e37b7141ccc5f813dca8518d340ce7097e4f3d8b85cfdc1da530", 0x5f}], 0x7, 0x0, 0x0, 0x814}}, {{&(0x7f0000000c40)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000000cc0)="420db7231e18eb26edb4c42308ab78958de1f764e8a3e15e9143ac04a700a3bf841c95b70ddd8b79294aa66c574ea36f4831ab87c28524799007d2650ffbb43e1a7ac0e2e3a0c8f4db40872348cd8c8ce3f0b1bf456d2143c11d64310e59d7fcb4cc6126908d57f5d5e6c9af4a068849d32220581aa1a9f9f7fc6ed666", 0x7d}, {&(0x7f0000000d40)="ea259d916444014d12bbb54ba3f780e7e49569a89d51dd6e4f3edaa475bd5d54833a06d7685a1d8804a44c9962e56696a3c05ba271986f2c379bd33b41b9b12991284676934023f13c", 0x49}, {&(0x7f0000000dc0)="8a52a06bc8d9c5dfff68d0de8a5e9796fc8d6dc9834d650c5e0bd982e479b7c044ccdbd322180ee435f5b65bd7ef6d3f89a4cb8f9f99669d04c08e316f335b577e82c3f31e12897caa076fd505569e1bfada9a3111e6207575498c998525fbd33e38fa52086a3b2c7c1f3b9c4a70987a81b2131ae19e917a3c8ba81deb4ef55b2d7a58717777c419278d4f40fab181a95758393423f2325731d8c1f0fbf0bddf6688898da07d5582b82cd13dea2c0a6922b9f75bd3656091f15738a16fd53f3cda68b81d244dbddaa14025089504aae6a5193f17d58400acae1cdc9995b4fc53a751c48eaab4d7", 0xe7}, {&(0x7f0000000f40)="e0b1a08adc99c8f276f7af32e03f3d4acb0af80cd7521f3bf07c66d68925f9b4ce41281f782ab5766167cb029a0498fddbf4afd66f8815cb5c8c226b6b9e0e67028eee517a235b2ad3367e4867cf8a9c0d119b95da072781568c12378471f499bf7ba9414acaf8d51502715f21493abaeaeb47472264130eb742829f1b2d5d7fc7dbd711aacab05bdd2b8e2d82c81f25ea7a20edc476c3be5bb0fc390d767e36ee098d931a1d5ff9f89a7f2f9be33112b43cf4bfd48a54d0eec6161a561afa12375234a8f465e00a480daa3634635f43a5fb88919861b8c528408c7eed231715d0c8a8413a4f388ea7d398e430a17b693501491d28", 0xf5}, {&(0x7f0000000ec0)="a522078743451ad0609eb6fae50bad7e4d795a0bdb686f58eab6986a3a26a0503c491ad08bfbe0e744c20767e23d478e85", 0x31}, {&(0x7f0000001040)="67ee69", 0x3}], 0x6, &(0x7f0000001180)=[@rights={{0x34, 0x1, 0x1, [r0, 0xffffffffffffffff, r4, 0xffffffffffffffff, r4, r2, 0xffffffffffffffff, r3, r3]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01, 0xffffffffffffffff}}}], 0x58, 0x40800}}, {{0x0, 0x0, &(0x7f0000001240)=[{&(0x7f0000001200)="f9", 0x1}], 0x1, &(0x7f00000014c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}}, @cred={{0x1c}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r2, r3, 0xffffffffffffffff, r5, r4, r2, r6, r7]}}], 0x88, 0x2004c000}}, {{&(0x7f0000001580)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001700)=[{&(0x7f0000001600)="623f5f45c5fb200f747c4435f06f0f34d6730e409dff3cd4acb678078f735e3ca8191908cb832e380e74280c1147bdb0694dfd6c0359c274726d186af2d838e719ccc439bb045900ab856c2db3467e472d6f28ee82ed6206bb9bb2a85ad0686079bf6256ca6c115494a5dab3c241a551a95893e342161a05e26df81409a6eefc21dcd7f92c7fe27d16d07b954aa89bbc5cb7b744f2a5770f86d754e0840eff762c1cc6e17c2ecde5aabf1209125ffe5ea1ecc19b46e4fa2c4d6576879e07f41646db645c77cab9b2f7b1134cb58b27cf1e9daa99", 0xd4}], 0x1, 0x0, 0x0, 0x40014}}], 0x5, 0x8800) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) (async) [ 795.958164][T29269] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 18:43:32 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xf00, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:32 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) renameat2(r0, &(0x7f00000000c0)='./file0\x00', r0, &(0x7f0000000100)='./file0\x00', 0x5) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:43:32 executing program 2: socketpair(0x23, 0x0, 0x0, &(0x7f0000001b00)) [ 796.000508][T29279] loop5: detected capacity change from 0 to 1024 [ 796.015810][T29286] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 796.029406][T29285] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 796.039352][T29285] CPU: 0 PID: 29285 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 796.050456][T29285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 796.060502][T29285] Call Trace: [ 796.063773][T29285] [ 796.066754][T29285] dump_stack_lvl+0xd6/0x122 [ 796.071439][T29285] dump_stack+0x11/0x12 [ 796.075601][T29285] dump_header+0x98/0x410 [ 796.079936][T29285] out_of_memory+0x65e/0x880 [ 796.084522][T29285] memory_max_write+0x31b/0x420 [ 796.089371][T29285] ? memory_max_show+0x70/0x70 [ 796.094134][T29285] cgroup_file_write+0x167/0x300 [ 796.099113][T29285] ? __check_object_size+0x235/0x380 [ 796.104390][T29285] ? cgroup_seqfile_stop+0x70/0x70 [ 796.109643][T29285] kernfs_fop_write_iter+0x1d3/0x2c0 [ 796.114919][T29285] vfs_write+0x71c/0x890 [ 796.119233][T29285] ksys_write+0xe8/0x1a0 [ 796.123539][T29285] __x64_sys_write+0x3e/0x50 [ 796.128123][T29285] do_syscall_64+0x2b/0x70 [ 796.132527][T29285] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 796.138440][T29285] RIP: 0033:0x7f682d3270e9 [ 796.142840][T29285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 796.162429][T29285] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 796.170860][T29285] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 796.178814][T29285] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 796.186797][T29285] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 796.194750][T29285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 796.202759][T29285] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 796.210715][T29285] [ 796.213837][T29285] memory: usage 80kB, limit 0kB, failcnt 6736 [ 796.219958][T29285] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 796.224119][T29279] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 796.226795][T29285] Memory cgroup stats for /syz0: [ 796.273964][T29285] anon 0 [ 796.273964][T29285] file 53248 [ 796.273964][T29285] kernel 28672 [ 796.273964][T29285] kernel_stack 0 [ 796.273964][T29285] pagetables 0 [ 796.273964][T29285] percpu 0 [ 796.273964][T29285] sock 0 [ 796.273964][T29285] vmalloc 0 [ 796.273964][T29285] shmem 53248 [ 796.273964][T29285] file_mapped 53248 [ 796.273964][T29285] file_dirty 0 [ 796.273964][T29285] file_writeback 0 [ 796.273964][T29285] swapcached 0 [ 796.273964][T29285] inactive_anon 0 18:43:32 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4}, 0x48) [ 796.273964][T29285] active_anon 53248 [ 796.273964][T29285] inactive_file 0 [ 796.273964][T29285] active_file 0 [ 796.273964][T29285] unevictable 0 [ 796.273964][T29285] slab_reclaimable 2232 [ 796.273964][T29285] slab_unreclaimable 21536 [ 796.273964][T29285] slab 23768 [ 796.273964][T29285] workingset_refault_anon 0 [ 796.273964][T29285] workingset_refault_file 7 [ 796.273964][T29285] workingset_activate_anon 0 [ 796.273964][T29285] workingset_activate_file 0 [ 796.366500][T29285] Out of memory and no killable processes... 18:43:32 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x1100, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:32 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x7, &(0x7f0000000200), 0x4) [ 796.372863][T29282] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 796.382154][T29314] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 796.383050][T29282] CPU: 1 PID: 29282 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 796.400940][T29282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 796.411001][T29282] Call Trace: [ 796.414278][T29282] [ 796.417243][T29282] dump_stack_lvl+0xd6/0x122 [ 796.421838][T29282] dump_stack+0x11/0x12 [ 796.425999][T29282] dump_header+0x98/0x410 [ 796.430410][T29282] out_of_memory+0x65e/0x880 [ 796.435007][T29282] memory_max_write+0x31b/0x420 [ 796.439890][T29282] ? memory_max_show+0x70/0x70 [ 796.444660][T29282] cgroup_file_write+0x167/0x300 [ 796.449664][T29282] ? __check_object_size+0x235/0x380 [ 796.455043][T29282] ? cgroup_seqfile_stop+0x70/0x70 [ 796.460193][T29282] kernfs_fop_write_iter+0x1d3/0x2c0 [ 796.465508][T29282] vfs_write+0x71c/0x890 [ 796.469757][T29282] ksys_write+0xe8/0x1a0 [ 796.474075][T29282] __x64_sys_write+0x3e/0x50 [ 796.478675][T29282] do_syscall_64+0x2b/0x70 [ 796.483190][T29282] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 796.489092][T29282] RIP: 0033:0x7ff0acc260e9 [ 796.493503][T29282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 796.513109][T29282] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 18:43:32 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:32 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x1200, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 796.521537][T29282] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 796.529513][T29282] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 796.537557][T29282] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 796.545681][T29282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 796.553657][T29282] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 796.561629][T29282] [ 796.564744][T29282] memory: usage 80kB, limit 0kB, failcnt 6736 18:43:32 executing program 2: socketpair(0x23, 0x2, 0x0, &(0x7f0000001b00)) [ 796.570886][T29282] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 18:43:32 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000011c0)={&(0x7f0000000180)={0xec4, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x548, 0x11d, 0x0, 0x1, [{0xfc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0xd8, 0xd, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x44, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x29, 0x2, [{}, {0x0, 0x8}, {0x0, 0x2}, {}, {}, {}, {}, {}, {0x0, 0x3}, {}, {}, {}, {}, {0x0, 0xa}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x9}, {}, {}, {}, {0x0, 0x4}, {0x6}, {}, {}, {}, {0x0, 0x5}, {}, {0x0, 0x8}, {}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x0, 0x0, 0xffff]}}]}, @NL80211_BAND_5GHZ={0x4}, @NL80211_BAND_5GHZ={0x28, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_2GHZ={0x24, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_LEGACY={0x9, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0]}]}, @NL80211_BAND_2GHZ={0x10, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x9, 0x2, [{0x0, 0x6}, {}, {0x4}, {}, {}]}]}, @NL80211_BAND_6GHZ={0x30, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5}]}]}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5}]}, {0x3b4, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x6b}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x2}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x364, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x38, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x6, 0x1, [0x0, 0x0]}, @NL80211_TXRATE_LEGACY={0x15, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x0, 0x0, 0x0, 0x1]}}]}, @NL80211_BAND_5GHZ={0x74, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x31, 0x2, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1}, {}, {0x5}, {0x1, 0x6}, {0x0, 0x2}, {}, {}, {0x3, 0x4}, {}, {}, {0x7}, {}, {0x4}, {}, {}, {}, {}, {0x1}, {}, {0x0, 0x2}, {}, {}, {0x0, 0x3}, {}, {}, {}, {0x1}, {0x0, 0x4}, {}, {0x7}, {}, {}, {0x6}, {}, {0x3}]}, @NL80211_TXRATE_LEGACY={0x15, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xec4232ee7f8366cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @NL80211_TXRATE_HT={0x21, 0x2, [{0x5, 0x2}, {}, {0x0, 0x9}, {}, {0x0, 0x2}, {}, {0x0, 0x5}, {}, {0x0, 0x6}, {}, {0x0, 0x2}, {}, {}, {0x2, 0x2}, {}, {}, {0x3, 0x3}, {}, {0x0, 0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}]}, @NL80211_BAND_6GHZ={0x28, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_VHT={0x14}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_5GHZ={0x4c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x45, 0x2, [{}, {0x0, 0x8}, {}, {}, {}, {}, {0x7}, {0x7}, {}, {}, {}, {0x0, 0xa}, {}, {}, {}, {}, {0x0, 0x2}, {}, {}, {0x5}, {0x0, 0x8}, {0x3, 0x6}, {0x0, 0x1}, {}, {0x0, 0x9}, {0x0, 0x4}, {}, {}, {0x0, 0x1}, {0x4}, {}, {}, {}, {0x6}, {}, {}, {0x0, 0x6}, {}, {0x1}, {}, {}, {}, {0x6}, {0x2}, {}, {}, {0x4}, {}, {0x3}, {0x1}, {}, {}, {0x1}, {}, {0x2, 0x7}, {0x7}, {0x5}, {}, {0x5}, {}, {}, {0x0, 0x6}, {0x0, 0x7}, {}, {0x6}]}]}, @NL80211_BAND_6GHZ={0x3c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xd, 0x1, [0x0, 0x0, 0x0, 0x30, 0x3, 0x9, 0x0, 0x0, 0x0]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x6, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0xffff]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1]}}]}, @NL80211_BAND_2GHZ={0xbc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_VHT={0x14}, @NL80211_TXRATE_HT={0x3d, 0x2, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}, {}, {}, {}, {}, {}, {0x5}, {0x2}, {}, {}, {}, {0x5}, {0x6}, {}, {0x0, 0x1}, {0x4}, {0x0, 0x5}, {}, {}, {}, {0x2}, {}, {0x7, 0x3}, {0x4}, {}, {}, {0x0, 0x8}, {0x7}, {}, {0x1, 0x2}, {0x5}, {}, {}, {}, {}, {}, {0x0, 0x5}, {}, {}, {}, {}, {0x2}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0xd6d0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x2]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xd0a]}}]}, @NL80211_BAND_5GHZ={0x60, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x1d, 0x1, [0x0, 0x0, 0x0, 0x6, 0x3, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xff1b, 0x0, 0x2]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x503c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400]}}, @NL80211_TXRATE_VHT={0x14}]}, @NL80211_BAND_2GHZ={0x14, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_6GHZ={0x78, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xd, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x0, 0x0, 0x7fff]}}, @NL80211_TXRATE_HT={0x35, 0x2, [{0x5}, {0x5}, {}, {}, {}, {}, {}, {}, {0x0, 0x6}, {0x6}, {}, {0x0, 0x5}, {}, {0x4, 0x8}, {}, {0x5, 0x2}, {}, {0x0, 0x1}, {}, {0x2}, {}, {}, {}, {0x5}, {}, {0x0, 0x1}, {}, {0x5}, {}, {}, {}, {0x0, 0x3}, {}, {}, {0x0, 0x7}, {}, {}, {}, {}, {}, {0x3, 0x4}, {0x2}, {0x5}, {}, {}, {}, {}, {}, {}]}]}, @NL80211_BAND_6GHZ={0x5c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x41, 0x2, [{0x0, 0x2}, {}, {}, {}, {0x0, 0x9}, {}, {0x7}, {}, {}, {}, {0x3, 0x3}, {0x0, 0x6}, {0x0, 0x5}, {}, {0x7}, {}, {}, {}, {0x3}, {0x0, 0x6}, {0x7, 0x9}, {0x0, 0x3}, {}, {}, {}, {}, {}, {0x4}, {0x0, 0xa}, {}, {}, {}, {}, {}, {0x0, 0x5}, {}, {0x6, 0x1}, {0x6}, {}, {}, {}, {}, {0x0, 0x9}, {}, {}, {}, {}, {}, {}, {0x0, 0x9}, {0x0, 0x4}, {0x4}, {0x4}, {}, {}, {}, {}, {}, {0x6, 0x4}, {0x0, 0x9}, {}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40]}}]}]}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}]}, {0x40, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xc1}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}]}, {0x18, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0x4}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}]}]}, @NL80211_ATTR_TID_CONFIG={0x544, 0x11d, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xd}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x49}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}]}, {0x410, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x3cc, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x38, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x29, 0x2, [{0x0, 0x7}, {}, {0x3}, {0x4}, {0x4, 0xa}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {0x6}, {0x2, 0x8}, {}, {0x7}, {}, {0x0, 0x6}, {}, {}, {0x0, 0x7}, {0x1}, {0x7}, {}]}]}, @NL80211_BAND_60GHZ={0x14, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_2GHZ={0x8c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HT={0x45, 0x2, [{}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x6}, {}, {0x3}, {}, {}, {}, {}, {0x6}, {}, {}, {0x0, 0x9}, {0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1}, {0x0, 0x6}, {0x0, 0x7}, {}, {0x3}, {}, {}, {}, {}, {0x0, 0xa}, {}, {}, {}, {}, {}, {}, {}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14}, @NL80211_TXRATE_VHT={0x14}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_6GHZ={0x2c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_LEGACY={0x1d, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x60, 0x48, 0x48, 0x0, 0x0, 0x0, 0x5, 0x5, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0]}]}, @NL80211_BAND_60GHZ={0x24, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x15, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x24, 0x0, 0x0, 0x12]}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_5GHZ={0x64, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x538, 0x2445, 0x0, 0x0, 0x0, 0x0, 0xa85]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x5, 0x3]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_6GHZ={0x50, 0x3, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1f]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x0, 0x0, 0x8]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}}]}, @NL80211_BAND_6GHZ={0x124, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HT={0x45, 0x2, [{0x0, 0xa}, {}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {0x1}, {}, {}, {0x0, 0xa}, {}, {}, {}, {}, {}, {}, {0x1}, {}, {}, {0x2}, {0x0, 0x7}, {}, {0x0, 0x9}, {}, {0x3}, {}, {0x2}, {}, {0x0, 0x4}, {}, {}, {}, {0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x0, 0x9}, {}, {0x7}, {}, {0x0, 0x8}, {}, {0x0, 0x9}, {}, {}, {}, {0x2}, {0x0, 0x2}, {0x0, 0x1}, {0x3, 0x9}, {}, {0x5}, {}, {}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}}, @NL80211_TXRATE_HT={0x35, 0x2, [{}, {0x4}, {}, {0x6}, {}, {0x3, 0x8}, {0x0, 0x4}, {0x3}, {}, {}, {0x0, 0x6}, {}, {}, {0x1}, {}, {0x2}, {0x6}, {}, {}, {}, {}, {0x0, 0x3}, {}, {}, {0x6}, {}, {}, {0x0, 0x2}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {0x4}, {0x4}, {0x1}, {}, {}, {}]}, @NL80211_TXRATE_HT={0x21, 0x2, [{}, {}, {}, {0x1}, {}, {0x0, 0x3}, {0x0, 0x6}, {0x6}, {}, {}, {}, {}, {}, {0x1}, {}, {}, {}, {0x0, 0x7}, {0x1}, {0x0, 0x4}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}]}, @NL80211_TXRATE_VHT={0x14}, @NL80211_TXRATE_HT={0x39, 0x2, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x1, 0x6}, {0x0, 0xa}, {0x2, 0xc}, {}, {0x0, 0x8}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x5}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1}, {}, {}, {}]}]}, @NL80211_BAND_2GHZ={0x3c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x9, 0x2, [{}, {}, {}, {}, {}]}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x0, 0x0, 0x36, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, @NL80211_BAND_6GHZ={0x8c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14}, @NL80211_TXRATE_LEGACY={0x15, 0x1, [0x30, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xb, 0xc, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x1f]}}, @NL80211_TXRATE_LEGACY={0x19, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0]}, @NL80211_TXRATE_HT={0x5, 0x2, [{}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x0, 0x0, 0xfff9, 0x0, 0x0, 0xff]}}]}]}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x3}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}]}, {0x38, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}]}, {0x48, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x20}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x100000001}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5}]}]}, @NL80211_ATTR_TID_CONFIG={0x41c, 0x11d, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}]}, {0x18, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5}]}, {0x44, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x37}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}]}, {0x374, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x1f8, 0xd, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x44, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_LEGACY={0x1d, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x0, 0x1b, 0x0, 0x4, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x16]}]}, @NL80211_BAND_60GHZ={0x30, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_60GHZ={0xa4, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x21, 0x1, [0x0, 0x0, 0x0, 0x4, 0xb, 0x3, 0xb, 0x0, 0x0, 0x12, 0x4, 0x0, 0x0, 0x0, 0x30, 0x0, 0x6, 0x0, 0x0, 0x1b, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0x0, 0x0, 0x4, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0]}, @NL80211_TXRATE_LEGACY={0x1d, 0x1, [0x0, 0xc, 0x16, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @NL80211_TXRATE_HT={0x29, 0x2, [{}, {}, {}, {0x0, 0x4}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {0x6, 0x5}, {}, {}, {0x0, 0x9}, {}, {}, {}, {0x0, 0x5}, {}, {}, {}, {0x6}, {0x0, 0x3}, {0x4, 0x9}, {}, {0x0, 0x6}, {}, {0x0, 0x5}, {}, {}, {}, {}, {}, {}, {}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HT={0xd, 0x2, [{}, {0x0, 0x3}, {0x3}, {0x0, 0x8}, {0x1, 0x6}, {0x7}, {}, {}, {}]}]}, @NL80211_BAND_60GHZ={0x48, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_VHT={0x14}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, @NL80211_BAND_2GHZ={0x90, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14}, @NL80211_TXRATE_VHT={0x14}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @NL80211_TXRATE_VHT={0x14}, @NL80211_TXRATE_VHT={0x14}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_60GHZ={0x4}]}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x164, 0xd, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x48, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x100, 0x0, 0x40]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_2GHZ={0x5c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x1]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HT={0x11, 0x2, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xa}, {}, {}]}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @NL80211_TXRATE_VHT={0x14}]}, @NL80211_BAND_2GHZ={0xa0, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x45, 0x2, [{}, {}, {}, {}, {}, {}, {}, {0x6}, {}, {0x7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {0x0, 0x3}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_VHT={0x14}, @NL80211_TXRATE_VHT={0x14}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_2GHZ={0x1c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5}]}]}]}]}]}, 0xec4}}, 0x0) [ 796.577850][T29282] Memory cgroup stats for /syz0: [ 796.598850][T29318] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 796.655496][T29324] loop5: detected capacity change from 0 to 1024 [ 796.683623][T29324] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 796.710430][T29324] EXT4-fs error (device loop5): ext4_readdir:260: inode #2: block 16: comm syz-executor.5: path /root/syzkaller-testdir4040724179/syzkaller.OXr2Xx/802/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=2298478594, rec_len=235, size=1024 fake=1 [ 796.834850][T29282] anon 0 [ 796.834850][T29282] file 53248 [ 796.834850][T29282] kernel 28672 [ 796.834850][T29282] kernel_stack 0 [ 796.834850][T29282] pagetables 0 [ 796.834850][T29282] percpu 0 [ 796.834850][T29282] sock 0 [ 796.834850][T29282] vmalloc 0 [ 796.834850][T29282] shmem 53248 [ 796.834850][T29282] file_mapped 53248 [ 796.834850][T29282] file_dirty 0 [ 796.834850][T29282] file_writeback 0 [ 796.834850][T29282] swapcached 0 [ 796.834850][T29282] inactive_anon 0 [ 796.834850][T29282] active_anon 53248 [ 796.834850][T29282] inactive_file 0 [ 796.834850][T29282] active_file 0 [ 796.834850][T29282] unevictable 0 [ 796.834850][T29282] slab_reclaimable 2232 [ 796.834850][T29282] slab_unreclaimable 21536 [ 796.834850][T29282] slab 23768 [ 796.834850][T29282] workingset_refault_anon 0 [ 796.834850][T29282] workingset_refault_file 7 [ 796.834850][T29282] workingset_activate_anon 0 [ 796.834850][T29282] workingset_activate_file 0 [ 796.922408][T29282] Out of memory and no killable processes... [ 797.021028][ T225] device hsr_slave_0 left promiscuous mode [ 797.027297][ T225] device hsr_slave_1 left promiscuous mode [ 797.033458][ T225] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 797.040891][ T225] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 797.049353][ T225] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 797.056833][ T225] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 797.064862][ T225] device bridge_slave_1 left promiscuous mode [ 797.071103][ T225] bridge0: port 2(bridge_slave_1) entered disabled state [ 797.078967][ T225] device bridge_slave_0 left promiscuous mode [ 797.085096][ T225] bridge0: port 1(bridge_slave_0) entered disabled state [ 797.094609][ T225] device veth1_macvtap left promiscuous mode [ 797.100615][ T225] device veth0_macvtap left promiscuous mode [ 797.106598][ T225] device veth1_vlan left promiscuous mode [ 797.112323][ T225] device veth0_vlan left promiscuous mode [ 797.192632][ T225] team0 (unregistering): Port device team_slave_1 removed [ 797.202965][ T225] team0 (unregistering): Port device team_slave_0 removed [ 797.212574][ T225] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 797.223755][ T225] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 797.252237][ T225] bond0 (unregistering): Released all slaves [ 798.034363][T29327] chnl_net:caif_netlink_parms(): no params data found [ 798.064439][T29327] bridge0: port 1(bridge_slave_0) entered blocking state [ 798.071668][T29327] bridge0: port 1(bridge_slave_0) entered disabled state [ 798.079431][T29327] device bridge_slave_0 entered promiscuous mode [ 798.086585][T29327] bridge0: port 2(bridge_slave_1) entered blocking state [ 798.093657][T29327] bridge0: port 2(bridge_slave_1) entered disabled state [ 798.101319][T29327] device bridge_slave_1 entered promiscuous mode [ 798.116079][T29327] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 798.126148][T29327] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 798.142790][T29327] team0: Port device team_slave_0 added [ 798.149282][T29327] team0: Port device team_slave_1 added [ 798.163164][T29327] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 798.170115][T29327] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 798.196023][T29327] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 798.207173][T29327] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 798.214108][T29327] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 798.240055][T29327] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 798.261699][T29327] device hsr_slave_0 entered promiscuous mode [ 798.268190][T29327] device hsr_slave_1 entered promiscuous mode [ 798.274699][T29327] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 798.283093][T29327] Cannot create hsr debugfs directory [ 798.310669][T29327] bridge0: port 2(bridge_slave_1) entered blocking state [ 798.317698][T29327] bridge0: port 2(bridge_slave_1) entered forwarding state [ 798.324931][T29327] bridge0: port 1(bridge_slave_0) entered blocking state [ 798.332030][T29327] bridge0: port 1(bridge_slave_0) entered forwarding state [ 798.340564][ T1915] bridge0: port 1(bridge_slave_0) entered disabled state [ 798.348248][ T1915] bridge0: port 2(bridge_slave_1) entered disabled state [ 798.378608][T29327] 8021q: adding VLAN 0 to HW filter on device bond0 [ 798.388799][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 798.396409][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 798.405033][T29327] 8021q: adding VLAN 0 to HW filter on device team0 [ 798.414391][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 798.423286][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 798.432467][ T1915] bridge0: port 1(bridge_slave_0) entered blocking state [ 798.439494][ T1915] bridge0: port 1(bridge_slave_0) entered forwarding state [ 798.456901][T29327] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 798.467312][T29327] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 798.480054][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 798.488943][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 798.497377][ T1915] bridge0: port 2(bridge_slave_1) entered blocking state [ 798.504393][ T1915] bridge0: port 2(bridge_slave_1) entered forwarding state [ 798.512113][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 798.521105][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 798.529909][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 798.538337][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 798.546961][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 798.555202][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 798.563731][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 798.571975][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 798.580395][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 798.588731][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 798.597284][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 798.605738][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 798.619118][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 798.626677][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 798.636212][T29327] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 798.712436][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 798.721232][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 798.758041][T29327] device veth0_vlan entered promiscuous mode [ 798.764523][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 798.772755][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 798.781848][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 798.789586][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 798.798814][T29327] device veth1_vlan entered promiscuous mode [ 798.811648][T29327] device veth0_macvtap entered promiscuous mode [ 798.818617][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 798.826466][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 798.834441][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 798.842810][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 798.851846][T29327] device veth1_macvtap entered promiscuous mode [ 798.858458][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 798.866643][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 798.878508][T29327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 798.888951][T29327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 798.898816][T29327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 798.909297][T29327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 798.919123][T29327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 798.929526][T29327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 798.939329][T29327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 798.949785][T29327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 798.959725][T29327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 798.970128][T29327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 798.981087][T29327] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 798.988668][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 798.997145][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 799.008029][T29327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 799.018529][T29327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.028361][T29327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 799.038833][T29327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.048633][T29327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 799.059041][T29327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.068909][T29327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 799.079311][T29327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 799.089204][T29327] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 799.099616][T29327] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 18:43:35 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) link(&(0x7f0000000180)='./file0/file0\x00', &(0x7f00000001c0)='./file1\x00') (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) mount(&(0x7f0000000200)=@loop={'/dev/loop', 0x0}, &(0x7f0000000240)='./file1\x00', &(0x7f00000002c0)='hostfs\x00', 0x0, &(0x7f0000000340)='\x00') (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) (async) mount(&(0x7f0000000000)=ANY=[@ANYBLOB="2f6465762f04003000"], &(0x7f0000000080)='./file0/file0\x00', &(0x7f00000000c0)='efivarfs\x00', 0x80000, &(0x7f0000000100)=')((@}$\x00') 18:43:35 executing program 2: r0 = socket(0x2, 0x3, 0x1f) setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, 0x0, 0x0) 18:43:35 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x1400, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:35 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb000102", 0x8, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:35 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) sendmsg$nl_route(r4, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=@ipv4_delrule={0x48, 0x21, 0x400, 0x70bd2b, 0x25dfdbfb, {0x2, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3, 0x11}, [@FRA_SRC={0x8, 0x2, @loopback}, @FRA_FLOW={0x8, 0xb, 0x9}, @FRA_DST={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @FRA_TUN_ID={0xc}, @FRA_FLOW={0x56, 0xb, 0xe3d}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x4008050) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:43:35 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) renameat2(r0, &(0x7f00000000c0)='./file0\x00', r0, &(0x7f0000000100)='./file0\x00', 0x5) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) [ 799.110964][T29327] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 799.118545][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 799.127248][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 18:43:35 executing program 2: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000880)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, 0x0, 0x2, 0x0) 18:43:35 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async, rerun: 32) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async, rerun: 32) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async, rerun: 32) renameat2(r0, &(0x7f00000000c0)='./file0\x00', r0, &(0x7f0000000100)='./file0\x00', 0x5) (async, rerun: 32) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:43:35 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x5, 0x4, 0x24, 0x2, 0x8}, 0x48) [ 799.178184][T29373] loop5: detected capacity change from 0 to 1024 [ 799.178879][T29370] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 799.193008][T29327] syz-executor.0 invoked oom-killer: gfp_mask=0xdc0(GFP_KERNEL|__GFP_ZERO), order=0, oom_score_adj=0 [ 799.203999][T29327] CPU: 1 PID: 29327 Comm: syz-executor.0 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 799.215086][T29327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 799.225140][T29327] Call Trace: [ 799.228512][T29327] [ 799.231445][T29327] dump_stack_lvl+0xd6/0x122 [ 799.236043][T29327] dump_stack+0x11/0x12 [ 799.240243][T29327] dump_header+0x98/0x410 [ 799.244566][T29327] oom_kill_process+0xfe/0x550 [ 799.249349][T29327] out_of_memory+0x620/0x880 [ 799.253932][T29327] mem_cgroup_oom+0x475/0x4f0 [ 799.258601][T29327] try_charge_memcg+0x746/0x960 [ 799.263506][T29327] ? ttwu_queue+0x11c/0x150 [ 799.267995][T29327] obj_cgroup_charge+0x171/0x2b0 [ 799.272937][T29327] kmem_cache_alloc+0x92/0x300 [ 799.277761][T29327] ? __alloc_file+0x2e/0x150 [ 799.282345][T29327] __alloc_file+0x2e/0x150 [ 799.286747][T29327] alloc_empty_file+0xcd/0x1c0 [ 799.291495][T29327] path_openat+0x65/0x1b30 [ 799.295913][T29327] ? lockref_get_not_dead+0xeb/0x190 [ 799.301183][T29327] ? __rcu_read_unlock+0x4a/0x70 [ 799.306148][T29327] ? try_to_unlazy+0x3c9/0x540 [ 799.310897][T29327] ? __rcu_read_unlock+0x4a/0x70 [ 799.315821][T29327] ? avc_has_perm_noaudit+0x1c0/0x270 [ 799.321179][T29327] do_filp_open+0x105/0x220 [ 799.325671][T29327] do_sys_openat2+0xb5/0x2a0 [ 799.330252][T29327] ? do_user_addr_fault+0x68f/0x940 [ 799.335437][T29327] __x64_sys_openat+0xef/0x110 [ 799.340189][T29327] do_syscall_64+0x2b/0x70 [ 799.344673][T29327] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 799.350558][T29327] RIP: 0033:0x7f4e27d64c28 [ 799.354954][T29327] Code: 24 18 31 c0 41 83 e2 40 75 40 89 f0 25 00 00 41 00 3d 00 00 41 00 74 32 44 89 c2 4c 89 ce bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 40 48 8b 4c 24 18 64 48 2b 0c 25 28 00 00 00 [ 799.374557][T29327] RSP: 002b:00007ffdfbec34c0 EFLAGS: 00000287 ORIG_RAX: 0000000000000101 [ 799.382950][T29327] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f4e27d64c28 [ 799.390912][T29327] RDX: 0000000000090800 RSI: 00007ffdfbec46b0 RDI: 00000000ffffff9c [ 799.398866][T29327] RBP: 00007ffdfbec468c R08: 0000000000090800 R09: 00007ffdfbec46b0 [ 799.406969][T29327] R10: 0000000000000000 R11: 0000000000000287 R12: 00007f4e27dbe1f8 [ 799.414919][T29327] R13: 00007ffdfbec46b0 R14: 0000000000000006 R15: 00007ffdfbec46f0 [ 799.422875][T29327] 18:43:35 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:43:35 executing program 2: r0 = socket(0x2a, 0x2, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x0, 0x0, 0xfffffffffffffffe) 18:43:35 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=@getneightbl={0x14, 0x7b, 0x1}, 0x14}}, 0x0) recvmsg$can_bcm(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) [ 799.425914][T29327] memory: usage 140kB, limit 0kB, failcnt 6755 [ 799.432115][T29327] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 799.438975][T29327] Memory cgroup stats for /syz0: [ 799.448507][T29327] anon 24576 [ 799.448507][T29327] file 53248 [ 799.448507][T29327] kernel 65536 [ 799.448507][T29327] kernel_stack 0 [ 799.448507][T29327] pagetables 8192 [ 799.448507][T29327] percpu 0 [ 799.448507][T29327] sock 0 [ 799.448507][T29327] vmalloc 0 [ 799.448507][T29327] shmem 53248 [ 799.448507][T29327] file_mapped 53248 [ 799.448507][T29327] file_dirty 0 [ 799.448507][T29327] file_writeback 0 [ 799.448507][T29327] swapcached 0 [ 799.448507][T29327] inactive_anon 24576 [ 799.448507][T29327] active_anon 53248 [ 799.448507][T29327] inactive_file 0 [ 799.448507][T29327] active_file 0 [ 799.448507][T29327] unevictable 0 [ 799.448507][T29327] slab_reclaimable 16608 [ 799.448507][T29327] slab_unreclaimable 30136 [ 799.448507][T29327] slab 46744 [ 799.448507][T29327] workingset_refault_anon 0 [ 799.448507][T29327] workingset_refault_file 7 [ 799.448507][T29327] workingset_activate_anon 0 [ 799.448507][T29327] workingset_activate_file 0 [ 799.483802][T29394] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=123 sclass=netlink_route_socket pid=29394 comm=syz-executor.2 [ 799.541932][T29327] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=29327,uid=0 [ 799.556626][ T24] audit: type=1400 audit(1651085015.645:350): avc: denied { getopt } for pid=29388 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 799.570205][T29327] Memory cgroup out of memory: Killed process 29327 (syz-executor.0) total-vm:42336kB, anon-rss:368kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:0 [ 799.618470][T29374] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 799.625184][T29373] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 799.628516][T29374] CPU: 0 PID: 29374 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 799.648230][T29374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 799.658324][T29374] Call Trace: [ 799.661597][T29374] [ 799.664513][T29374] dump_stack_lvl+0xd6/0x122 [ 799.669093][T29374] dump_stack+0x11/0x12 [ 799.673312][T29374] dump_header+0x98/0x410 [ 799.677620][T29374] out_of_memory+0x65e/0x880 [ 799.682197][T29374] memory_max_write+0x31b/0x420 [ 799.687028][T29374] ? memory_max_show+0x70/0x70 [ 799.691803][T29374] cgroup_file_write+0x167/0x300 [ 799.696860][T29374] ? __check_object_size+0x235/0x380 [ 799.702137][T29374] ? cgroup_seqfile_stop+0x70/0x70 [ 799.707279][T29374] kernfs_fop_write_iter+0x1d3/0x2c0 [ 799.712544][T29374] vfs_write+0x71c/0x890 [ 799.716771][T29374] ksys_write+0xe8/0x1a0 [ 799.721081][T29374] __x64_sys_write+0x3e/0x50 [ 799.725652][T29374] do_syscall_64+0x2b/0x70 [ 799.730052][T29374] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 799.735966][T29374] RIP: 0033:0x7f682d3270e9 [ 799.740434][T29374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 799.760152][T29374] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 799.768572][T29374] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 799.776534][T29374] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 799.784636][T29374] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 799.792630][T29374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 799.800629][T29374] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 799.808611][T29374] [ 799.811732][T29374] memory: usage 84kB, limit 0kB, failcnt 6772 [ 799.817787][T29374] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 799.824630][T29374] Memory cgroup stats for /syz0: [ 799.825317][T29374] anon 0 [ 799.825317][T29374] file 53248 [ 799.825317][T29374] kernel 32768 [ 799.825317][T29374] kernel_stack 0 [ 799.825317][T29374] pagetables 0 [ 799.825317][T29374] percpu 0 [ 799.825317][T29374] sock 0 [ 799.825317][T29374] vmalloc 0 [ 799.825317][T29374] shmem 53248 [ 799.825317][T29374] file_mapped 53248 [ 799.825317][T29374] file_dirty 0 [ 799.825317][T29374] file_writeback 0 [ 799.825317][T29374] swapcached 0 [ 799.825317][T29374] inactive_anon 0 [ 799.825317][T29374] active_anon 53248 [ 799.825317][T29374] inactive_file 0 [ 799.825317][T29374] active_file 0 [ 799.825317][T29374] unevictable 0 [ 799.825317][T29374] slab_reclaimable 5808 [ 799.825317][T29374] slab_unreclaimable 18784 [ 799.825317][T29374] slab 24592 [ 799.825317][T29374] workingset_refault_anon 0 [ 799.825317][T29374] workingset_refault_file 7 [ 799.825317][T29374] workingset_activate_anon 0 [ 799.825317][T29374] workingset_activate_file 0 [ 799.917598][T29374] Out of memory and no killable processes... [ 799.924996][T29391] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 799.935208][T29391] CPU: 1 PID: 29391 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 799.946316][T29391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 799.956386][T29391] Call Trace: [ 799.959656][T29391] [ 799.962645][T29391] dump_stack_lvl+0xd6/0x122 [ 799.967244][T29391] dump_stack+0x11/0x12 [ 799.971377][T29391] dump_header+0x98/0x410 [ 799.975683][T29391] out_of_memory+0x65e/0x880 [ 799.980251][T29391] memory_max_write+0x31b/0x420 [ 799.985103][T29391] ? memory_max_show+0x70/0x70 [ 799.989924][T29391] cgroup_file_write+0x167/0x300 [ 799.994846][T29391] ? __check_object_size+0x235/0x380 [ 800.000218][T29391] ? cgroup_seqfile_stop+0x70/0x70 [ 800.005334][T29391] kernfs_fop_write_iter+0x1d3/0x2c0 [ 800.010691][T29391] vfs_write+0x71c/0x890 [ 800.014919][T29391] ksys_write+0xe8/0x1a0 [ 800.019143][T29391] __x64_sys_write+0x3e/0x50 [ 800.023711][T29391] do_syscall_64+0x2b/0x70 [ 800.028181][T29391] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 800.034050][T29391] RIP: 0033:0x7ff0acc260e9 [ 800.038459][T29391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 800.058040][T29391] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 800.066435][T29391] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 800.074386][T29391] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 800.082359][T29391] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 800.090334][T29391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 800.098281][T29391] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 800.106235][T29391] [ 800.109342][T29391] memory: usage 80kB, limit 0kB, failcnt 6772 [ 800.115397][T29391] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 800.122272][T29391] Memory cgroup stats for /syz0: [ 800.123725][T29391] anon 0 [ 800.123725][T29391] file 53248 [ 800.123725][T29391] kernel 28672 [ 800.123725][T29391] kernel_stack 0 [ 800.123725][T29391] pagetables 0 [ 800.123725][T29391] percpu 0 [ 800.123725][T29391] sock 0 [ 800.123725][T29391] vmalloc 0 [ 800.123725][T29391] shmem 53248 [ 800.123725][T29391] file_mapped 53248 [ 800.123725][T29391] file_dirty 0 [ 800.123725][T29391] file_writeback 0 [ 800.123725][T29391] swapcached 0 [ 800.123725][T29391] inactive_anon 0 [ 800.123725][T29391] active_anon 53248 [ 800.123725][T29391] inactive_file 0 [ 800.123725][T29391] active_file 0 [ 800.123725][T29391] unevictable 0 [ 800.123725][T29391] slab_reclaimable 5808 [ 800.123725][T29391] slab_unreclaimable 18544 [ 800.123725][T29391] slab 24352 [ 800.123725][T29391] workingset_refault_anon 0 [ 800.123725][T29391] workingset_refault_file 7 [ 800.123725][T29391] workingset_activate_anon 0 [ 800.123725][T29391] workingset_activate_file 0 [ 800.215866][T29391] Out of memory and no killable processes... 18:43:36 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) link(&(0x7f0000000180)='./file0/file0\x00', &(0x7f00000001c0)='./file1\x00') (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) mount(&(0x7f0000000200)=@loop={'/dev/loop', 0x0}, &(0x7f0000000240)='./file1\x00', &(0x7f00000002c0)='hostfs\x00', 0x0, &(0x7f0000000340)='\x00') (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) (async) mount(&(0x7f0000000000)=ANY=[@ANYBLOB="2f6465762f04003000"], &(0x7f0000000080)='./file0/file0\x00', &(0x7f00000000c0)='efivarfs\x00', 0x80000, &(0x7f0000000100)=')((@}$\x00') 18:43:36 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x1d00, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:36 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) sendmsg$nl_route(r4, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=@ipv4_delrule={0x48, 0x21, 0x400, 0x70bd2b, 0x25dfdbfb, {0x2, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3, 0x11}, [@FRA_SRC={0x8, 0x2, @loopback}, @FRA_FLOW={0x8, 0xb, 0x9}, @FRA_DST={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @FRA_TUN_ID={0xc}, @FRA_FLOW={0x56, 0xb, 0xe3d}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x4008050) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async) dup(r3) (async) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) sendmsg$nl_route(r4, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=@ipv4_delrule={0x48, 0x21, 0x400, 0x70bd2b, 0x25dfdbfb, {0x2, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3, 0x11}, [@FRA_SRC={0x8, 0x2, @loopback}, @FRA_FLOW={0x8, 0xb, 0x9}, @FRA_DST={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @FRA_TUN_ID={0xc}, @FRA_FLOW={0x56, 0xb, 0xe3d}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x4008050) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) (async) 18:43:36 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb000102", 0x8, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:36 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async, rerun: 64) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (rerun: 64) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:43:36 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000002f00)={0x0, 0x0, &(0x7f0000002ec0)={&(0x7f0000001b40)={0x14}, 0x14}}, 0x0) 18:43:36 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_buf(r0, 0x107, 0x6, 0x0, &(0x7f0000000100)) 18:43:36 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) sendmsg(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x80) 18:43:36 executing program 2: r0 = socket$unix(0x1, 0x1, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)=@can, 0x80) [ 800.275371][T29404] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 800.283679][T29403] loop5: detected capacity change from 0 to 1024 [ 800.298561][ T24] audit: type=1400 audit(1651085016.475:351): avc: denied { getopt } for pid=29405 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 800.351195][T29407] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 800.361217][T29407] CPU: 0 PID: 29407 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 800.372231][T29407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 800.382317][T29407] Call Trace: [ 800.385643][T29407] [ 800.388566][T29407] dump_stack_lvl+0xd6/0x122 [ 800.393237][T29407] dump_stack+0x11/0x12 [ 800.397395][T29407] dump_header+0x98/0x410 18:43:36 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00') sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 18:43:36 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x1e00, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 800.401732][T29407] out_of_memory+0x65e/0x880 [ 800.406367][T29407] memory_max_write+0x31b/0x420 [ 800.411224][T29407] ? memory_max_show+0x70/0x70 [ 800.415990][T29407] cgroup_file_write+0x167/0x300 [ 800.420942][T29407] ? __check_object_size+0x235/0x380 [ 800.426230][T29407] ? cgroup_seqfile_stop+0x70/0x70 [ 800.431345][T29407] kernfs_fop_write_iter+0x1d3/0x2c0 [ 800.435648][T29420] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 800.436672][T29407] vfs_write+0x71c/0x890 [ 800.447857][T29407] ksys_write+0xe8/0x1a0 18:43:36 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x2000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 800.452167][T29407] __x64_sys_write+0x3e/0x50 [ 800.456840][T29407] do_syscall_64+0x2b/0x70 [ 800.461262][T29407] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 800.467253][T29407] RIP: 0033:0x7f682d3270e9 [ 800.471712][T29407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 800.491691][T29407] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 800.500108][T29407] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 800.508146][T29407] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 800.516154][T29407] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 800.524151][T29407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 800.532107][T29407] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 800.540071][T29407] [ 800.543179][T29407] memory: usage 72kB, limit 0kB, failcnt 6772 [ 800.549254][T29407] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 800.556096][T29407] Memory cgroup stats for /syz0: [ 800.567758][T29422] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 800.589015][T29407] anon 0 [ 800.589015][T29407] file 53248 [ 800.589015][T29407] kernel 20480 [ 800.589015][T29407] kernel_stack 0 [ 800.589015][T29407] pagetables 0 [ 800.589015][T29407] percpu 0 [ 800.589015][T29407] sock 0 [ 800.589015][T29407] vmalloc 0 [ 800.589015][T29407] shmem 53248 [ 800.589015][T29407] file_mapped 53248 [ 800.589015][T29407] file_dirty 0 [ 800.589015][T29407] file_writeback 0 [ 800.589015][T29407] swapcached 0 [ 800.589015][T29407] inactive_anon 0 [ 800.589015][T29407] active_anon 53248 [ 800.589015][T29407] inactive_file 0 [ 800.589015][T29407] active_file 0 [ 800.589015][T29407] unevictable 0 [ 800.589015][T29407] slab_reclaimable 3056 [ 800.589015][T29407] slab_unreclaimable 14936 [ 800.589015][T29407] slab 17992 [ 800.589015][T29407] workingset_refault_anon 0 [ 800.589015][T29407] workingset_refault_file 7 [ 800.589015][T29407] workingset_activate_anon 0 [ 800.589015][T29407] workingset_activate_file 0 [ 800.676557][T29407] Out of memory and no killable processes... [ 800.698295][T29403] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 801.070528][ T8] device hsr_slave_0 left promiscuous mode [ 801.076642][ T8] device hsr_slave_1 left promiscuous mode [ 801.082976][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 801.090541][ T8] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 801.098196][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 801.105653][ T8] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 801.113883][ T8] device bridge_slave_1 left promiscuous mode [ 801.120120][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 801.127725][ T8] device bridge_slave_0 left promiscuous mode [ 801.133911][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 801.143551][ T8] device veth1_macvtap left promiscuous mode [ 801.149555][ T8] device veth0_macvtap left promiscuous mode [ 801.155544][ T8] device veth1_vlan left promiscuous mode [ 801.161290][ T8] device veth0_vlan left promiscuous mode [ 801.240723][ T8] team0 (unregistering): Port device team_slave_1 removed [ 801.250431][ T8] team0 (unregistering): Port device team_slave_0 removed [ 801.260086][ T8] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 801.270864][ T8] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 801.297937][ T8] bond0 (unregistering): Released all slaves [ 802.111476][T29444] chnl_net:caif_netlink_parms(): no params data found [ 802.141368][T29444] bridge0: port 1(bridge_slave_0) entered blocking state [ 802.148562][T29444] bridge0: port 1(bridge_slave_0) entered disabled state [ 802.156445][T29444] device bridge_slave_0 entered promiscuous mode [ 802.163594][T29444] bridge0: port 2(bridge_slave_1) entered blocking state [ 802.170737][T29444] bridge0: port 2(bridge_slave_1) entered disabled state [ 802.178403][T29444] device bridge_slave_1 entered promiscuous mode [ 802.194090][T29444] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 802.204553][T29444] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 802.222530][T29444] team0: Port device team_slave_0 added [ 802.229870][T29444] team0: Port device team_slave_1 added [ 802.243158][T29444] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 802.250214][T29444] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 802.276191][T29444] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 802.287259][T29444] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 802.294279][T29444] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 802.320188][T29444] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 802.342618][T29444] device hsr_slave_0 entered promiscuous mode [ 802.349091][T29444] device hsr_slave_1 entered promiscuous mode [ 802.355395][T29444] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 802.362946][T29444] Cannot create hsr debugfs directory [ 802.390722][T29444] bridge0: port 2(bridge_slave_1) entered blocking state [ 802.397768][T29444] bridge0: port 2(bridge_slave_1) entered forwarding state [ 802.405075][T29444] bridge0: port 1(bridge_slave_0) entered blocking state [ 802.412172][T29444] bridge0: port 1(bridge_slave_0) entered forwarding state [ 802.439046][T29444] 8021q: adding VLAN 0 to HW filter on device bond0 [ 802.449326][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 802.457791][ T893] bridge0: port 1(bridge_slave_0) entered disabled state [ 802.465779][ T893] bridge0: port 2(bridge_slave_1) entered disabled state [ 802.476749][T29444] 8021q: adding VLAN 0 to HW filter on device team0 [ 802.486921][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 802.495288][ T77] bridge0: port 1(bridge_slave_0) entered blocking state [ 802.502327][ T77] bridge0: port 1(bridge_slave_0) entered forwarding state [ 802.519476][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 802.527841][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 802.534880][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 802.543103][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 802.551834][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 802.562545][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 802.570929][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 802.580870][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 802.591209][T29444] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 802.603319][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 802.610721][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 802.620667][T29444] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 802.697172][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 802.705803][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 802.743488][T29444] device veth0_vlan entered promiscuous mode [ 802.750143][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 802.758206][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 802.767505][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 802.775257][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 802.784505][T29444] device veth1_vlan entered promiscuous mode [ 802.796939][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 802.804798][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 802.812914][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 802.821251][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 802.831086][T29444] device veth0_macvtap entered promiscuous mode [ 802.838805][T29444] device veth1_macvtap entered promiscuous mode [ 802.849291][T29444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 802.859699][T29444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 802.869510][T29444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 802.879975][T29444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 802.889783][T29444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 802.900227][T29444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 802.910039][T29444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 802.920464][T29444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 802.930286][T29444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 802.940745][T29444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 802.951676][T29444] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 802.960437][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 802.968878][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 802.976894][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 802.986354][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 802.995859][T29444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 803.006476][T29444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.016283][T29444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 803.026705][T29444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.036500][T29444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 803.046909][T29444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.056711][T29444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 803.067111][T29444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 803.076928][T29444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 803.087328][T29444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 18:43:39 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) recvmsg$can_j1939(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)=@xdp, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)=""/199, 0xc7}, {&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000001340)=""/119, 0x77}, {&(0x7f00000013c0)=""/246, 0xf6}], 0x4, &(0x7f0000000100)=""/46, 0x2e}, 0x40000020) 18:43:39 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async, rerun: 32) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async, rerun: 32) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:43:39 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='stat\x00') openat$cgroup_subtree(r0, &(0x7f0000000040), 0x2, 0x0) 18:43:39 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) sendmsg$nl_route(r4, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=@ipv4_delrule={0x48, 0x21, 0x400, 0x70bd2b, 0x25dfdbfb, {0x2, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3, 0x11}, [@FRA_SRC={0x8, 0x2, @loopback}, @FRA_FLOW={0x8, 0xb, 0x9}, @FRA_DST={0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, @FRA_TUN_ID={0xc}, @FRA_FLOW={0x56, 0xb, 0xe3d}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x4008050) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:43:39 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb000102", 0x8, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) [ 803.099632][T29444] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 803.107475][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 803.116171][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 18:43:39 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x2500, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:39 executing program 1: r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x3, 0x0, {0x0, r0}}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_WRITE_FIXED={0x5, 0x4, 0x4007, @fd_index=0x9, 0x40, 0x200, 0x2, 0x9, 0x1, {0x1}}, 0x8) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup(r2, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(r1, 0xc0189371, &(0x7f0000000300)=ANY=[@ANYBLOB="0117000001ddff001819ee00", @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00']) perf_event_open$cgroup(&(0x7f0000000240)={0x2, 0x80, 0x3, 0x4, 0x3, 0x7, 0x0, 0x2, 0x20, 0x4, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x5, 0x860cf586d5a50c55, @perf_bp={&(0x7f0000000100), 0x6}, 0x1104d, 0x0, 0x8000, 0x4, 0x4, 0x8, 0xce, 0x0, 0x8001, 0x0, 0x7fffffffffffffff}, r5, 0x7, r6, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) fcntl$getownex(r3, 0x10, &(0x7f00000000c0)) write$cgroup_int(r4, &(0x7f0000000080), 0x12) pipe2$9p(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) sendfile(r7, r5, &(0x7f0000000380), 0x80000000) 18:43:39 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) perf_event_open$cgroup(&(0x7f0000000240)={0x2, 0x80, 0x2, 0xa, 0x1f, 0x1, 0x0, 0x0, 0x80000, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000000c0), 0x1}, 0x18241, 0x10001, 0x10000, 0x1, 0x401, 0x7, 0xfff, 0x0, 0xd9, 0x0, 0x20}, r4, 0x8, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:43:39 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='oom_score_adj\x00') ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, 0x0) 18:43:39 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x4800, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 803.165215][T29493] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 803.165248][T29494] loop5: detected capacity change from 0 to 1024 [ 803.223251][T29444] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 803.233215][T29444] CPU: 1 PID: 29444 Comm: syz-executor.0 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 803.239500][T29510] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 803.244234][T29444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 803.244248][T29444] Call Trace: [ 803.244253][T29444] [ 803.244259][T29444] dump_stack_lvl+0xd6/0x122 [ 803.244286][T29444] dump_stack+0x11/0x12 [ 803.244377][T29444] dump_header+0x98/0x410 [ 803.244398][T29444] oom_kill_process+0xfe/0x550 [ 803.244457][T29444] out_of_memory+0x620/0x880 [ 803.244478][T29444] mem_cgroup_oom+0x475/0x4f0 [ 803.244504][T29444] try_charge_memcg+0x746/0x960 [ 803.299473][T29444] ? avc_has_perm_noaudit+0x1c0/0x270 [ 803.304844][T29444] obj_cgroup_charge+0x171/0x2b0 [ 803.309768][T29444] memcg_slab_pre_alloc_hook+0xf7/0x170 [ 803.315297][T29444] ? sock_alloc_inode+0x2d/0xa0 [ 803.320140][T29444] kmem_cache_alloc_lru+0x76/0x2b0 [ 803.325234][T29444] sock_alloc_inode+0x2d/0xa0 [ 803.329897][T29444] ? sockfs_init_fs_context+0x70/0x70 [ 803.335256][T29444] alloc_inode+0x38/0x150 [ 803.339568][T29444] new_inode_pseudo+0x13/0x90 [ 803.344259][T29444] __sock_create+0x122/0x4e0 [ 803.348858][T29444] __sys_socket+0xb8/0x200 [ 803.353259][T29444] __x64_sys_socket+0x3b/0x50 [ 803.357924][T29444] do_syscall_64+0x2b/0x70 [ 803.362373][T29444] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 803.368324][T29444] RIP: 0033:0x7f40e97d1767 [ 803.372723][T29444] Code: f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 803.392313][T29444] RSP: 002b:00007ffe70fa6be8 EFLAGS: 00000206 ORIG_RAX: 0000000000000029 [ 803.400706][T29444] RAX: ffffffffffffffda RBX: 00007ffe70fa7350 RCX: 00007f40e97d1767 [ 803.408662][T29444] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000002 18:43:39 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async, rerun: 64) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) (rerun: 64) recvmsg$can_j1939(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)=@xdp, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)=""/199, 0xc7}, {&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000001340)=""/119, 0x77}, {&(0x7f00000013c0)=""/246, 0xf6}], 0x4, &(0x7f0000000100)=""/46, 0x2e}, 0x40000020) 18:43:39 executing program 2: getrusage(0x9c95ca5f3091bf31, 0x0) 18:43:39 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='cgroup.controllers\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40086607, &(0x7f0000000640)=0x3) 18:43:39 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x4c00, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 803.416617][T29444] RBP: 0000000000000003 R08: 0000000000000000 R09: 00007ffe70fa7160 [ 803.424727][T29444] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000032 [ 803.432677][T29444] R13: 00000000000c41bb R14: 0000000000000004 R15: 00007ffe70fa7390 [ 803.440704][T29444] [ 803.443744][T29444] memory: usage 160kB, limit 0kB, failcnt 6791 [ 803.450057][T29444] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 803.456893][T29444] Memory cgroup stats for /syz0: [ 803.462088][T29518] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 18:43:39 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000240), 0x10) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) 18:43:39 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x6000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 803.469908][T29494] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 803.483641][T29444] anon 45056 [ 803.483641][T29444] file 53248 [ 803.483641][T29444] kernel 40960 [ 803.483641][T29444] kernel_stack 0 [ 803.483641][T29444] pagetables 8192 [ 803.483641][T29444] percpu 0 [ 803.483641][T29444] sock 0 [ 803.483641][T29444] vmalloc 0 [ 803.483641][T29444] shmem 53248 [ 803.483641][T29444] file_mapped 53248 [ 803.483641][T29444] file_dirty 0 [ 803.483641][T29444] file_writeback 0 [ 803.483641][T29444] swapcached 0 [ 803.483641][T29444] inactive_anon 45056 [ 803.483641][T29444] active_anon 53248 [ 803.483641][T29444] inactive_file 0 [ 803.483641][T29444] active_file 0 [ 803.483641][T29444] unevictable 0 [ 803.483641][T29444] slab_reclaimable 4232 [ 803.483641][T29444] slab_unreclaimable 18456 [ 803.483641][T29444] slab 22688 [ 803.483641][T29444] workingset_refault_anon 0 [ 803.483641][T29444] workingset_refault_file 7 [ 803.483641][T29444] workingset_activate_anon 0 [ 803.483641][T29444] workingset_activate_file 0 18:43:39 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:39 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x620e, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 803.571799][T29444] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=29444,uid=0 [ 803.587169][T29444] Memory cgroup out of memory: Killed process 29444 (syz-executor.0) total-vm:42336kB, anon-rss:360kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:0 [ 803.591610][T29528] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 803.630274][T29444] socket: no more sockets [ 803.644866][T29530] loop5: detected capacity change from 0 to 1024 [ 803.649730][T29503] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 803.661142][T29503] CPU: 0 PID: 29503 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 803.670404][T29530] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 803.672209][T29503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 803.672222][T29503] Call Trace: [ 803.672229][T29503] [ 803.672236][T29503] dump_stack_lvl+0xd6/0x122 [ 803.692586][T29530] EXT4-fs error (device loop5): ext4_readdir:260: inode #2: block 16: comm syz-executor.5: path /root/syzkaller-testdir4040724179/syzkaller.OXr2Xx/806/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 803.694348][T29503] dump_stack+0x11/0x12 [ 803.694406][T29503] dump_header+0x98/0x410 [ 803.735301][T29503] out_of_memory+0x65e/0x880 [ 803.739957][T29503] memory_max_write+0x31b/0x420 [ 803.744840][T29503] ? memory_max_show+0x70/0x70 [ 803.749683][T29503] cgroup_file_write+0x167/0x300 [ 803.754741][T29503] ? __check_object_size+0x235/0x380 [ 803.760049][T29503] ? cgroup_seqfile_stop+0x70/0x70 [ 803.765210][T29503] kernfs_fop_write_iter+0x1d3/0x2c0 [ 803.770703][T29503] vfs_write+0x71c/0x890 [ 803.774925][T29503] ksys_write+0xe8/0x1a0 [ 803.779207][T29503] __x64_sys_write+0x3e/0x50 [ 803.783792][T29503] do_syscall_64+0x2b/0x70 [ 803.788252][T29503] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 803.794135][T29503] RIP: 0033:0x7f682d3270e9 [ 803.798539][T29503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 803.818139][T29503] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 803.826543][T29503] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 803.834665][T29503] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 803.842672][T29503] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 803.850621][T29503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 803.859045][T29503] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 803.867014][T29503] [ 803.870126][T29503] memory: usage 80kB, limit 0kB, failcnt 6808 [ 803.876256][T29503] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 803.883148][T29503] Memory cgroup stats for /syz0: [ 803.883803][T29503] anon 0 [ 803.883803][T29503] file 53248 [ 803.883803][T29503] kernel 28672 [ 803.883803][T29503] kernel_stack 0 [ 803.883803][T29503] pagetables 0 [ 803.883803][T29503] percpu 0 [ 803.883803][T29503] sock 0 [ 803.883803][T29503] vmalloc 0 [ 803.883803][T29503] shmem 53248 [ 803.883803][T29503] file_mapped 53248 [ 803.883803][T29503] file_dirty 0 [ 803.883803][T29503] file_writeback 0 [ 803.883803][T29503] swapcached 0 [ 803.883803][T29503] inactive_anon 0 [ 803.883803][T29503] active_anon 53248 [ 803.883803][T29503] inactive_file 0 [ 803.883803][T29503] active_file 0 [ 803.883803][T29503] unevictable 0 [ 803.883803][T29503] slab_reclaimable 4232 [ 803.883803][T29503] slab_unreclaimable 18216 [ 803.883803][T29503] slab 22448 [ 803.883803][T29503] workingset_refault_anon 0 [ 803.883803][T29503] workingset_refault_file 7 [ 803.883803][T29503] workingset_activate_anon 0 [ 803.883803][T29503] workingset_activate_file 0 [ 803.975873][T29503] Out of memory and no killable processes... [ 803.982455][T29505] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 803.992706][T29505] CPU: 1 PID: 29505 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 804.003744][T29505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 804.013781][T29505] Call Trace: [ 804.017037][T29505] [ 804.019954][T29505] dump_stack_lvl+0xd6/0x122 [ 804.024577][T29505] dump_stack+0x11/0x12 [ 804.028737][T29505] dump_header+0x98/0x410 [ 804.033105][T29505] out_of_memory+0x65e/0x880 [ 804.037748][T29505] memory_max_write+0x31b/0x420 [ 804.042584][T29505] ? memory_max_show+0x70/0x70 [ 804.047334][T29505] cgroup_file_write+0x167/0x300 [ 804.052349][T29505] ? __check_object_size+0x235/0x380 [ 804.057636][T29505] ? cgroup_seqfile_stop+0x70/0x70 [ 804.062783][T29505] kernfs_fop_write_iter+0x1d3/0x2c0 [ 804.068049][T29505] vfs_write+0x71c/0x890 [ 804.072298][T29505] ksys_write+0xe8/0x1a0 [ 804.076518][T29505] __x64_sys_write+0x3e/0x50 [ 804.081165][T29505] do_syscall_64+0x2b/0x70 [ 804.085563][T29505] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 804.091441][T29505] RIP: 0033:0x7ff0acc260e9 [ 804.095920][T29505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 804.115541][T29505] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 804.123930][T29505] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 804.131953][T29505] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 804.139964][T29505] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 804.147947][T29505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 804.155895][T29505] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 804.163871][T29505] [ 804.166933][T29505] memory: usage 80kB, limit 0kB, failcnt 6808 [ 804.173022][T29505] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 804.179961][T29505] Memory cgroup stats for /syz0: [ 804.182218][T29505] anon 0 [ 804.182218][T29505] file 53248 [ 804.182218][T29505] kernel 28672 [ 804.182218][T29505] kernel_stack 0 [ 804.182218][T29505] pagetables 0 [ 804.182218][T29505] percpu 0 [ 804.182218][T29505] sock 0 [ 804.182218][T29505] vmalloc 0 [ 804.182218][T29505] shmem 53248 [ 804.182218][T29505] file_mapped 53248 [ 804.182218][T29505] file_dirty 0 [ 804.182218][T29505] file_writeback 0 [ 804.182218][T29505] swapcached 0 [ 804.182218][T29505] inactive_anon 0 18:43:40 executing program 1: r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x3, 0x0, {0x0, r0}}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_WRITE_FIXED={0x5, 0x4, 0x4007, @fd_index=0x9, 0x40, 0x200, 0x2, 0x9, 0x1, {0x1}}, 0x8) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup(r2, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(r1, 0xc0189371, &(0x7f0000000300)=ANY=[@ANYBLOB="0117000001ddff001819ee00", @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00']) perf_event_open$cgroup(&(0x7f0000000240)={0x2, 0x80, 0x3, 0x4, 0x3, 0x7, 0x0, 0x2, 0x20, 0x4, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x5, 0x860cf586d5a50c55, @perf_bp={&(0x7f0000000100), 0x6}, 0x1104d, 0x0, 0x8000, 0x4, 0x4, 0x8, 0xce, 0x0, 0x8001, 0x0, 0x7fffffffffffffff}, r5, 0x7, r6, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) fcntl$getownex(r3, 0x10, &(0x7f00000000c0)) write$cgroup_int(r4, &(0x7f0000000080), 0x12) pipe2$9p(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) sendfile(r7, r5, &(0x7f0000000380), 0x80000000) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) (async) syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x3, 0x0, {0x0, r0}}, 0x0) (async) syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_WRITE_FIXED={0x5, 0x4, 0x4007, @fd_index=0x9, 0x40, 0x200, 0x2, 0x9, 0x1, {0x1}}, 0x8) (async) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r2, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r3, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) (async) ioctl$AUTOFS_DEV_IOCTL_VERSION(r1, 0xc0189371, &(0x7f0000000300)=ANY=[@ANYBLOB="0117000001ddff001819ee00", @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00']) (async) perf_event_open$cgroup(&(0x7f0000000240)={0x2, 0x80, 0x3, 0x4, 0x3, 0x7, 0x0, 0x2, 0x20, 0x4, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x5, 0x860cf586d5a50c55, @perf_bp={&(0x7f0000000100), 0x6}, 0x1104d, 0x0, 0x8000, 0x4, 0x4, 0x8, 0xce, 0x0, 0x8001, 0x0, 0x7fffffffffffffff}, r5, 0x7, r6, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) fcntl$getownex(r3, 0x10, &(0x7f00000000c0)) (async) write$cgroup_int(r4, &(0x7f0000000080), 0x12) (async) pipe2$9p(&(0x7f0000000340), 0x800) (async) sendfile(r7, r5, &(0x7f0000000380), 0x80000000) (async) 18:43:40 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x6800, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:40 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:40 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5531, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x10}, [@ldst={0x3, 0x0, 0x6}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={0x0, r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x0, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, [@jmp={0x5, 0x1, 0x4, 0x0, 0x0, 0xfffffffffffffff8, 0x1}, @generic={0xcd, 0x9, 0x5, 0x1000}]}, 0x0, 0x4, 0x99, &(0x7f0000000280)=""/153, 0x0, 0x0, '\x00', 0x0, 0x20, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x9}, 0x8, 0x10, &(0x7f0000000600)={0x0, 0xf, 0x0, 0x3}, 0x10, 0xffffffffffffffff, r0}, 0x80) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='cgroup.controllers\x00', 0x26e1, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000000c0)={[{0x5a, 'io'}, {0x0, 'cpuacct'}]}, 0xd) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) close(0xffffffffffffffff) [ 804.182218][T29505] active_anon 53248 [ 804.182218][T29505] inactive_file 0 [ 804.182218][T29505] active_file 0 [ 804.182218][T29505] unevictable 0 [ 804.182218][T29505] slab_reclaimable 4232 [ 804.182218][T29505] slab_unreclaimable 18216 [ 804.182218][T29505] slab 22448 [ 804.182218][T29505] workingset_refault_anon 0 [ 804.182218][T29505] workingset_refault_file 7 [ 804.182218][T29505] workingset_activate_anon 0 [ 804.182218][T29505] workingset_activate_file 0 [ 804.274468][T29505] Out of memory and no killable processes... [ 804.306270][T29537] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 804.315590][T29536] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 804.325784][T29536] CPU: 1 PID: 29536 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 804.336390][T29540] loop5: detected capacity change from 0 to 1024 [ 804.336817][T29536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 804.353159][T29536] Call Trace: [ 804.356428][T29536] [ 804.359386][T29536] dump_stack_lvl+0xd6/0x122 [ 804.364021][T29536] dump_stack+0x11/0x12 [ 804.368162][T29536] dump_header+0x98/0x410 [ 804.372477][T29536] out_of_memory+0x65e/0x880 [ 804.377054][T29536] memory_max_write+0x31b/0x420 [ 804.381960][T29536] ? memory_max_show+0x70/0x70 [ 804.386720][T29536] cgroup_file_write+0x167/0x300 [ 804.391649][T29536] ? __check_object_size+0x235/0x380 [ 804.396920][T29536] ? cgroup_seqfile_stop+0x70/0x70 [ 804.402018][T29536] kernfs_fop_write_iter+0x1d3/0x2c0 [ 804.407410][T29536] vfs_write+0x71c/0x890 [ 804.411640][T29536] ksys_write+0xe8/0x1a0 [ 804.415872][T29536] __x64_sys_write+0x3e/0x50 [ 804.420452][T29536] do_syscall_64+0x2b/0x70 [ 804.424861][T29536] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 804.430799][T29536] RIP: 0033:0x7ff0acc260e9 [ 804.435195][T29536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 804.454930][T29536] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 804.463389][T29536] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 804.471346][T29536] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 804.479364][T29536] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 804.487317][T29536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 804.495268][T29536] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 804.503252][T29536] [ 804.506404][T29536] memory: usage 80kB, limit 0kB, failcnt 6808 [ 804.512556][T29536] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 804.519416][T29536] Memory cgroup stats for /syz0: [ 804.523677][T29536] anon 0 [ 804.523677][T29536] file 53248 [ 804.523677][T29536] kernel 28672 [ 804.523677][T29536] kernel_stack 0 [ 804.523677][T29536] pagetables 0 [ 804.523677][T29536] percpu 0 [ 804.523677][T29536] sock 0 [ 804.523677][T29536] vmalloc 0 [ 804.523677][T29536] shmem 53248 [ 804.523677][T29536] file_mapped 53248 [ 804.523677][T29536] file_dirty 0 [ 804.523677][T29536] file_writeback 0 [ 804.523677][T29536] swapcached 0 [ 804.523677][T29536] inactive_anon 0 [ 804.523677][T29536] active_anon 53248 [ 804.523677][T29536] inactive_file 0 [ 804.523677][T29536] active_file 0 [ 804.523677][T29536] unevictable 0 [ 804.523677][T29536] slab_reclaimable 4232 [ 804.523677][T29536] slab_unreclaimable 18216 [ 804.523677][T29536] slab 22448 [ 804.523677][T29536] workingset_refault_anon 0 [ 804.523677][T29536] workingset_refault_file 7 18:43:40 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async, rerun: 64) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) (async, rerun: 64) recvmsg$can_j1939(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)=@xdp, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)=""/199, 0xc7}, {&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000001340)=""/119, 0x77}, {&(0x7f00000013c0)=""/246, 0xf6}], 0x4, &(0x7f0000000100)=""/46, 0x2e}, 0x40000020) 18:43:40 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async, rerun: 32) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (rerun: 32) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) perf_event_open$cgroup(&(0x7f0000000240)={0x2, 0x80, 0x2, 0xa, 0x1f, 0x1, 0x0, 0x0, 0x80000, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000000c0), 0x1}, 0x18241, 0x10001, 0x10000, 0x1, 0x401, 0x7, 0xfff, 0x0, 0xd9, 0x0, 0x20}, r4, 0x8, 0xffffffffffffffff, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:43:40 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x6c00, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:40 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_clone(0xa4400, &(0x7f0000000340), 0x0, 0x0, 0x0, 0x0) 18:43:40 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='ubifs\x00', 0x80008, 0x0) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='anon_inodefs\x00', 0x2033, &(0x7f0000000100)='.\\\x00') listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 804.523677][T29536] workingset_activate_anon 0 [ 804.523677][T29536] workingset_activate_file 0 [ 804.615814][T29536] Out of memory and no killable processes... [ 804.621679][T29540] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. 18:43:40 executing program 1: r0 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x3, 0x0, {0x0, r0}}, 0x0) (async) syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_WRITE_FIXED={0x5, 0x4, 0x4007, @fd_index=0x9, 0x40, 0x200, 0x2, 0x9, 0x1, {0x1}}, 0x8) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) r1 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup(r2, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) (async) ioctl$AUTOFS_DEV_IOCTL_VERSION(r1, 0xc0189371, &(0x7f0000000300)=ANY=[@ANYBLOB="0117000001ddff001819ee00", @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00']) perf_event_open$cgroup(&(0x7f0000000240)={0x2, 0x80, 0x3, 0x4, 0x3, 0x7, 0x0, 0x2, 0x20, 0x4, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x5, 0x860cf586d5a50c55, @perf_bp={&(0x7f0000000100), 0x6}, 0x1104d, 0x0, 0x8000, 0x4, 0x4, 0x8, 0xce, 0x0, 0x8001, 0x0, 0x7fffffffffffffff}, r5, 0x7, r6, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) fcntl$getownex(r3, 0x10, &(0x7f00000000c0)) (async) write$cgroup_int(r4, &(0x7f0000000080), 0x12) (async) pipe2$9p(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) sendfile(r7, r5, &(0x7f0000000380), 0x80000000) 18:43:40 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:40 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x7400, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 804.661178][T29567] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 18:43:40 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) lsetxattr$security_ima(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000100), &(0x7f0000000240)=ANY=[@ANYBLOB="05010600000fff00df9c36858f0fe75264be5857db275f1fa6fc9cba8bdb636d1a95216c415954500cff23c218f315daefa06d7f1e0d76218fc7da3bf11926d3f4a588978de136e22a074d960bfaf1f0ec101e15b35e88f2b063c4ff947a2b4e643a3ec36892da028b6b4eb295f707fb0cbb5a80bcd00d8b2445c02265ba89c562c6e91d70b16f8ee9424f86b6df9d3466f92719177af959d4364c9368900c7f7c7da70ed993a14fff100f3162673cb04d3dc25a99a56e45d836d2f0e580c5f9462c6873973593498f774d1f5bd5b4312a2091ee27f111815a264d"], 0xe8, 0x1) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x40140, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) memfd_secret(0x80000) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(r3, 0xf, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) sched_getattr(r3, &(0x7f0000000340)={0x38}, 0x38, 0x0) write$cgroup_int(r2, &(0x7f0000000080)=0x9, 0x12) 18:43:40 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) perf_event_open$cgroup(&(0x7f0000000240)={0x2, 0x80, 0x2, 0xa, 0x1f, 0x1, 0x0, 0x0, 0x80000, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000000c0), 0x1}, 0x18241, 0x10001, 0x10000, 0x1, 0x401, 0x7, 0xfff, 0x0, 0xd9, 0x0, 0x20}, r4, 0x8, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async) dup(r3) (async) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) perf_event_open$cgroup(&(0x7f0000000240)={0x2, 0x80, 0x2, 0xa, 0x1f, 0x1, 0x0, 0x0, 0x80000, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f00000000c0), 0x1}, 0x18241, 0x10001, 0x10000, 0x1, 0x401, 0x7, 0xfff, 0x0, 0xd9, 0x0, 0x20}, r4, 0x8, 0xffffffffffffffff, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) (async) [ 804.704494][T29581] loop5: detected capacity change from 0 to 1024 [ 804.719916][T29583] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 804.734603][T29585] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 804.744636][T29585] CPU: 0 PID: 29585 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 804.755721][T29585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 804.765893][T29585] Call Trace: [ 804.769194][T29585] [ 804.772116][T29585] dump_stack_lvl+0xd6/0x122 [ 804.776742][T29585] dump_stack+0x11/0x12 [ 804.780905][T29585] dump_header+0x98/0x410 [ 804.785231][T29585] out_of_memory+0x65e/0x880 [ 804.789822][T29585] memory_max_write+0x31b/0x420 [ 804.794709][T29585] ? memory_max_show+0x70/0x70 [ 804.799541][T29585] cgroup_file_write+0x167/0x300 18:43:40 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x7a05, 0x1700) socketpair$nbd(0x1, 0x1, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0) openat$cgroup_subtree(r0, &(0x7f0000000040), 0x2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f00000003c0)='memory.high\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='io.stat\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='cpuacct.usage_user\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x600000}, 0x3000, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) close(0xffffffffffffffff) write$cgroup_int(r2, 0x0, 0x0) [ 804.804595][T29585] ? __check_object_size+0x235/0x380 [ 804.809877][T29585] ? cgroup_seqfile_stop+0x70/0x70 [ 804.814991][T29585] kernfs_fop_write_iter+0x1d3/0x2c0 [ 804.820330][T29585] vfs_write+0x71c/0x890 [ 804.824781][T29585] ksys_write+0xe8/0x1a0 [ 804.829042][T29585] __x64_sys_write+0x3e/0x50 [ 804.833657][T29585] do_syscall_64+0x2b/0x70 [ 804.838075][T29585] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 804.843970][T29585] RIP: 0033:0x7f682d3270e9 [ 804.848372][T29585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 804.867975][T29585] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 804.876412][T29585] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 804.884380][T29585] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 804.892363][T29585] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 804.900345][T29585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 804.908433][T29585] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 804.916476][T29585] [ 804.919531][T29585] memory: usage 72kB, limit 0kB, failcnt 6808 [ 804.925586][T29585] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 804.932541][T29585] Memory cgroup stats for /syz0: [ 804.944247][T29585] anon 0 [ 804.944247][T29585] file 53248 [ 804.944247][T29585] kernel 20480 [ 804.944247][T29585] kernel_stack 0 [ 804.944247][T29585] pagetables 0 [ 804.944247][T29585] percpu 0 [ 804.944247][T29585] sock 0 [ 804.944247][T29585] vmalloc 0 [ 804.944247][T29585] shmem 53248 [ 804.944247][T29585] file_mapped 53248 [ 804.944247][T29585] file_dirty 0 [ 804.944247][T29585] file_writeback 0 [ 804.944247][T29585] swapcached 0 [ 804.944247][T29585] inactive_anon 0 [ 804.944247][T29585] active_anon 53248 [ 804.944247][T29585] inactive_file 0 [ 804.944247][T29585] active_file 0 18:43:41 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x7a00, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:41 executing program 2: socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8970, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc87,\x00\xd2\x97\x04\x03\xdc\r') [ 804.944247][T29585] unevictable 0 [ 804.944247][T29585] slab_reclaimable 3056 [ 804.944247][T29585] slab_unreclaimable 14936 [ 804.944247][T29585] slab 17992 [ 804.944247][T29585] workingset_refault_anon 0 [ 804.944247][T29585] workingset_refault_file 7 [ 804.944247][T29585] workingset_activate_anon 0 [ 804.944247][T29585] workingset_activate_file 0 [ 804.946296][T29581] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 804.949248][T29585] Out of memory and no killable processes... 18:43:41 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:43:41 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) lsetxattr$security_ima(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000100), &(0x7f0000000240)=ANY=[@ANYBLOB="05010600000fff00df9c36858f0fe75264be5857db275f1fa6fc9cba8bdb636d1a95216c415954500cff23c218f315daefa06d7f1e0d76218fc7da3bf11926d3f4a588978de136e22a074d960bfaf1f0ec101e15b35e88f2b063c4ff947a2b4e643a3ec36892da028b6b4eb295f707fb0cbb5a80bcd00d8b2445c02265ba89c562c6e91d70b16f8ee9424f86b6df9d3466f92719177af959d4364c9368900c7f7c7da70ed993a14fff100f3162673cb04d3dc25a99a56e45d836d2f0e580c5f9462c6873973593498f774d1f5bd5b4312a2091ee27f111815a264d"], 0xe8, 0x1) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x40140, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) memfd_secret(0x80000) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(r3, 0xf, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) sched_getattr(r3, &(0x7f0000000340)={0x38}, 0x38, 0x0) write$cgroup_int(r2, &(0x7f0000000080)=0x9, 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) lsetxattr$security_ima(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000100), &(0x7f0000000240)=ANY=[@ANYBLOB="05010600000fff00df9c36858f0fe75264be5857db275f1fa6fc9cba8bdb636d1a95216c415954500cff23c218f315daefa06d7f1e0d76218fc7da3bf11926d3f4a588978de136e22a074d960bfaf1f0ec101e15b35e88f2b063c4ff947a2b4e643a3ec36892da028b6b4eb295f707fb0cbb5a80bcd00d8b2445c02265ba89c562c6e91d70b16f8ee9424f86b6df9d3466f92719177af959d4364c9368900c7f7c7da70ed993a14fff100f3162673cb04d3dc25a99a56e45d836d2f0e580c5f9462c6873973593498f774d1f5bd5b4312a2091ee27f111815a264d"], 0xe8, 0x1) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x40140, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) memfd_secret(0x80000) (async) openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(r3, 0xf, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) sched_getattr(r3, &(0x7f0000000340)={0x38}, 0x38, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080)=0x9, 0x12) (async) 18:43:41 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) (async) openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) (async) [ 805.060892][T29612] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 805.108459][T29615] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 805.118746][T29615] CPU: 1 PID: 29615 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 805.129773][T29615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 805.139884][T29615] Call Trace: [ 805.143158][T29615] [ 805.146081][T29615] dump_stack_lvl+0xd6/0x122 [ 805.150741][T29615] dump_stack+0x11/0x12 [ 805.154932][T29615] dump_header+0x98/0x410 [ 805.159259][T29615] out_of_memory+0x65e/0x880 [ 805.163851][T29615] memory_max_write+0x31b/0x420 [ 805.168723][T29615] ? memory_max_show+0x70/0x70 [ 805.173551][T29615] cgroup_file_write+0x167/0x300 [ 805.178548][T29615] ? __check_object_size+0x235/0x380 [ 805.183831][T29615] ? cgroup_seqfile_stop+0x70/0x70 [ 805.188942][T29615] kernfs_fop_write_iter+0x1d3/0x2c0 [ 805.194232][T29615] vfs_write+0x71c/0x890 [ 805.198550][T29615] ksys_write+0xe8/0x1a0 [ 805.202880][T29615] __x64_sys_write+0x3e/0x50 [ 805.207604][T29615] do_syscall_64+0x2b/0x70 [ 805.212031][T29615] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 805.217961][T29615] RIP: 0033:0x7ff0acc260e9 [ 805.222367][T29615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 805.242050][T29615] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 805.250482][T29615] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 805.258447][T29615] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 805.266517][T29615] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 805.274485][T29615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 805.282516][T29615] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 805.290642][T29615] [ 805.293813][T29615] memory: usage 72kB, limit 0kB, failcnt 6808 [ 805.299886][T29615] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 805.306796][T29615] Memory cgroup stats for /syz0: [ 805.316027][T29615] anon 0 [ 805.316027][T29615] file 53248 [ 805.316027][T29615] kernel 20480 [ 805.316027][T29615] kernel_stack 0 [ 805.316027][T29615] pagetables 0 [ 805.316027][T29615] percpu 0 [ 805.316027][T29615] sock 0 [ 805.316027][T29615] vmalloc 0 [ 805.316027][T29615] shmem 53248 [ 805.316027][T29615] file_mapped 53248 [ 805.316027][T29615] file_dirty 0 [ 805.316027][T29615] file_writeback 0 [ 805.316027][T29615] swapcached 0 [ 805.316027][T29615] inactive_anon 0 [ 805.316027][T29615] active_anon 53248 [ 805.316027][T29615] inactive_file 0 [ 805.316027][T29615] active_file 0 [ 805.316027][T29615] unevictable 0 [ 805.316027][T29615] slab_reclaimable 3056 [ 805.316027][T29615] slab_unreclaimable 14936 [ 805.316027][T29615] slab 17992 [ 805.316027][T29615] workingset_refault_anon 0 [ 805.316027][T29615] workingset_refault_file 7 [ 805.316027][T29615] workingset_activate_anon 0 [ 805.316027][T29615] workingset_activate_file 0 [ 805.408170][T29615] Out of memory and no killable processes... [ 805.710610][T16177] device hsr_slave_0 left promiscuous mode [ 805.716651][T16177] device hsr_slave_1 left promiscuous mode [ 805.722983][T16177] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 805.730397][T16177] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 805.737890][T16177] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 805.745396][T16177] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 805.753737][T16177] device bridge_slave_1 left promiscuous mode [ 805.759884][T16177] bridge0: port 2(bridge_slave_1) entered disabled state [ 805.767368][T16177] device bridge_slave_0 left promiscuous mode [ 805.773783][T16177] bridge0: port 1(bridge_slave_0) entered disabled state [ 805.783931][T16177] device veth1_macvtap left promiscuous mode [ 805.789943][T16177] device veth0_macvtap left promiscuous mode [ 805.795924][T16177] device veth1_vlan left promiscuous mode [ 805.801688][T16177] device veth0_vlan left promiscuous mode [ 805.884625][T16177] team0 (unregistering): Port device team_slave_1 removed [ 805.894132][T16177] team0 (unregistering): Port device team_slave_0 removed [ 805.903960][T16177] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 805.915319][T16177] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 805.943859][T16177] bond0 (unregistering): Released all slaves [ 806.549042][T29648] chnl_net:caif_netlink_parms(): no params data found [ 806.577749][T29648] bridge0: port 1(bridge_slave_0) entered blocking state [ 806.585002][T29648] bridge0: port 1(bridge_slave_0) entered disabled state [ 806.592935][T29648] device bridge_slave_0 entered promiscuous mode [ 806.600615][T29648] bridge0: port 2(bridge_slave_1) entered blocking state [ 806.607672][T29648] bridge0: port 2(bridge_slave_1) entered disabled state [ 806.615140][T29648] device bridge_slave_1 entered promiscuous mode [ 806.631086][T29648] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 806.640957][T29648] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 806.657527][T29648] team0: Port device team_slave_0 added [ 806.663792][T29648] team0: Port device team_slave_1 added [ 806.676827][T29648] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 806.683781][T29648] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 806.709743][T29648] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 806.720923][T29648] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 806.727842][T29648] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 806.753821][T29648] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 806.775319][T29648] device hsr_slave_0 entered promiscuous mode [ 806.781741][T29648] device hsr_slave_1 entered promiscuous mode [ 806.788002][T29648] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 806.795576][T29648] Cannot create hsr debugfs directory [ 806.823387][T29648] bridge0: port 2(bridge_slave_1) entered blocking state [ 806.830487][T29648] bridge0: port 2(bridge_slave_1) entered forwarding state [ 806.837690][T29648] bridge0: port 1(bridge_slave_0) entered blocking state [ 806.844720][T29648] bridge0: port 1(bridge_slave_0) entered forwarding state [ 806.872207][T29648] 8021q: adding VLAN 0 to HW filter on device bond0 [ 806.882550][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 806.890961][ T1918] bridge0: port 1(bridge_slave_0) entered disabled state [ 806.899612][ T1918] bridge0: port 2(bridge_slave_1) entered disabled state [ 806.910781][T29648] 8021q: adding VLAN 0 to HW filter on device team0 [ 806.920227][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 806.928578][ T893] bridge0: port 1(bridge_slave_0) entered blocking state [ 806.935601][ T893] bridge0: port 1(bridge_slave_0) entered forwarding state [ 806.945064][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 806.954090][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 806.961125][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 806.977299][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 806.986051][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 806.999763][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 807.008059][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 807.016711][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 807.024883][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 807.033227][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 807.041410][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 807.050941][T29648] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 807.062831][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 807.070169][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 807.080201][T29648] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 807.156424][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 807.165341][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 807.201795][T29648] device veth0_vlan entered promiscuous mode [ 807.208846][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 807.217040][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 807.226642][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 807.234334][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 807.243685][T29648] device veth1_vlan entered promiscuous mode [ 807.256205][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 807.264292][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 807.273021][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 807.281457][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 807.292571][T29648] device veth0_macvtap entered promiscuous mode [ 807.300394][T29648] device veth1_macvtap entered promiscuous mode [ 807.311327][T29648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 807.321760][T29648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 807.331618][T29648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 807.342080][T29648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 807.351870][T29648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 807.362275][T29648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 807.372164][T29648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 807.382583][T29648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 807.392404][T29648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 807.402890][T29648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 807.414034][T29648] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 807.421763][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 807.430565][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 807.438317][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 807.446878][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 807.457618][T29648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 807.468062][T29648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 807.477859][T29648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 807.488279][T29648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 807.498077][T29648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 807.508502][T29648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 807.518375][T29648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 807.528790][T29648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 807.538611][T29648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 807.549051][T29648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 18:43:43 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async, rerun: 64) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='ubifs\x00', 0x80008, 0x0) (async, rerun: 64) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='anon_inodefs\x00', 0x2033, &(0x7f0000000100)='.\\\x00') (async, rerun: 32) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) (rerun: 32) 18:43:43 executing program 2: socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89b0, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc87,\x00\xd2\x97\x04\x03\xdc\r') 18:43:43 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x34000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:43 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async, rerun: 64) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async, rerun: 64) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:43:43 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:43 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) lsetxattr$security_ima(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000100), &(0x7f0000000240)=ANY=[@ANYBLOB="05010600000fff00df9c36858f0fe75264be5857db275f1fa6fc9cba8bdb636d1a95216c415954500cff23c218f315daefa06d7f1e0d76218fc7da3bf11926d3f4a588978de136e22a074d960bfaf1f0ec101e15b35e88f2b063c4ff947a2b4e643a3ec36892da028b6b4eb295f707fb0cbb5a80bcd00d8b2445c02265ba89c562c6e91d70b16f8ee9424f86b6df9d3466f92719177af959d4364c9368900c7f7c7da70ed993a14fff100f3162673cb04d3dc25a99a56e45d836d2f0e580c5f9462c6873973593498f774d1f5bd5b4312a2091ee27f111815a264d"], 0xe8, 0x1) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x40140, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) memfd_secret(0x80000) (async) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(r3, 0xf, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) sched_getattr(r3, &(0x7f0000000340)={0x38}, 0x38, 0x0) write$cgroup_int(r2, &(0x7f0000000080)=0x9, 0x12) [ 807.560313][T29648] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 807.568423][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 807.577073][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 18:43:43 executing program 2: ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000300)='\xc0\x00') r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'rose0\x00', 0x1}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000080)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 807.624464][T29688] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 807.637164][T29689] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 807.647689][T29689] CPU: 1 PID: 29689 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 807.655474][T29695] loop5: detected capacity change from 0 to 1024 [ 807.658849][T29689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 807.658861][T29689] Call Trace: [ 807.658867][T29689] [ 807.658873][T29689] dump_stack_lvl+0xd6/0x122 [ 807.686108][T29689] dump_stack+0x11/0x12 [ 807.690368][T29689] dump_header+0x98/0x410 [ 807.694688][T29689] oom_kill_process+0xfe/0x550 [ 807.699441][T29689] out_of_memory+0x620/0x880 [ 807.704019][T29689] memory_max_write+0x31b/0x420 [ 807.708862][T29689] ? memory_max_show+0x70/0x70 [ 807.713749][T29689] cgroup_file_write+0x167/0x300 [ 807.718720][T29689] ? __check_object_size+0x235/0x380 [ 807.724039][T29689] ? cgroup_seqfile_stop+0x70/0x70 [ 807.729142][T29689] kernfs_fop_write_iter+0x1d3/0x2c0 [ 807.734426][T29689] vfs_write+0x71c/0x890 [ 807.738677][T29689] ksys_write+0xe8/0x1a0 [ 807.742915][T29689] __x64_sys_write+0x3e/0x50 [ 807.747510][T29689] do_syscall_64+0x2b/0x70 [ 807.751981][T29689] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 807.757972][T29689] RIP: 0033:0x7ff0acc260e9 [ 807.762377][T29689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 807.781977][T29689] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 807.790382][T29689] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 807.798388][T29689] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 807.806404][T29689] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 807.814429][T29689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 18:43:44 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x400300, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:44 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/class/virtio-ports', 0x800, 0x83) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) getpeername$packet(r6, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f00000004c0)=@raw=[@generic={0x80, 0x1, 0x6, 0x7f, 0x4}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x1}, @exit], &(0x7f0000000500)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000580)={0x7, 0x3}, 0x8, 0x10, &(0x7f00000005c0)={0x1, 0x6, 0x5, 0x9}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000600)=[r6, r0]}, 0x80) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={r0, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, &(0x7f0000000100)=[0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000340)}}, 0x10) write$cgroup_int(r3, &(0x7f0000000080), 0x12) [ 807.822383][T29689] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 807.830378][T29689] [ 807.833479][T29689] memory: usage 176kB, limit 0kB, failcnt 6827 [ 807.839684][T29689] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 807.846522][T29689] Memory cgroup stats for /syz0: [ 807.864247][T29689] anon 45056 [ 807.864247][T29689] file 53248 [ 807.864247][T29689] kernel 40960 [ 807.864247][T29689] kernel_stack 0 [ 807.864247][T29689] pagetables 8192 [ 807.864247][T29689] percpu 0 [ 807.864247][T29689] sock 0 [ 807.864247][T29689] vmalloc 0 [ 807.864247][T29689] shmem 53248 [ 807.864247][T29689] file_mapped 53248 [ 807.864247][T29689] file_dirty 0 [ 807.864247][T29689] file_writeback 0 [ 807.864247][T29689] swapcached 0 [ 807.864247][T29689] inactive_anon 45056 [ 807.864247][T29689] active_anon 53248 [ 807.864247][T29689] inactive_file 0 [ 807.864247][T29689] active_file 0 [ 807.864247][T29689] unevictable 0 [ 807.864247][T29689] slab_reclaimable 4232 [ 807.864247][T29689] slab_unreclaimable 18456 [ 807.864247][T29689] slab 22688 [ 807.864247][T29689] workingset_refault_anon 0 [ 807.864247][T29689] workingset_refault_file 7 [ 807.864247][T29689] workingset_activate_anon 0 [ 807.864247][T29689] workingset_activate_file 0 [ 807.874595][T29709] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 807.957246][T29689] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=29648,uid=0 [ 807.957329][T29689] Memory cgroup out of memory: Killed process 29648 (syz-executor.0) total-vm:42336kB, anon-rss:364kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:0 [ 807.999640][T29695] EXT4-fs error (device loop5): __ext4_fill_super:5326: inode #2: comm syz-executor.5: iget: root inode unallocated [ 808.008411][T29707] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 18:43:44 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x1000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:44 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x2000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 808.014842][T29695] EXT4-fs (loop5): get root inode failed [ 808.021835][T29707] CPU: 1 PID: 29707 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 808.027456][T29695] EXT4-fs (loop5): mount failed [ 808.038444][T29707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 808.038457][T29707] Call Trace: [ 808.038463][T29707] [ 808.038469][T29707] dump_stack_lvl+0xd6/0x122 [ 808.056466][T29711] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 808.056744][T29707] dump_stack+0x11/0x12 18:43:44 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x3000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 808.074782][T29713] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 808.075279][T29707] dump_header+0x98/0x410 [ 808.075307][T29707] out_of_memory+0x65e/0x880 [ 808.075331][T29707] memory_max_write+0x31b/0x420 [ 808.095948][T29707] ? memory_max_show+0x70/0x70 [ 808.100273][T29715] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 808.100720][T29707] cgroup_file_write+0x167/0x300 [ 808.112625][T29707] ? __check_object_size+0x235/0x380 [ 808.118052][T29707] ? cgroup_seqfile_stop+0x70/0x70 [ 808.123196][T29707] kernfs_fop_write_iter+0x1d3/0x2c0 [ 808.128479][T29707] vfs_write+0x71c/0x890 [ 808.132786][T29707] ksys_write+0xe8/0x1a0 [ 808.137280][T29707] __x64_sys_write+0x3e/0x50 [ 808.141888][T29707] do_syscall_64+0x2b/0x70 [ 808.146668][T29707] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 808.152558][T29707] RIP: 0033:0x7f682d3270e9 [ 808.156949][T29707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 808.176559][T29707] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 808.184967][T29707] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 808.192916][T29707] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 808.200861][T29707] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 808.208810][T29707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 808.216811][T29707] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 808.224761][T29707] [ 808.227871][T29707] memory: usage 80kB, limit 0kB, failcnt 6844 [ 808.233944][T29707] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 808.240815][T29707] Memory cgroup stats for /syz0: [ 808.243020][T29707] anon 0 [ 808.243020][T29707] file 53248 [ 808.243020][T29707] kernel 28672 [ 808.243020][T29707] kernel_stack 0 [ 808.243020][T29707] pagetables 0 [ 808.243020][T29707] percpu 0 [ 808.243020][T29707] sock 0 [ 808.243020][T29707] vmalloc 0 [ 808.243020][T29707] shmem 53248 [ 808.243020][T29707] file_mapped 53248 [ 808.243020][T29707] file_dirty 0 [ 808.243020][T29707] file_writeback 0 [ 808.243020][T29707] swapcached 0 [ 808.243020][T29707] inactive_anon 0 [ 808.243020][T29707] active_anon 53248 [ 808.243020][T29707] inactive_file 0 [ 808.243020][T29707] active_file 0 [ 808.243020][T29707] unevictable 0 [ 808.243020][T29707] slab_reclaimable 4232 [ 808.243020][T29707] slab_unreclaimable 18216 [ 808.243020][T29707] slab 22448 [ 808.243020][T29707] workingset_refault_anon 0 [ 808.243020][T29707] workingset_refault_file 7 [ 808.243020][T29707] workingset_activate_anon 0 [ 808.243020][T29707] workingset_activate_file 0 [ 808.335287][T29707] Out of memory and no killable processes... [ 808.342072][T29689] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 808.352333][T29689] CPU: 0 PID: 29689 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 808.363329][T29689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 808.373379][T29689] Call Trace: [ 808.376637][T29689] [ 808.379550][T29689] dump_stack_lvl+0xd6/0x122 [ 808.384195][T29689] dump_stack+0x11/0x12 [ 808.388392][T29689] dump_header+0x98/0x410 [ 808.392699][T29689] out_of_memory+0x65e/0x880 [ 808.397321][T29689] memory_max_write+0x31b/0x420 [ 808.402164][T29689] ? memory_max_show+0x70/0x70 [ 808.406909][T29689] cgroup_file_write+0x167/0x300 [ 808.411829][T29689] ? __check_object_size+0x235/0x380 [ 808.417093][T29689] ? cgroup_seqfile_stop+0x70/0x70 [ 808.422189][T29689] kernfs_fop_write_iter+0x1d3/0x2c0 [ 808.427512][T29689] vfs_write+0x71c/0x890 [ 808.431742][T29689] ksys_write+0xe8/0x1a0 [ 808.435978][T29689] __x64_sys_write+0x3e/0x50 [ 808.440550][T29689] do_syscall_64+0x2b/0x70 [ 808.444949][T29689] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 808.450821][T29689] RIP: 0033:0x7ff0acc260e9 [ 808.455211][T29689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 808.474799][T29689] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 808.483222][T29689] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 808.491266][T29689] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 808.499219][T29689] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 808.507249][T29689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 808.515201][T29689] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 808.523177][T29689] [ 808.526194][T29689] memory: usage 80kB, limit 0kB, failcnt 6844 [ 808.532253][T29689] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 808.539105][T29689] Memory cgroup stats for /syz0: [ 808.539484][T29689] anon 0 [ 808.539484][T29689] file 53248 [ 808.539484][T29689] kernel 28672 [ 808.539484][T29689] kernel_stack 0 [ 808.539484][T29689] pagetables 0 [ 808.539484][T29689] percpu 0 [ 808.539484][T29689] sock 0 [ 808.539484][T29689] vmalloc 0 [ 808.539484][T29689] shmem 53248 [ 808.539484][T29689] file_mapped 53248 [ 808.539484][T29689] file_dirty 0 [ 808.539484][T29689] file_writeback 0 [ 808.539484][T29689] swapcached 0 [ 808.539484][T29689] inactive_anon 0 [ 808.539484][T29689] active_anon 53248 [ 808.539484][T29689] inactive_file 0 [ 808.539484][T29689] active_file 0 [ 808.539484][T29689] unevictable 0 [ 808.539484][T29689] slab_reclaimable 4232 [ 808.539484][T29689] slab_unreclaimable 18216 [ 808.539484][T29689] slab 22448 [ 808.539484][T29689] workingset_refault_anon 0 [ 808.539484][T29689] workingset_refault_file 7 [ 808.539484][T29689] workingset_activate_anon 0 [ 808.539484][T29689] workingset_activate_file 0 [ 808.631657][T29689] Out of memory and no killable processes... 18:43:44 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='ubifs\x00', 0x80008, 0x0) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='anon_inodefs\x00', 0x2033, &(0x7f0000000100)='.\\\x00') (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 18:43:44 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x4000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:44 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async, rerun: 64) prlimit64(0x0, 0x0, 0x0, 0x0) (async, rerun: 64) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/class/virtio-ports', 0x800, 0x83) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) getpeername$packet(r6, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f00000004c0)=@raw=[@generic={0x80, 0x1, 0x6, 0x7f, 0x4}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x1}, @exit], &(0x7f0000000500)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000580)={0x7, 0x3}, 0x8, 0x10, &(0x7f00000005c0)={0x1, 0x6, 0x5, 0x9}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000600)=[r6, r0]}, 0x80) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={r0, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, &(0x7f0000000100)=[0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000340)}}, 0x10) (async, rerun: 32) write$cgroup_int(r3, &(0x7f0000000080), 0x12) (rerun: 32) 18:43:44 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:44 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) sendfile(r3, r0, &(0x7f00000000c0)=0x9, 0x3) r4 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r4, &(0x7f0000000080), 0x12) 18:43:44 executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e6c, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8912, &(0x7f0000000080)) 18:43:44 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) listxattr(&(0x7f0000000080)='./file1\x00', 0x0, 0x0) [ 808.749319][T29728] loop5: detected capacity change from 0 to 1024 [ 808.756035][T29720] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 808.761470][T29729] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 808.773232][T29729] CPU: 0 PID: 29729 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 808.784307][T29729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 808.794363][T29729] Call Trace: [ 808.797638][T29729] [ 808.800566][T29729] dump_stack_lvl+0xd6/0x122 [ 808.805158][T29729] dump_stack+0x11/0x12 [ 808.809325][T29729] dump_header+0x98/0x410 [ 808.813649][T29729] out_of_memory+0x65e/0x880 [ 808.818307][T29729] memory_max_write+0x31b/0x420 [ 808.823160][T29729] ? memory_max_show+0x70/0x70 [ 808.827920][T29729] cgroup_file_write+0x167/0x300 [ 808.832904][T29729] ? __check_object_size+0x235/0x380 [ 808.838183][T29729] ? cgroup_seqfile_stop+0x70/0x70 [ 808.843286][T29729] kernfs_fop_write_iter+0x1d3/0x2c0 [ 808.848636][T29729] vfs_write+0x71c/0x890 [ 808.852870][T29729] ksys_write+0xe8/0x1a0 [ 808.857105][T29729] __x64_sys_write+0x3e/0x50 [ 808.861691][T29729] do_syscall_64+0x2b/0x70 [ 808.866126][T29729] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 808.872010][T29729] RIP: 0033:0x7ff0acc260e9 [ 808.876407][T29729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 808.895998][T29729] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 808.904400][T29729] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 808.912356][T29729] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000013 [ 808.920313][T29729] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 808.928268][T29729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 808.936221][T29729] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 808.944181][T29729] [ 808.947220][T29729] memory: usage 72kB, limit 0kB, failcnt 6844 [ 808.953291][T29729] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 808.960220][T29729] Memory cgroup stats for /syz0: [ 808.973954][T29728] EXT4-fs error (device loop5): __ext4_fill_super:5326: inode #2: comm syz-executor.5: iget: root inode unallocated [ 808.992619][T29729] anon 0 [ 808.992619][T29729] file 53248 [ 808.992619][T29729] kernel 20480 [ 808.992619][T29729] kernel_stack 0 [ 808.992619][T29729] pagetables 0 [ 808.992619][T29729] percpu 0 [ 808.992619][T29729] sock 0 [ 808.992619][T29729] vmalloc 0 [ 808.992619][T29729] shmem 53248 [ 808.992619][T29729] file_mapped 53248 [ 808.992619][T29729] file_dirty 0 [ 808.992619][T29729] file_writeback 0 [ 808.992619][T29729] swapcached 0 [ 808.992619][T29729] inactive_anon 0 [ 808.992619][T29729] active_anon 53248 [ 808.992619][T29729] inactive_file 0 [ 808.992619][T29729] active_file 0 18:43:45 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5531, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x10}, [@ldst={0x3, 0x0, 0x6}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f00000009c0)='sched_kthread_stop\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x0, 0x6, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3}, [@jmp={0x5, 0x1, 0x0, 0xb, 0xb, 0x0, 0x1}, @generic={0xcd, 0x9, 0x5, 0x1000}, @ldst={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff0}]}, &(0x7f0000000100)='GPL\x00', 0x4, 0x99, &(0x7f0000000280)=""/153, 0x0, 0x1, '\x00', 0x0, 0x20, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000600)={0x0, 0xf, 0x80000001, 0x3}, 0x10, 0xffffffffffffffff, r0}, 0x80) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='cgroup.controllers\x00', 0x26e1, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000000c0)={[{0x0, 'net_cls'}, {0x0, 'blkio'}, {0x0, 'io'}, {0x0, 'cpuacct'}]}, 0x1d) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_wait_time_recursive\x00', 0x26e1, 0x0) close(0xffffffffffffffff) 18:43:45 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x5000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:45 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/class/virtio-ports', 0x800, 0x83) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) getpeername$packet(r6, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f00000004c0)=@raw=[@generic={0x80, 0x1, 0x6, 0x7f, 0x4}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x1}, @exit], &(0x7f0000000500)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000580)={0x7, 0x3}, 0x8, 0x10, &(0x7f00000005c0)={0x1, 0x6, 0x5, 0x9}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000600)=[r6, r0]}, 0x80) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={r0, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, &(0x7f0000000100)=[0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000340)}}, 0x10) write$cgroup_int(r3, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000540)='/sys/class/virtio-ports', 0x800, 0x83) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async) dup(r5) (async) getpeername$packet(r6, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f00000004c0)=@raw=[@generic={0x80, 0x1, 0x6, 0x7f, 0x4}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x1}, @exit], &(0x7f0000000500)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000580)={0x7, 0x3}, 0x8, 0x10, &(0x7f00000005c0)={0x1, 0x6, 0x5, 0x9}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000600)=[r6, r0]}, 0x80) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={r0, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, &(0x7f0000000100)=[0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000340)}}, 0x10) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) (async) [ 808.992619][T29729] unevictable 0 [ 808.992619][T29729] slab_reclaimable 3056 [ 808.992619][T29729] slab_unreclaimable 14936 [ 808.992619][T29729] slab 17992 [ 808.992619][T29729] workingset_refault_anon 0 [ 808.992619][T29729] workingset_refault_file 7 [ 808.992619][T29729] workingset_activate_anon 0 [ 808.992619][T29729] workingset_activate_file 0 [ 809.079790][T29729] Out of memory and no killable processes... [ 809.087247][T29728] EXT4-fs (loop5): get root inode failed [ 809.092955][T29728] EXT4-fs (loop5): mount failed 18:43:45 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x6000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 809.098375][T29737] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 809.123749][T29739] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 809.133771][T29739] CPU: 0 PID: 29739 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 809.138998][T29741] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 809.144850][T29739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 809.144864][T29739] Call Trace: [ 809.144869][T29739] [ 809.144875][T29739] dump_stack_lvl+0xd6/0x122 [ 809.172633][T29739] dump_stack+0x11/0x12 [ 809.176816][T29739] dump_header+0x98/0x410 [ 809.181154][T29739] out_of_memory+0x65e/0x880 [ 809.185812][T29739] memory_max_write+0x31b/0x420 [ 809.190658][T29739] ? memory_max_show+0x70/0x70 [ 809.195470][T29739] cgroup_file_write+0x167/0x300 [ 809.200407][T29739] ? __check_object_size+0x235/0x380 [ 809.205757][T29739] ? cgroup_seqfile_stop+0x70/0x70 [ 809.210864][T29739] kernfs_fop_write_iter+0x1d3/0x2c0 [ 809.216219][T29739] vfs_write+0x71c/0x890 18:43:45 executing program 2: r0 = perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_type(r0, 0x0, 0x0) 18:43:45 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) sendfile(r3, r0, &(0x7f00000000c0)=0x9, 0x3) (async) r4 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r4, &(0x7f0000000080), 0x12) [ 809.220463][T29739] ksys_write+0xe8/0x1a0 [ 809.224731][T29739] __x64_sys_write+0x3e/0x50 [ 809.229321][T29739] do_syscall_64+0x2b/0x70 [ 809.233739][T29739] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 809.239630][T29739] RIP: 0033:0x7f682d3270e9 [ 809.244033][T29739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 809.263632][T29739] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 809.272045][T29739] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 809.280088][T29739] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 809.288058][T29739] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 809.296022][T29739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 809.303982][T29739] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 809.311946][T29739] [ 809.315161][T29739] memory: usage 72kB, limit 0kB, failcnt 6844 [ 809.321245][T29739] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 809.328154][T29739] Memory cgroup stats for /syz0: [ 809.330826][T29739] anon 0 [ 809.330826][T29739] file 53248 [ 809.330826][T29739] kernel 20480 [ 809.330826][T29739] kernel_stack 0 [ 809.330826][T29739] pagetables 0 [ 809.330826][T29739] percpu 0 [ 809.330826][T29739] sock 0 [ 809.330826][T29739] vmalloc 0 [ 809.330826][T29739] shmem 53248 [ 809.330826][T29739] file_mapped 53248 [ 809.330826][T29739] file_dirty 0 [ 809.330826][T29739] file_writeback 0 [ 809.330826][T29739] swapcached 0 [ 809.330826][T29739] inactive_anon 0 [ 809.330826][T29739] active_anon 53248 [ 809.330826][T29739] inactive_file 0 [ 809.330826][T29739] active_file 0 [ 809.330826][T29739] unevictable 0 [ 809.330826][T29739] slab_reclaimable 3056 [ 809.330826][T29739] slab_unreclaimable 14936 [ 809.330826][T29739] slab 17992 [ 809.330826][T29739] workingset_refault_anon 0 [ 809.330826][T29739] workingset_refault_file 7 [ 809.330826][T29739] workingset_activate_anon 0 [ 809.330826][T29739] workingset_activate_file 0 18:43:45 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x7000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:45 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'rose0\x00', 0x1}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8943, &(0x7f0000000080)) [ 809.422910][T29739] Out of memory and no killable processes... 18:43:45 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:45 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x8000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 809.446228][T29771] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 809.475722][T29775] loop5: detected capacity change from 0 to 1024 18:43:45 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x18, 0x0, 0x0, 0x97, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3}, 0x48) [ 809.502457][T29778] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 809.509890][T29775] EXT4-fs error (device loop5): __ext4_fill_super:5326: inode #2: comm syz-executor.5: iget: root inode unallocated [ 809.527390][T29775] EXT4-fs (loop5): get root inode failed [ 809.533123][T29775] EXT4-fs (loop5): mount failed [ 809.730177][T16177] device hsr_slave_0 left promiscuous mode [ 809.736198][T16177] device hsr_slave_1 left promiscuous mode [ 809.742550][T16177] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 809.749937][T16177] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 809.757621][T16177] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 809.765097][T16177] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 809.773489][T16177] device bridge_slave_1 left promiscuous mode [ 809.779659][T16177] bridge0: port 2(bridge_slave_1) entered disabled state [ 809.787187][T16177] device bridge_slave_0 left promiscuous mode [ 809.793386][T16177] bridge0: port 1(bridge_slave_0) entered disabled state [ 809.803536][T16177] device veth1_macvtap left promiscuous mode [ 809.809543][T16177] device veth0_macvtap left promiscuous mode [ 809.815573][T16177] device veth1_vlan left promiscuous mode [ 809.821314][T16177] device veth0_vlan left promiscuous mode [ 809.903986][T16177] team0 (unregistering): Port device team_slave_1 removed [ 809.913791][T16177] team0 (unregistering): Port device team_slave_0 removed [ 809.923221][T16177] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 809.934538][T16177] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 809.961726][T16177] bond0 (unregistering): Released all slaves [ 810.852104][T29783] chnl_net:caif_netlink_parms(): no params data found [ 810.882458][T29783] bridge0: port 1(bridge_slave_0) entered blocking state [ 810.889582][T29783] bridge0: port 1(bridge_slave_0) entered disabled state [ 810.897163][T29783] device bridge_slave_0 entered promiscuous mode [ 810.904560][T29783] bridge0: port 2(bridge_slave_1) entered blocking state [ 810.911602][T29783] bridge0: port 2(bridge_slave_1) entered disabled state [ 810.919343][T29783] device bridge_slave_1 entered promiscuous mode [ 810.934481][T29783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 810.944927][T29783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 810.962572][T29783] team0: Port device team_slave_0 added [ 810.968974][T29783] team0: Port device team_slave_1 added [ 810.982446][T29783] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 810.989392][T29783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 811.015414][T29783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 811.027181][T29783] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 811.034156][T29783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 811.060056][T29783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 811.080979][T29783] device hsr_slave_0 entered promiscuous mode [ 811.087514][T29783] device hsr_slave_1 entered promiscuous mode [ 811.093915][T29783] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 811.101528][T29783] Cannot create hsr debugfs directory [ 811.130544][T29783] bridge0: port 2(bridge_slave_1) entered blocking state [ 811.137603][T29783] bridge0: port 2(bridge_slave_1) entered forwarding state [ 811.144988][T29783] bridge0: port 1(bridge_slave_0) entered blocking state [ 811.152085][T29783] bridge0: port 1(bridge_slave_0) entered forwarding state [ 811.180915][T29783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 811.191522][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 811.200867][ T25] bridge0: port 1(bridge_slave_0) entered disabled state [ 811.208991][ T25] bridge0: port 2(bridge_slave_1) entered disabled state [ 811.220609][T29783] 8021q: adding VLAN 0 to HW filter on device team0 [ 811.230295][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 811.238560][ T1915] bridge0: port 1(bridge_slave_0) entered blocking state [ 811.245588][ T1915] bridge0: port 1(bridge_slave_0) entered forwarding state [ 811.255968][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 811.264497][ T1916] bridge0: port 2(bridge_slave_1) entered blocking state [ 811.271577][ T1916] bridge0: port 2(bridge_slave_1) entered forwarding state [ 811.286145][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 811.294772][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 811.309297][T29783] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 811.319635][T29783] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 811.332738][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 811.341358][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 811.350126][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 811.358880][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 811.372346][T29783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 811.379880][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 811.387275][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 811.456693][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 811.503387][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 811.512073][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 811.520062][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 811.528292][T29783] device veth0_vlan entered promiscuous mode [ 811.537128][T29783] device veth1_vlan entered promiscuous mode [ 811.552024][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 811.560892][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 811.568938][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 811.578499][T29783] device veth0_macvtap entered promiscuous mode [ 811.586257][T29783] device veth1_macvtap entered promiscuous mode [ 811.596910][T29783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 811.607357][T29783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 811.617155][T29783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 811.627621][T29783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 811.637419][T29783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 811.647827][T29783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 811.657820][T29783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 811.668273][T29783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 811.678287][T29783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 811.688737][T29783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 811.701184][T29783] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 811.709209][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 811.718517][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 811.727135][T29783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 811.737666][T29783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 811.747493][T29783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 811.757902][T29783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 811.767728][T29783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 811.778145][T29783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 811.787968][T29783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 18:43:48 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async) listxattr(&(0x7f0000000080)='./file1\x00', 0x0, 0x0) 18:43:48 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x9000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 811.798383][T29783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 811.808232][T29783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 811.818700][T29783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 811.830762][T29783] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 811.839260][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 18:43:48 executing program 2: perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 18:43:48 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) sendmsg$DEVLINK_CMD_RATE_DEL(r0, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xc8, 0x0, 0x800, 0x70bd27, 0x25dfdbfb, {}, [@handle=@pci={{0x8}, {0x11}}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @DEVLINK_ATTR_RATE_NODE_NAME={0x54, 0xa8, @random="6a37c317d506805ba1760baa476724b2674067a2b22f2cadd502f8f5a0e2c23a19725772adfc2e709f17b3336063634fb6ede33fa0188631f2ff7ab83244b73831e2c9fa8e1c30458a2877ee2dc8f95a"}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0xc8}}, 0x880) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) inotify_add_watch(r0, &(0x7f0000000280)='./file0\x00', 0x1) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) r4 = syz_open_dev$vcsu(&(0x7f00000000c0), 0x80, 0x0) sendto$inet(r0, &(0x7f0000000f40)="3e9bf373226e4dc45b3776afe9b5027075de875b9b83e243ab05d29355eb2d3e5a7f3acc380318580a5a91e7bbb82fa1d152b928c7b096ef6a094045a0926c8fef55c205a4b80e600f1bae4b611f3383f0354606fa0f60f3807fc3220f65b43a70d171e5a72542bf5c96630b465a32157cd0f3a2585a89f4ca2081dd2b51f65985f26cab5dc7176d0fc99e01dcf9e959f40ca5dc57e071b7a2b85e4d25047cbdfa499ca71bc2a6cc67b781e6acac8640555e5468025fb9332f3901eba14f840ca80a83559ab3ddf1744c0103b1de1f7b8d74bd959cb054d6c5eff121c11532848cf03d56d40587fb99a8c80e452bd2d2e53f624707b3811945ef361551ebd1330569db3d881afc595535b154c3c9b1ecd2d873c73017882213ad9edb87616a0cbd7a67c2390dd905ac7fde522b60d492a5df920b88c02e69e45fc8fdb6c0009748fc4b6f89a79d911988ca2757ca7ae203e96990ad761a460a71433870a84574e8339e65bea939a8f9c633f0f547f4040a063e86f83aa7654f4c6b22fc056f74026d01db0e0193218118deaaaf7d4bd51645faadee54e1d6597e985df375fd41ac5255322750f3b89560015b1150f26daeb88a4aa44598bf3e326f886b2906c06da7d95c7fdf2536cdfe6514c4bc8aabb18f8081c970ce91c24895fe9c67b0367a2b3bbbb53aa1b5a23afde3a390ce28d8a72f35ea8becd9b46c7b6e44edaa468a5d82b3413d291ced378776dc2d377f05fe2dbcc0c22bd33f8a7f99a53b042e9322942823f86605552110728f9dc7e0dab550a62cb39ee9caac1c37fd0b204650b06b0eac9bf27fbeafc145f019f156babe5ef31ede71d52df3145c8b93acb97ef75c8cfffb3b757e80202cee7319bb526f8e3ae9a1ece4aecc5a88db22854e8445d3768a1192b2bfe13426da2ca740c6bb96c88ba5f0fd2ac25d7e3c1c0d3a2bd84a9e65fcb5f0f107c9fa7d26f8ed76f258504188447438588310c0c68a623e209d316fe604f556a13eb5e29e3f8390614932b708d3ef574fdc9165bb150f9e1e3add49e1dede5a614a72f885c1a5422007929b27f2436e008722e7204ec972744f4af7905854903552281bca2effa4dfc68413fa705955ef2329c56039e08a8853c7709db39f20408d3077c4b791a351b831d978cf2cf54642d288c22154d1180c25abb4ae379292ba6263cfde0586b3f873c12db4376ff4c51331c24cf6c095fce60d1b38c60bdf47d8253d7f7f92f2be8da3871e4f231d5ca88e5980d635ba31c747c2a698638c1f85e9afb52a2e16505c37b87b761188deeae6dbc3f03c112b1f7028360986f4eab549b7ff10249469f8157f43bf6234403aa2c39be021155816f97b303e3b6c487858b5ca94697ca7966c174c5442c1c43abb521242f1923c57334a2a550735f98c0fb0902b5598cb29322ab7375cf2be3de8f5c76df798532fe38fe087a46f5c9973da8dfd81fcbef39090509786ffbdbe51228b9ba77e3b456438313d58bb04e7e5500ceb6f0a091d383f2e75e7b63e299828fb32bcdf0c6d6c7a2d7166f32ae66256eaf9fc004df6b0988d62a40d01fe4f0e15696309663ab0eb4aa26ff66ba141684152f4ed52bca839ef77518a78ed13296c13a1261ae285098d73713490eb4555395b8c86605e7ae6ac714580c41c9109f605db9924fcf729383926d3cece04d8327eae9b0449fee1fe64fd9b507648f6707d08812168f351f5c13f82612eaebc7eee4fb05041b8e560df0a95f4249bdd034fda3df331a8ffc90c3676e89f676392d8fd875bc8fc2448541865b436a91cebbc04a0373125e71ba93f26ec3c64e0e33e5f4fe895b7270418e027801d5ffe3dcb1d1f2e2ed99585a639c4b5a05c91a51cfdf0b0f24e3827898d344d6aa3fb5faa09aae853fe161d89d7322937af59cd3d52c471a8955ebd9b72ee151206b1205d6e4b4b458709ec1e97f6351cc97d0eba48298e7a352044a092932031027a49cbda48b5c25a5bd80fb7dfbbf0b2cbbb0f655958f45a553682bab40618ae67aa0b7398ab0c13291e3e03ffe228ec6f0f7cb8d40ce62aac61a72debe7ff9151cef214ab81126436a80a43447376b3c875026fc60ec4f012a018df9c2af0872f93b4a8817897035f7ec46b2a1aded3500832652a992aea2375db941461ce7b2a53cfea29a6cbf1332dce48021afdeda82d10506d984cb168a67dde7f618fffffc10554b766e210e8653f8429a0d8d22a92a748c4b69a4526eac867fdff70f26ed396ae3947e33d788d2fbf87c15c1a3327b542d5d41a7db64e797b9670112d76c7c5d6a5f3553875e6610bcf8789ec93aea2592c3edbd5d7a0731d55b5873e5419b538846ef2b2665e9c5c967a06810e65b9d6e465ed0189d1c0c6f6095318adfd78ee71c7c46e88c79c75e49a696f9961a60bc18e5ca4a08bc24c04fe313702d872861f0ebdd2754ed19e998d2868d3a3c3e066682a4b54aef994bb3287a01fdc17298aa894ce7d85124d6f887046c08a1f3b08dff27eb0d0c3443047ace7ca55e4cc8a279154225c9caf63e366a6ada9026aee72a4acf0972b6a997863f35e25359272d68c9ea62ae6ff40ad0f4b7eed11b5a4f81ec870c770d5794d3bb5d6796de43bf65e990f32203e4f9d67d48546d11d0902440785cca69473bd6a7806f02b557906f90198608d9f68d2d5f210b52614bf3aab7c3d8dc6898bece787295fccc1875a18705b7dd938d3f61118e47016a5e877bc2adaf0ecd1a9001d01e1b96f63be3764041e12a9f2ef2db8ade6eb503c601a5c232b233a8a8bf6a11a90f6cff15706156690bf23b98121c7ae45bc219c149a43dd1715e164bfca8fa3b19e7e0b9529c285246465d94face4525b2f4170817e03ea040040c6538836d7f0ccfdb8e714f21c9cefd3c32659331cf6470eb8d971523db6ca8a88976274b8759fbdaeec01d7db55fada70dd102c2b696195fba137c69e3fbf09822a30343fde3396932d3cfc7e4634339af057218bbd09df977e66e0810febc634a01e1891275431fac4d4f377355415a8ae71ab12a5174199eec6b862a8153e0c01f8d2d4b31609de7ba14b94e27c12ef2963bf121ad0a7917722a03e5b23e5d73744e880eb7b1f50edccb434b809af7393051b512896fc4438d8b51a52988e3f63015b2f74abc1f530b652d1098d2f091215e335c93250fc3032dcec0604dd796e085f1bc8fbf4a50b064caa3cb47178dfc54c9e086b756271822a4c57e42a5ce2a3c5924fd41eb33846ed8bb1a1762461bdf8cf3996d8be4644b993a75e3bd8c1589035f569cd2ec69643c78c88682315bfcb485c387f2316164d2c894f8f96a264b04c07808b20a436054424510c790a9b76f5c9fe6f9e7320baad4e0a7864e19c3febe0a1d569bf0fbb03ddab9b2a1807c5c53b2abf206d6981e40e61beae2111650a38daaab36f7a645e8d8e157eb9114451c2c5cbadd79a69bc5b53518c3d6418968b87b5e387d6bbb0707b6235749f186dc6bd98285231d43a015e9e2331fd7d224254eb754b31da4d7adf38f71238f36ce49ac08030dc328f5fcf17baf6f99c0d9495f3d85749a3376adf3cb06f8021448cdea1dd1cc731279a28851a79fdc62d5778ce339ad586495e00d7198a9b50ab7da0107ecd946919afeb2c021b03d788c608882fc55caa4953cb18bcf98807d6f21605e1c809745add6eed27eea5627de7da44154cd99c7190ef28de4286b70c7b49f10d9fa7200a4464186001417367c1c7b656b3663c569c22cd9fbd15b83532ef5aaeda114d71cd6834328d8dbf3b65f8d8ab214544d6dee9d19cbf4e3dcf6cced64bea3619a41e971140aeed5023855858f8e9d418aff08eed42e35eefd69f6a1f33496857ca9b37b003538c3040c2f8b75dfc46a90a8f16074c95dd10223a83eeda3c03948263b9ec39efe40da782ed783c217c70150c71bf401db50bb7dd3c266bfaf788fe5b4fb674f458000cbfab2f8fa9d1fcea314a9c181f954fefc453bd060c4ff0d9e2ed403a1ae5cbc4573e954135206672a6def53e17ff38a0ba1604b962a149b04e304486c559a4cfd2e7bb10e715b3b00e4ee6cded3a436be85c3db5987725f455ba4b0a81071907e099fc29538c32d2acbb89791df911acfd9985fd9b6dfae4b5d7fa8ef74e4bad9fff1d20451ed9daf9368c49f158d51b74e51ceec16f71ce256d7f73006f9a454ff7ef7b82f07a3ef52b101cdb25e31921f4f7cb18a48167ba69f2cfde2249d07874d4de43046b35763762c80a19516c6a811825c67e2ab76b4dc5295efae849fce4365d54a16221117937a54a3336d06c4d9b50d68a38cb685efdfca5364c973e921fae41b5a8f87abe842a130dc5c7ca58d481c17e0bfe48cf6dcd169cb89144b0c90838e69d6bb91ae452730e51af5f17bfc61e68b0c542be98eb38b40ccd35aeee5b0206d9b3908ae1b407e69d31ae73c4d8d8193c4ed894695fcab3689be3b78fd88a1fc184f42cd4d6a6d2b396a7f118cabebca5e1bed8bda57cf581d7b486c84a5a45b74dafcd94f417ff243dc4a5e0e52ab979b648e75d7aef54d6bcf6b8fa68c75ee001bd4d4cc2fab87b158e40048e22a3fabfa20d8b125d4e8ca4e0d84bab3255fa1d898708b0e596587bbfd223aff09176399daa69ef56c955b764432c396a0b5408a03ce984779cc95417d33020946e4580b822b9e6939a56bb28c5458524ef3a295a56a0e15a950deb025dc66816998044302ac2d8b7444d87bf81b5d1c86a889a15501c02ab26bff214328a060ccc690024a554d33780b5d39dd853e1438e7dbc3702feb6a1446be9095c1ae8538a05340347fed60c07f35ddcdd036ea9d5036e9874ad88f41aa32defa0be9c277bf8a3713567efbc71960ad53d324dea242f4cc0b317d5a4b5953ceeb93f2beca4f5057df3545a4ebbcef62480b6c8fadd6988042eb44ab532bfbf18336d93e0ed5236bc0958cec913bf5bae8b6a571a5576a77a2c87a90b6efa8a3d66d6e6182c39b0f5841600fe3044f77bdcf268cec96b706f2af45a482ce5c99c8031eea9dcd9797620b0eaf411e1194b074eb3100fac3bacc93f950b76b478b020915e29a556f5924d267f04a365855fd73c0a6d82cef67b93f3ccf209b0b809d7a77c4ff221f4e8da7a7bfd9370bcd74b90dfa76eee7a7a5c4b9f066d51222139282a6c7b5ae61b35fea4ededdcaa7c280a5b9efb837ff3877211e3d1cebdb5b05ec4edb5d34c3d0542c425adace7ddb9a9f783c5e6b1be5587dafd0d21f522950451b59aea710a589f508ab082cbeadc144131c558868f5fa85b40ecec7c6ae9588ee2372c421d6e8e7ffe1ecea376a80cf8b2a271476390e0fea07daa664cc7552814c037347f38d1039e8d45af1006b1302bcf79e87d8a792dff226d099d5bc21d22477fb457cda5e3af1ee8db8197e9f94c8add97c7c2e2aba36f27705a509571560bce4f4838db9ce3971b9550fcccc3b324c3df7c9bfd0b165c1f255883862c9be3bb6ca1e4824a9647c014fb36111188a3fbc231d25ff117c7e7888f076b244eedefa79d3342de395d297ae766be4c19a6a4b53cbc165939fad8de08439121f51e3fb4aab560295631598d3f6b81262e754fe89d5908edeae59fc01a67bfb5c4ecc60b571328bf5bb3e1becd757647df33572273090f4094f59a8b2804c568cc36fa5bcd8e35b4633449c9596d570264e5a5c4b7caf78399a24bbe4435453374aa45e27ccb7f9c7036877fa47f143f4d430cf7e8970e75b834c9346850329dd421d4f7dcd2e4c7e9ce1992895324", 0x1000, 0x824, &(0x7f0000000240)={0x2, 0x4e22, @rand_addr=0x64010100}, 0x10) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000100)={@map=0x1, r4, 0x2b}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:43:48 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {0x0, 0x0, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:48 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) (async) sendfile(r3, r0, &(0x7f00000000c0)=0x9, 0x3) r4 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r4, &(0x7f0000000080), 0x12) 18:43:48 executing program 2: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001780)='./cgroup.net/syz1\x00', 0x200002, 0x0) [ 811.884273][T29825] loop5: detected capacity change from 0 to 1024 [ 811.895617][T29823] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 811.903200][T29783] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 811.913189][T29783] CPU: 1 PID: 29783 Comm: syz-executor.0 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 811.924219][T29783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 811.934268][T29783] Call Trace: [ 811.937530][T29783] [ 811.940447][T29783] dump_stack_lvl+0xd6/0x122 [ 811.945242][T29783] dump_stack+0x11/0x12 [ 811.949383][T29783] dump_header+0x98/0x410 [ 811.953756][T29783] oom_kill_process+0xfe/0x550 [ 811.958559][T29783] out_of_memory+0x620/0x880 [ 811.963138][T29783] mem_cgroup_oom+0x475/0x4f0 [ 811.967829][T29783] try_charge_memcg+0x746/0x960 [ 811.972670][T29783] obj_cgroup_charge+0x171/0x2b0 [ 811.977612][T29783] memcg_slab_pre_alloc_hook+0xf7/0x170 [ 811.983153][T29783] ? __d_alloc+0x3d/0x380 [ 811.987540][T29783] kmem_cache_alloc_lru+0x76/0x2b0 [ 811.992634][T29783] __d_alloc+0x3d/0x380 [ 811.996773][T29783] d_alloc_parallel+0x51/0xcc0 [ 812.001521][T29783] ? debug_smp_processor_id+0x13/0x20 [ 812.006874][T29783] ? call_rcu+0x2e2/0x400 [ 812.011267][T29783] ? _raw_spin_lock_irqsave+0x4c/0xa0 [ 812.016623][T29783] ? __down_read_common+0x16c/0x4c0 [ 812.021811][T29783] ? put_task_struct_rcu_user+0x48/0x80 [ 812.027373][T29783] __lookup_slow+0x80/0x250 [ 812.031858][T29783] lookup_slow+0x3c/0x60 [ 812.036084][T29783] walk_component+0x23d/0x280 [ 812.040795][T29783] path_lookupat+0x11d/0x2b0 [ 812.045394][T29783] filename_lookup+0x130/0x310 [ 812.050164][T29783] user_path_at_empty+0x3e/0x110 [ 812.055101][T29783] __x64_sys_umount+0x84/0xe0 [ 812.059790][T29783] do_syscall_64+0x2b/0x70 [ 812.064266][T29783] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 812.070156][T29783] RIP: 0033:0x7f6c4f966557 [ 812.074647][T29783] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 812.094251][T29783] RSP: 002b:00007ffcc1ca6048 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 812.102683][T29783] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6c4f966557 [ 812.110641][T29783] RDX: 00007ffcc1ca6119 RSI: 000000000000000a RDI: 00007ffcc1ca6110 [ 812.118599][T29783] RBP: 00007ffcc1ca6110 R08: 00000000ffffffff R09: 00007ffcc1ca5ee0 [ 812.126567][T29783] R10: 000055555736a793 R11: 0000000000000206 R12: 00007f6c4f9be1f8 18:43:48 executing program 2: perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8000}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x5, 0x1}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 18:43:48 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xa000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 812.134535][T29783] R13: 00007ffcc1ca71d0 R14: 000055555736a6f0 R15: 00007ffcc1ca7210 [ 812.142501][T29783] [ 812.145755][T29783] memory: usage 128kB, limit 0kB, failcnt 6863 [ 812.152096][T29783] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 812.158967][T29783] Memory cgroup stats for /syz0: 18:43:48 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000280), 0x24342, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f00000002c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0/file0\x00'}) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup(r3, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r5 = openat$cgroup(r4, &(0x7f0000000180)='syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r5, &(0x7f0000000240)='pids.current\x00', 0x0, 0x0) r6 = openat$cgroup_int(r2, &(0x7f0000000100)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(r1, &(0x7f0000000300)='freezer.state\x00', 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r6, &(0x7f0000000080), 0x12) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x4) [ 812.167840][ T24] audit: type=1400 audit(1651085028.355:352): avc: denied { cpu } for pid=29834 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 812.176291][T29825] EXT4-fs error (device loop5): __ext4_fill_super:5326: inode #2: comm syz-executor.5: iget: root inode unallocated [ 812.206139][T29825] EXT4-fs (loop5): get root inode failed [ 812.211849][T29825] EXT4-fs (loop5): mount failed [ 812.227418][T29783] anon 32768 [ 812.227418][T29783] file 53248 [ 812.227418][T29783] kernel 40960 [ 812.227418][T29783] kernel_stack 0 [ 812.227418][T29783] pagetables 8192 [ 812.227418][T29783] percpu 0 [ 812.227418][T29783] sock 0 [ 812.227418][T29783] vmalloc 0 [ 812.227418][T29783] shmem 53248 [ 812.227418][T29783] file_mapped 53248 [ 812.227418][T29783] file_dirty 0 [ 812.227418][T29783] file_writeback 0 [ 812.227418][T29783] swapcached 0 [ 812.227418][T29783] inactive_anon 32768 [ 812.227418][T29783] active_anon 53248 [ 812.227418][T29783] inactive_file 0 [ 812.227418][T29783] active_file 0 [ 812.227418][T29783] unevictable 0 [ 812.227418][T29783] slab_reclaimable 5608 [ 812.227418][T29783] slab_unreclaimable 18480 [ 812.227418][T29783] slab 24088 [ 812.227418][T29783] workingset_refault_anon 0 [ 812.227418][T29783] workingset_refault_file 7 [ 812.227418][T29783] workingset_activate_anon 0 [ 812.227418][T29783] workingset_activate_file 0 [ 812.227961][T29839] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 18:43:48 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xb000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:48 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x80, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1080c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0xc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cgroup.controllers\x00', 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) perf_event_open$cgroup(&(0x7f0000000300)={0x0, 0x80, 0x0, 0x0, 0x2, 0xe0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1f, 0x0, @perf_config_ext={0x0, 0x1f76}, 0x0, 0x6, 0x3f, 0x0, 0x100000001, 0x3, 0x3, 0x0, 0x101, 0x0, 0x6}, r0, 0xa, 0xffffffffffffffff, 0x0) r1 = perf_event_open$cgroup(&(0x7f0000000180)={0x3, 0x80, 0x7f, 0x4, 0x0, 0x0, 0x0, 0xb0, 0x4000, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x3}, 0x10106, 0x0, 0x2, 0x9, 0x255, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, r0, 0xd, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x0, 0x80, 0x81, 0x0, 0x2, 0x81, 0x0, 0xfffffffffffffffd, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x8, 0x4, @perf_config_ext={0x8, 0x7f}, 0x100, 0x4, 0x3, 0x6, 0x200, 0x6, 0x3, 0x0, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0xd, r1, 0xc) perf_event_open$cgroup(&(0x7f0000000180)={0x3, 0x80, 0x7f, 0x4, 0x0, 0x0, 0x0, 0xb0, 0x4000, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7, 0x3}, 0x10106, 0x0, 0x0, 0x0, 0x255, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0xd, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000000)='@{\x1b@#\\@\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) write$cgroup_subtree(r2, &(0x7f0000002980)=ANY=[], 0x32600) [ 812.315605][T29783] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=29783,uid=0 [ 812.337967][T29783] Memory cgroup out of memory: Killed process 29783 (syz-executor.0) total-vm:42336kB, anon-rss:364kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:0 [ 812.382145][T29824] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 812.392126][T29824] CPU: 1 PID: 29824 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 812.403159][T29824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 812.413207][T29824] Call Trace: [ 812.416465][T29824] [ 812.419377][T29824] dump_stack_lvl+0xd6/0x122 [ 812.423949][T29824] dump_stack+0x11/0x12 [ 812.428083][T29824] dump_header+0x98/0x410 [ 812.432444][T29824] out_of_memory+0x65e/0x880 [ 812.437031][T29824] memory_max_write+0x31b/0x420 [ 812.441872][T29824] ? memory_max_show+0x70/0x70 [ 812.446658][T29824] cgroup_file_write+0x167/0x300 [ 812.451624][T29824] ? __check_object_size+0x235/0x380 [ 812.456888][T29824] ? cgroup_seqfile_stop+0x70/0x70 [ 812.462038][T29824] kernfs_fop_write_iter+0x1d3/0x2c0 [ 812.467336][T29824] vfs_write+0x71c/0x890 [ 812.471559][T29824] ksys_write+0xe8/0x1a0 [ 812.475858][T29824] __x64_sys_write+0x3e/0x50 [ 812.480547][T29824] do_syscall_64+0x2b/0x70 [ 812.485031][T29824] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 812.490905][T29824] RIP: 0033:0x7f682d3270e9 [ 812.495295][T29824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 812.515137][T29824] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 812.523574][T29824] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 812.531595][T29824] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 812.539569][T29824] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 812.547618][T29824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 812.555650][T29824] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 812.563634][T29824] [ 812.566679][T29824] memory: usage 80kB, limit 0kB, failcnt 6880 [ 812.572862][T29824] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 812.579739][T29824] Memory cgroup stats for /syz0: [ 812.581973][T29824] anon 0 [ 812.581973][T29824] file 53248 [ 812.581973][T29824] kernel 28672 [ 812.581973][T29824] kernel_stack 0 [ 812.581973][T29824] pagetables 0 [ 812.581973][T29824] percpu 0 [ 812.581973][T29824] sock 0 [ 812.581973][T29824] vmalloc 0 [ 812.581973][T29824] shmem 53248 [ 812.581973][T29824] file_mapped 53248 [ 812.581973][T29824] file_dirty 0 [ 812.581973][T29824] file_writeback 0 [ 812.581973][T29824] swapcached 0 [ 812.581973][T29824] inactive_anon 0 [ 812.581973][T29824] active_anon 53248 [ 812.581973][T29824] inactive_file 0 [ 812.581973][T29824] active_file 0 [ 812.581973][T29824] unevictable 0 [ 812.581973][T29824] slab_reclaimable 5608 [ 812.581973][T29824] slab_unreclaimable 18480 [ 812.581973][T29824] slab 24088 [ 812.581973][T29824] workingset_refault_anon 0 [ 812.581973][T29824] workingset_refault_file 7 [ 812.581973][T29824] workingset_activate_anon 0 [ 812.581973][T29824] workingset_activate_file 0 [ 812.606233][T29846] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 812.674093][T29824] Out of memory and no killable processes... 18:43:48 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) listxattr(&(0x7f0000000080)='./file1\x00', 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async) listxattr(&(0x7f0000000080)='./file1\x00', 0x0, 0x0) (async) 18:43:48 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000280), 0x24342, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f00000002c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0/file0\x00'}) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup(r3, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r5 = openat$cgroup(r4, &(0x7f0000000180)='syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r5, &(0x7f0000000240)='pids.current\x00', 0x0, 0x0) r6 = openat$cgroup_int(r2, &(0x7f0000000100)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(r1, &(0x7f0000000300)='freezer.state\x00', 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r6, &(0x7f0000000080), 0x12) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x4) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000280), 0x24342, 0x0) (async) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f00000002c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0/file0\x00'}) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r3, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup(r4, &(0x7f0000000180)='syz1\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r5, &(0x7f0000000240)='pids.current\x00', 0x0, 0x0) (async) openat$cgroup_int(r2, &(0x7f0000000100)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) openat$cgroup_ro(r1, &(0x7f0000000300)='freezer.state\x00', 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r6, &(0x7f0000000080), 0x12) (async) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x4) (async) 18:43:48 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {0x0, 0x0, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:48 executing program 2: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x9, [@datasec={0x7, 0x1, 0x0, 0xf, 0x3, [{0x5, 0x50}], "7da471"}, @datasec={0x0, 0x0, 0x0, 0xf, 0x1, [], "e4"}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e]}}, &(0x7f0000000180)=""/141, 0x49, 0x8d, 0x1}, 0x20) 18:43:48 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) sendmsg$DEVLINK_CMD_RATE_DEL(r0, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xc8, 0x0, 0x800, 0x70bd27, 0x25dfdbfb, {}, [@handle=@pci={{0x8}, {0x11}}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @DEVLINK_ATTR_RATE_NODE_NAME={0x54, 0xa8, @random="6a37c317d506805ba1760baa476724b2674067a2b22f2cadd502f8f5a0e2c23a19725772adfc2e709f17b3336063634fb6ede33fa0188631f2ff7ab83244b73831e2c9fa8e1c30458a2877ee2dc8f95a"}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0xc8}}, 0x880) (async) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) inotify_add_watch(r0, &(0x7f0000000280)='./file0\x00', 0x1) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) r4 = syz_open_dev$vcsu(&(0x7f00000000c0), 0x80, 0x0) sendto$inet(r0, &(0x7f0000000f40)="3e9bf373226e4dc45b3776afe9b5027075de875b9b83e243ab05d29355eb2d3e5a7f3acc380318580a5a91e7bbb82fa1d152b928c7b096ef6a094045a0926c8fef55c205a4b80e600f1bae4b611f3383f0354606fa0f60f3807fc3220f65b43a70d171e5a72542bf5c96630b465a32157cd0f3a2585a89f4ca2081dd2b51f65985f26cab5dc7176d0fc99e01dcf9e959f40ca5dc57e071b7a2b85e4d25047cbdfa499ca71bc2a6cc67b781e6acac8640555e5468025fb9332f3901eba14f840ca80a83559ab3ddf1744c0103b1de1f7b8d74bd959cb054d6c5eff121c11532848cf03d56d40587fb99a8c80e452bd2d2e53f624707b3811945ef361551ebd1330569db3d881afc595535b154c3c9b1ecd2d873c73017882213ad9edb87616a0cbd7a67c2390dd905ac7fde522b60d492a5df920b88c02e69e45fc8fdb6c0009748fc4b6f89a79d911988ca2757ca7ae203e96990ad761a460a71433870a84574e8339e65bea939a8f9c633f0f547f4040a063e86f83aa7654f4c6b22fc056f74026d01db0e0193218118deaaaf7d4bd51645faadee54e1d6597e985df375fd41ac5255322750f3b89560015b1150f26daeb88a4aa44598bf3e326f886b2906c06da7d95c7fdf2536cdfe6514c4bc8aabb18f8081c970ce91c24895fe9c67b0367a2b3bbbb53aa1b5a23afde3a390ce28d8a72f35ea8becd9b46c7b6e44edaa468a5d82b3413d291ced378776dc2d377f05fe2dbcc0c22bd33f8a7f99a53b042e9322942823f86605552110728f9dc7e0dab550a62cb39ee9caac1c37fd0b204650b06b0eac9bf27fbeafc145f019f156babe5ef31ede71d52df3145c8b93acb97ef75c8cfffb3b757e80202cee7319bb526f8e3ae9a1ece4aecc5a88db22854e8445d3768a1192b2bfe13426da2ca740c6bb96c88ba5f0fd2ac25d7e3c1c0d3a2bd84a9e65fcb5f0f107c9fa7d26f8ed76f258504188447438588310c0c68a623e209d316fe604f556a13eb5e29e3f8390614932b708d3ef574fdc9165bb150f9e1e3add49e1dede5a614a72f885c1a5422007929b27f2436e008722e7204ec972744f4af7905854903552281bca2effa4dfc68413fa705955ef2329c56039e08a8853c7709db39f20408d3077c4b791a351b831d978cf2cf54642d288c22154d1180c25abb4ae379292ba6263cfde0586b3f873c12db4376ff4c51331c24cf6c095fce60d1b38c60bdf47d8253d7f7f92f2be8da3871e4f231d5ca88e5980d635ba31c747c2a698638c1f85e9afb52a2e16505c37b87b761188deeae6dbc3f03c112b1f7028360986f4eab549b7ff10249469f8157f43bf6234403aa2c39be021155816f97b303e3b6c487858b5ca94697ca7966c174c5442c1c43abb521242f1923c57334a2a550735f98c0fb0902b5598cb29322ab7375cf2be3de8f5c76df798532fe38fe087a46f5c9973da8dfd81fcbef39090509786ffbdbe51228b9ba77e3b456438313d58bb04e7e5500ceb6f0a091d383f2e75e7b63e299828fb32bcdf0c6d6c7a2d7166f32ae66256eaf9fc004df6b0988d62a40d01fe4f0e15696309663ab0eb4aa26ff66ba141684152f4ed52bca839ef77518a78ed13296c13a1261ae285098d73713490eb4555395b8c86605e7ae6ac714580c41c9109f605db9924fcf729383926d3cece04d8327eae9b0449fee1fe64fd9b507648f6707d08812168f351f5c13f82612eaebc7eee4fb05041b8e560df0a95f4249bdd034fda3df331a8ffc90c3676e89f676392d8fd875bc8fc2448541865b436a91cebbc04a0373125e71ba93f26ec3c64e0e33e5f4fe895b7270418e027801d5ffe3dcb1d1f2e2ed99585a639c4b5a05c91a51cfdf0b0f24e3827898d344d6aa3fb5faa09aae853fe161d89d7322937af59cd3d52c471a8955ebd9b72ee151206b1205d6e4b4b458709ec1e97f6351cc97d0eba48298e7a352044a092932031027a49cbda48b5c25a5bd80fb7dfbbf0b2cbbb0f655958f45a553682bab40618ae67aa0b7398ab0c13291e3e03ffe228ec6f0f7cb8d40ce62aac61a72debe7ff9151cef214ab81126436a80a43447376b3c875026fc60ec4f012a018df9c2af0872f93b4a8817897035f7ec46b2a1aded3500832652a992aea2375db941461ce7b2a53cfea29a6cbf1332dce48021afdeda82d10506d984cb168a67dde7f618fffffc10554b766e210e8653f8429a0d8d22a92a748c4b69a4526eac867fdff70f26ed396ae3947e33d788d2fbf87c15c1a3327b542d5d41a7db64e797b9670112d76c7c5d6a5f3553875e6610bcf8789ec93aea2592c3edbd5d7a0731d55b5873e5419b538846ef2b2665e9c5c967a06810e65b9d6e465ed0189d1c0c6f6095318adfd78ee71c7c46e88c79c75e49a696f9961a60bc18e5ca4a08bc24c04fe313702d872861f0ebdd2754ed19e998d2868d3a3c3e066682a4b54aef994bb3287a01fdc17298aa894ce7d85124d6f887046c08a1f3b08dff27eb0d0c3443047ace7ca55e4cc8a279154225c9caf63e366a6ada9026aee72a4acf0972b6a997863f35e25359272d68c9ea62ae6ff40ad0f4b7eed11b5a4f81ec870c770d5794d3bb5d6796de43bf65e990f32203e4f9d67d48546d11d0902440785cca69473bd6a7806f02b557906f90198608d9f68d2d5f210b52614bf3aab7c3d8dc6898bece787295fccc1875a18705b7dd938d3f61118e47016a5e877bc2adaf0ecd1a9001d01e1b96f63be3764041e12a9f2ef2db8ade6eb503c601a5c232b233a8a8bf6a11a90f6cff15706156690bf23b98121c7ae45bc219c149a43dd1715e164bfca8fa3b19e7e0b9529c285246465d94face4525b2f4170817e03ea040040c6538836d7f0ccfdb8e714f21c9cefd3c32659331cf6470eb8d971523db6ca8a88976274b8759fbdaeec01d7db55fada70dd102c2b696195fba137c69e3fbf09822a30343fde3396932d3cfc7e4634339af057218bbd09df977e66e0810febc634a01e1891275431fac4d4f377355415a8ae71ab12a5174199eec6b862a8153e0c01f8d2d4b31609de7ba14b94e27c12ef2963bf121ad0a7917722a03e5b23e5d73744e880eb7b1f50edccb434b809af7393051b512896fc4438d8b51a52988e3f63015b2f74abc1f530b652d1098d2f091215e335c93250fc3032dcec0604dd796e085f1bc8fbf4a50b064caa3cb47178dfc54c9e086b756271822a4c57e42a5ce2a3c5924fd41eb33846ed8bb1a1762461bdf8cf3996d8be4644b993a75e3bd8c1589035f569cd2ec69643c78c88682315bfcb485c387f2316164d2c894f8f96a264b04c07808b20a436054424510c790a9b76f5c9fe6f9e7320baad4e0a7864e19c3febe0a1d569bf0fbb03ddab9b2a1807c5c53b2abf206d6981e40e61beae2111650a38daaab36f7a645e8d8e157eb9114451c2c5cbadd79a69bc5b53518c3d6418968b87b5e387d6bbb0707b6235749f186dc6bd98285231d43a015e9e2331fd7d224254eb754b31da4d7adf38f71238f36ce49ac08030dc328f5fcf17baf6f99c0d9495f3d85749a3376adf3cb06f8021448cdea1dd1cc731279a28851a79fdc62d5778ce339ad586495e00d7198a9b50ab7da0107ecd946919afeb2c021b03d788c608882fc55caa4953cb18bcf98807d6f21605e1c809745add6eed27eea5627de7da44154cd99c7190ef28de4286b70c7b49f10d9fa7200a4464186001417367c1c7b656b3663c569c22cd9fbd15b83532ef5aaeda114d71cd6834328d8dbf3b65f8d8ab214544d6dee9d19cbf4e3dcf6cced64bea3619a41e971140aeed5023855858f8e9d418aff08eed42e35eefd69f6a1f33496857ca9b37b003538c3040c2f8b75dfc46a90a8f16074c95dd10223a83eeda3c03948263b9ec39efe40da782ed783c217c70150c71bf401db50bb7dd3c266bfaf788fe5b4fb674f458000cbfab2f8fa9d1fcea314a9c181f954fefc453bd060c4ff0d9e2ed403a1ae5cbc4573e954135206672a6def53e17ff38a0ba1604b962a149b04e304486c559a4cfd2e7bb10e715b3b00e4ee6cded3a436be85c3db5987725f455ba4b0a81071907e099fc29538c32d2acbb89791df911acfd9985fd9b6dfae4b5d7fa8ef74e4bad9fff1d20451ed9daf9368c49f158d51b74e51ceec16f71ce256d7f73006f9a454ff7ef7b82f07a3ef52b101cdb25e31921f4f7cb18a48167ba69f2cfde2249d07874d4de43046b35763762c80a19516c6a811825c67e2ab76b4dc5295efae849fce4365d54a16221117937a54a3336d06c4d9b50d68a38cb685efdfca5364c973e921fae41b5a8f87abe842a130dc5c7ca58d481c17e0bfe48cf6dcd169cb89144b0c90838e69d6bb91ae452730e51af5f17bfc61e68b0c542be98eb38b40ccd35aeee5b0206d9b3908ae1b407e69d31ae73c4d8d8193c4ed894695fcab3689be3b78fd88a1fc184f42cd4d6a6d2b396a7f118cabebca5e1bed8bda57cf581d7b486c84a5a45b74dafcd94f417ff243dc4a5e0e52ab979b648e75d7aef54d6bcf6b8fa68c75ee001bd4d4cc2fab87b158e40048e22a3fabfa20d8b125d4e8ca4e0d84bab3255fa1d898708b0e596587bbfd223aff09176399daa69ef56c955b764432c396a0b5408a03ce984779cc95417d33020946e4580b822b9e6939a56bb28c5458524ef3a295a56a0e15a950deb025dc66816998044302ac2d8b7444d87bf81b5d1c86a889a15501c02ab26bff214328a060ccc690024a554d33780b5d39dd853e1438e7dbc3702feb6a1446be9095c1ae8538a05340347fed60c07f35ddcdd036ea9d5036e9874ad88f41aa32defa0be9c277bf8a3713567efbc71960ad53d324dea242f4cc0b317d5a4b5953ceeb93f2beca4f5057df3545a4ebbcef62480b6c8fadd6988042eb44ab532bfbf18336d93e0ed5236bc0958cec913bf5bae8b6a571a5576a77a2c87a90b6efa8a3d66d6e6182c39b0f5841600fe3044f77bdcf268cec96b706f2af45a482ce5c99c8031eea9dcd9797620b0eaf411e1194b074eb3100fac3bacc93f950b76b478b020915e29a556f5924d267f04a365855fd73c0a6d82cef67b93f3ccf209b0b809d7a77c4ff221f4e8da7a7bfd9370bcd74b90dfa76eee7a7a5c4b9f066d51222139282a6c7b5ae61b35fea4ededdcaa7c280a5b9efb837ff3877211e3d1cebdb5b05ec4edb5d34c3d0542c425adace7ddb9a9f783c5e6b1be5587dafd0d21f522950451b59aea710a589f508ab082cbeadc144131c558868f5fa85b40ecec7c6ae9588ee2372c421d6e8e7ffe1ecea376a80cf8b2a271476390e0fea07daa664cc7552814c037347f38d1039e8d45af1006b1302bcf79e87d8a792dff226d099d5bc21d22477fb457cda5e3af1ee8db8197e9f94c8add97c7c2e2aba36f27705a509571560bce4f4838db9ce3971b9550fcccc3b324c3df7c9bfd0b165c1f255883862c9be3bb6ca1e4824a9647c014fb36111188a3fbc231d25ff117c7e7888f076b244eedefa79d3342de395d297ae766be4c19a6a4b53cbc165939fad8de08439121f51e3fb4aab560295631598d3f6b81262e754fe89d5908edeae59fc01a67bfb5c4ecc60b571328bf5bb3e1becd757647df33572273090f4094f59a8b2804c568cc36fa5bcd8e35b4633449c9596d570264e5a5c4b7caf78399a24bbe4435453374aa45e27ccb7f9c7036877fa47f143f4d430cf7e8970e75b834c9346850329dd421d4f7dcd2e4c7e9ce1992895324", 0x1000, 0x824, &(0x7f0000000240)={0x2, 0x4e22, @rand_addr=0x64010100}, 0x10) (async) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000100)={@map=0x1, r4, 0x2b}, 0x10) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:43:48 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xc000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:48 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 18:43:48 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) sendmsg$DEVLINK_CMD_RATE_DEL(r0, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xc8, 0x0, 0x800, 0x70bd27, 0x25dfdbfb, {}, [@handle=@pci={{0x8}, {0x11}}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @DEVLINK_ATTR_RATE_NODE_NAME={0x54, 0xa8, @random="6a37c317d506805ba1760baa476724b2674067a2b22f2cadd502f8f5a0e2c23a19725772adfc2e709f17b3336063634fb6ede33fa0188631f2ff7ab83244b73831e2c9fa8e1c30458a2877ee2dc8f95a"}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}]}, 0xc8}}, 0x880) (async) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) inotify_add_watch(r0, &(0x7f0000000280)='./file0\x00', 0x1) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) r4 = syz_open_dev$vcsu(&(0x7f00000000c0), 0x80, 0x0) sendto$inet(r0, &(0x7f0000000f40)="3e9bf373226e4dc45b3776afe9b5027075de875b9b83e243ab05d29355eb2d3e5a7f3acc380318580a5a91e7bbb82fa1d152b928c7b096ef6a094045a0926c8fef55c205a4b80e600f1bae4b611f3383f0354606fa0f60f3807fc3220f65b43a70d171e5a72542bf5c96630b465a32157cd0f3a2585a89f4ca2081dd2b51f65985f26cab5dc7176d0fc99e01dcf9e959f40ca5dc57e071b7a2b85e4d25047cbdfa499ca71bc2a6cc67b781e6acac8640555e5468025fb9332f3901eba14f840ca80a83559ab3ddf1744c0103b1de1f7b8d74bd959cb054d6c5eff121c11532848cf03d56d40587fb99a8c80e452bd2d2e53f624707b3811945ef361551ebd1330569db3d881afc595535b154c3c9b1ecd2d873c73017882213ad9edb87616a0cbd7a67c2390dd905ac7fde522b60d492a5df920b88c02e69e45fc8fdb6c0009748fc4b6f89a79d911988ca2757ca7ae203e96990ad761a460a71433870a84574e8339e65bea939a8f9c633f0f547f4040a063e86f83aa7654f4c6b22fc056f74026d01db0e0193218118deaaaf7d4bd51645faadee54e1d6597e985df375fd41ac5255322750f3b89560015b1150f26daeb88a4aa44598bf3e326f886b2906c06da7d95c7fdf2536cdfe6514c4bc8aabb18f8081c970ce91c24895fe9c67b0367a2b3bbbb53aa1b5a23afde3a390ce28d8a72f35ea8becd9b46c7b6e44edaa468a5d82b3413d291ced378776dc2d377f05fe2dbcc0c22bd33f8a7f99a53b042e9322942823f86605552110728f9dc7e0dab550a62cb39ee9caac1c37fd0b204650b06b0eac9bf27fbeafc145f019f156babe5ef31ede71d52df3145c8b93acb97ef75c8cfffb3b757e80202cee7319bb526f8e3ae9a1ece4aecc5a88db22854e8445d3768a1192b2bfe13426da2ca740c6bb96c88ba5f0fd2ac25d7e3c1c0d3a2bd84a9e65fcb5f0f107c9fa7d26f8ed76f258504188447438588310c0c68a623e209d316fe604f556a13eb5e29e3f8390614932b708d3ef574fdc9165bb150f9e1e3add49e1dede5a614a72f885c1a5422007929b27f2436e008722e7204ec972744f4af7905854903552281bca2effa4dfc68413fa705955ef2329c56039e08a8853c7709db39f20408d3077c4b791a351b831d978cf2cf54642d288c22154d1180c25abb4ae379292ba6263cfde0586b3f873c12db4376ff4c51331c24cf6c095fce60d1b38c60bdf47d8253d7f7f92f2be8da3871e4f231d5ca88e5980d635ba31c747c2a698638c1f85e9afb52a2e16505c37b87b761188deeae6dbc3f03c112b1f7028360986f4eab549b7ff10249469f8157f43bf6234403aa2c39be021155816f97b303e3b6c487858b5ca94697ca7966c174c5442c1c43abb521242f1923c57334a2a550735f98c0fb0902b5598cb29322ab7375cf2be3de8f5c76df798532fe38fe087a46f5c9973da8dfd81fcbef39090509786ffbdbe51228b9ba77e3b456438313d58bb04e7e5500ceb6f0a091d383f2e75e7b63e299828fb32bcdf0c6d6c7a2d7166f32ae66256eaf9fc004df6b0988d62a40d01fe4f0e15696309663ab0eb4aa26ff66ba141684152f4ed52bca839ef77518a78ed13296c13a1261ae285098d73713490eb4555395b8c86605e7ae6ac714580c41c9109f605db9924fcf729383926d3cece04d8327eae9b0449fee1fe64fd9b507648f6707d08812168f351f5c13f82612eaebc7eee4fb05041b8e560df0a95f4249bdd034fda3df331a8ffc90c3676e89f676392d8fd875bc8fc2448541865b436a91cebbc04a0373125e71ba93f26ec3c64e0e33e5f4fe895b7270418e027801d5ffe3dcb1d1f2e2ed99585a639c4b5a05c91a51cfdf0b0f24e3827898d344d6aa3fb5faa09aae853fe161d89d7322937af59cd3d52c471a8955ebd9b72ee151206b1205d6e4b4b458709ec1e97f6351cc97d0eba48298e7a352044a092932031027a49cbda48b5c25a5bd80fb7dfbbf0b2cbbb0f655958f45a553682bab40618ae67aa0b7398ab0c13291e3e03ffe228ec6f0f7cb8d40ce62aac61a72debe7ff9151cef214ab81126436a80a43447376b3c875026fc60ec4f012a018df9c2af0872f93b4a8817897035f7ec46b2a1aded3500832652a992aea2375db941461ce7b2a53cfea29a6cbf1332dce48021afdeda82d10506d984cb168a67dde7f618fffffc10554b766e210e8653f8429a0d8d22a92a748c4b69a4526eac867fdff70f26ed396ae3947e33d788d2fbf87c15c1a3327b542d5d41a7db64e797b9670112d76c7c5d6a5f3553875e6610bcf8789ec93aea2592c3edbd5d7a0731d55b5873e5419b538846ef2b2665e9c5c967a06810e65b9d6e465ed0189d1c0c6f6095318adfd78ee71c7c46e88c79c75e49a696f9961a60bc18e5ca4a08bc24c04fe313702d872861f0ebdd2754ed19e998d2868d3a3c3e066682a4b54aef994bb3287a01fdc17298aa894ce7d85124d6f887046c08a1f3b08dff27eb0d0c3443047ace7ca55e4cc8a279154225c9caf63e366a6ada9026aee72a4acf0972b6a997863f35e25359272d68c9ea62ae6ff40ad0f4b7eed11b5a4f81ec870c770d5794d3bb5d6796de43bf65e990f32203e4f9d67d48546d11d0902440785cca69473bd6a7806f02b557906f90198608d9f68d2d5f210b52614bf3aab7c3d8dc6898bece787295fccc1875a18705b7dd938d3f61118e47016a5e877bc2adaf0ecd1a9001d01e1b96f63be3764041e12a9f2ef2db8ade6eb503c601a5c232b233a8a8bf6a11a90f6cff15706156690bf23b98121c7ae45bc219c149a43dd1715e164bfca8fa3b19e7e0b9529c285246465d94face4525b2f4170817e03ea040040c6538836d7f0ccfdb8e714f21c9cefd3c32659331cf6470eb8d971523db6ca8a88976274b8759fbdaeec01d7db55fada70dd102c2b696195fba137c69e3fbf09822a30343fde3396932d3cfc7e4634339af057218bbd09df977e66e0810febc634a01e1891275431fac4d4f377355415a8ae71ab12a5174199eec6b862a8153e0c01f8d2d4b31609de7ba14b94e27c12ef2963bf121ad0a7917722a03e5b23e5d73744e880eb7b1f50edccb434b809af7393051b512896fc4438d8b51a52988e3f63015b2f74abc1f530b652d1098d2f091215e335c93250fc3032dcec0604dd796e085f1bc8fbf4a50b064caa3cb47178dfc54c9e086b756271822a4c57e42a5ce2a3c5924fd41eb33846ed8bb1a1762461bdf8cf3996d8be4644b993a75e3bd8c1589035f569cd2ec69643c78c88682315bfcb485c387f2316164d2c894f8f96a264b04c07808b20a436054424510c790a9b76f5c9fe6f9e7320baad4e0a7864e19c3febe0a1d569bf0fbb03ddab9b2a1807c5c53b2abf206d6981e40e61beae2111650a38daaab36f7a645e8d8e157eb9114451c2c5cbadd79a69bc5b53518c3d6418968b87b5e387d6bbb0707b6235749f186dc6bd98285231d43a015e9e2331fd7d224254eb754b31da4d7adf38f71238f36ce49ac08030dc328f5fcf17baf6f99c0d9495f3d85749a3376adf3cb06f8021448cdea1dd1cc731279a28851a79fdc62d5778ce339ad586495e00d7198a9b50ab7da0107ecd946919afeb2c021b03d788c608882fc55caa4953cb18bcf98807d6f21605e1c809745add6eed27eea5627de7da44154cd99c7190ef28de4286b70c7b49f10d9fa7200a4464186001417367c1c7b656b3663c569c22cd9fbd15b83532ef5aaeda114d71cd6834328d8dbf3b65f8d8ab214544d6dee9d19cbf4e3dcf6cced64bea3619a41e971140aeed5023855858f8e9d418aff08eed42e35eefd69f6a1f33496857ca9b37b003538c3040c2f8b75dfc46a90a8f16074c95dd10223a83eeda3c03948263b9ec39efe40da782ed783c217c70150c71bf401db50bb7dd3c266bfaf788fe5b4fb674f458000cbfab2f8fa9d1fcea314a9c181f954fefc453bd060c4ff0d9e2ed403a1ae5cbc4573e954135206672a6def53e17ff38a0ba1604b962a149b04e304486c559a4cfd2e7bb10e715b3b00e4ee6cded3a436be85c3db5987725f455ba4b0a81071907e099fc29538c32d2acbb89791df911acfd9985fd9b6dfae4b5d7fa8ef74e4bad9fff1d20451ed9daf9368c49f158d51b74e51ceec16f71ce256d7f73006f9a454ff7ef7b82f07a3ef52b101cdb25e31921f4f7cb18a48167ba69f2cfde2249d07874d4de43046b35763762c80a19516c6a811825c67e2ab76b4dc5295efae849fce4365d54a16221117937a54a3336d06c4d9b50d68a38cb685efdfca5364c973e921fae41b5a8f87abe842a130dc5c7ca58d481c17e0bfe48cf6dcd169cb89144b0c90838e69d6bb91ae452730e51af5f17bfc61e68b0c542be98eb38b40ccd35aeee5b0206d9b3908ae1b407e69d31ae73c4d8d8193c4ed894695fcab3689be3b78fd88a1fc184f42cd4d6a6d2b396a7f118cabebca5e1bed8bda57cf581d7b486c84a5a45b74dafcd94f417ff243dc4a5e0e52ab979b648e75d7aef54d6bcf6b8fa68c75ee001bd4d4cc2fab87b158e40048e22a3fabfa20d8b125d4e8ca4e0d84bab3255fa1d898708b0e596587bbfd223aff09176399daa69ef56c955b764432c396a0b5408a03ce984779cc95417d33020946e4580b822b9e6939a56bb28c5458524ef3a295a56a0e15a950deb025dc66816998044302ac2d8b7444d87bf81b5d1c86a889a15501c02ab26bff214328a060ccc690024a554d33780b5d39dd853e1438e7dbc3702feb6a1446be9095c1ae8538a05340347fed60c07f35ddcdd036ea9d5036e9874ad88f41aa32defa0be9c277bf8a3713567efbc71960ad53d324dea242f4cc0b317d5a4b5953ceeb93f2beca4f5057df3545a4ebbcef62480b6c8fadd6988042eb44ab532bfbf18336d93e0ed5236bc0958cec913bf5bae8b6a571a5576a77a2c87a90b6efa8a3d66d6e6182c39b0f5841600fe3044f77bdcf268cec96b706f2af45a482ce5c99c8031eea9dcd9797620b0eaf411e1194b074eb3100fac3bacc93f950b76b478b020915e29a556f5924d267f04a365855fd73c0a6d82cef67b93f3ccf209b0b809d7a77c4ff221f4e8da7a7bfd9370bcd74b90dfa76eee7a7a5c4b9f066d51222139282a6c7b5ae61b35fea4ededdcaa7c280a5b9efb837ff3877211e3d1cebdb5b05ec4edb5d34c3d0542c425adace7ddb9a9f783c5e6b1be5587dafd0d21f522950451b59aea710a589f508ab082cbeadc144131c558868f5fa85b40ecec7c6ae9588ee2372c421d6e8e7ffe1ecea376a80cf8b2a271476390e0fea07daa664cc7552814c037347f38d1039e8d45af1006b1302bcf79e87d8a792dff226d099d5bc21d22477fb457cda5e3af1ee8db8197e9f94c8add97c7c2e2aba36f27705a509571560bce4f4838db9ce3971b9550fcccc3b324c3df7c9bfd0b165c1f255883862c9be3bb6ca1e4824a9647c014fb36111188a3fbc231d25ff117c7e7888f076b244eedefa79d3342de395d297ae766be4c19a6a4b53cbc165939fad8de08439121f51e3fb4aab560295631598d3f6b81262e754fe89d5908edeae59fc01a67bfb5c4ecc60b571328bf5bb3e1becd757647df33572273090f4094f59a8b2804c568cc36fa5bcd8e35b4633449c9596d570264e5a5c4b7caf78399a24bbe4435453374aa45e27ccb7f9c7036877fa47f143f4d430cf7e8970e75b834c9346850329dd421d4f7dcd2e4c7e9ce1992895324", 0x1000, 0x824, &(0x7f0000000240)={0x2, 0x4e22, @rand_addr=0x64010100}, 0x10) (async) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000100)={@map=0x1, r4, 0x2b}, 0x10) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:43:48 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000280), 0x24342, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f00000002c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0/file0\x00'}) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup(r3, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r5 = openat$cgroup(r4, &(0x7f0000000180)='syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r5, &(0x7f0000000240)='pids.current\x00', 0x0, 0x0) r6 = openat$cgroup_int(r2, &(0x7f0000000100)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(r1, &(0x7f0000000300)='freezer.state\x00', 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r6, &(0x7f0000000080), 0x12) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x4) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000280), 0x24342, 0x0) (async) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f00000002c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0/file0\x00'}) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r3, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup(r4, &(0x7f0000000180)='syz1\x00', 0x200002, 0x0) (async) openat$cgroup_ro(r5, &(0x7f0000000240)='pids.current\x00', 0x0, 0x0) (async) openat$cgroup_int(r2, &(0x7f0000000100)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) openat$cgroup_ro(r1, &(0x7f0000000300)='freezer.state\x00', 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r6, &(0x7f0000000080), 0x12) (async) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x4) (async) 18:43:49 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xd000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:49 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000005c0)=[{0x0}, {0x0}], 0x2}, 0x0) [ 812.739231][T29851] loop5: detected capacity change from 0 to 1024 [ 812.745073][T29859] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 812.776310][T29851] EXT4-fs error (device loop5): __ext4_fill_super:5326: inode #2: comm syz-executor.5: iget: root inode unallocated 18:43:49 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x48300, 0x10) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = fcntl$getown(0xffffffffffffffff, 0x9) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) openat$cgroup_ro(r5, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x0, 0x0) prlimit64(r3, 0x7891d557274749ec, &(0x7f00000000c0)={0x0, 0x7f}, &(0x7f0000000100)) perf_event_open$cgroup(&(0x7f00000002c0)={0x0, 0x80, 0x1, 0x5, 0x8, 0x6, 0x0, 0xfffffffffffffffc, 0x20000, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x7, 0x4, @perf_bp={&(0x7f0000000280), 0x1}, 0x14910, 0x7, 0x6, 0x9, 0x4, 0x3ff, 0x805, 0x0, 0x3a2eacfc, 0x0, 0xfffffffffffffffc}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x2) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:43:49 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x12000000, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:43:49 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xe000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 812.819327][T29893] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 812.843025][T29851] EXT4-fs (loop5): get root inode failed [ 812.848721][T29851] EXT4-fs (loop5): mount failed [ 812.875267][T29911] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 812.885513][T29911] CPU: 0 PID: 29911 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 812.896531][T29911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 812.906603][T29911] Call Trace: [ 812.909922][T29911] [ 812.912847][T29911] dump_stack_lvl+0xd6/0x122 [ 812.917466][T29911] dump_stack+0x11/0x12 [ 812.921622][T29911] dump_header+0x98/0x410 [ 812.925955][T29911] out_of_memory+0x65e/0x880 [ 812.930600][T29911] memory_max_write+0x31b/0x420 [ 812.935457][T29911] ? memory_max_show+0x70/0x70 [ 812.940225][T29911] cgroup_file_write+0x167/0x300 [ 812.945296][T29911] ? __check_object_size+0x235/0x380 [ 812.950580][T29911] ? cgroup_seqfile_stop+0x70/0x70 [ 812.955694][T29911] kernfs_fop_write_iter+0x1d3/0x2c0 [ 812.960988][T29911] vfs_write+0x71c/0x890 [ 812.965295][T29911] ksys_write+0xe8/0x1a0 [ 812.969538][T29911] __x64_sys_write+0x3e/0x50 [ 812.974134][T29911] do_syscall_64+0x2b/0x70 [ 812.978552][T29911] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 812.984447][T29911] RIP: 0033:0x7ff0acc260e9 [ 812.988853][T29911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 813.008527][T29911] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 813.016945][T29911] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 813.024910][T29911] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 813.032878][T29911] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 813.040853][T29911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 813.048820][T29911] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 813.056791][T29911] [ 813.059924][T29911] memory: usage 72kB, limit 0kB, failcnt 6880 [ 813.065987][T29911] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 813.072898][T29911] Memory cgroup stats for /syz0: [ 813.084277][T29911] anon 0 [ 813.084277][T29911] file 53248 [ 813.084277][T29911] kernel 20480 [ 813.084277][T29911] kernel_stack 0 [ 813.084277][T29911] pagetables 0 [ 813.084277][T29911] percpu 0 [ 813.084277][T29911] sock 0 [ 813.084277][T29911] vmalloc 0 [ 813.084277][T29911] shmem 53248 [ 813.084277][T29911] file_mapped 53248 [ 813.084277][T29911] file_dirty 0 [ 813.084277][T29911] file_writeback 0 [ 813.084277][T29911] swapcached 0 [ 813.084277][T29911] inactive_anon 0 [ 813.084277][T29911] active_anon 53248 [ 813.084277][T29911] inactive_file 0 [ 813.084277][T29911] active_file 0 [ 813.084277][T29911] unevictable 0 [ 813.084277][T29911] slab_reclaimable 3056 [ 813.084277][T29911] slab_unreclaimable 14936 [ 813.084277][T29911] slab 17992 [ 813.084277][T29911] workingset_refault_anon 0 [ 813.084277][T29911] workingset_refault_file 7 [ 813.084277][T29911] workingset_activate_anon 0 [ 813.084277][T29911] workingset_activate_file 0 [ 813.176318][T29911] Out of memory and no killable processes... [ 813.183826][T29909] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 813.193765][T29909] CPU: 0 PID: 29909 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 813.204779][T29909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 813.214833][T29909] Call Trace: [ 813.218106][T29909] [ 813.221027][T29909] dump_stack_lvl+0xd6/0x122 [ 813.225717][T29909] dump_stack+0x11/0x12 [ 813.229873][T29909] dump_header+0x98/0x410 [ 813.234349][T29909] out_of_memory+0x65e/0x880 [ 813.238982][T29909] memory_max_write+0x31b/0x420 [ 813.243840][T29909] ? memory_max_show+0x70/0x70 [ 813.248626][T29909] cgroup_file_write+0x167/0x300 [ 813.253597][T29909] ? __check_object_size+0x235/0x380 [ 813.258883][T29909] ? cgroup_seqfile_stop+0x70/0x70 [ 813.264028][T29909] kernfs_fop_write_iter+0x1d3/0x2c0 [ 813.269357][T29909] vfs_write+0x71c/0x890 [ 813.273658][T29909] ksys_write+0xe8/0x1a0 [ 813.277955][T29909] __x64_sys_write+0x3e/0x50 18:43:49 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {0x0, 0x0, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:49 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xf000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:49 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x12000000, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) [ 813.282581][T29909] do_syscall_64+0x2b/0x70 [ 813.286998][T29909] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 813.292898][T29909] RIP: 0033:0x7f682d3270e9 [ 813.297321][T29909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 813.317032][T29909] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 813.325445][T29909] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 813.333410][T29909] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000005 [ 813.341437][T29909] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 813.349416][T29909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 813.357393][T29909] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 813.365432][T29909] [ 813.368626][T29909] memory: usage 72kB, limit 0kB, failcnt 6880 [ 813.374693][T29909] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 813.381552][T29909] Memory cgroup stats for /syz0: [ 813.383377][T29919] loop5: detected capacity change from 0 to 1024 [ 813.395429][T29920] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 813.403133][T29909] anon 0 [ 813.403133][T29909] file 53248 [ 813.403133][T29909] kernel 20480 [ 813.403133][T29909] kernel_stack 0 [ 813.403133][T29909] pagetables 0 [ 813.403133][T29909] percpu 0 [ 813.403133][T29909] sock 0 [ 813.403133][T29909] vmalloc 0 [ 813.403133][T29909] shmem 53248 [ 813.403133][T29909] file_mapped 53248 18:43:49 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x12000000, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) [ 813.403133][T29909] file_dirty 0 [ 813.403133][T29909] file_writeback 0 [ 813.403133][T29909] swapcached 0 [ 813.403133][T29909] inactive_anon 0 [ 813.403133][T29909] active_anon 53248 [ 813.403133][T29909] inactive_file 0 [ 813.403133][T29909] active_file 0 [ 813.403133][T29909] unevictable 0 [ 813.403133][T29909] slab_reclaimable 3056 [ 813.403133][T29909] slab_unreclaimable 14936 [ 813.403133][T29909] slab 17992 [ 813.403133][T29909] workingset_refault_anon 0 [ 813.403133][T29909] workingset_refault_file 7 [ 813.403133][T29909] workingset_activate_anon 0 [ 813.403133][T29909] workingset_activate_file 0 [ 813.490293][T29909] Out of memory and no killable processes... [ 813.509448][T29919] EXT4-fs error (device loop5): __ext4_fill_super:5326: inode #2: comm syz-executor.5: iget: root inode unallocated [ 813.521919][T29919] EXT4-fs (loop5): get root inode failed [ 813.527547][T29919] EXT4-fs (loop5): mount failed [ 813.790454][ T1867] device hsr_slave_0 left promiscuous mode [ 813.796560][ T1867] device hsr_slave_1 left promiscuous mode [ 813.802721][ T1867] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 813.810151][ T1867] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 813.817651][ T1867] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 813.825068][ T1867] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 813.832706][ T1867] device bridge_slave_1 left promiscuous mode [ 813.838958][ T1867] bridge0: port 2(bridge_slave_1) entered disabled state [ 813.847066][ T1867] device bridge_slave_0 left promiscuous mode [ 813.853372][ T1867] bridge0: port 1(bridge_slave_0) entered disabled state [ 813.862651][ T1867] device veth1_macvtap left promiscuous mode [ 813.868642][ T1867] device veth0_macvtap left promiscuous mode [ 813.874739][ T1867] device veth1_vlan left promiscuous mode [ 813.880472][ T1867] device veth0_vlan left promiscuous mode [ 813.964680][ T1867] team0 (unregistering): Port device team_slave_1 removed [ 813.974499][ T1867] team0 (unregistering): Port device team_slave_0 removed [ 813.984628][ T1867] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 813.995638][ T1867] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 814.022947][ T1867] bond0 (unregistering): Released all slaves [ 814.700603][T29935] chnl_net:caif_netlink_parms(): no params data found [ 814.729677][T29935] bridge0: port 1(bridge_slave_0) entered blocking state [ 814.736732][T29935] bridge0: port 1(bridge_slave_0) entered disabled state [ 814.744527][T29935] device bridge_slave_0 entered promiscuous mode [ 814.751773][T29935] bridge0: port 2(bridge_slave_1) entered blocking state [ 814.759419][T29935] bridge0: port 2(bridge_slave_1) entered disabled state [ 814.767100][T29935] device bridge_slave_1 entered promiscuous mode [ 814.782444][T29935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 814.792648][T29935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 814.810805][T29935] team0: Port device team_slave_0 added [ 814.816990][T29935] team0: Port device team_slave_1 added [ 814.831434][T29935] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 814.838484][T29935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 814.864437][T29935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 814.875579][T29935] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 814.882526][T29935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 814.908436][T29935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 814.929570][T29935] device hsr_slave_0 entered promiscuous mode [ 814.935983][T29935] device hsr_slave_1 entered promiscuous mode [ 814.942795][T29935] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 814.951554][T29935] Cannot create hsr debugfs directory [ 814.978302][T29935] bridge0: port 2(bridge_slave_1) entered blocking state [ 814.985567][T29935] bridge0: port 2(bridge_slave_1) entered forwarding state [ 814.992971][T29935] bridge0: port 1(bridge_slave_0) entered blocking state [ 815.000014][T29935] bridge0: port 1(bridge_slave_0) entered forwarding state [ 815.028324][T29935] 8021q: adding VLAN 0 to HW filter on device bond0 [ 815.038692][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 815.046343][ T40] bridge0: port 1(bridge_slave_0) entered disabled state [ 815.055310][ T40] bridge0: port 2(bridge_slave_1) entered disabled state [ 815.068227][T29935] 8021q: adding VLAN 0 to HW filter on device team0 [ 815.076896][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 815.085605][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 815.093909][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 815.100936][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 815.118500][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 815.126963][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 815.135421][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 815.142484][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 815.150152][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 815.158931][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 815.167406][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 815.175838][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 815.184481][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 815.193025][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 815.201495][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 815.209821][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 815.217961][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 815.226154][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 815.235486][T29935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 815.243088][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 815.256521][T29935] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 815.263899][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 815.271298][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 815.337753][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 815.346598][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 815.381651][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 815.389975][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 815.399352][T29935] device veth0_vlan entered promiscuous mode [ 815.405662][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 815.413539][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 815.423673][T29935] device veth1_vlan entered promiscuous mode [ 815.436021][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 815.443982][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 815.452653][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 815.461106][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 815.471362][T29935] device veth0_macvtap entered promiscuous mode [ 815.479878][T29935] device veth1_macvtap entered promiscuous mode [ 815.490150][T29935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 815.500598][T29935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 815.510413][T29935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 815.521075][T29935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 815.530860][T29935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 815.541271][T29935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 815.551137][T29935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 815.561612][T29935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 815.571504][T29935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 815.581912][T29935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 815.592971][T29935] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 815.601406][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 815.610130][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 815.618090][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 815.626914][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 815.637646][T29935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 815.648138][T29935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 815.658045][T29935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 815.668519][T29935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 815.678322][T29935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 815.688742][T29935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 815.698601][T29935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 815.709011][T29935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 815.718932][T29935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 815.729412][T29935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 18:43:51 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 18:43:51 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x10000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:51 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x4}, 0x10) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:43:51 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x48300, 0x10) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = fcntl$getown(0xffffffffffffffff, 0x9) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) openat$cgroup_ro(r5, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x0, 0x0) prlimit64(r3, 0x7891d557274749ec, &(0x7f00000000c0)={0x0, 0x7f}, &(0x7f0000000100)) perf_event_open$cgroup(&(0x7f00000002c0)={0x0, 0x80, 0x1, 0x5, 0x8, 0x6, 0x0, 0xfffffffffffffffc, 0x20000, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x7, 0x4, @perf_bp={&(0x7f0000000280), 0x1}, 0x14910, 0x7, 0x6, 0x9, 0x4, 0x3ff, 0x805, 0x0, 0x3a2eacfc, 0x0, 0xfffffffffffffffc}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x2) write$cgroup_int(r2, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x48300, 0x10) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) fcntl$getown(0xffffffffffffffff, 0x9) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async) dup(r4) (async) getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) openat$cgroup_ro(r5, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x0, 0x0) (async) prlimit64(r3, 0x7891d557274749ec, &(0x7f00000000c0)={0x0, 0x7f}, &(0x7f0000000100)) (async) perf_event_open$cgroup(&(0x7f00000002c0)={0x0, 0x80, 0x1, 0x5, 0x8, 0x6, 0x0, 0xfffffffffffffffc, 0x20000, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x7, 0x4, @perf_bp={&(0x7f0000000280), 0x1}, 0x14910, 0x7, 0x6, 0x9, 0x4, 0x3ff, 0x805, 0x0, 0x3a2eacfc, 0x0, 0xfffffffffffffffc}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x2) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) (async) 18:43:51 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00), 0x0, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:51 executing program 2: bpf$OBJ_GET_MAP(0x7, &(0x7f0000001740)={0x0, 0x0, 0x18}, 0x10) [ 815.740323][T29935] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 815.748124][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 815.756762][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 18:43:52 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="aa"], 0x94}}, 0x0) 18:43:52 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x11000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 815.801570][T29975] loop5: detected capacity change from 0 to 1024 [ 815.813360][T29979] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 815.821389][T29974] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 815.831608][T29974] CPU: 1 PID: 29974 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 18:43:52 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x12000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:52 executing program 2: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r0, &(0x7f0000000000)={'#! ', './file0'}, 0xb) [ 815.842630][T29974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 815.847507][T29983] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 815.852680][T29974] Call Trace: [ 815.852688][T29974] [ 815.852695][T29974] dump_stack_lvl+0xd6/0x122 [ 815.870515][T29974] dump_stack+0x11/0x12 [ 815.874682][T29974] dump_header+0x98/0x410 [ 815.879054][T29974] oom_kill_process+0xfe/0x550 [ 815.883827][T29974] out_of_memory+0x620/0x880 [ 815.888419][T29974] memory_max_write+0x31b/0x420 [ 815.893311][T29974] ? memory_max_show+0x70/0x70 18:43:52 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x14000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:52 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x48300, 0x10) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = fcntl$getown(0xffffffffffffffff, 0x9) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) openat$cgroup_ro(r5, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x0, 0x0) prlimit64(r3, 0x7891d557274749ec, &(0x7f00000000c0)={0x0, 0x7f}, &(0x7f0000000100)) perf_event_open$cgroup(&(0x7f00000002c0)={0x0, 0x80, 0x1, 0x5, 0x8, 0x6, 0x0, 0xfffffffffffffffc, 0x20000, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x7, 0x4, @perf_bp={&(0x7f0000000280), 0x1}, 0x14910, 0x7, 0x6, 0x9, 0x4, 0x3ff, 0x805, 0x0, 0x3a2eacfc, 0x0, 0xfffffffffffffffc}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x2) write$cgroup_int(r2, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x48300, 0x10) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) fcntl$getown(0xffffffffffffffff, 0x9) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async) dup(r4) (async) getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) openat$cgroup_ro(r5, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x0, 0x0) (async) prlimit64(r3, 0x7891d557274749ec, &(0x7f00000000c0)={0x0, 0x7f}, &(0x7f0000000100)) (async) perf_event_open$cgroup(&(0x7f00000002c0)={0x0, 0x80, 0x1, 0x5, 0x8, 0x6, 0x0, 0xfffffffffffffffc, 0x20000, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x7, 0x4, @perf_bp={&(0x7f0000000280), 0x1}, 0x14910, 0x7, 0x6, 0x9, 0x4, 0x3ff, 0x805, 0x0, 0x3a2eacfc, 0x0, 0xfffffffffffffffc}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x2) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) (async) [ 815.898092][T29974] cgroup_file_write+0x167/0x300 [ 815.903064][T29974] ? __check_object_size+0x235/0x380 [ 815.904320][T30009] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 815.908352][T29974] ? cgroup_seqfile_stop+0x70/0x70 [ 815.920392][T29974] kernfs_fop_write_iter+0x1d3/0x2c0 [ 815.925752][T29974] vfs_write+0x71c/0x890 [ 815.930018][T29974] ksys_write+0xe8/0x1a0 [ 815.934364][T29974] __x64_sys_write+0x3e/0x50 [ 815.936801][T30011] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 815.938965][T29974] do_syscall_64+0x2b/0x70 [ 815.938993][T29974] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 815.939022][T29974] RIP: 0033:0x7ff0acc260e9 [ 815.939037][T29974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 815.952755][T29975] EXT4-fs error (device loop5): __ext4_fill_super:5326: inode #2: comm syz-executor.5: iget: root inode unallocated [ 815.956244][T29974] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 815.956269][T29974] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 815.967748][T29975] EXT4-fs (loop5): get root inode failed [ 815.980253][T29974] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 815.992425][T29975] EXT4-fs (loop5): mount failed [ 816.000834][T29974] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 816.000851][T29974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 816.000884][T29974] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 816.000902][T29974] [ 816.000933][T29974] memory: usage 136kB, limit 0kB, failcnt 6899 [ 816.000946][T29974] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 816.000958][T29974] Memory cgroup stats for /syz0: [ 816.022240][T29974] anon 32768 [ 816.022240][T29974] file 53248 [ 816.022240][T29974] kernel 45056 [ 816.022240][T29974] kernel_stack 0 [ 816.022240][T29974] pagetables 8192 [ 816.022240][T29974] percpu 0 [ 816.022240][T29974] sock 0 [ 816.022240][T29974] vmalloc 0 [ 816.022240][T29974] shmem 53248 [ 816.022240][T29974] file_mapped 53248 [ 816.022240][T29974] file_dirty 0 [ 816.022240][T29974] file_writeback 0 [ 816.022240][T29974] swapcached 0 [ 816.022240][T29974] inactive_anon 32768 [ 816.022240][T29974] active_anon 53248 [ 816.022240][T29974] inactive_file 0 [ 816.022240][T29974] active_file 0 [ 816.022240][T29974] unevictable 0 [ 816.022240][T29974] slab_reclaimable 8960 [ 816.022240][T29974] slab_unreclaimable 19048 [ 816.022240][T29974] slab 28008 [ 816.022240][T29974] workingset_refault_anon 0 [ 816.022240][T29974] workingset_refault_file 7 [ 816.022240][T29974] workingset_activate_anon 0 [ 816.022240][T29974] workingset_activate_file 0 [ 816.160209][T29974] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=29935,uid=0 [ 816.175519][T29974] Memory cgroup out of memory: Killed process 29935 (syz-executor.0) total-vm:42336kB, anon-rss:368kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:0 [ 816.197479][T29974] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 816.207745][T29974] CPU: 0 PID: 29974 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 816.218754][T29974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 816.228987][T29974] Call Trace: [ 816.232254][T29974] [ 816.235165][T29974] dump_stack_lvl+0xd6/0x122 [ 816.239747][T29974] dump_stack+0x11/0x12 [ 816.243898][T29974] dump_header+0x98/0x410 [ 816.248226][T29974] out_of_memory+0x65e/0x880 [ 816.252947][T29974] memory_max_write+0x31b/0x420 [ 816.257877][T29974] ? memory_max_show+0x70/0x70 [ 816.262655][T29974] cgroup_file_write+0x167/0x300 [ 816.267618][T29974] ? __check_object_size+0x235/0x380 [ 816.272890][T29974] ? cgroup_seqfile_stop+0x70/0x70 [ 816.278086][T29974] kernfs_fop_write_iter+0x1d3/0x2c0 [ 816.283355][T29974] vfs_write+0x71c/0x890 [ 816.287587][T29974] ksys_write+0xe8/0x1a0 [ 816.291815][T29974] __x64_sys_write+0x3e/0x50 [ 816.296447][T29974] do_syscall_64+0x2b/0x70 [ 816.300972][T29974] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 816.306905][T29974] RIP: 0033:0x7ff0acc260e9 [ 816.311395][T29974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 816.330985][T29974] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 816.339379][T29974] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 816.347331][T29974] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 816.355281][T29974] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 816.363352][T29974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 816.371302][T29974] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 816.379256][T29974] [ 816.382285][T29974] memory: usage 84kB, limit 0kB, failcnt 6916 [ 816.388341][T29974] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 816.395202][T29974] Memory cgroup stats for /syz0: [ 816.396973][T29974] anon 0 [ 816.396973][T29974] file 53248 [ 816.396973][T29974] kernel 32768 [ 816.396973][T29974] kernel_stack 0 [ 816.396973][T29974] pagetables 0 [ 816.396973][T29974] percpu 0 [ 816.396973][T29974] sock 0 [ 816.396973][T29974] vmalloc 0 [ 816.396973][T29974] shmem 53248 [ 816.396973][T29974] file_mapped 53248 [ 816.396973][T29974] file_dirty 0 [ 816.396973][T29974] file_writeback 0 [ 816.396973][T29974] swapcached 0 [ 816.396973][T29974] inactive_anon 0 [ 816.396973][T29974] active_anon 53248 [ 816.396973][T29974] inactive_file 0 [ 816.396973][T29974] active_file 0 [ 816.396973][T29974] unevictable 0 [ 816.396973][T29974] slab_reclaimable 5808 [ 816.396973][T29974] slab_unreclaimable 18808 [ 816.396973][T29974] slab 24616 [ 816.396973][T29974] workingset_refault_anon 0 [ 816.396973][T29974] workingset_refault_file 7 [ 816.396973][T29974] workingset_activate_anon 0 [ 816.396973][T29974] workingset_activate_file 0 [ 816.489143][T29974] Out of memory and no killable processes... 18:43:52 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async, rerun: 64) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async, rerun: 64) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 18:43:52 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x1d000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:52 executing program 2: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) r1 = gettid() sendmsg$netlink(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000a80)=[{&(0x7f00000000c0)={0x10}, 0x10}, {&(0x7f0000000540)={0x10, 0x3b, 0x1}, 0x10}], 0x2, &(0x7f0000000ac0)=[@cred={{0x1c, 0x1, 0x2, {r1, 0x0, 0xee00}}}], 0x20}, 0x0) 18:43:52 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100), 0x200002, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="58000000020601040000000000000000000000000500040000000000050001000700000011000300686173683a69702c706f7274fdffffff0b00078008001240090000000900022073797a3000000000ffcfedd286200500"], 0x58}}, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000200)={'ip6_vti0\x00', &(0x7f0000000100)=@ethtool_wolinfo={0x6, 0x7f, 0xf3f, "b89c633e538e"}}) write$cgroup_int(r0, &(0x7f0000000080), 0x12) creat(&(0x7f00000000c0)='./file0\x00', 0x10) 18:43:52 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00), 0x0, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:52 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x4}, 0x10) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x4}, 0x10) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) (async) 18:43:52 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x227505c, 0x0) acct(0x0) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='hostfs\x00', 0x840000, &(0x7f0000000100)='\x18)&\x15*\x00') listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 816.575808][T30042] loop5: detected capacity change from 0 to 1024 [ 816.583411][T30044] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 816.590779][ T24] audit: type=1400 audit(1651085032.785:353): avc: denied { write } for pid=30035 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 816.590849][T30036] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=30036 comm=syz-executor.2 [ 816.590875][T30036] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=59 sclass=netlink_tcpdiag_socket pid=30036 comm=syz-executor.2 [ 816.635319][T30038] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 816.647773][T30038] CPU: 1 PID: 30038 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 816.658881][T30038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 816.668930][T30038] Call Trace: [ 816.672203][T30038] 18:43:52 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000700)={&(0x7f00000005c0), 0xc, 0x0}, 0x0) 18:43:52 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x1e000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:52 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100), 0x200002, 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="58000000020601040000000000000000000000000500040000000000050001000700000011000300686173683a69702c706f7274fdffffff0b00078008001240090000000900022073797a3000000000ffcfedd286200500"], 0x58}}, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000200)={'ip6_vti0\x00', &(0x7f0000000100)=@ethtool_wolinfo={0x6, 0x7f, 0xf3f, "b89c633e538e"}}) write$cgroup_int(r0, &(0x7f0000000080), 0x12) creat(&(0x7f00000000c0)='./file0\x00', 0x10) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100), 0x200002, 0x0) (async) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="58000000020601040000000000000000000000000500040000000000050001000700000011000300686173683a69702c706f7274fdffffff0b00078008001240090000000900022073797a3000000000ffcfedd286200500"], 0x58}}, 0x0) (async) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000200)={'ip6_vti0\x00', &(0x7f0000000100)=@ethtool_wolinfo={0x6, 0x7f, 0xf3f, "b89c633e538e"}}) (async) write$cgroup_int(r0, &(0x7f0000000080), 0x12) (async) creat(&(0x7f00000000c0)='./file0\x00', 0x10) (async) [ 816.675131][T30038] dump_stack_lvl+0xd6/0x122 [ 816.679804][T30038] dump_stack+0x11/0x12 [ 816.683964][T30038] dump_header+0x98/0x410 [ 816.688291][T30038] out_of_memory+0x65e/0x880 [ 816.692881][T30038] memory_max_write+0x31b/0x420 [ 816.697765][T30038] ? memory_max_show+0x70/0x70 [ 816.702614][T30038] cgroup_file_write+0x167/0x300 [ 816.707554][T30038] ? __check_object_size+0x235/0x380 [ 816.712942][T30038] ? cgroup_seqfile_stop+0x70/0x70 [ 816.718059][T30038] kernfs_fop_write_iter+0x1d3/0x2c0 [ 816.723392][T30038] vfs_write+0x71c/0x890 [ 816.727694][T30038] ksys_write+0xe8/0x1a0 [ 816.731942][T30038] __x64_sys_write+0x3e/0x50 [ 816.736615][T30038] do_syscall_64+0x2b/0x70 [ 816.741032][T30038] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 816.746921][T30038] RIP: 0033:0x7ff0acc260e9 [ 816.751326][T30038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 816.771066][T30038] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 816.779514][T30038] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 816.787471][T30038] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 816.795494][T30038] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 816.803460][T30038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 816.811415][T30038] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 816.819449][T30038] 18:43:53 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000740)={'ip_vti0\x00', 0x20}) [ 816.822641][T30038] memory: usage 76kB, limit 0kB, failcnt 6916 [ 816.828724][T30038] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 816.835595][T30038] Memory cgroup stats for /syz0: [ 816.839395][T30050] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 18:43:53 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x20000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:53 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@bloom_filter={0x1e, 0x0, 0x400, 0xb, 0x44}, 0x48) 18:43:53 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100), 0x200002, 0x0) (async) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async, rerun: 32) prlimit64(0x0, 0x0, 0x0, 0x0) (async, rerun: 32) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async, rerun: 64) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 64) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="58000000020601040000000000000000000000000500040000000000050001000700000011000300686173683a69702c706f7274fdffffff0b00078008001240090000000900022073797a3000000000ffcfedd286200500"], 0x58}}, 0x0) (async) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000200)={'ip6_vti0\x00', &(0x7f0000000100)=@ethtool_wolinfo={0x6, 0x7f, 0xf3f, "b89c633e538e"}}) (async, rerun: 32) write$cgroup_int(r0, &(0x7f0000000080), 0x12) (async, rerun: 32) creat(&(0x7f00000000c0)='./file0\x00', 0x10) [ 816.884597][T30042] EXT4-fs error (device loop5): __ext4_fill_super:5326: inode #2: comm syz-executor.5: iget: root inode unallocated 18:43:53 executing program 2: openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) [ 816.943209][T30074] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 816.957281][T30042] EXT4-fs (loop5): get root inode failed [ 816.962986][T30042] EXT4-fs (loop5): mount failed [ 816.975931][T30038] anon 0 [ 816.975931][T30038] file 53248 [ 816.975931][T30038] kernel 20480 [ 816.975931][T30038] kernel_stack 0 [ 816.975931][T30038] pagetables 0 18:43:53 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f00000000c0), 0x200) mmap(&(0x7f0000ffa000/0x6000)=nil, 0x6000, 0x1000001, 0x10010, r0, 0xd2806000) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='rpc_pipefs\x00', 0x158480, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) [ 816.975931][T30038] percpu 0 [ 816.975931][T30038] sock 0 [ 816.975931][T30038] vmalloc 0 [ 816.975931][T30038] shmem 53248 [ 816.975931][T30038] file_mapped 53248 [ 816.975931][T30038] file_dirty 0 [ 816.975931][T30038] file_writeback 0 [ 816.975931][T30038] swapcached 0 [ 816.975931][T30038] inactive_anon 0 [ 816.975931][T30038] active_anon 53248 [ 816.975931][T30038] inactive_file 0 [ 816.975931][T30038] active_file 0 [ 816.975931][T30038] unevictable 0 [ 816.975931][T30038] slab_reclaimable 3056 [ 816.975931][T30038] slab_unreclaimable 14936 18:43:53 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00), 0x0, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) [ 816.975931][T30038] slab 17992 [ 816.975931][T30038] workingset_refault_anon 0 [ 816.975931][T30038] workingset_refault_file 7 [ 816.975931][T30038] workingset_activate_anon 0 [ 816.975931][T30038] workingset_activate_file 0 [ 817.063129][T30038] Out of memory and no killable processes... [ 817.129571][T30089] loop5: detected capacity change from 0 to 1024 [ 817.158729][T30089] EXT4-fs error (device loop5): __ext4_fill_super:5326: inode #2: comm syz-executor.5: iget: root inode unallocated [ 817.189216][T30089] EXT4-fs (loop5): get root inode failed [ 817.194873][T30089] EXT4-fs (loop5): mount failed 18:43:53 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x4}, 0x10) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x4}, 0x10) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) (async) [ 817.269856][T30105] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 817.280115][T30105] CPU: 0 PID: 30105 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 817.291128][T30105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 817.301174][T30105] Call Trace: [ 817.304434][T30105] [ 817.307343][T30105] dump_stack_lvl+0xd6/0x122 [ 817.311919][T30105] dump_stack+0x11/0x12 [ 817.316110][T30105] dump_header+0x98/0x410 [ 817.320421][T30105] out_of_memory+0x65e/0x880 [ 817.325012][T30105] memory_max_write+0x31b/0x420 [ 817.329955][T30105] ? memory_max_show+0x70/0x70 [ 817.334756][T30105] cgroup_file_write+0x167/0x300 [ 817.339747][T30105] ? __check_object_size+0x235/0x380 [ 817.345015][T30105] ? cgroup_seqfile_stop+0x70/0x70 [ 817.350185][T30105] kernfs_fop_write_iter+0x1d3/0x2c0 [ 817.355451][T30105] vfs_write+0x71c/0x890 [ 817.359672][T30105] ksys_write+0xe8/0x1a0 [ 817.363903][T30105] __x64_sys_write+0x3e/0x50 [ 817.368472][T30105] do_syscall_64+0x2b/0x70 [ 817.372878][T30105] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 817.378813][T30105] RIP: 0033:0x7ff0acc260e9 [ 817.383236][T30105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 817.402892][T30105] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 817.411279][T30105] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 817.419306][T30105] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 817.427253][T30105] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 817.435203][T30105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 817.443150][T30105] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 817.451173][T30105] [ 817.454205][T30105] memory: usage 72kB, limit 0kB, failcnt 6916 [ 817.460324][T30105] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 817.467163][T30105] Memory cgroup stats for /syz0: [ 817.468687][T30105] anon 0 [ 817.468687][T30105] file 53248 [ 817.468687][T30105] kernel 20480 [ 817.468687][T30105] kernel_stack 0 [ 817.468687][T30105] pagetables 0 [ 817.468687][T30105] percpu 0 [ 817.468687][T30105] sock 0 [ 817.468687][T30105] vmalloc 0 [ 817.468687][T30105] shmem 53248 [ 817.468687][T30105] file_mapped 53248 [ 817.468687][T30105] file_dirty 0 [ 817.468687][T30105] file_writeback 0 [ 817.468687][T30105] swapcached 0 [ 817.468687][T30105] inactive_anon 0 [ 817.468687][T30105] active_anon 53248 [ 817.468687][T30105] inactive_file 0 [ 817.468687][T30105] active_file 0 [ 817.468687][T30105] unevictable 0 [ 817.468687][T30105] slab_reclaimable 3056 [ 817.468687][T30105] slab_unreclaimable 14936 [ 817.468687][T30105] slab 17992 [ 817.468687][T30105] workingset_refault_anon 0 [ 817.468687][T30105] workingset_refault_file 7 [ 817.468687][T30105] workingset_activate_anon 0 [ 817.468687][T30105] workingset_activate_file 0 [ 817.561033][T30105] Out of memory and no killable processes... [ 817.610674][ T1837] device hsr_slave_0 left promiscuous mode [ 817.616633][ T1837] device hsr_slave_1 left promiscuous mode [ 817.622978][ T1837] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 817.630446][ T1837] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 817.638056][ T1837] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 817.645436][ T1837] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 817.653044][ T1837] device bridge_slave_1 left promiscuous mode [ 817.659227][ T1837] bridge0: port 2(bridge_slave_1) entered disabled state [ 817.666720][ T1837] device bridge_slave_0 left promiscuous mode [ 817.672849][ T1837] bridge0: port 1(bridge_slave_0) entered disabled state [ 817.682324][ T1837] device veth1_macvtap left promiscuous mode [ 817.688295][ T1837] device veth0_macvtap left promiscuous mode [ 817.694299][ T1837] device veth1_vlan left promiscuous mode [ 817.700024][ T1837] device veth0_vlan left promiscuous mode [ 817.781734][ T1837] team0 (unregistering): Port device team_slave_1 removed [ 817.791712][ T1837] team0 (unregistering): Port device team_slave_0 removed [ 817.801673][ T1837] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 817.813599][ T1837] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 817.842582][ T1837] bond0 (unregistering): Released all slaves [ 818.432555][T30120] chnl_net:caif_netlink_parms(): no params data found [ 818.461531][T30120] bridge0: port 1(bridge_slave_0) entered blocking state [ 818.468600][T30120] bridge0: port 1(bridge_slave_0) entered disabled state [ 818.476179][T30120] device bridge_slave_0 entered promiscuous mode [ 818.483534][T30120] bridge0: port 2(bridge_slave_1) entered blocking state [ 818.490676][T30120] bridge0: port 2(bridge_slave_1) entered disabled state [ 818.499193][T30120] device bridge_slave_1 entered promiscuous mode [ 818.515160][T30120] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 818.525148][T30120] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 818.542092][T30120] team0: Port device team_slave_0 added [ 818.548565][T30120] team0: Port device team_slave_1 added [ 818.562446][T30120] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 818.569424][T30120] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 818.595386][T30120] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 818.606966][T30120] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 818.613947][T30120] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 818.639838][T30120] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 818.661666][T30120] device hsr_slave_0 entered promiscuous mode [ 818.668034][T30120] device hsr_slave_1 entered promiscuous mode [ 818.674362][T30120] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 818.681903][T30120] Cannot create hsr debugfs directory [ 818.708401][T30120] bridge0: port 2(bridge_slave_1) entered blocking state [ 818.715497][T30120] bridge0: port 2(bridge_slave_1) entered forwarding state [ 818.722750][T30120] bridge0: port 1(bridge_slave_0) entered blocking state [ 818.729841][T30120] bridge0: port 1(bridge_slave_0) entered forwarding state [ 818.757250][T30120] 8021q: adding VLAN 0 to HW filter on device bond0 [ 818.767673][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 818.775839][ T1918] bridge0: port 1(bridge_slave_0) entered disabled state [ 818.783591][ T1918] bridge0: port 2(bridge_slave_1) entered disabled state [ 818.794792][T30120] 8021q: adding VLAN 0 to HW filter on device team0 [ 818.804184][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 818.813182][ T1916] bridge0: port 1(bridge_slave_0) entered blocking state [ 818.820228][ T1916] bridge0: port 1(bridge_slave_0) entered forwarding state [ 818.839779][T30120] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 818.850159][T30120] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 818.862968][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 818.871361][ T1916] bridge0: port 2(bridge_slave_1) entered blocking state [ 818.878499][ T1916] bridge0: port 2(bridge_slave_1) entered forwarding state [ 818.887961][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 818.897480][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 818.906941][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 818.915135][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 818.927392][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 818.934970][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 818.947770][T30120] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 818.956223][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 818.963873][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 819.032404][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 819.072769][T30120] device veth0_vlan entered promiscuous mode [ 819.079832][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 819.088486][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 819.096480][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 819.106935][T30120] device veth1_vlan entered promiscuous mode [ 819.119602][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 819.127442][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 819.135739][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 819.145811][T30120] device veth0_macvtap entered promiscuous mode [ 819.154040][T30120] device veth1_macvtap entered promiscuous mode [ 819.164199][T30120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 819.174643][T30120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 819.184517][T30120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 819.194926][T30120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 819.204732][T30120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 819.215177][T30120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 819.224990][T30120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 819.235416][T30120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 819.245269][T30120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 819.255722][T30120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 819.268183][T30120] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 819.276152][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 819.285452][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 819.294553][T30120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 819.305023][T30120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 819.314822][T30120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 819.325232][T30120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 819.335025][T30120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 819.345471][T30120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 819.355384][T30120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 819.365801][T30120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 819.375619][T30120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 819.386022][T30120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 819.396984][T30120] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 819.406080][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 819.414794][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 18:43:55 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x227505c, 0x0) acct(0x0) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='hostfs\x00', 0x840000, &(0x7f0000000100)='\x18)&\x15*\x00') listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x227505c, 0x0) (async) acct(0x0) (async) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='hostfs\x00', 0x840000, &(0x7f0000000100)='\x18)&\x15*\x00') (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) (async) 18:43:55 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x25000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:55 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f00000000c0), 0x200) mmap(&(0x7f0000ffa000/0x6000)=nil, 0x6000, 0x1000001, 0x10010, r0, 0xd2806000) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='rpc_pipefs\x00', 0x158480, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) openat$qrtrtun(0xffffffffffffff9c, &(0x7f00000000c0), 0x200) (async) mmap(&(0x7f0000ffa000/0x6000)=nil, 0x6000, 0x1000001, 0x10010, r0, 0xd2806000) (async) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='rpc_pipefs\x00', 0x158480, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) (async) 18:43:55 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000000080)='\n', 0x1}], 0x1}, 0x0) recvmsg(r1, &(0x7f0000000040)={&(0x7f0000000140)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, 0x0}, 0x42) 18:43:55 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f0000000000000400200000", 0x1f, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:55 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) write$cgroup_int(r2, &(0x7f00000000c0)=0x1, 0x12) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:43:55 executing program 2: r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @multicast1}}, 0x80, 0x0, 0x0, &(0x7f0000000100)=[{0x18, 0x110, 0x1, "dc"}], 0x18}, 0x0) 18:43:55 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f00000000c0), 0x200) mmap(&(0x7f0000ffa000/0x6000)=nil, 0x6000, 0x1000001, 0x10010, r0, 0xd2806000) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='rpc_pipefs\x00', 0x158480, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:43:55 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async, rerun: 32) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 32) prlimit64(0x0, 0x0, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f00000000c0)=0x1, 0x12) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) [ 819.461672][T30159] loop5: detected capacity change from 0 to 1024 [ 819.475543][T30172] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 18:43:55 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x227505c, 0x0) (async) acct(0x0) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='hostfs\x00', 0x840000, &(0x7f0000000100)='\x18)&\x15*\x00') (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 18:43:55 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x48000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:55 executing program 0: r0 = semget(0x3, 0x2, 0x60) semctl$SEM_STAT_ANY(r0, 0x3, 0x14, &(0x7f0000000080)=""/105) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 18:43:55 executing program 2: openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x28041, 0x0) [ 819.505368][ T24] audit: type=1400 audit(1651085035.695:354): avc: denied { write } for pid=30180 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 18:43:55 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r4, {0xee01, 0xee01}}, './file0\x00'}) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r5, &(0x7f0000000100)="d5ba8b4dc180abe171642de543dfe4cf32ab235767e8e4329a16f8df5c857c79baf857624b5c9b5f5787b483320666bf1e8f256f55912b2753cd83967b", &(0x7f0000000240)=""/187}, 0x20) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:43:55 executing program 2: perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000700)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7954244cef7baf48e6d2885a09a87507ebf4e43bc0609b199b6ed90e0596acec976e57309ebcd7f00000000000000781f642845725345d5e89ad528d985e786d6cf12d77b7ed1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81070545cab5d5b0d7ff0575cc2727e8d974927676468ff2d8621c3ac94712ed9cf6b40b3cf252a47c05af3a30d57cc3ed67d1867b54d24e2da18568c3b0f24b52616bf84d3b042d6e432cd0e3b57239f0127473e6ba922aff649609d40b47ec331ccba3ce8d530ffff19a6471bf3abe442d9cbcfb964b13831034694a6aad86cf08a2c7b2235dc99de9aa3e6b77c7a2877261ed72da90864987f30926c9013eec3b86836ae504479f60bfc37204d2b85627aa5a79f670000000000000000000000008f02712c3d5956f2013d2aef4a3b5092be4d6852b88317c5adbbdb0015f89e9939bc424d1bafe5725c8a4047b91da3768c1ca6a4410009232d5f4c6ba884f95d4ba21068285afa8d3b4a6893d3626ab5becbcdb887af2c85c2d9ab09b5dd7d3c4406d2d7650bf7b2ff4602aec1eea200000064881c560c371a08e05196b78a6160f439921a06fb78183e7e78de9dabe35f1a5d50f20209eec6eb2c510b2cc8d95e4e5b365d1e1298f431432010e100fc01418056bfbaa978cab28cc337a81f421af9909b3c04d552dad88a1258ec0810dff9d0eaa794225d5e2626bd2b011f000000000000000915c9dd6fd183051f7c5b79cf"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x20e, 0x5ee, 0xfd000000, &(0x7f00000004c0)="b91803b700030703009e40f086dd1fff060700ffff80fe8477fbac14140ce0080001c699da153f0ae0e6e380f60103f683317585d7473f1cab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28) [ 819.553638][T30205] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 819.564060][T30159] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 819.585322][T30208] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 819.595293][T30208] CPU: 1 PID: 30208 Comm: syz-executor.0 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 819.606316][T30208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 819.616366][T30208] Call Trace: [ 819.619641][T30208] [ 819.619666][T30225] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 819.622571][T30208] dump_stack_lvl+0xd6/0x122 [ 819.622601][T30208] dump_stack+0x11/0x12 [ 819.622623][T30208] dump_header+0x98/0x410 [ 819.642561][T30208] oom_kill_process+0xfe/0x550 [ 819.647364][T30208] out_of_memory+0x620/0x880 [ 819.652071][T30208] mem_cgroup_oom+0x475/0x4f0 [ 819.656745][T30208] try_charge_memcg+0x746/0x960 [ 819.661641][T30208] ? try_to_unlazy+0x3c9/0x540 [ 819.666406][T30208] obj_cgroup_charge+0x171/0x2b0 [ 819.671345][T30208] memcg_slab_pre_alloc_hook+0xf7/0x170 [ 819.676947][T30208] ? __d_alloc+0x3d/0x380 [ 819.681259][T30208] kmem_cache_alloc_lru+0x76/0x2b0 [ 819.686353][T30208] ? __d_lookup+0x3a6/0x3d0 [ 819.690841][T30208] __d_alloc+0x3d/0x380 [ 819.694979][T30208] d_alloc+0x2a/0x100 [ 819.698945][T30208] __lookup_hash+0x8f/0x180 [ 819.703555][T30208] filename_create+0x147/0x2b0 [ 819.708314][T30208] do_symlinkat+0x83/0x330 [ 819.712761][T30208] __x64_sys_symlinkat+0x5e/0x70 [ 819.717740][T30208] do_syscall_64+0x2b/0x70 [ 819.722153][T30208] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 819.728084][T30208] RIP: 0033:0x7effa57ce9f7 [ 819.732489][T30208] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0a 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 819.752100][T30208] RSP: 002b:00007ffcfd3bd6a8 EFLAGS: 00000202 ORIG_RAX: 000000000000010a [ 819.760503][T30208] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007effa57ce9f7 [ 819.768530][T30208] RDX: 00007effa5829139 RSI: 00000000ffffff9c RDI: 00007ffcfd3bd770 [ 819.776507][T30208] RBP: 0000000000000000 R08: 0000000000000620 R09: 00007ffcfd3bd540 [ 819.784539][T30208] R10: 00007ffcfd3bd3f7 R11: 0000000000000202 R12: 0000000000000001 [ 819.792496][T30208] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffcfd3bd770 [ 819.800454][T30208] 18:43:55 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) write$cgroup_int(r2, &(0x7f00000000c0)=0x1, 0x12) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:43:55 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f0000000000000400200000", 0x1f, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:55 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x4c000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 819.803488][T30208] memory: usage 256kB, limit 0kB, failcnt 6935 [ 819.809672][T30208] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 819.816508][T30208] Memory cgroup stats for /syz0: [ 819.818771][T30208] anon 69632 [ 819.818771][T30208] file 53248 [ 819.818771][T30208] kernel 139264 [ 819.818771][T30208] kernel_stack 16384 [ 819.818771][T30208] pagetables 57344 [ 819.818771][T30208] percpu 0 [ 819.818771][T30208] sock 0 [ 819.818771][T30208] vmalloc 0 [ 819.818771][T30208] shmem 53248 [ 819.818771][T30208] file_mapped 53248 [ 819.818771][T30208] file_dirty 0 [ 819.818771][T30208] file_writeback 0 [ 819.818771][T30208] swapcached 0 [ 819.818771][T30208] inactive_anon 69632 [ 819.818771][T30208] active_anon 53248 [ 819.818771][T30208] inactive_file 0 [ 819.818771][T30208] active_file 0 [ 819.818771][T30208] unevictable 0 [ 819.818771][T30208] slab_reclaimable 4432 [ 819.818771][T30208] slab_unreclaimable 35944 [ 819.818771][T30208] slab 40376 [ 819.818771][T30208] workingset_refault_anon 0 [ 819.818771][T30208] workingset_refault_file 7 18:43:56 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x60000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:56 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x620e0000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 819.818771][T30208] workingset_activate_anon 0 [ 819.818771][T30208] workingset_activate_file 0 [ 819.912501][T30208] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=30120,uid=0 [ 819.927863][T30208] Memory cgroup out of memory: Killed process 30120 (syz-executor.0) total-vm:42336kB, anon-rss:380kB, file-rss:9088kB, shmem-rss:56kB, UID:0 pgtables:72kB oom_score_adj:0 [ 819.935726][T30228] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 18:43:56 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x7, 0x40, 0x4}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f0000000140), 0x20000000}, 0x20) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000200)={r0, &(0x7f0000000140), &(0x7f0000000800)=""/84}, 0x20) [ 819.974785][T30235] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 819.982428][T30210] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 819.992412][T30210] CPU: 0 PID: 30210 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 820.003436][T30210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 820.013496][T30210] Call Trace: [ 820.016761][T30210] [ 820.019676][T30210] dump_stack_lvl+0xd6/0x122 [ 820.024432][T30210] dump_stack+0x11/0x12 [ 820.028579][T30210] dump_header+0x98/0x410 [ 820.032979][T30210] oom_kill_process+0xfe/0x550 [ 820.037759][T30210] out_of_memory+0x620/0x880 [ 820.042346][T30210] memory_max_write+0x31b/0x420 [ 820.047287][T30210] ? memory_max_show+0x70/0x70 [ 820.052122][T30210] cgroup_file_write+0x167/0x300 [ 820.057064][T30210] ? __check_object_size+0x235/0x380 [ 820.062412][T30210] ? cgroup_seqfile_stop+0x70/0x70 [ 820.067557][T30210] kernfs_fop_write_iter+0x1d3/0x2c0 [ 820.072861][T30210] vfs_write+0x71c/0x890 [ 820.077111][T30210] ksys_write+0xe8/0x1a0 [ 820.081396][T30210] __x64_sys_write+0x3e/0x50 [ 820.085976][T30210] do_syscall_64+0x2b/0x70 [ 820.090485][T30210] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 820.096369][T30210] RIP: 0033:0x7f682d3270e9 [ 820.101118][T30210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 820.120718][T30210] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 820.129120][T30210] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 820.137086][T30210] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 820.145043][T30210] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 820.152998][T30210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 820.160954][T30210] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 820.168914][T30210] 18:43:56 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x68000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:56 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000700)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7954244cef7baf48e6d2885a09a87507ebf4e43bc0609b199b6ed90e0596acec976e57309ebcd7f00000000000000781f642845725345d5e89ad528d985e786d6cf12d77b7ed1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81070545cab5d5b0d7ff0575cc2727e8d974927676468ff2d8621c3ac94712ed9cf6b40b3cf252a47c05af3a30d57cc3ed67d1867b54d24e2da18568c3b0f24b52616bf84d3b042d6e432cd0e3b57239f0127473e6ba922aff649609d40b47ec331ccba3ce8d530ffff19a6471bf3abe442d9cbcfb964b13831034694a6aad86cf08a2c7b2235dc99de9aa3e6b77c7a2877261ed72da90864987f30926c9013eec3b86836ae504479f60bfc37204d2b85627aa5a79f670000000000000000000000008f02712c3d5956f2013d2aef4a3b5092be4d6852b88317c5adbbdb0015f89e9939bc424d1bafe5725c8a4047b91da3768c1ca6a4410009232d5f4c6ba884f95d4ba21068285afa8d3b4a6893d3626ab5becbcdb887af2c85c2d9ab09b5dd7d3c4406d2d7650bf7b2ff4602aec1eea200000064881c560c371a08e05196b78a6160f439921a06fb78183e7e78de9dabe35f1a5d50f20209eec6eb2c510b2cc8d95e4e5b365d1e1298f431432010e100fc01418056bfbaa978cab28cc337a81f421af9909b3c04d552dad88a1258ec0810dff9d0eaa794225d5e2626bd2b011f000000000000000915c9dd6fd183051f7c5b79cf"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x20e, 0x69, 0xfd000000, &(0x7f00000004c0)="b91803b700030703009e40f086dd1fff060700000000008477fbac14140ce0080001c699da153f0ae0e6e380f60103f683317585d7473f1cab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28) [ 820.172041][T30210] memory: usage 240kB, limit 0kB, failcnt 6936 [ 820.178245][T30210] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 820.185102][T30210] Memory cgroup stats for /syz0: [ 820.195664][T30239] loop5: detected capacity change from 0 to 1024 [ 820.203403][T30210] anon 0 [ 820.203403][T30210] file 53248 [ 820.203403][T30210] kernel 53248 [ 820.203403][T30210] kernel_stack 16384 [ 820.203403][T30210] pagetables 0 [ 820.203403][T30210] percpu 0 [ 820.203403][T30210] sock 0 [ 820.203403][T30210] vmalloc 0 [ 820.203403][T30210] shmem 53248 [ 820.203403][T30210] file_mapped 53248 [ 820.203403][T30210] file_dirty 0 [ 820.203403][T30210] file_writeback 0 [ 820.203403][T30210] swapcached 0 [ 820.203403][T30210] inactive_anon 0 [ 820.203403][T30210] active_anon 53248 [ 820.203403][T30210] inactive_file 0 [ 820.203403][T30210] active_file 0 [ 820.203403][T30210] unevictable 0 [ 820.203403][T30210] slab_reclaimable 4432 [ 820.203403][T30210] slab_unreclaimable 26040 [ 820.203403][T30210] slab 30472 [ 820.203403][T30210] workingset_refault_anon 0 [ 820.203403][T30210] workingset_refault_file 7 [ 820.203403][T30210] workingset_activate_anon 0 [ 820.203403][T30210] workingset_activate_file 0 [ 820.294550][T30210] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=30208,uid=0 [ 820.309949][T30210] Memory cgroup out of memory: OOM victim 30208 (syz-executor.0) is already exiting. Skip killing the task [ 820.325833][T30239] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 820.338124][T30246] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 820.338859][T30210] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 820.355001][T30210] CPU: 1 PID: 30210 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 820.366141][T30210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 820.376265][T30210] Call Trace: [ 820.379538][T30210] [ 820.382468][T30210] dump_stack_lvl+0xd6/0x122 [ 820.387114][T30210] dump_stack+0x11/0x12 [ 820.391302][T30210] dump_header+0x98/0x410 [ 820.395667][T30210] out_of_memory+0x65e/0x880 [ 820.400279][T30210] memory_max_write+0x31b/0x420 [ 820.405166][T30210] ? memory_max_show+0x70/0x70 [ 820.409941][T30210] cgroup_file_write+0x167/0x300 [ 820.414892][T30210] ? __check_object_size+0x235/0x380 [ 820.420158][T30210] ? cgroup_seqfile_stop+0x70/0x70 [ 820.425317][T30210] kernfs_fop_write_iter+0x1d3/0x2c0 [ 820.430627][T30210] vfs_write+0x71c/0x890 [ 820.434851][T30210] ksys_write+0xe8/0x1a0 [ 820.439132][T30210] __x64_sys_write+0x3e/0x50 [ 820.443703][T30210] do_syscall_64+0x2b/0x70 [ 820.448102][T30210] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 820.453996][T30210] RIP: 0033:0x7f682d3270e9 [ 820.458390][T30210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 820.477997][T30210] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 820.486404][T30210] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 820.494368][T30210] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 820.502319][T30210] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 820.510269][T30210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 820.518220][T30210] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 18:43:56 executing program 0: r0 = semget(0x3, 0x2, 0x60) semctl$SEM_STAT_ANY(r0, 0x3, 0x14, &(0x7f0000000080)=""/105) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) semget(0x3, 0x2, 0x60) (async) semctl$SEM_STAT_ANY(r0, 0x3, 0x14, &(0x7f0000000080)=""/105) (async) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) (async) 18:43:56 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x100000, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@access_uid={'access', 0x3d, 0xffffffffffffffff}}, {@cache_none}], [{@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@smackfshat={'smackfshat', 0x3d, '+-[{\''}}, {@func={'func', 0x3d, 'FIRMWARE_CHECK'}}]}}) r4 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r4, &(0x7f0000000080), 0x12) [ 820.526265][T30210] [ 820.529478][T30210] memory: usage 104kB, limit 0kB, failcnt 6952 [ 820.535645][T30210] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 820.542491][T30210] Memory cgroup stats for /syz0: [ 820.546484][T30210] anon 0 [ 820.546484][T30210] file 53248 [ 820.546484][T30210] kernel 49152 [ 820.546484][T30210] kernel_stack 16384 [ 820.546484][T30210] pagetables 0 [ 820.546484][T30210] percpu 0 [ 820.546484][T30210] sock 0 [ 820.546484][T30210] vmalloc 0 [ 820.546484][T30210] shmem 53248 [ 820.546484][T30210] file_mapped 53248 [ 820.546484][T30210] file_dirty 0 [ 820.546484][T30210] file_writeback 0 [ 820.546484][T30210] swapcached 0 [ 820.546484][T30210] inactive_anon 0 [ 820.546484][T30210] active_anon 53248 [ 820.546484][T30210] inactive_file 0 [ 820.546484][T30210] active_file 0 [ 820.546484][T30210] unevictable 0 [ 820.546484][T30210] slab_reclaimable 4432 [ 820.546484][T30210] slab_unreclaimable 22760 [ 820.546484][T30210] slab 27192 [ 820.546484][T30210] workingset_refault_anon 0 [ 820.546484][T30210] workingset_refault_file 7 [ 820.546484][T30210] workingset_activate_anon 0 [ 820.546484][T30210] workingset_activate_file 0 [ 820.639099][T30210] Out of memory and no killable processes... [ 820.652148][T30248] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 820.662361][T30248] CPU: 0 PID: 30248 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 18:43:56 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async, rerun: 32) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async, rerun: 32) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async, rerun: 64) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async, rerun: 64) r4 = bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r4, {0xee01, 0xee01}}, './file0\x00'}) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r5, &(0x7f0000000100)="d5ba8b4dc180abe171642de543dfe4cf32ab235767e8e4329a16f8df5c857c79baf857624b5c9b5f5787b483320666bf1e8f256f55912b2753cd83967b", &(0x7f0000000240)=""/187}, 0x20) (async, rerun: 64) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async, rerun: 64) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:43:56 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000700)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7954244cef7baf48e6d2885a09a87507ebf4e43bc0609b199b6ed90e0596acec976e57309ebcd7f00000000000000781f642845725345d5e89ad528d985e786d6cf12d77b7ed1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81070545cab5d5b0d7ff0575cc2727e8d974927676468ff2d8621c3ac94712ed9cf6b40b3cf252a47c05af3a30d57cc3ed67d1867b54d24e2da18568c3b0f24b52616bf84d3b042d6e432cd0e3b57239f0127473e6ba922aff649609d40b47ec331ccba3ce8d530ffff19a6471bf3abe442d9cbcfb964b13831034694a6aad86cf08a2c7b2235dc99de9aa3e6b77c7a2877261ed72da90864987f30926c9013eec3b86836ae504479f60bfc37204d2b85627aa5a79f670000000000000000000000008f02712c3d5956f2013d2aef4a3b5092be4d6852b88317c5adbbdb0015f89e9939bc424d1bafe5725c8a4047b91da3768c1ca6a4410009232d5f4c6ba884f95d4ba21068285afa8d3b4a6893d3626ab5becbcdb887af2c85c2d9ab09b5dd7d3c4406d2d7650bf7b2ff4602aec1eea200000064881c560c371a08e05196b78a6160f439921a06fb78183e7e78de9dabe35f1a5d50f20209eec6eb2c510b2cc8d95e4e5b365d1e1298f431432010e100fc01418056bfbaa978cab28cc337a81f421af9909b3c04d552dad88a1258ec0810dff9d0eaa794225d5e2626bd2b011f000000000000000915c9dd6fd183051f7c5b79cf"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x20e, 0x5ee, 0xfd000000, &(0x7f00000004c0)="b91803b700030703009e40f086dd1fff0607000000003c8477fbac14140ce0080001c699da153f0ae0e6e380f60103f683317585d7473f1cab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28) 18:43:56 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x6c000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:56 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f0000000000000400200000", 0x1f, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:56 executing program 0: r0 = semget(0x3, 0x2, 0x60) semctl$SEM_STAT_ANY(r0, 0x3, 0x14, &(0x7f0000000080)=""/105) (async) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 820.673419][T30248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 820.683471][T30248] Call Trace: [ 820.686748][T30248] [ 820.689749][T30248] dump_stack_lvl+0xd6/0x122 [ 820.694345][T30248] dump_stack+0x11/0x12 [ 820.698507][T30248] dump_header+0x98/0x410 [ 820.702843][T30248] out_of_memory+0x65e/0x880 [ 820.707434][T30248] memory_max_write+0x31b/0x420 [ 820.712299][T30248] ? memory_max_show+0x70/0x70 [ 820.717078][T30248] cgroup_file_write+0x167/0x300 [ 820.722054][T30248] ? __check_object_size+0x235/0x380 [ 820.727348][T30248] ? cgroup_seqfile_stop+0x70/0x70 [ 820.732465][T30248] kernfs_fop_write_iter+0x1d3/0x2c0 [ 820.737923][T30248] vfs_write+0x71c/0x890 [ 820.742172][T30248] ksys_write+0xe8/0x1a0 [ 820.746498][T30248] __x64_sys_write+0x3e/0x50 [ 820.751094][T30248] do_syscall_64+0x2b/0x70 [ 820.755596][T30248] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 820.761535][T30248] RIP: 0033:0x7ff0acc260e9 [ 820.765963][T30248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 820.785589][T30248] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 820.794178][T30248] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 820.802404][T30248] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000013 [ 820.810373][T30248] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 820.818330][T30248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 820.826390][T30248] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 820.834437][T30248] [ 820.837479][T30248] memory: usage 80kB, limit 0kB, failcnt 6952 [ 820.843557][T30248] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 820.850414][T30248] Memory cgroup stats for /syz0: [ 820.854278][T30254] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 18:43:57 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r4, {0xee01, 0xee01}}, './file0\x00'}) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r5, &(0x7f0000000100)="d5ba8b4dc180abe171642de543dfe4cf32ab235767e8e4329a16f8df5c857c79baf857624b5c9b5f5787b483320666bf1e8f256f55912b2753cd83967b", &(0x7f0000000240)=""/187}, 0x20) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r4, {0xee01, 0xee01}}, './file0\x00'}) (async) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r5, &(0x7f0000000100)="d5ba8b4dc180abe171642de543dfe4cf32ab235767e8e4329a16f8df5c857c79baf857624b5c9b5f5787b483320666bf1e8f256f55912b2753cd83967b", &(0x7f0000000240)=""/187}, 0x20) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) (async) 18:43:57 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x74000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 820.881922][T30256] loop5: detected capacity change from 0 to 1024 [ 820.910580][T30256] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 820.932021][T30248] anon 0 [ 820.932021][T30248] file 53248 [ 820.932021][T30248] kernel 20480 [ 820.932021][T30248] kernel_stack 0 [ 820.932021][T30248] pagetables 0 [ 820.932021][T30248] percpu 0 [ 820.932021][T30248] sock 0 [ 820.932021][T30248] vmalloc 0 [ 820.932021][T30248] shmem 53248 [ 820.932021][T30248] file_mapped 53248 [ 820.932021][T30248] file_dirty 0 [ 820.932021][T30248] file_writeback 0 [ 820.932021][T30248] swapcached 0 [ 820.932021][T30248] inactive_anon 0 [ 820.932021][T30248] active_anon 53248 [ 820.932021][T30248] inactive_file 0 [ 820.932021][T30248] active_file 0 [ 820.932021][T30248] unevictable 0 [ 820.932021][T30248] slab_reclaimable 3056 [ 820.932021][T30248] slab_unreclaimable 14936 [ 820.932021][T30248] slab 17992 [ 820.932021][T30248] workingset_refault_anon 0 [ 820.932021][T30248] workingset_refault_file 7 [ 820.932021][T30248] workingset_activate_anon 0 [ 820.932021][T30248] workingset_activate_file 0 [ 821.019256][T30248] Out of memory and no killable processes... 18:43:57 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400", 0x2e, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) [ 821.030394][T30265] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 821.046783][T30266] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 821.056737][T30266] CPU: 0 PID: 30266 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 821.067758][T30266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 821.077877][T30266] Call Trace: [ 821.081141][T30266] [ 821.084058][T30266] dump_stack_lvl+0xd6/0x122 [ 821.088641][T30266] dump_stack+0x11/0x12 [ 821.092851][T30266] dump_header+0x98/0x410 [ 821.097168][T30266] out_of_memory+0x65e/0x880 [ 821.101843][T30266] memory_max_write+0x31b/0x420 [ 821.106745][T30266] ? memory_max_show+0x70/0x70 [ 821.111502][T30266] cgroup_file_write+0x167/0x300 [ 821.116429][T30266] ? __check_object_size+0x235/0x380 [ 821.121701][T30266] ? cgroup_seqfile_stop+0x70/0x70 [ 821.126887][T30266] kernfs_fop_write_iter+0x1d3/0x2c0 [ 821.132186][T30266] vfs_write+0x71c/0x890 [ 821.136418][T30266] ksys_write+0xe8/0x1a0 [ 821.140647][T30266] __x64_sys_write+0x3e/0x50 [ 821.145297][T30266] do_syscall_64+0x2b/0x70 [ 821.149705][T30266] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 821.155614][T30266] RIP: 0033:0x7f682d3270e9 [ 821.160029][T30266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 18:43:57 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x100000, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@access_uid={'access', 0x3d, 0xffffffffffffffff}}, {@cache_none}], [{@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@smackfshat={'smackfshat', 0x3d, '+-[{\''}}, {@func={'func', 0x3d, 'FIRMWARE_CHECK'}}]}}) r4 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r4, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) (async) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x100000, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@access_uid={'access', 0x3d, 0xffffffffffffffff}}, {@cache_none}], [{@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@smackfshat={'smackfshat', 0x3d, '+-[{\''}}, {@func={'func', 0x3d, 'FIRMWARE_CHECK'}}]}}) (async) openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r4, &(0x7f0000000080), 0x12) (async) [ 821.179621][T30266] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 821.188057][T30266] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 821.196012][T30266] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 821.203967][T30266] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 821.211959][T30266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 821.219913][T30266] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 821.227871][T30266] [ 821.230909][T30266] memory: usage 72kB, limit 0kB, failcnt 6952 [ 821.236970][T30266] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 821.243828][T30266] Memory cgroup stats for /syz0: [ 821.272508][T30269] loop5: detected capacity change from 0 to 1024 18:43:57 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x7a000000, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:57 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000700)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7954244cef7baf48e6d2885a09a87507ebf4e43bc0609b199b6ed90e0596acec976e57309ebcd7f00000000000000781f642845725345d5e89ad528d985e786d6cf12d77b7ed1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81070545cab5d5b0d7ff0575cc2727e8d974927676468ff2d8621c3ac94712ed9cf6b40b3cf252a47c05af3a30d57cc3ed67d1867b54d24e2da18568c3b0f24b52616bf84d3b042d6e432cd0e3b57239f0127473e6ba922aff649609d40b47ec331ccba3ce8d530ffff19a6471bf3abe442d9cbcfb964b13831034694a6aad86cf08a2c7b2235dc99de9aa3e6b77c7a2877261ed72da90864987f30926c9013eec3b86836ae504479f60bfc37204d2b85627aa5a79f670000000000000000000000008f02712c3d5956f2013d2aef4a3b5092be4d6852b88317c5adbbdb0015f89e9939bc424d1bafe5725c8a4047b91da3768c1ca6a4410009232d5f4c6ba884f95d4ba21068285afa8d3b4a6893d3626ab5becbcdb887af2c85c2d9ab09b5dd7d3c4406d2d7650bf7b2ff4602aec1eea200000064881c560c371a08e05196b78a6160f439921a06fb78183e7e78de9dabe35f1a5d50f20209eec6eb2c510b2cc8d95e4e5b365d1e1298f431432010e100fc01418056bfbaa978cab28cc337a81f421af9909b3c04d552dad88a1258ec0810dff9d0eaa794225d5e2626bd2b011f000000000000000915c9dd6fd183051f7c5b79cf"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x20e, 0x5ee, 0xfd000000, &(0x7f00000004c0)="b91803b700030703009e40f086dd1fff060700000000008477fbac14140ce0080001c699da153f0ae0e6e380f60103f683317585d747331cab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28) [ 821.287574][T30266] anon 0 [ 821.287574][T30266] file 53248 [ 821.287574][T30266] kernel 20480 [ 821.287574][T30266] kernel_stack 0 [ 821.287574][T30266] pagetables 0 [ 821.287574][T30266] percpu 0 [ 821.287574][T30266] sock 0 [ 821.287574][T30266] vmalloc 0 [ 821.287574][T30266] shmem 53248 [ 821.287574][T30266] file_mapped 53248 [ 821.287574][T30266] file_dirty 0 [ 821.287574][T30266] file_writeback 0 [ 821.287574][T30266] swapcached 0 [ 821.287574][T30266] inactive_anon 0 [ 821.287574][T30266] active_anon 53248 [ 821.287574][T30266] inactive_file 0 [ 821.287574][T30266] active_file 0 [ 821.287574][T30266] unevictable 0 [ 821.287574][T30266] slab_reclaimable 3056 [ 821.287574][T30266] slab_unreclaimable 14936 [ 821.287574][T30266] slab 17992 [ 821.287574][T30266] workingset_refault_anon 0 [ 821.287574][T30266] workingset_refault_file 7 [ 821.287574][T30266] workingset_activate_anon 0 [ 821.287574][T30266] workingset_activate_file 0 [ 821.374963][T30266] Out of memory and no killable processes... 18:43:57 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async, rerun: 64) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async, rerun: 64) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) (async) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x100000, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@access_uid={'access', 0x3d, 0xffffffffffffffff}}, {@cache_none}], [{@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@smackfshat={'smackfshat', 0x3d, '+-[{\''}}, {@func={'func', 0x3d, 'FIRMWARE_CHECK'}}]}}) (async) r4 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async, rerun: 32) write$cgroup_int(r4, &(0x7f0000000080), 0x12) (rerun: 32) 18:43:57 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x14) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) mknodat(r0, &(0x7f00000000c0)='./file0\x00', 0x2, 0xffffffff) r4 = fcntl$dupfd(r2, 0x0, r1) openat$cgroup_ro(r4, &(0x7f0000000100)='cpuacct.stat\x00', 0x0, 0x0) 18:43:57 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x9effffff, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 821.388718][T30290] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 821.402883][T30269] EXT4-fs error (device loop5): ext4_ext_check_inode:497: inode #2: comm syz-executor.5: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) 18:43:57 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xeaffffff, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 821.446927][T30299] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 821.482262][T30269] EXT4-fs (loop5): get root inode failed [ 821.487972][T30269] EXT4-fs (loop5): mount failed 18:43:57 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xefffffff, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 821.497660][T30301] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 821.526085][T30303] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 821.570283][T30307] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 821.580271][T30307] CPU: 1 PID: 30307 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 821.591380][T30307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 821.601506][T30307] Call Trace: [ 821.604766][T30307] [ 821.607701][T30307] dump_stack_lvl+0xd6/0x122 [ 821.612321][T30307] dump_stack+0x11/0x12 [ 821.616458][T30307] dump_header+0x98/0x410 [ 821.620770][T30307] out_of_memory+0x65e/0x880 [ 821.625338][T30307] memory_max_write+0x31b/0x420 [ 821.630171][T30307] ? memory_max_show+0x70/0x70 [ 821.634947][T30307] cgroup_file_write+0x167/0x300 [ 821.639879][T30307] ? __check_object_size+0x235/0x380 [ 821.645158][T30307] ? cgroup_seqfile_stop+0x70/0x70 [ 821.650337][T30307] kernfs_fop_write_iter+0x1d3/0x2c0 [ 821.655606][T30307] vfs_write+0x71c/0x890 [ 821.659830][T30307] ksys_write+0xe8/0x1a0 [ 821.664087][T30307] __x64_sys_write+0x3e/0x50 [ 821.668659][T30307] do_syscall_64+0x2b/0x70 [ 821.673054][T30307] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 821.678967][T30307] RIP: 0033:0x7f682d3270e9 [ 821.683365][T30307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 821.703021][T30307] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 821.711415][T30307] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 821.719366][T30307] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 821.727318][T30307] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 821.735281][T30307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 821.743235][T30307] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 821.751191][T30307] [ 821.754397][T30307] memory: usage 72kB, limit 0kB, failcnt 6952 [ 821.760502][T30307] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 821.767376][T30307] Memory cgroup stats for /syz0: [ 821.767732][T30307] anon 0 [ 821.767732][T30307] file 53248 [ 821.767732][T30307] kernel 20480 [ 821.767732][T30307] kernel_stack 0 [ 821.767732][T30307] pagetables 0 [ 821.767732][T30307] percpu 0 [ 821.767732][T30307] sock 0 [ 821.767732][T30307] vmalloc 0 [ 821.767732][T30307] shmem 53248 [ 821.767732][T30307] file_mapped 53248 [ 821.767732][T30307] file_dirty 0 [ 821.767732][T30307] file_writeback 0 [ 821.767732][T30307] swapcached 0 [ 821.767732][T30307] inactive_anon 0 [ 821.767732][T30307] active_anon 53248 [ 821.767732][T30307] inactive_file 0 [ 821.767732][T30307] active_file 0 [ 821.767732][T30307] unevictable 0 [ 821.767732][T30307] slab_reclaimable 3056 [ 821.767732][T30307] slab_unreclaimable 14936 [ 821.767732][T30307] slab 17992 [ 821.767732][T30307] workingset_refault_anon 0 [ 821.767732][T30307] workingset_refault_file 7 [ 821.767732][T30307] workingset_activate_anon 0 [ 821.767732][T30307] workingset_activate_file 0 [ 821.860046][T30307] Out of memory and no killable processes... [ 822.110460][ T225] device hsr_slave_0 left promiscuous mode [ 822.116515][ T225] device hsr_slave_1 left promiscuous mode [ 822.122848][ T225] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 822.130234][ T225] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 822.137758][ T225] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 822.145188][ T225] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 822.152938][ T225] device bridge_slave_1 left promiscuous mode [ 822.159113][ T225] bridge0: port 2(bridge_slave_1) entered disabled state [ 822.166682][ T225] device bridge_slave_0 left promiscuous mode [ 822.173011][ T225] bridge0: port 1(bridge_slave_0) entered disabled state [ 822.182517][ T225] device veth1_macvtap left promiscuous mode [ 822.188518][ T225] device veth0_macvtap left promiscuous mode [ 822.194550][ T225] device veth1_vlan left promiscuous mode [ 822.200311][ T225] device veth0_vlan left promiscuous mode [ 822.284041][ T225] team0 (unregistering): Port device team_slave_1 removed [ 822.293917][ T225] team0 (unregistering): Port device team_slave_0 removed [ 822.303448][ T225] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 822.314298][ T225] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 822.344065][ T225] bond0 (unregistering): Released all slaves [ 822.722586][T30313] chnl_net:caif_netlink_parms(): no params data found [ 822.754104][T30313] bridge0: port 1(bridge_slave_0) entered blocking state [ 822.761308][T30313] bridge0: port 1(bridge_slave_0) entered disabled state [ 822.769113][T30313] device bridge_slave_0 entered promiscuous mode [ 822.776404][T30313] bridge0: port 2(bridge_slave_1) entered blocking state [ 822.783603][T30313] bridge0: port 2(bridge_slave_1) entered disabled state [ 822.791922][T30313] device bridge_slave_1 entered promiscuous mode [ 822.808220][T30313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 822.818744][T30313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 822.835444][T30313] team0: Port device team_slave_0 added [ 822.842352][T30313] team0: Port device team_slave_1 added [ 822.854929][T30313] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 822.861995][T30313] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 822.887867][T30313] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 822.899229][T30313] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 822.906166][T30313] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 822.932269][T30313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 822.953527][T30313] device hsr_slave_0 entered promiscuous mode [ 822.960021][T30313] device hsr_slave_1 entered promiscuous mode [ 822.966227][T30313] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 822.973781][T30313] Cannot create hsr debugfs directory [ 823.002018][T30313] bridge0: port 2(bridge_slave_1) entered blocking state [ 823.009129][T30313] bridge0: port 2(bridge_slave_1) entered forwarding state [ 823.016407][T30313] bridge0: port 1(bridge_slave_0) entered blocking state [ 823.023441][T30313] bridge0: port 1(bridge_slave_0) entered forwarding state [ 823.051651][T30313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 823.061936][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 823.069994][ T40] bridge0: port 1(bridge_slave_0) entered disabled state [ 823.077697][ T40] bridge0: port 2(bridge_slave_1) entered disabled state [ 823.089861][T30313] 8021q: adding VLAN 0 to HW filter on device team0 [ 823.099294][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 823.107551][ T1918] bridge0: port 1(bridge_slave_0) entered blocking state [ 823.114582][ T1918] bridge0: port 1(bridge_slave_0) entered forwarding state [ 823.125054][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 823.135023][ T1916] bridge0: port 2(bridge_slave_1) entered blocking state [ 823.142148][ T1916] bridge0: port 2(bridge_slave_1) entered forwarding state [ 823.160277][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 823.169070][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 823.177525][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 823.186156][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 823.196206][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 823.206049][T30313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 823.217927][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 823.225409][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 823.234979][T30313] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 823.307804][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 823.349015][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 823.357323][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 823.365220][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 823.373702][T30313] device veth0_vlan entered promiscuous mode [ 823.383394][T30313] device veth1_vlan entered promiscuous mode [ 823.396470][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 823.405211][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 823.415121][T30313] device veth0_macvtap entered promiscuous mode [ 823.423453][T30313] device veth1_macvtap entered promiscuous mode [ 823.434281][T30313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 823.444708][T30313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 823.454530][T30313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 823.464935][T30313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 823.474730][T30313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 823.485134][T30313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 823.494930][T30313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 823.505327][T30313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 823.515148][T30313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 823.525591][T30313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 823.537085][T30313] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 823.544799][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 823.552946][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 823.560742][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 823.569286][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 823.579118][T30313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 823.589641][T30313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 823.599464][T30313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 823.609886][T30313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 823.619687][T30313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 823.630097][T30313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 823.639979][T30313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 823.650384][T30313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 823.660201][T30313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 823.670608][T30313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 823.681674][T30313] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 823.692125][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready 18:43:59 executing program 2: r0 = perf_event_open(&(0x7f0000000ec0)={0x2, 0x80, 0x4d, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000080)='\'-/$!:@O(\x00') 18:43:59 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xf0ffffff, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:43:59 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400", 0x2e, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:43:59 executing program 1: recvmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/57, 0x39}, {&(0x7f0000000240)=""/72, 0x48}, {&(0x7f00000002c0)=""/127, 0x7f}, {&(0x7f0000000340)=""/118, 0x76}], 0x4, &(0x7f00000003c0)=""/186, 0xba}, 0x40000000) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001f00)=ANY=[@ANYBLOB="580000000206010400000000000000e7ffffffff04e20400000000000500010007009b0011000300686173683a69702ca1f9264a706f7251000000000c00078008001236090000000900020073797a30000000000500050002000000"], 0x58}}, 0x0) recvmmsg(r0, &(0x7f0000001e40)=[{{&(0x7f00000004c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, 0x80, &(0x7f00000018c0)=[{&(0x7f0000000540)=""/92, 0x5c}, {&(0x7f00000005c0)=""/21, 0x15}, {&(0x7f0000000600)=""/204, 0xcc}, {&(0x7f0000000700)=""/128, 0x80}, {&(0x7f0000000780)}, {&(0x7f00000007c0)=""/194, 0xc2}, {&(0x7f00000008c0)=""/4096, 0x1000}], 0x7, &(0x7f0000001940)=""/111, 0x6f}, 0x1}, {{&(0x7f00000019c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000001cc0)=[{&(0x7f0000001a40)=""/142, 0x8e}, {&(0x7f0000001b00)=""/37, 0x25}, {&(0x7f0000001b40)=""/16, 0x10}, {&(0x7f0000001b80)=""/222, 0xde}, {&(0x7f0000001c80)=""/20, 0x14}], 0x5, &(0x7f0000001d40)=""/211, 0xd3}, 0x7ff}], 0x2, 0x2000, &(0x7f0000001ec0)={0x0, 0x989680}) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:43:59 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x14) (async, rerun: 64) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (rerun: 64) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) (async) mknodat(r0, &(0x7f00000000c0)='./file0\x00', 0x2, 0xffffffff) (async) r4 = fcntl$dupfd(r2, 0x0, r1) openat$cgroup_ro(r4, &(0x7f0000000100)='cpuacct.stat\x00', 0x0, 0x0) [ 823.700635][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 18:43:59 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'\x00', 0x142}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'veth1_to_team\x00', 0x400}) ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0) 18:43:59 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f00000000c0), &(0x7f0000000100)=0x14) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) r5 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) getpeername$packet(r7, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, &(0x7f00000001c0)={@local, @private1, @remote, 0x0, 0x0, 0x0, 0x0, 0x9, 0x20c301e2, r8}) ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000280)={@local, @ipv4={'\x00', '\xff\xff', @multicast2}, @rand_addr=' \x01\x00', 0x2b, 0x3, 0x6, 0x400, 0x4b6e, 0x48000c0, r8}) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="34000000260010002cbd7000fcdbdf2500000000", @ANYRES32=r2, @ANYBLOB="07000a00f3ff090009000a00040004000a00"/28], 0x34}, 0x1, 0x0, 0x0, 0xc014}, 0x4008004) mount(0x0, &(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x800100, 0x0) listxattr(&(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0) mknod(&(0x7f0000000080)='./file0/file0\x00', 0x40, 0x2) [ 823.746255][T30355] loop5: detected capacity change from 0 to 1024 [ 823.749444][T30357] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.1'. [ 823.764100][T30360] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 18:44:00 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x14) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async, rerun: 32) prlimit64(0x0, 0x0, 0x0, 0x0) (async, rerun: 32) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async, rerun: 32) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async, rerun: 32) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) mknodat(r0, &(0x7f00000000c0)='./file0\x00', 0x2, 0xffffffff) (async) r4 = fcntl$dupfd(r2, 0x0, r1) openat$cgroup_ro(r4, &(0x7f0000000100)='cpuacct.stat\x00', 0x0, 0x0) 18:44:00 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xfeffffff, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 823.784653][T30355] EXT4-fs error (device loop5): ext4_ext_check_inode:497: inode #2: comm syz-executor.5: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 823.787710][T30313] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 823.807547][T30355] EXT4-fs (loop5): get root inode failed [ 823.812684][T30313] CPU: 0 PID: 30313 Comm: syz-executor.0 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 823.818340][T30355] EXT4-fs (loop5): mount failed [ 823.829468][T30313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 18:44:00 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xffffff7f, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 823.829481][T30313] Call Trace: [ 823.847625][T30313] [ 823.850588][T30313] dump_stack_lvl+0xd6/0x122 [ 823.855244][T30313] dump_stack+0x11/0x12 [ 823.859404][T30313] dump_header+0x98/0x410 [ 823.860801][T30368] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 823.863748][T30313] oom_kill_process+0xfe/0x550 [ 823.863774][T30313] out_of_memory+0x620/0x880 [ 823.880077][T30313] mem_cgroup_oom+0x475/0x4f0 [ 823.884768][T30313] try_charge_memcg+0x746/0x960 [ 823.889665][T30313] obj_cgroup_charge+0x171/0x2b0 18:44:00 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xffffff9e, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:00 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xffffffea, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 823.891849][T30371] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 823.894616][T30313] memcg_slab_pre_alloc_hook+0xf7/0x170 [ 823.907077][T30313] ? __d_alloc+0x3d/0x380 [ 823.911403][T30313] kmem_cache_alloc_lru+0x76/0x2b0 [ 823.916539][T30313] ? try_to_wake_up+0x363/0x4a0 [ 823.921421][T30313] ? __list_del_entry_valid+0x54/0xc0 [ 823.926056][T30375] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 823.926868][T30313] __d_alloc+0x3d/0x380 [ 823.926890][T30313] d_alloc_parallel+0x51/0xcc0 18:44:00 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xffffffef, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:00 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xfffffff0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 823.942680][T30313] ? selinux_inode_permission+0x2d8/0x400 [ 823.948422][T30313] ? selinux_inode_permission+0x335/0x400 [ 823.951808][T30377] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 823.954146][T30313] ? lockref_get_not_dead+0xeb/0x190 [ 823.954174][T30313] ? __rcu_read_unlock+0x4a/0x70 [ 823.971281][T30313] ? __down_read_common+0x16c/0x4c0 [ 823.976499][T30313] __lookup_slow+0x80/0x250 [ 823.979873][T30379] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 823.981012][T30313] lookup_slow+0x3c/0x60 [ 823.981037][T30313] walk_component+0x23d/0x280 [ 823.981059][T30313] path_lookupat+0x11d/0x2b0 [ 824.001630][T30313] filename_lookup+0x130/0x310 [ 824.004586][T30381] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 824.006396][T30313] user_path_at_empty+0x3e/0x110 [ 824.006420][T30313] __x64_sys_umount+0x84/0xe0 [ 824.022899][T30313] do_syscall_64+0x2b/0x70 [ 824.027319][T30313] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 824.033231][T30313] RIP: 0033:0x7f4829553557 [ 824.037690][T30313] Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 824.057308][T30313] RSP: 002b:00007ffe0b41c268 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 824.065704][T30313] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f4829553557 [ 824.073659][T30313] RDX: 000000000000000c RSI: 000000000000000a RDI: 00007ffe0b41d3f0 [ 824.081677][T30313] RBP: 00007ffe0b41d3cc R08: 00007ffe0b5c5080 R09: 0000000000000010 [ 824.089627][T30313] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f48295ab1f8 [ 824.097751][T30313] R13: 00007ffe0b41d3f0 R14: 0000000000000005 R15: 00007ffe0b41d430 [ 824.105716][T30313] [ 824.108863][T30313] memory: usage 124kB, limit 0kB, failcnt 6971 [ 824.115018][T30313] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 824.121887][T30313] Memory cgroup stats for /syz0: [ 824.122232][T30313] anon 24576 [ 824.122232][T30313] file 53248 [ 824.122232][T30313] kernel 40960 [ 824.122232][T30313] kernel_stack 0 [ 824.122232][T30313] pagetables 8192 [ 824.122232][T30313] percpu 0 [ 824.122232][T30313] sock 0 [ 824.122232][T30313] vmalloc 0 [ 824.122232][T30313] shmem 53248 [ 824.122232][T30313] file_mapped 53248 [ 824.122232][T30313] file_dirty 0 [ 824.122232][T30313] file_writeback 0 [ 824.122232][T30313] swapcached 0 [ 824.122232][T30313] inactive_anon 24576 [ 824.122232][T30313] active_anon 53248 [ 824.122232][T30313] inactive_file 0 [ 824.122232][T30313] active_file 0 [ 824.122232][T30313] unevictable 0 [ 824.122232][T30313] slab_reclaimable 5408 [ 824.122232][T30313] slab_unreclaimable 18216 [ 824.122232][T30313] slab 23624 [ 824.122232][T30313] workingset_refault_anon 0 [ 824.122232][T30313] workingset_refault_file 7 [ 824.122232][T30313] workingset_activate_anon 0 [ 824.122232][T30313] workingset_activate_file 0 [ 824.215372][T30313] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=30313,uid=0 [ 824.230628][T30313] Memory cgroup out of memory: Killed process 30313 (syz-executor.0) total-vm:42336kB, anon-rss:360kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:0 18:44:00 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400", 0x2e, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) [ 824.260240][T30370] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 824.270459][T30370] CPU: 0 PID: 30370 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 824.281480][T30370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 824.282751][T30389] loop5: detected capacity change from 0 to 1024 [ 824.291533][T30370] Call Trace: [ 824.291542][T30370] [ 824.291549][T30370] dump_stack_lvl+0xd6/0x122 [ 824.291578][T30370] dump_stack+0x11/0x12 [ 824.304765][T30389] EXT4-fs error (device loop5): ext4_ext_check_inode:497: inode #2: comm syz-executor.5: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 824.308641][T30370] dump_header+0x98/0x410 [ 824.308670][T30370] out_of_memory+0x65e/0x880 [ 824.308692][T30370] memory_max_write+0x31b/0x420 [ 824.313126][T30389] EXT4-fs (loop5): get root inode failed [ 824.330863][T30370] ? memory_max_show+0x70/0x70 [ 824.330896][T30370] cgroup_file_write+0x167/0x300 [ 824.335280][T30389] EXT4-fs (loop5): mount failed [ 824.339837][T30370] ? __check_object_size+0x235/0x380 [ 824.339862][T30370] ? cgroup_seqfile_stop+0x70/0x70 [ 824.375054][T30370] kernfs_fop_write_iter+0x1d3/0x2c0 [ 824.380390][T30370] vfs_write+0x71c/0x890 [ 824.384614][T30370] ksys_write+0xe8/0x1a0 [ 824.388839][T30370] __x64_sys_write+0x3e/0x50 [ 824.393456][T30370] do_syscall_64+0x2b/0x70 [ 824.397938][T30370] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 824.403877][T30370] RIP: 0033:0x7ff0acc260e9 [ 824.408284][T30370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 824.427883][T30370] RSP: 002b:00007ff0ac37b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 824.436305][T30370] RAX: ffffffffffffffda RBX: 00007ff0acd39030 RCX: 00007ff0acc260e9 [ 824.444327][T30370] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000013 [ 824.452337][T30370] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 824.460306][T30370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 824.468285][T30370] R13: 00007ffe7a47396f R14: 00007ff0ac37b300 R15: 0000000000022000 [ 824.476276][T30370] [ 824.479308][T30370] memory: usage 80kB, limit 0kB, failcnt 6988 [ 824.485367][T30370] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 824.492207][T30370] Memory cgroup stats for /syz0: [ 824.495324][T30370] anon 0 [ 824.495324][T30370] file 53248 [ 824.495324][T30370] kernel 28672 [ 824.495324][T30370] kernel_stack 0 [ 824.495324][T30370] pagetables 0 [ 824.495324][T30370] percpu 0 [ 824.495324][T30370] sock 0 [ 824.495324][T30370] vmalloc 0 [ 824.495324][T30370] shmem 53248 [ 824.495324][T30370] file_mapped 53248 [ 824.495324][T30370] file_dirty 0 [ 824.495324][T30370] file_writeback 0 [ 824.495324][T30370] swapcached 0 [ 824.495324][T30370] inactive_anon 0 [ 824.495324][T30370] active_anon 53248 [ 824.495324][T30370] inactive_file 0 [ 824.495324][T30370] active_file 0 [ 824.495324][T30370] unevictable 0 18:44:00 executing program 1: recvmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/57, 0x39}, {&(0x7f0000000240)=""/72, 0x48}, {&(0x7f00000002c0)=""/127, 0x7f}, {&(0x7f0000000340)=""/118, 0x76}], 0x4, &(0x7f00000003c0)=""/186, 0xba}, 0x40000000) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001f00)=ANY=[@ANYBLOB="580000000206010400000000000000e7ffffffff04e20400000000000500010007009b0011000300686173683a69702ca1f9264a706f7251000000000c00078008001236090000000900020073797a30000000000500050002000000"], 0x58}}, 0x0) recvmmsg(r0, &(0x7f0000001e40)=[{{&(0x7f00000004c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, 0x80, &(0x7f00000018c0)=[{&(0x7f0000000540)=""/92, 0x5c}, {&(0x7f00000005c0)=""/21, 0x15}, {&(0x7f0000000600)=""/204, 0xcc}, {&(0x7f0000000700)=""/128, 0x80}, {&(0x7f0000000780)}, {&(0x7f00000007c0)=""/194, 0xc2}, {&(0x7f00000008c0)=""/4096, 0x1000}], 0x7, &(0x7f0000001940)=""/111, 0x6f}, 0x1}, {{&(0x7f00000019c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000001cc0)=[{&(0x7f0000001a40)=""/142, 0x8e}, {&(0x7f0000001b00)=""/37, 0x25}, {&(0x7f0000001b40)=""/16, 0x10}, {&(0x7f0000001b80)=""/222, 0xde}, {&(0x7f0000001c80)=""/20, 0x14}], 0x5, &(0x7f0000001d40)=""/211, 0xd3}, 0x7ff}], 0x2, 0x2000, &(0x7f0000001ec0)={0x0, 0x989680}) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) recvmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/57, 0x39}, {&(0x7f0000000240)=""/72, 0x48}, {&(0x7f00000002c0)=""/127, 0x7f}, {&(0x7f0000000340)=""/118, 0x76}], 0x4, &(0x7f00000003c0)=""/186, 0xba}, 0x40000000) (async) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001f00)=ANY=[@ANYBLOB="580000000206010400000000000000e7ffffffff04e20400000000000500010007009b0011000300686173683a69702ca1f9264a706f7251000000000c00078008001236090000000900020073797a30000000000500050002000000"], 0x58}}, 0x0) (async) recvmmsg(r0, &(0x7f0000001e40)=[{{&(0x7f00000004c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, 0x80, &(0x7f00000018c0)=[{&(0x7f0000000540)=""/92, 0x5c}, {&(0x7f00000005c0)=""/21, 0x15}, {&(0x7f0000000600)=""/204, 0xcc}, {&(0x7f0000000700)=""/128, 0x80}, {&(0x7f0000000780)}, {&(0x7f00000007c0)=""/194, 0xc2}, {&(0x7f00000008c0)=""/4096, 0x1000}], 0x7, &(0x7f0000001940)=""/111, 0x6f}, 0x1}, {{&(0x7f00000019c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000001cc0)=[{&(0x7f0000001a40)=""/142, 0x8e}, {&(0x7f0000001b00)=""/37, 0x25}, {&(0x7f0000001b40)=""/16, 0x10}, {&(0x7f0000001b80)=""/222, 0xde}, {&(0x7f0000001c80)=""/20, 0x14}], 0x5, &(0x7f0000001d40)=""/211, 0xd3}, 0x7ff}], 0x2, 0x2000, &(0x7f0000001ec0)={0x0, 0x989680}) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) (async) 18:44:00 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0xfffffffe, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 824.495324][T30370] slab_reclaimable 5408 [ 824.495324][T30370] slab_unreclaimable 18216 [ 824.495324][T30370] slab 23624 [ 824.495324][T30370] workingset_refault_anon 0 [ 824.495324][T30370] workingset_refault_file 7 [ 824.495324][T30370] workingset_activate_anon 0 [ 824.495324][T30370] workingset_activate_file 0 [ 824.587522][T30370] Out of memory and no killable processes... 18:44:00 executing program 2: socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x11, &(0x7f0000001b40)=[{&(0x7f0000000400)=""/248, 0x200105d0}, {&(0x7f00000001c0)=""/13}, {&(0x7f00000007c0)=""/169, 0x1000000000000000}, {&(0x7f0000000880)=""/4096}, {&(0x7f0000001880)=""/91}, {&(0x7f0000001900)=""/141}, {&(0x7f00000019c0)=""/248}, {&(0x7f0000001ac0)=""/125}], 0x1, 0x0, 0x500000000000000}, 0x1f00) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r2, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x4004743c, 0x0) [ 824.611580][T30393] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 824.631573][T30395] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.1'. [ 824.697273][T30398] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 824.707575][T30398] CPU: 1 PID: 30398 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 824.718605][T30398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 824.728653][T30398] Call Trace: [ 824.731911][T30398] [ 824.734900][T30398] dump_stack_lvl+0xd6/0x122 [ 824.739596][T30398] dump_stack+0x11/0x12 [ 824.743727][T30398] dump_header+0x98/0x410 [ 824.748065][T30398] out_of_memory+0x65e/0x880 [ 824.752640][T30398] memory_max_write+0x31b/0x420 [ 824.757510][T30398] ? memory_max_show+0x70/0x70 [ 824.762286][T30398] cgroup_file_write+0x167/0x300 [ 824.767304][T30398] ? __check_object_size+0x235/0x380 [ 824.772588][T30398] ? cgroup_seqfile_stop+0x70/0x70 [ 824.777720][T30398] kernfs_fop_write_iter+0x1d3/0x2c0 [ 824.783054][T30398] vfs_write+0x71c/0x890 [ 824.787401][T30398] ksys_write+0xe8/0x1a0 [ 824.791640][T30398] __x64_sys_write+0x3e/0x50 [ 824.796253][T30398] do_syscall_64+0x2b/0x70 [ 824.800769][T30398] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 824.806700][T30398] RIP: 0033:0x7ff0acc260e9 [ 824.811199][T30398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 824.831042][T30398] RSP: 002b:00007ff0ac37b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 824.839443][T30398] RAX: ffffffffffffffda RBX: 00007ff0acd39030 RCX: 00007ff0acc260e9 18:44:01 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f00000000c0), &(0x7f0000000100)=0x14) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) r5 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) getpeername$packet(r7, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, &(0x7f00000001c0)={@local, @private1, @remote, 0x0, 0x0, 0x0, 0x0, 0x9, 0x20c301e2, r8}) ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000280)={@local, @ipv4={'\x00', '\xff\xff', @multicast2}, @rand_addr=' \x01\x00', 0x2b, 0x3, 0x6, 0x400, 0x4b6e, 0x48000c0, r8}) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="34000000260010002cbd7000fcdbdf2500000000", @ANYRES32=r2, @ANYBLOB="07000a00f3ff090009000a00040004000a00"/28], 0x34}, 0x1, 0x0, 0x0, 0xc014}, 0x4008004) mount(0x0, &(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x800100, 0x0) listxattr(&(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0) mknod(&(0x7f0000000080)='./file0/file0\x00', 0x40, 0x2) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async) dup(r0) (async) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f00000000c0), &(0x7f0000000100)=0x14) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async) dup(r3) (async) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) socket$inet6(0xa, 0x3, 0x6) (async) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async) dup(r6) (async) getpeername$packet(r7, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, &(0x7f00000001c0)={@local, @private1, @remote, 0x0, 0x0, 0x0, 0x0, 0x9, 0x20c301e2, r8}) (async) ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000280)={@local, @ipv4={'\x00', '\xff\xff', @multicast2}, @rand_addr=' \x01\x00', 0x2b, 0x3, 0x6, 0x400, 0x4b6e, 0x48000c0, r8}) (async) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="34000000260010002cbd7000fcdbdf2500000000", @ANYRES32=r2, @ANYBLOB="07000a00f3ff090009000a00040004000a00"/28], 0x34}, 0x1, 0x0, 0x0, 0xc014}, 0x4008004) (async) mount(0x0, &(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x800100, 0x0) (async) listxattr(&(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0) (async) mknod(&(0x7f0000000080)='./file0/file0\x00', 0x40, 0x2) (async) 18:44:01 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffffda) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:44:01 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af3010004000000000000000000", 0x36, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:01 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0xf, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 824.847611][T30398] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000013 [ 824.855631][T30398] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 824.863626][T30398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 824.871674][T30398] R13: 00007ffe7a47396f R14: 00007ff0ac37b300 R15: 0000000000022000 [ 824.879636][T30398] [ 824.882840][T30398] memory: usage 76kB, limit 0kB, failcnt 6988 [ 824.888918][T30398] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 824.895792][T30398] Memory cgroup stats for /syz0: [ 824.910977][T30418] loop5: detected capacity change from 0 to 1024 [ 824.912100][T30398] anon 0 [ 824.912100][T30398] file 53248 [ 824.912100][T30398] kernel 24576 [ 824.912100][T30398] kernel_stack 0 [ 824.912100][T30398] pagetables 0 [ 824.912100][T30398] percpu 0 [ 824.912100][T30398] sock 0 [ 824.912100][T30398] vmalloc 0 [ 824.912100][T30398] shmem 53248 [ 824.912100][T30398] file_mapped 53248 [ 824.912100][T30398] file_dirty 0 [ 824.912100][T30398] file_writeback 0 [ 824.912100][T30398] swapcached 0 [ 824.912100][T30398] inactive_anon 0 [ 824.912100][T30398] active_anon 53248 [ 824.912100][T30398] inactive_file 0 [ 824.912100][T30398] active_file 0 [ 824.912100][T30398] unevictable 0 [ 824.912100][T30398] slab_reclaimable 5408 [ 824.912100][T30398] slab_unreclaimable 14936 [ 824.912100][T30398] slab 20344 [ 824.912100][T30398] workingset_refault_anon 0 [ 824.912100][T30398] workingset_refault_file 7 [ 824.912100][T30398] workingset_activate_anon 0 [ 824.912100][T30398] workingset_activate_file 0 18:44:01 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x10, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:01 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f00000000c0), &(0x7f0000000100)=0x14) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) r5 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) getpeername$packet(r7, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, &(0x7f00000001c0)={@local, @private1, @remote, 0x0, 0x0, 0x0, 0x0, 0x9, 0x20c301e2, r8}) ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000280)={@local, @ipv4={'\x00', '\xff\xff', @multicast2}, @rand_addr=' \x01\x00', 0x2b, 0x3, 0x6, 0x400, 0x4b6e, 0x48000c0, r8}) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="34000000260010002cbd7000fcdbdf2500000000", @ANYRES32=r2, @ANYBLOB="07000a00f3ff090009000a00040004000a00"/28], 0x34}, 0x1, 0x0, 0x0, 0xc014}, 0x4008004) mount(0x0, &(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x800100, 0x0) listxattr(&(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0) mknod(&(0x7f0000000080)='./file0/file0\x00', 0x40, 0x2) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async) dup(r0) (async) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f00000000c0), &(0x7f0000000100)=0x14) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async) dup(r3) (async) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) socket$inet6(0xa, 0x3, 0x6) (async) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async) dup(r6) (async) getpeername$packet(r7, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, &(0x7f00000001c0)={@local, @private1, @remote, 0x0, 0x0, 0x0, 0x0, 0x9, 0x20c301e2, r8}) (async) ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000280)={@local, @ipv4={'\x00', '\xff\xff', @multicast2}, @rand_addr=' \x01\x00', 0x2b, 0x3, 0x6, 0x400, 0x4b6e, 0x48000c0, r8}) (async) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="34000000260010002cbd7000fcdbdf2500000000", @ANYRES32=r2, @ANYBLOB="07000a00f3ff090009000a00040004000a00"/28], 0x34}, 0x1, 0x0, 0x0, 0xc014}, 0x4008004) (async) mount(0x0, &(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x800100, 0x0) (async) listxattr(&(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0) (async) mknod(&(0x7f0000000080)='./file0/file0\x00', 0x40, 0x2) (async) [ 825.009440][T30398] Out of memory and no killable processes... [ 825.020413][T30420] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 825.030370][T30420] CPU: 1 PID: 30420 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 825.041445][T30420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 825.051548][T30420] Call Trace: [ 825.054823][T30420] [ 825.057751][T30420] dump_stack_lvl+0xd6/0x122 [ 825.062427][T30420] dump_stack+0x11/0x12 [ 825.066680][T30420] dump_header+0x98/0x410 [ 825.071018][T30420] out_of_memory+0x65e/0x880 [ 825.075611][T30420] memory_max_write+0x31b/0x420 [ 825.080543][T30420] ? memory_max_show+0x70/0x70 [ 825.085354][T30420] cgroup_file_write+0x167/0x300 [ 825.090345][T30420] ? __check_object_size+0x235/0x380 [ 825.095632][T30420] ? cgroup_seqfile_stop+0x70/0x70 [ 825.100795][T30420] kernfs_fop_write_iter+0x1d3/0x2c0 [ 825.106145][T30420] vfs_write+0x71c/0x890 [ 825.110407][T30420] ksys_write+0xe8/0x1a0 [ 825.114660][T30420] __x64_sys_write+0x3e/0x50 [ 825.119309][T30420] do_syscall_64+0x2b/0x70 [ 825.123791][T30420] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 825.129733][T30420] RIP: 0033:0x7f682d3270e9 [ 825.134212][T30420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 825.153843][T30420] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 825.162255][T30420] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 825.170224][T30420] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 825.178193][T30420] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 825.186159][T30420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 825.194134][T30420] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 825.202182][T30420] [ 825.205299][T30420] memory: usage 72kB, limit 0kB, failcnt 6988 18:44:01 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0xf0, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 825.211484][T30420] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 825.218353][T30420] Memory cgroup stats for /syz0: [ 825.225454][T30418] EXT4-fs error (device loop5): ext4_ext_check_inode:497: inode #2: comm syz-executor.5: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 825.225701][T30420] anon 0 [ 825.225701][T30420] file 53248 [ 825.225701][T30420] kernel 20480 [ 825.225701][T30420] kernel_stack 0 [ 825.225701][T30420] pagetables 0 [ 825.225701][T30420] percpu 0 [ 825.225701][T30420] sock 0 [ 825.225701][T30420] vmalloc 0 [ 825.225701][T30420] shmem 53248 [ 825.225701][T30420] file_mapped 53248 [ 825.225701][T30420] file_dirty 0 [ 825.225701][T30420] file_writeback 0 [ 825.225701][T30420] swapcached 0 [ 825.225701][T30420] inactive_anon 0 [ 825.225701][T30420] active_anon 53248 [ 825.225701][T30420] inactive_file 0 [ 825.225701][T30420] active_file 0 [ 825.225701][T30420] unevictable 0 [ 825.225701][T30420] slab_reclaimable 5408 18:44:01 executing program 1: recvmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/57, 0x39}, {&(0x7f0000000240)=""/72, 0x48}, {&(0x7f00000002c0)=""/127, 0x7f}, {&(0x7f0000000340)=""/118, 0x76}], 0x4, &(0x7f00000003c0)=""/186, 0xba}, 0x40000000) (async) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001f00)=ANY=[@ANYBLOB="580000000206010400000000000000e7ffffffff04e20400000000000500010007009b0011000300686173683a69702ca1f9264a706f7251000000000c00078008001236090000000900020073797a30000000000500050002000000"], 0x58}}, 0x0) (async, rerun: 64) recvmmsg(r0, &(0x7f0000001e40)=[{{&(0x7f00000004c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, 0x80, &(0x7f00000018c0)=[{&(0x7f0000000540)=""/92, 0x5c}, {&(0x7f00000005c0)=""/21, 0x15}, {&(0x7f0000000600)=""/204, 0xcc}, {&(0x7f0000000700)=""/128, 0x80}, {&(0x7f0000000780)}, {&(0x7f00000007c0)=""/194, 0xc2}, {&(0x7f00000008c0)=""/4096, 0x1000}], 0x7, &(0x7f0000001940)=""/111, 0x6f}, 0x1}, {{&(0x7f00000019c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000001cc0)=[{&(0x7f0000001a40)=""/142, 0x8e}, {&(0x7f0000001b00)=""/37, 0x25}, {&(0x7f0000001b40)=""/16, 0x10}, {&(0x7f0000001b80)=""/222, 0xde}, {&(0x7f0000001c80)=""/20, 0x14}], 0x5, &(0x7f0000001d40)=""/211, 0xd3}, 0x7ff}], 0x2, 0x2000, &(0x7f0000001ec0)={0x0, 0x989680}) (rerun: 64) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:44:01 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x104, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:01 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffffda) write$cgroup_int(r2, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffffda) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) (async) [ 825.225701][T30420] slab_unreclaimable 14936 [ 825.225701][T30420] slab 20344 [ 825.225701][T30420] workingset_refault_anon 0 [ 825.225701][T30420] workingset_refault_file 7 [ 825.225701][T30420] workingset_activate_anon 0 [ 825.225701][T30420] workingset_activate_file 0 [ 825.256504][T30418] EXT4-fs (loop5): get root inode failed [ 825.335685][T30420] Out of memory and no killable processes... [ 825.347390][T30418] EXT4-fs (loop5): mount failed 18:44:01 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x124, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 825.390410][T30434] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.1'. [ 825.403157][T30438] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 825.427383][T30439] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 825.437381][T30439] CPU: 0 PID: 30439 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 825.448394][T30439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 825.458444][T30439] Call Trace: [ 825.461717][T30439] [ 825.464705][T30439] dump_stack_lvl+0xd6/0x122 [ 825.469296][T30439] dump_stack+0x11/0x12 [ 825.473575][T30439] dump_header+0x98/0x410 [ 825.477971][T30439] out_of_memory+0x65e/0x880 [ 825.482636][T30439] memory_max_write+0x31b/0x420 [ 825.487565][T30439] ? memory_max_show+0x70/0x70 [ 825.492331][T30439] cgroup_file_write+0x167/0x300 [ 825.497335][T30439] ? __check_object_size+0x235/0x380 [ 825.502621][T30439] ? cgroup_seqfile_stop+0x70/0x70 [ 825.507741][T30439] kernfs_fop_write_iter+0x1d3/0x2c0 [ 825.513122][T30439] vfs_write+0x71c/0x890 [ 825.517364][T30439] ksys_write+0xe8/0x1a0 [ 825.521612][T30439] __x64_sys_write+0x3e/0x50 [ 825.526276][T30439] do_syscall_64+0x2b/0x70 [ 825.530769][T30439] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 825.536814][T30439] RIP: 0033:0x7f682d3270e9 18:44:01 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000700)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7954244cef7baf48e6d2885a09a87507ebf4e43bc0609b199b6ed90e0596acec976e57309ebcd7f00000000000000781f642845725345d5e89ad528d985e786d6cf12d77b7ed1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81070545cab5d5b0d7ff0575cc2727e8d974927676468ff2d8621c3ac94712ed9cf6b40b3cf252a47c05af3a30d57cc3ed67d1867b54d24e2da18568c3b0f24b52616bf84d3b042d6e432cd0e3b57239f0127473e6ba922aff649609d40b47ec331ccba3ce8d530ffff19a6471bf3abe442d9cbcfb964b13831034694a6aad86cf08a2c7b2235dc99de9aa3e6b77c7a2877261ed72da90864987f30926c9013eec3b86836ae504479f60bfc37204d2b85627aa5a79f670000000000000000000000008f02712c3d5956f2013d2aef4a3b5092be4d6852b88317c5adbbdb0015f89e9939bc424d1bafe5725c8a4047b91da3768c1ca6a4410009232d5f4c6ba884f95d4ba21068285afa8d3b4a6893d3626ab5becbcdb887af2c85c2d9ab09b5dd7d3c4406d2d7650bf7b2ff4602aec1eea200000064881c560c371a08e05196b78a6160f439921a06fb78183e7e78de9dabe35f1a5d50f20209eec6eb2c510b2cc8d95e4e5b365d1e1298f431432010e100fc01418056bfbaa978cab28cc337a81f421af9909b3c04d552dad88a1258ec0810dff9d0eaa794225d5e2626bd2b011f000000000000000915c9dd6fd183051f7c5b79cf"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x20e, 0x5ee, 0xfd000000, &(0x7f00000004c0)="b91803b700030703009e40f086dd1fff060700000000008477fbac14140ce0080001c699da153f0ae0e6e380f60103f683317585d7473b1cab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28) 18:44:01 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) renameat2(0xffffffffffffffff, &(0x7f0000000240)='./file1\x00', r2, &(0x7f0000000280)='./file0\x00', 0x2) ioctl$AUTOFS_DEV_IOCTL_READY(r0, 0xc0189376, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x3}}, './file1\x00'}) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(r4, 0x0, 0x0, 0x0) fcntl$setown(r3, 0x8, r4) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='aufs\x00', 0x1040000, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup(r5, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r7 = openat$cgroup_int(r6, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) openat$cgroup_int(r6, &(0x7f0000000100)='memory.oom.group\x00', 0x2, 0x0) write$cgroup_int(r7, &(0x7f0000000080), 0x12) [ 825.541224][T30439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 825.560861][T30439] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 825.569268][T30439] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 825.577281][T30439] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 18:44:01 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x2c0, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 825.585270][T30439] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 825.593327][T30439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 825.601456][T30439] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 825.609520][T30439] [ 825.612913][T30439] memory: usage 72kB, limit 0kB, failcnt 6988 [ 825.618999][T30439] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 825.625839][T30439] Memory cgroup stats for /syz0: [ 825.792617][T30439] anon 0 [ 825.792617][T30439] file 53248 [ 825.792617][T30439] kernel 20480 [ 825.792617][T30439] kernel_stack 0 [ 825.792617][T30439] pagetables 0 [ 825.792617][T30439] percpu 0 [ 825.792617][T30439] sock 0 [ 825.792617][T30439] vmalloc 0 [ 825.792617][T30439] shmem 53248 [ 825.792617][T30439] file_mapped 53248 [ 825.792617][T30439] file_dirty 0 [ 825.792617][T30439] file_writeback 0 [ 825.792617][T30439] swapcached 0 [ 825.792617][T30439] inactive_anon 0 [ 825.792617][T30439] active_anon 53248 [ 825.792617][T30439] inactive_file 0 [ 825.792617][T30439] active_file 0 [ 825.792617][T30439] unevictable 0 [ 825.792617][T30439] slab_reclaimable 3056 [ 825.792617][T30439] slab_unreclaimable 14936 [ 825.792617][T30439] slab 17992 [ 825.792617][T30439] workingset_refault_anon 0 [ 825.792617][T30439] workingset_refault_file 7 [ 825.792617][T30439] workingset_activate_anon 0 [ 825.792617][T30439] workingset_activate_file 0 [ 825.884740][T30439] Out of memory and no killable processes... 18:44:02 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af3010004000000000000000000", 0x36, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:02 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0xec0, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:02 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async, rerun: 32) renameat2(0xffffffffffffffff, &(0x7f0000000240)='./file1\x00', r2, &(0x7f0000000280)='./file0\x00', 0x2) (async, rerun: 32) ioctl$AUTOFS_DEV_IOCTL_READY(r0, 0xc0189376, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x3}}, './file1\x00'}) (async) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(r4, 0x0, 0x0, 0x0) (async) fcntl$setown(r3, 0x8, r4) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='aufs\x00', 0x1040000, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup(r5, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r7 = openat$cgroup_int(r6, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async, rerun: 32) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) openat$cgroup_int(r6, &(0x7f0000000100)='memory.oom.group\x00', 0x2, 0x0) (async) write$cgroup_int(r7, &(0x7f0000000080), 0x12) [ 826.001180][ T8] device hsr_slave_0 left promiscuous mode [ 826.007578][ T8] device hsr_slave_1 left promiscuous mode [ 826.011219][T30475] loop5: detected capacity change from 0 to 1024 [ 826.021567][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 826.025507][T30475] EXT4-fs error (device loop5): ext4_ext_check_inode:497: inode #2: comm syz-executor.5: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 826.029023][ T8] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 826.047377][T30475] EXT4-fs (loop5): get root inode failed [ 826.059828][T30475] EXT4-fs (loop5): mount failed [ 826.065261][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 826.072690][ T8] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 826.080227][ T8] device bridge_slave_1 left promiscuous mode [ 826.086378][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 826.093978][ T8] device bridge_slave_0 left promiscuous mode [ 826.100197][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 826.112338][ T8] device veth1_macvtap left promiscuous mode [ 826.118382][ T8] device veth0_macvtap left promiscuous mode [ 826.124420][ T8] device veth1_vlan left promiscuous mode [ 826.130177][ T8] device veth0_vlan left promiscuous mode [ 826.211076][ T8] team0 (unregistering): Port device team_slave_1 removed [ 826.221668][ T8] team0 (unregistering): Port device team_slave_0 removed [ 826.231234][ T8] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 826.242257][ T8] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 826.270512][ T8] bond0 (unregistering): Released all slaves [ 827.076628][T30478] chnl_net:caif_netlink_parms(): no params data found [ 827.106072][T30478] bridge0: port 1(bridge_slave_0) entered blocking state [ 827.113170][T30478] bridge0: port 1(bridge_slave_0) entered disabled state [ 827.120914][T30478] device bridge_slave_0 entered promiscuous mode [ 827.128108][T30478] bridge0: port 2(bridge_slave_1) entered blocking state [ 827.135209][T30478] bridge0: port 2(bridge_slave_1) entered disabled state [ 827.142896][T30478] device bridge_slave_1 entered promiscuous mode [ 827.157821][T30478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 827.167883][T30478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 827.184883][T30478] team0: Port device team_slave_0 added [ 827.191239][T30478] team0: Port device team_slave_1 added [ 827.204655][T30478] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 827.211651][T30478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 827.237567][T30478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 827.248982][T30478] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 827.255912][T30478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 827.281790][T30478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 827.303481][T30478] device hsr_slave_0 entered promiscuous mode [ 827.309909][T30478] device hsr_slave_1 entered promiscuous mode [ 827.316219][T30478] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 827.323786][T30478] Cannot create hsr debugfs directory [ 827.351489][T30478] bridge0: port 2(bridge_slave_1) entered blocking state [ 827.358532][T30478] bridge0: port 2(bridge_slave_1) entered forwarding state [ 827.365875][T30478] bridge0: port 1(bridge_slave_0) entered blocking state [ 827.372911][T30478] bridge0: port 1(bridge_slave_0) entered forwarding state [ 827.401037][T30478] 8021q: adding VLAN 0 to HW filter on device bond0 [ 827.412201][T30478] 8021q: adding VLAN 0 to HW filter on device team0 [ 827.419796][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 827.427705][ T1916] bridge0: port 1(bridge_slave_0) entered disabled state [ 827.435848][ T1916] bridge0: port 2(bridge_slave_1) entered disabled state [ 827.450033][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 827.458377][ T1918] bridge0: port 1(bridge_slave_0) entered blocking state [ 827.465395][ T1918] bridge0: port 1(bridge_slave_0) entered forwarding state [ 827.475096][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 827.483402][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 827.490440][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 827.510553][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 827.519353][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 827.527869][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 827.536184][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 827.544735][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 827.553474][T30478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 827.564826][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 827.572585][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 827.583193][T30478] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 827.660190][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 827.701216][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 827.709663][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 827.717443][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 827.726070][T30478] device veth0_vlan entered promiscuous mode [ 827.735136][T30478] device veth1_vlan entered promiscuous mode [ 827.748491][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 827.756822][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 827.767586][T30478] device veth0_macvtap entered promiscuous mode [ 827.775472][T30478] device veth1_macvtap entered promiscuous mode [ 827.786514][T30478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 827.797196][T30478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 827.807062][T30478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 827.817461][T30478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 827.827333][T30478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 827.837757][T30478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 827.847552][T30478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 827.858011][T30478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 827.867839][T30478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 827.878247][T30478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 827.890131][T30478] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 827.898118][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 827.906266][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 827.914306][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 827.922639][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 827.931668][T30478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 827.942143][T30478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 827.951946][T30478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 827.962400][T30478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 827.972197][T30478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 827.982604][T30478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 827.992407][T30478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 828.002882][T30478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 828.012726][T30478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 828.023172][T30478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 828.034110][T30478] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 828.043283][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready 18:44:04 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18}, './file0\x00'}) 18:44:04 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000200), 0x43400) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x32600) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0xc028660f, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0xc028660f, &(0x7f00000005c0)=0x3fffffffe) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x100002, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x6628, 0x0) 18:44:04 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffffda) write$cgroup_int(r2, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffffda) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) (async) 18:44:04 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x33fe0, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:04 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) renameat2(0xffffffffffffffff, &(0x7f0000000240)='./file1\x00', r2, &(0x7f0000000280)='./file0\x00', 0x2) (async) ioctl$AUTOFS_DEV_IOCTL_READY(r0, 0xc0189376, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x3}}, './file1\x00'}) (async) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(r4, 0x0, 0x0, 0x0) fcntl$setown(r3, 0x8, r4) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='aufs\x00', 0x1040000, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup(r5, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r7 = openat$cgroup_int(r6, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) openat$cgroup_int(r6, &(0x7f0000000100)='memory.oom.group\x00', 0x2, 0x0) write$cgroup_int(r7, &(0x7f0000000080), 0x12) 18:44:04 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af3010004000000000000000000", 0x36, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) [ 828.051969][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 828.100905][T30524] loop5: detected capacity change from 0 to 1024 [ 828.112688][T30525] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 828.122944][T30525] CPU: 0 PID: 30525 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 828.133963][T30525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 828.144050][T30525] Call Trace: [ 828.147319][T30525] [ 828.150242][T30525] dump_stack_lvl+0xd6/0x122 [ 828.155259][T30525] dump_stack+0x11/0x12 [ 828.159416][T30525] dump_header+0x98/0x410 [ 828.163788][T30525] oom_kill_process+0xfe/0x550 [ 828.168566][T30525] out_of_memory+0x620/0x880 [ 828.173145][T30525] memory_max_write+0x31b/0x420 [ 828.177990][T30525] ? memory_max_show+0x70/0x70 [ 828.182769][T30525] cgroup_file_write+0x167/0x300 [ 828.187744][T30525] ? __check_object_size+0x235/0x380 [ 828.193017][T30525] ? cgroup_seqfile_stop+0x70/0x70 [ 828.198167][T30525] kernfs_fop_write_iter+0x1d3/0x2c0 [ 828.203512][T30525] vfs_write+0x71c/0x890 [ 828.207744][T30525] ksys_write+0xe8/0x1a0 [ 828.211974][T30525] __x64_sys_write+0x3e/0x50 [ 828.216598][T30525] do_syscall_64+0x2b/0x70 [ 828.221123][T30525] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 828.227005][T30525] RIP: 0033:0x7f682d3270e9 [ 828.231416][T30525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 828.251005][T30525] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 828.259419][T30525] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 828.267372][T30525] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 828.275477][T30525] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 828.283475][T30525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 828.291432][T30525] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 18:44:04 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x1008000, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) bpf$OBJ_GET_MAP(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./file0\x00', 0x0, 0x10}, 0x10) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) getpeername$packet(r6, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) openat$cgroup_ro(r6, &(0x7f0000000300)='io.stat\x00', 0x0, 0x0) getpeername$unix(r4, &(0x7f00000000c0)=@abs, &(0x7f0000000240)=0x6e) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:44:04 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x7ffff000, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:04 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0xfffffdef, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:04 executing program 2: r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f00000003c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum]}}, &(0x7f0000000440)=""/170, 0x26, 0xaa, 0x1}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x6, 0x4, 0x2, 0xda, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x0, 0x1}, 0x48) [ 828.299410][T30525] [ 828.302491][T30525] memory: usage 160kB, limit 0kB, failcnt 7005 [ 828.308682][T30525] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 828.314183][T30524] EXT4-fs error (device loop5): ext4_ext_check_inode:497: inode #2: comm syz-executor.5: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 828.315528][T30525] Memory cgroup stats for /syz0: [ 828.357410][T30525] anon 24576 [ 828.357410][T30525] file 53248 [ 828.357410][T30525] kernel 40960 [ 828.357410][T30525] kernel_stack 0 [ 828.357410][T30525] pagetables 8192 [ 828.357410][T30525] percpu 0 [ 828.357410][T30525] sock 0 [ 828.357410][T30525] vmalloc 0 [ 828.357410][T30525] shmem 53248 [ 828.357410][T30525] file_mapped 53248 [ 828.357410][T30525] file_dirty 0 [ 828.357410][T30525] file_writeback 0 [ 828.357410][T30525] swapcached 0 [ 828.357410][T30525] inactive_anon 24576 [ 828.357410][T30525] active_anon 53248 [ 828.357410][T30525] inactive_file 0 [ 828.357410][T30525] active_file 0 [ 828.357410][T30525] unevictable 0 [ 828.357410][T30525] slab_reclaimable 5408 [ 828.357410][T30525] slab_unreclaimable 18456 [ 828.357410][T30525] slab 23864 [ 828.357410][T30525] workingset_refault_anon 0 [ 828.357410][T30525] workingset_refault_file 7 [ 828.357410][T30525] workingset_activate_anon 0 [ 828.357410][T30525] workingset_activate_file 0 [ 828.375640][T30524] EXT4-fs (loop5): get root inode failed 18:44:04 executing program 2: socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x11, &(0x7f0000001b40)=[{&(0x7f0000000400)=""/248, 0x4d8b90}, {&(0x7f00000001c0)=""/13}, {&(0x7f00000007c0)=""/169}, {&(0x7f0000000880)=""/4096}, {&(0x7f0000001880)=""/91}, {&(0x7f0000001900)=""/141}, {&(0x7f00000019c0)=""/248}, {&(0x7f0000001ac0)=""/125}], 0x1, 0x0, 0x500000000000000}, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r2, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) 18:44:04 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x2, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 828.450488][T30525] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=30478,uid=0 [ 828.450621][T30525] Memory cgroup out of memory: Killed process 30478 (syz-executor.0) total-vm:42336kB, anon-rss:364kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:0 [ 828.456245][T30524] EXT4-fs (loop5): mount failed [ 828.514424][T30555] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 828.515890][T30560] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=2 sclass=netlink_xfrm_socket pid=30560 comm=syz-executor.3 [ 828.524750][T30555] CPU: 1 PID: 30555 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 828.548489][T30555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 828.558537][T30555] Call Trace: [ 828.561816][T30555] [ 828.564729][T30555] dump_stack_lvl+0xd6/0x122 [ 828.569454][T30555] dump_stack+0x11/0x12 [ 828.573648][T30555] dump_header+0x98/0x410 [ 828.577958][T30555] out_of_memory+0x65e/0x880 [ 828.582530][T30555] memory_max_write+0x31b/0x420 [ 828.587371][T30555] ? memory_max_show+0x70/0x70 [ 828.592253][T30555] cgroup_file_write+0x167/0x300 [ 828.597173][T30555] ? __check_object_size+0x235/0x380 [ 828.602437][T30555] ? cgroup_seqfile_stop+0x70/0x70 [ 828.607529][T30555] kernfs_fop_write_iter+0x1d3/0x2c0 [ 828.612815][T30555] vfs_write+0x71c/0x890 [ 828.617214][T30555] ksys_write+0xe8/0x1a0 [ 828.621459][T30555] __x64_sys_write+0x3e/0x50 [ 828.626106][T30555] do_syscall_64+0x2b/0x70 [ 828.630531][T30555] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 828.636406][T30555] RIP: 0033:0x7ff0acc260e9 [ 828.640847][T30555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 828.660446][T30555] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 828.668899][T30555] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 828.676959][T30555] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 828.684924][T30555] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 828.692945][T30555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 828.700903][T30555] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 828.708921][T30555] [ 828.712068][T30555] memory: usage 80kB, limit 0kB, failcnt 7024 [ 828.718127][T30555] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 828.725000][T30555] Memory cgroup stats for /syz0: [ 828.725561][T30555] anon 0 [ 828.725561][T30555] file 53248 [ 828.725561][T30555] kernel 28672 [ 828.725561][T30555] kernel_stack 0 [ 828.725561][T30555] pagetables 0 [ 828.725561][T30555] percpu 0 [ 828.725561][T30555] sock 0 [ 828.725561][T30555] vmalloc 0 [ 828.725561][T30555] shmem 53248 [ 828.725561][T30555] file_mapped 53248 [ 828.725561][T30555] file_dirty 0 [ 828.725561][T30555] file_writeback 0 [ 828.725561][T30555] swapcached 0 [ 828.725561][T30555] inactive_anon 0 [ 828.725561][T30555] active_anon 53248 [ 828.725561][T30555] inactive_file 0 [ 828.725561][T30555] active_file 0 [ 828.725561][T30555] unevictable 0 [ 828.725561][T30555] slab_reclaimable 5408 [ 828.725561][T30555] slab_unreclaimable 18216 [ 828.725561][T30555] slab 23624 [ 828.725561][T30555] workingset_refault_anon 0 [ 828.725561][T30555] workingset_refault_file 7 [ 828.725561][T30555] workingset_activate_anon 0 [ 828.725561][T30555] workingset_activate_file 0 [ 828.817760][T30555] Out of memory and no killable processes... 18:44:05 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18}, './file0\x00'}) 18:44:05 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x7, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:05 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x1008000, 0x0, 0x0, 0x0, 0x0, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) bpf$OBJ_GET_MAP(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./file0\x00', 0x0, 0x10}, 0x10) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) getpeername$packet(r6, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) openat$cgroup_ro(r6, &(0x7f0000000300)='io.stat\x00', 0x0, 0x0) (async) getpeername$unix(r4, &(0x7f00000000c0)=@abs, &(0x7f0000000240)=0x6e) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:44:05 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = memfd_secret(0x80000) openat$cgroup_int(r1, &(0x7f00000000c0)='blkio.throttle.read_bps_device\x00', 0x2, 0x0) r2 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:44:05 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100", 0x3a, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:05 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x1008000, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) bpf$OBJ_GET_MAP(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./file0\x00', 0x0, 0x10}, 0x10) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) getpeername$packet(r6, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) openat$cgroup_ro(r6, &(0x7f0000000300)='io.stat\x00', 0x0, 0x0) getpeername$unix(r4, &(0x7f00000000c0)=@abs, &(0x7f0000000240)=0x6e) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x1008000, 0x0, 0x0, 0x0, 0x0, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) (async) dup(r3) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f00000002c0)={&(0x7f0000000280)='./file0\x00', 0x0, 0x10}, 0x10) (async) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async) dup(r5) (async) getpeername$packet(r6, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) openat$cgroup_ro(r6, &(0x7f0000000300)='io.stat\x00', 0x0, 0x0) (async) getpeername$unix(r4, &(0x7f00000000c0)=@abs, &(0x7f0000000240)=0x6e) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) (async) [ 828.902899][T30566] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=7 sclass=netlink_xfrm_socket pid=30566 comm=syz-executor.3 [ 828.918965][T30574] loop5: detected capacity change from 0 to 1024 [ 828.923050][T30569] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 828.935237][T30569] CPU: 1 PID: 30569 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 18:44:05 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x8, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 828.946258][T30569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 828.956349][T30569] Call Trace: [ 828.959641][T30569] [ 828.962672][T30569] dump_stack_lvl+0xd6/0x122 [ 828.967302][T30569] dump_stack+0x11/0x12 [ 828.971642][T30569] dump_header+0x98/0x410 [ 828.975973][T30569] out_of_memory+0x65e/0x880 [ 828.980576][T30569] memory_max_write+0x31b/0x420 [ 828.985480][T30569] ? memory_max_show+0x70/0x70 [ 828.990289][T30569] cgroup_file_write+0x167/0x300 [ 828.995260][T30569] ? __check_object_size+0x235/0x380 [ 829.000546][T30569] ? cgroup_seqfile_stop+0x70/0x70 [ 829.005773][T30569] kernfs_fop_write_iter+0x1d3/0x2c0 [ 829.011103][T30569] vfs_write+0x71c/0x890 [ 829.015413][T30569] ksys_write+0xe8/0x1a0 [ 829.019776][T30569] __x64_sys_write+0x3e/0x50 [ 829.024381][T30569] do_syscall_64+0x2b/0x70 [ 829.028835][T30569] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 829.034757][T30569] RIP: 0033:0x7f682d3270e9 [ 829.039198][T30569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 829.058804][T30569] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 829.067271][T30569] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 829.075238][T30569] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000013 [ 829.083255][T30569] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 829.091276][T30569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 829.099332][T30569] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 829.107309][T30569] [ 829.110540][T30569] memory: usage 72kB, limit 0kB, failcnt 7024 [ 829.116600][T30569] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 829.123460][T30569] Memory cgroup stats for /syz0: [ 829.128688][T30578] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=8 sclass=netlink_xfrm_socket pid=30578 comm=syz-executor.3 [ 829.128818][T30569] anon 0 [ 829.128818][T30569] file 53248 [ 829.128818][T30569] kernel 20480 [ 829.128818][T30569] kernel_stack 0 [ 829.128818][T30569] pagetables 0 [ 829.128818][T30569] percpu 0 [ 829.128818][T30569] sock 0 [ 829.128818][T30569] vmalloc 0 [ 829.128818][T30569] shmem 53248 [ 829.128818][T30569] file_mapped 53248 [ 829.128818][T30569] file_dirty 0 [ 829.128818][T30569] file_writeback 0 [ 829.128818][T30569] swapcached 0 [ 829.128818][T30569] inactive_anon 0 [ 829.128818][T30569] active_anon 53248 [ 829.128818][T30569] inactive_file 0 [ 829.128818][T30569] active_file 0 [ 829.128818][T30569] unevictable 0 [ 829.128818][T30569] slab_reclaimable 3056 [ 829.128818][T30569] slab_unreclaimable 14936 [ 829.128818][T30569] slab 17992 [ 829.128818][T30569] workingset_refault_anon 0 [ 829.128818][T30569] workingset_refault_file 7 [ 829.128818][T30569] workingset_activate_anon 0 [ 829.128818][T30569] workingset_activate_file 0 [ 829.134334][T30574] EXT4-fs error (device loop5): ext4_ext_check_inode:497: inode #2: comm syz-executor.5: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 829.146374][T30569] Out of memory and no killable processes... 18:44:05 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0xa, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 829.298023][T30580] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 829.308280][T30580] CPU: 0 PID: 30580 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 829.310360][T30583] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=10 sclass=netlink_xfrm_socket pid=30583 comm=syz-executor.3 [ 829.319395][T30580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 829.319407][T30580] Call Trace: [ 829.319413][T30580] [ 829.319471][T30580] dump_stack_lvl+0xd6/0x122 [ 829.319497][T30580] dump_stack+0x11/0x12 [ 829.357225][T30580] dump_header+0x98/0x410 [ 829.361563][T30580] out_of_memory+0x65e/0x880 [ 829.362971][T30574] EXT4-fs (loop5): get root inode failed [ 829.366152][T30580] memory_max_write+0x31b/0x420 [ 829.366183][T30580] ? memory_max_show+0x70/0x70 [ 829.371870][T30574] EXT4-fs (loop5): mount failed [ 829.376639][T30580] cgroup_file_write+0x167/0x300 [ 829.391200][T30580] ? __check_object_size+0x235/0x380 [ 829.396520][T30580] ? cgroup_seqfile_stop+0x70/0x70 [ 829.401652][T30580] kernfs_fop_write_iter+0x1d3/0x2c0 [ 829.407007][T30580] vfs_write+0x71c/0x890 [ 829.411239][T30580] ksys_write+0xe8/0x1a0 [ 829.415488][T30580] __x64_sys_write+0x3e/0x50 [ 829.420127][T30580] do_syscall_64+0x2b/0x70 [ 829.424530][T30580] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 829.430419][T30580] RIP: 0033:0x7ff0acc260e9 [ 829.434912][T30580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 829.454499][T30580] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 829.462982][T30580] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 829.470938][T30580] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 829.478956][T30580] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 829.486920][T30580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 18:44:05 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async, rerun: 64) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async, rerun: 64) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) r1 = memfd_secret(0x80000) openat$cgroup_int(r1, &(0x7f00000000c0)='blkio.throttle.read_bps_device\x00', 0x2, 0x0) (async) r2 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async, rerun: 32) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async, rerun: 32) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) [ 829.494940][T30580] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 829.502932][T30580] [ 829.505964][T30580] memory: usage 72kB, limit 0kB, failcnt 7024 [ 829.512040][T30580] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 18:44:05 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100", 0x3a, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:05 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001d40), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'\x00', 0x2}) 18:44:05 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x12, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 829.518906][T30580] Memory cgroup stats for /syz0: [ 829.568668][T30585] loop5: detected capacity change from 0 to 1024 [ 829.591149][ T24] audit: type=1400 audit(1651085045.785:355): avc: denied { nlmsg_read } for pid=30586 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 829.614897][T30587] netlink: 260 bytes leftover after parsing attributes in process `syz-executor.3'. [ 829.631648][T30580] anon 0 [ 829.631648][T30580] file 53248 [ 829.631648][T30580] kernel 20480 [ 829.631648][T30580] kernel_stack 0 [ 829.631648][T30580] pagetables 0 [ 829.631648][T30580] percpu 0 [ 829.631648][T30580] sock 0 [ 829.631648][T30580] vmalloc 0 [ 829.631648][T30580] shmem 53248 [ 829.631648][T30580] file_mapped 53248 [ 829.631648][T30580] file_dirty 0 [ 829.631648][T30580] file_writeback 0 [ 829.631648][T30580] swapcached 0 [ 829.631648][T30580] inactive_anon 0 [ 829.631648][T30580] active_anon 53248 [ 829.631648][T30580] inactive_file 0 [ 829.631648][T30580] active_file 0 [ 829.631648][T30580] unevictable 0 [ 829.631648][T30580] slab_reclaimable 3056 [ 829.631648][T30580] slab_unreclaimable 14936 [ 829.631648][T30580] slab 17992 [ 829.631648][T30580] workingset_refault_anon 0 [ 829.631648][T30580] workingset_refault_file 7 [ 829.631648][T30580] workingset_activate_anon 0 [ 829.631648][T30580] workingset_activate_file 0 [ 829.718840][T30580] Out of memory and no killable processes... [ 829.740125][T30585] EXT4-fs error (device loop5): ext4_ext_check_inode:497: inode #2: comm syz-executor.5: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 829.764719][T30585] EXT4-fs (loop5): get root inode failed [ 829.770418][T30585] EXT4-fs (loop5): mount failed [ 830.129921][ T225] device hsr_slave_0 left promiscuous mode [ 830.135895][ T225] device hsr_slave_1 left promiscuous mode [ 830.142261][ T225] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 830.149737][ T225] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 830.157287][ T225] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 830.164815][ T225] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 830.172673][ T225] device bridge_slave_1 left promiscuous mode [ 830.178898][ T225] bridge0: port 2(bridge_slave_1) entered disabled state [ 830.186631][ T225] device bridge_slave_0 left promiscuous mode [ 830.192855][ T225] bridge0: port 1(bridge_slave_0) entered disabled state [ 830.202469][ T225] device veth1_macvtap left promiscuous mode [ 830.208526][ T225] device veth0_macvtap left promiscuous mode [ 830.214522][ T225] device veth1_vlan left promiscuous mode [ 830.220418][ T225] device veth0_vlan left promiscuous mode [ 830.301932][ T225] team0 (unregistering): Port device team_slave_1 removed [ 830.312178][ T225] team0 (unregistering): Port device team_slave_0 removed [ 830.321331][ T225] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 830.333624][ T225] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 830.361096][ T225] bond0 (unregistering): Released all slaves [ 830.938040][T30618] chnl_net:caif_netlink_parms(): no params data found [ 830.966643][T30618] bridge0: port 1(bridge_slave_0) entered blocking state [ 830.973725][T30618] bridge0: port 1(bridge_slave_0) entered disabled state [ 830.981925][T30618] device bridge_slave_0 entered promiscuous mode [ 830.989190][T30618] bridge0: port 2(bridge_slave_1) entered blocking state [ 830.996206][T30618] bridge0: port 2(bridge_slave_1) entered disabled state [ 831.003771][T30618] device bridge_slave_1 entered promiscuous mode [ 831.019237][T30618] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 831.029611][T30618] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 831.047282][T30618] team0: Port device team_slave_0 added [ 831.053699][T30618] team0: Port device team_slave_1 added [ 831.067178][T30618] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 831.074143][T30618] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 831.100173][T30618] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 831.111212][T30618] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 831.118172][T30618] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 831.144142][T30618] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 831.165073][T30618] device hsr_slave_0 entered promiscuous mode [ 831.172402][T30618] device hsr_slave_1 entered promiscuous mode [ 831.178776][T30618] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 831.186385][T30618] Cannot create hsr debugfs directory [ 831.214136][T30618] bridge0: port 2(bridge_slave_1) entered blocking state [ 831.221184][T30618] bridge0: port 2(bridge_slave_1) entered forwarding state [ 831.228523][T30618] bridge0: port 1(bridge_slave_0) entered blocking state [ 831.235545][T30618] bridge0: port 1(bridge_slave_0) entered forwarding state [ 831.263561][T30618] 8021q: adding VLAN 0 to HW filter on device bond0 [ 831.274225][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 831.282924][ T893] bridge0: port 1(bridge_slave_0) entered disabled state [ 831.290781][ T893] bridge0: port 2(bridge_slave_1) entered disabled state [ 831.302092][T30618] 8021q: adding VLAN 0 to HW filter on device team0 [ 831.311438][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 831.319834][ T77] bridge0: port 1(bridge_slave_0) entered blocking state [ 831.326843][ T77] bridge0: port 1(bridge_slave_0) entered forwarding state [ 831.345701][T30618] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 831.356035][T30618] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 831.369020][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 831.377272][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 831.384294][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 831.392773][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 831.401296][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 831.409986][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 831.418157][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 831.428937][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 831.436463][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 831.449949][T30618] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 831.457090][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 831.464698][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 831.528729][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 831.568882][T30618] device veth0_vlan entered promiscuous mode [ 831.575524][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 831.583962][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 831.591705][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 831.601461][T30618] device veth1_vlan entered promiscuous mode [ 831.614139][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 831.622024][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 831.630376][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 831.641289][T30618] device veth0_macvtap entered promiscuous mode [ 831.649382][T30618] device veth1_macvtap entered promiscuous mode [ 831.660258][T30618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 831.670746][T30618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.680548][T30618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 831.690999][T30618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.700817][T30618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 831.711344][T30618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.721258][T30618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 831.731773][T30618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.741604][T30618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 831.752027][T30618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.763498][T30618] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 831.771600][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 831.781560][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 831.790448][T30618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 831.800909][T30618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.810784][T30618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 831.821216][T30618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.831009][T30618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 831.841570][T30618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.851390][T30618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 18:44:08 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) (async) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18}, './file0\x00'}) 18:44:08 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x15, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:08 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) r3 = socket$pptp(0x18, 0x1, 0x2) recvmmsg(r3, &(0x7f0000002000)=[{{&(0x7f00000000c0)=@nl=@unspec, 0x80, &(0x7f0000000400)=[{&(0x7f0000000240)=""/53, 0x35}, {&(0x7f0000000280)=""/120, 0x78}, {&(0x7f0000000300)=""/42, 0x2a}, {&(0x7f0000000340)=""/171, 0xab}], 0x4, &(0x7f0000000440)=""/54, 0x36}, 0xd72f}, {{&(0x7f0000000480)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @initdev}}, 0x80, &(0x7f0000000a40)=[{&(0x7f0000000500)=""/12, 0xc}, {&(0x7f0000000540)=""/241, 0xf1}, {&(0x7f0000000640)=""/88, 0x58}, {&(0x7f00000006c0)=""/153, 0x99}, {&(0x7f0000000780)=""/5, 0x5}, {&(0x7f00000007c0)=""/75, 0x4b}, {&(0x7f0000000840)}, {&(0x7f0000000880)=""/177, 0xb1}, {&(0x7f0000000940)=""/42, 0x2a}, {&(0x7f0000000980)=""/174, 0xae}], 0xa, &(0x7f0000000b00)=""/64, 0x40}, 0x400}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000b40)=""/173, 0xad}, {&(0x7f0000000c00)=""/6, 0x6}, {&(0x7f0000000c40)=""/182, 0xb6}, {&(0x7f0000000d00)=""/111, 0x6f}, {&(0x7f0000000d80)=""/71, 0x47}, {&(0x7f0000000e00)}, {&(0x7f0000000e40)=""/46, 0x2e}], 0x7, &(0x7f0000000f00)=""/232, 0xe8}, 0xb1a}, {{0x0, 0x0, &(0x7f0000001100)=[{&(0x7f0000001000)=""/54, 0x36}, {&(0x7f0000001040)=""/130, 0x82}], 0x2}, 0xfffffffa}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000001140)=""/140, 0x8c}, {&(0x7f0000001200)=""/109, 0x6d}, {&(0x7f0000001280)=""/197, 0xc5}, {&(0x7f0000001380)=""/49, 0x31}, {&(0x7f00000013c0)=""/247, 0xf7}, {&(0x7f00000014c0)=""/10, 0xa}, {&(0x7f0000001500)=""/73, 0x49}, {&(0x7f0000001580)=""/28, 0x1c}, {&(0x7f00000015c0)=""/251, 0xfb}], 0x9, &(0x7f0000001780)=""/124, 0x7c}}, {{&(0x7f0000001800)=@xdp, 0x80, &(0x7f0000001f40)=[{&(0x7f0000001880)=""/128, 0x80}, {&(0x7f0000001900)=""/196, 0xc4}, {&(0x7f0000001a00)=""/237, 0xed}, {&(0x7f0000001b00)=""/95, 0x5f}, {&(0x7f0000001b80)=""/137, 0x89}, {&(0x7f0000001c40)=""/191, 0xbf}, {&(0x7f0000001d00)=""/73, 0x49}, {&(0x7f0000001d80)=""/211, 0xd3}, {&(0x7f0000001e80)=""/71, 0x47}, {&(0x7f0000001f00)=""/19, 0x13}], 0xa}, 0x800}], 0x6, 0x2, &(0x7f0000002180)) 18:44:08 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) r1 = memfd_secret(0x80000) openat$cgroup_int(r1, &(0x7f00000000c0)='blkio.throttle.read_bps_device\x00', 0x2, 0x0) r2 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async, rerun: 64) prlimit64(0x0, 0x0, 0x0, 0x0) (async, rerun: 64) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async, rerun: 32) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async, rerun: 32) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:44:08 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100", 0x3a, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:08 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001d40), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'\x00', 0x2}) ioctl$SIOCSIFHWADDR(r0, 0x401054d6, 0x0) [ 831.861799][T30618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.871631][T30618] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 831.882041][T30618] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.893350][T30618] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 831.902843][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 18:44:08 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x28, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:08 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) recvmsg(r4, &(0x7f00000004c0)={&(0x7f00000000c0)=@l2tp={0x2, 0x0, @remote}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000240)=""/77, 0x4d}, {&(0x7f00000002c0)=""/173, 0xad}, {&(0x7f0000000380)=""/142, 0x8e}, {&(0x7f0000000440)=""/59, 0x3b}], 0x4, &(0x7f0000000f40)=""/4096, 0x1000}, 0x571fbe421c3ecf70) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) ppoll(&(0x7f0000000500)=[{r0, 0x24c6}, {r3, 0x400}, {r4, 0x4218}, {r0, 0x2}], 0x4, &(0x7f0000000540), &(0x7f0000000580)={[0xffffffffe757bef8]}, 0x8) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) sendfile(r5, r0, &(0x7f00000005c0)=0xffff, 0xfff) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) [ 831.950671][T30660] loop5: detected capacity change from 0 to 1024 [ 831.983346][T30671] netlink: 256 bytes leftover after parsing attributes in process `syz-executor.3'. 18:44:08 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x29, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 831.988520][T30668] syz-executor.0 invoked oom-killer: gfp_mask=0xc40(GFP_NOFS), order=0, oom_score_adj=1000 [ 832.002908][T30668] CPU: 1 PID: 30668 Comm: syz-executor.0 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 832.010611][T30660] EXT4-fs error (device loop5): ext4_ext_check_inode:497: inode #2: comm syz-executor.5: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 832.013927][T30668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 832.013939][T30668] Call Trace: [ 832.013945][T30668] 18:44:08 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 832.033848][T30660] EXT4-fs (loop5): get root inode failed [ 832.042092][T30668] dump_stack_lvl+0xd6/0x122 [ 832.042122][T30668] dump_stack+0x11/0x12 [ 832.045418][T30660] EXT4-fs (loop5): mount failed [ 832.062541][T30677] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=41 sclass=netlink_xfrm_socket pid=30677 comm=syz-executor.3 [ 832.062662][T30668] dump_header+0x98/0x410 18:44:08 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x2, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:08 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x3, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 832.073447][ T24] audit: type=1400 audit(1651085048.265:356): avc: denied { read } for pid=30655 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 832.080288][T30668] oom_kill_process+0xfe/0x550 [ 832.080320][T30668] out_of_memory+0x620/0x880 [ 832.098791][T30679] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 832.104462][T30668] mem_cgroup_oom+0x475/0x4f0 [ 832.125377][T30668] try_charge_memcg+0x746/0x960 [ 832.129928][T30681] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 832.130240][T30668] obj_cgroup_charge+0x171/0x2b0 [ 832.142177][T30668] memcg_slab_pre_alloc_hook+0xf7/0x170 [ 832.147721][T30668] ? ext4_alloc_inode+0x23/0x1b0 [ 832.152690][T30668] kmem_cache_alloc_lru+0x76/0x2b0 [ 832.154176][T30683] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 832.157874][T30668] ext4_alloc_inode+0x23/0x1b0 [ 832.157937][T30668] ? ext4_unregister_li_request+0xd0/0xd0 [ 832.157963][T30668] alloc_inode+0x38/0x150 [ 832.179664][T30668] new_inode+0x21/0x140 [ 832.183918][T30668] __ext4_new_inode+0xd4/0x1de0 [ 832.188754][T30668] ? __dquot_initialize+0x13c/0x760 [ 832.194030][T30668] ext4_symlink+0x227/0x5b0 [ 832.198579][T30668] vfs_symlink+0x18a/0x280 [ 832.203033][T30668] do_symlinkat+0xe2/0x330 [ 832.207430][T30668] __x64_sys_symlinkat+0x5e/0x70 [ 832.212346][T30668] do_syscall_64+0x2b/0x70 [ 832.216744][T30668] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 832.222617][T30668] RIP: 0033:0x7f567f5c39f7 [ 832.227060][T30668] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0a 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 832.246678][T30668] RSP: 002b:00007ffe79c321e8 EFLAGS: 00000202 ORIG_RAX: 000000000000010a [ 832.255089][T30668] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f567f5c39f7 [ 832.263102][T30668] RDX: 00007f567f61e12e RSI: 00000000ffffff9c RDI: 00007f567f61ce13 [ 832.271053][T30668] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffe79c31c60 [ 832.279038][T30668] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 [ 832.287005][T30668] R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffe79c322b0 [ 832.295052][T30668] [ 832.298130][T30668] memory: usage 284kB, limit 0kB, failcnt 7043 [ 832.304290][T30668] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 832.311132][T30668] Memory cgroup stats for /syz0: [ 832.311621][T30668] anon 73728 [ 832.311621][T30668] file 53248 [ 832.311621][T30668] kernel 163840 [ 832.311621][T30668] kernel_stack 16384 [ 832.311621][T30668] pagetables 61440 [ 832.311621][T30668] percpu 0 [ 832.311621][T30668] sock 0 [ 832.311621][T30668] vmalloc 0 [ 832.311621][T30668] shmem 53248 [ 832.311621][T30668] file_mapped 53248 [ 832.311621][T30668] file_dirty 0 [ 832.311621][T30668] file_writeback 0 [ 832.311621][T30668] swapcached 0 [ 832.311621][T30668] inactive_anon 73728 [ 832.311621][T30668] active_anon 53248 [ 832.311621][T30668] inactive_file 0 [ 832.311621][T30668] active_file 0 [ 832.311621][T30668] unevictable 0 [ 832.311621][T30668] slab_reclaimable 21912 [ 832.311621][T30668] slab_unreclaimable 38624 [ 832.311621][T30668] slab 60536 [ 832.311621][T30668] workingset_refault_anon 0 [ 832.311621][T30668] workingset_refault_file 7 [ 832.311621][T30668] workingset_activate_anon 0 [ 832.311621][T30668] workingset_activate_file 0 [ 832.405268][T30668] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=30668,uid=0 [ 832.420543][T30668] Memory cgroup out of memory: Killed process 30668 (syz-executor.0) total-vm:42336kB, anon-rss:384kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:1000 18:44:08 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) faccessat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x8) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 18:44:08 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x4, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 832.457676][T30673] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 832.467654][T30673] CPU: 0 PID: 30673 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 832.478682][T30673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 832.481417][T30685] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 832.488793][T30673] Call Trace: [ 832.488802][T30673] [ 832.488809][T30673] dump_stack_lvl+0xd6/0x122 [ 832.506626][T30673] dump_stack+0x11/0x12 [ 832.510795][T30673] dump_header+0x98/0x410 [ 832.515121][T30673] oom_kill_process+0xfe/0x550 [ 832.519867][T30673] out_of_memory+0x620/0x880 [ 832.524473][T30673] memory_max_write+0x31b/0x420 [ 832.529523][T30673] ? memory_max_show+0x70/0x70 [ 832.534326][T30673] cgroup_file_write+0x167/0x300 [ 832.539316][T30673] ? __check_object_size+0x235/0x380 [ 832.544582][T30673] ? cgroup_seqfile_stop+0x70/0x70 [ 832.549707][T30673] kernfs_fop_write_iter+0x1d3/0x2c0 [ 832.555013][T30673] vfs_write+0x71c/0x890 [ 832.559260][T30673] ksys_write+0xe8/0x1a0 [ 832.563504][T30673] __x64_sys_write+0x3e/0x50 [ 832.568106][T30673] do_syscall_64+0x2b/0x70 [ 832.572569][T30673] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 832.578445][T30673] RIP: 0033:0x7f682d3270e9 [ 832.582836][T30673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 832.602516][T30673] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 832.610923][T30673] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 832.618974][T30673] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 832.626938][T30673] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 832.634942][T30673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 832.642896][T30673] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 832.650870][T30673] [ 832.654158][T30673] memory: usage 152kB, limit 0kB, failcnt 7079 [ 832.660321][T30673] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 832.667154][T30673] Memory cgroup stats for /syz0: [ 832.667504][T30673] anon 45056 [ 832.667504][T30673] file 53248 [ 832.667504][T30673] kernel 57344 [ 832.667504][T30673] kernel_stack 0 [ 832.667504][T30673] pagetables 8192 [ 832.667504][T30673] percpu 0 [ 832.667504][T30673] sock 0 [ 832.667504][T30673] vmalloc 0 [ 832.667504][T30673] shmem 53248 [ 832.667504][T30673] file_mapped 53248 [ 832.667504][T30673] file_dirty 0 [ 832.667504][T30673] file_writeback 0 [ 832.667504][T30673] swapcached 0 [ 832.667504][T30673] inactive_anon 45056 [ 832.667504][T30673] active_anon 53248 [ 832.667504][T30673] inactive_file 0 [ 832.667504][T30673] active_file 0 [ 832.667504][T30673] unevictable 0 [ 832.667504][T30673] slab_reclaimable 10752 [ 832.667504][T30673] slab_unreclaimable 25216 [ 832.667504][T30673] slab 35968 [ 832.667504][T30673] workingset_refault_anon 0 [ 832.667504][T30673] workingset_refault_file 7 [ 832.667504][T30673] workingset_activate_anon 0 [ 832.667504][T30673] workingset_activate_file 0 [ 832.760748][T30673] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=30618,uid=0 [ 832.776030][T30673] Memory cgroup out of memory: Killed process 30618 (syz-executor.0) total-vm:42336kB, anon-rss:364kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:0 [ 832.804020][T30673] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 832.814111][T30673] CPU: 1 PID: 30673 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 832.825280][T30673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 832.835329][T30673] Call Trace: [ 832.838611][T30673] [ 832.841551][T30673] dump_stack_lvl+0xd6/0x122 [ 832.846135][T30673] dump_stack+0x11/0x12 [ 832.850349][T30673] dump_header+0x98/0x410 [ 832.854676][T30673] out_of_memory+0x65e/0x880 [ 832.859257][T30673] memory_max_write+0x31b/0x420 [ 832.864168][T30673] ? memory_max_show+0x70/0x70 [ 832.868930][T30673] cgroup_file_write+0x167/0x300 [ 832.873885][T30673] ? __check_object_size+0x235/0x380 [ 832.879170][T30673] ? cgroup_seqfile_stop+0x70/0x70 [ 832.884281][T30673] kernfs_fop_write_iter+0x1d3/0x2c0 [ 832.889638][T30673] vfs_write+0x71c/0x890 [ 832.893914][T30673] ksys_write+0xe8/0x1a0 [ 832.898151][T30673] __x64_sys_write+0x3e/0x50 [ 832.902738][T30673] do_syscall_64+0x2b/0x70 [ 832.907290][T30673] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 832.913177][T30673] RIP: 0033:0x7f682d3270e9 [ 832.917584][T30673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 832.937179][T30673] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 832.945586][T30673] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 18:44:09 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32) prlimit64(0x0, 0x0, 0x0, 0x0) (async, rerun: 32) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) r3 = socket$pptp(0x18, 0x1, 0x2) recvmmsg(r3, &(0x7f0000002000)=[{{&(0x7f00000000c0)=@nl=@unspec, 0x80, &(0x7f0000000400)=[{&(0x7f0000000240)=""/53, 0x35}, {&(0x7f0000000280)=""/120, 0x78}, {&(0x7f0000000300)=""/42, 0x2a}, {&(0x7f0000000340)=""/171, 0xab}], 0x4, &(0x7f0000000440)=""/54, 0x36}, 0xd72f}, {{&(0x7f0000000480)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @initdev}}, 0x80, &(0x7f0000000a40)=[{&(0x7f0000000500)=""/12, 0xc}, {&(0x7f0000000540)=""/241, 0xf1}, {&(0x7f0000000640)=""/88, 0x58}, {&(0x7f00000006c0)=""/153, 0x99}, {&(0x7f0000000780)=""/5, 0x5}, {&(0x7f00000007c0)=""/75, 0x4b}, {&(0x7f0000000840)}, {&(0x7f0000000880)=""/177, 0xb1}, {&(0x7f0000000940)=""/42, 0x2a}, {&(0x7f0000000980)=""/174, 0xae}], 0xa, &(0x7f0000000b00)=""/64, 0x40}, 0x400}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000b40)=""/173, 0xad}, {&(0x7f0000000c00)=""/6, 0x6}, {&(0x7f0000000c40)=""/182, 0xb6}, {&(0x7f0000000d00)=""/111, 0x6f}, {&(0x7f0000000d80)=""/71, 0x47}, {&(0x7f0000000e00)}, {&(0x7f0000000e40)=""/46, 0x2e}], 0x7, &(0x7f0000000f00)=""/232, 0xe8}, 0xb1a}, {{0x0, 0x0, &(0x7f0000001100)=[{&(0x7f0000001000)=""/54, 0x36}, {&(0x7f0000001040)=""/130, 0x82}], 0x2}, 0xfffffffa}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000001140)=""/140, 0x8c}, {&(0x7f0000001200)=""/109, 0x6d}, {&(0x7f0000001280)=""/197, 0xc5}, {&(0x7f0000001380)=""/49, 0x31}, {&(0x7f00000013c0)=""/247, 0xf7}, {&(0x7f00000014c0)=""/10, 0xa}, {&(0x7f0000001500)=""/73, 0x49}, {&(0x7f0000001580)=""/28, 0x1c}, {&(0x7f00000015c0)=""/251, 0xfb}], 0x9, &(0x7f0000001780)=""/124, 0x7c}}, {{&(0x7f0000001800)=@xdp, 0x80, &(0x7f0000001f40)=[{&(0x7f0000001880)=""/128, 0x80}, {&(0x7f0000001900)=""/196, 0xc4}, {&(0x7f0000001a00)=""/237, 0xed}, {&(0x7f0000001b00)=""/95, 0x5f}, {&(0x7f0000001b80)=""/137, 0x89}, {&(0x7f0000001c40)=""/191, 0xbf}, {&(0x7f0000001d00)=""/73, 0x49}, {&(0x7f0000001d80)=""/211, 0xd3}, {&(0x7f0000001e80)=""/71, 0x47}, {&(0x7f0000001f00)=""/19, 0x13}], 0xa}, 0x800}], 0x6, 0x2, &(0x7f0000002180)) 18:44:09 executing program 2: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b40)={0x3, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000ffffff7f000000008000000095"], &(0x7f0000000180)='syzkaller\x00', 0x5, 0xa7, &(0x7f00000003c0)=""/167, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) 18:44:09 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af3010004000000000000000000000001000000", 0x3c, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:09 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x5, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 832.953543][T30673] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 832.961617][T30673] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 832.969573][T30673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 832.977526][T30673] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 832.985492][T30673] [ 832.988693][T30673] memory: usage 88kB, limit 0kB, failcnt 7096 [ 832.994826][T30673] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 833.001686][T30673] Memory cgroup stats for /syz0: 18:44:09 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x6, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 833.005191][T30691] loop5: detected capacity change from 0 to 1024 [ 833.011244][T30693] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 833.040622][T30691] EXT4-fs error (device loop5): ext4_ext_check_inode:497: inode #2: comm syz-executor.5: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 833.055026][T30707] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 833.062983][T30691] EXT4-fs (loop5): get root inode failed [ 833.071901][T30691] EXT4-fs (loop5): mount failed [ 833.077595][T30673] anon 0 [ 833.077595][T30673] file 53248 [ 833.077595][T30673] kernel 36864 [ 833.077595][T30673] kernel_stack 0 [ 833.077595][T30673] pagetables 0 [ 833.077595][T30673] percpu 0 [ 833.077595][T30673] sock 0 [ 833.077595][T30673] vmalloc 0 [ 833.077595][T30673] shmem 53248 [ 833.077595][T30673] file_mapped 53248 [ 833.077595][T30673] file_dirty 0 [ 833.077595][T30673] file_writeback 0 [ 833.077595][T30673] swapcached 0 [ 833.077595][T30673] inactive_anon 0 [ 833.077595][T30673] active_anon 53248 [ 833.077595][T30673] inactive_file 0 [ 833.077595][T30673] active_file 0 [ 833.077595][T30673] unevictable 0 [ 833.077595][T30673] slab_reclaimable 3456 [ 833.077595][T30673] slab_unreclaimable 24816 [ 833.077595][T30673] slab 28272 [ 833.077595][T30673] workingset_refault_anon 0 [ 833.077595][T30673] workingset_refault_file 7 [ 833.077595][T30673] workingset_activate_anon 0 18:44:09 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) (async) recvmsg(r4, &(0x7f00000004c0)={&(0x7f00000000c0)=@l2tp={0x2, 0x0, @remote}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000240)=""/77, 0x4d}, {&(0x7f00000002c0)=""/173, 0xad}, {&(0x7f0000000380)=""/142, 0x8e}, {&(0x7f0000000440)=""/59, 0x3b}], 0x4, &(0x7f0000000f40)=""/4096, 0x1000}, 0x571fbe421c3ecf70) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) ppoll(&(0x7f0000000500)=[{r0, 0x24c6}, {r3, 0x400}, {r4, 0x4218}, {r0, 0x2}], 0x4, &(0x7f0000000540), &(0x7f0000000580)={[0xffffffffe757bef8]}, 0x8) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) (async) sendfile(r5, r0, &(0x7f00000005c0)=0xffff, 0xfff) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:44:09 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001d40), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'\x00', 0x2}) ioctl$SIOCSIFHWADDR(r0, 0x400454d1, &(0x7f0000000080)={'veth0_to_bridge\x00', @broadcast}) 18:44:09 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x7, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:09 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async, rerun: 32) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async, rerun: 32) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async, rerun: 64) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (rerun: 64) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) r3 = socket$pptp(0x18, 0x1, 0x2) recvmmsg(r3, &(0x7f0000002000)=[{{&(0x7f00000000c0)=@nl=@unspec, 0x80, &(0x7f0000000400)=[{&(0x7f0000000240)=""/53, 0x35}, {&(0x7f0000000280)=""/120, 0x78}, {&(0x7f0000000300)=""/42, 0x2a}, {&(0x7f0000000340)=""/171, 0xab}], 0x4, &(0x7f0000000440)=""/54, 0x36}, 0xd72f}, {{&(0x7f0000000480)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @initdev}}, 0x80, &(0x7f0000000a40)=[{&(0x7f0000000500)=""/12, 0xc}, {&(0x7f0000000540)=""/241, 0xf1}, {&(0x7f0000000640)=""/88, 0x58}, {&(0x7f00000006c0)=""/153, 0x99}, {&(0x7f0000000780)=""/5, 0x5}, {&(0x7f00000007c0)=""/75, 0x4b}, {&(0x7f0000000840)}, {&(0x7f0000000880)=""/177, 0xb1}, {&(0x7f0000000940)=""/42, 0x2a}, {&(0x7f0000000980)=""/174, 0xae}], 0xa, &(0x7f0000000b00)=""/64, 0x40}, 0x400}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000b40)=""/173, 0xad}, {&(0x7f0000000c00)=""/6, 0x6}, {&(0x7f0000000c40)=""/182, 0xb6}, {&(0x7f0000000d00)=""/111, 0x6f}, {&(0x7f0000000d80)=""/71, 0x47}, {&(0x7f0000000e00)}, {&(0x7f0000000e40)=""/46, 0x2e}], 0x7, &(0x7f0000000f00)=""/232, 0xe8}, 0xb1a}, {{0x0, 0x0, &(0x7f0000001100)=[{&(0x7f0000001000)=""/54, 0x36}, {&(0x7f0000001040)=""/130, 0x82}], 0x2}, 0xfffffffa}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000001140)=""/140, 0x8c}, {&(0x7f0000001200)=""/109, 0x6d}, {&(0x7f0000001280)=""/197, 0xc5}, {&(0x7f0000001380)=""/49, 0x31}, {&(0x7f00000013c0)=""/247, 0xf7}, {&(0x7f00000014c0)=""/10, 0xa}, {&(0x7f0000001500)=""/73, 0x49}, {&(0x7f0000001580)=""/28, 0x1c}, {&(0x7f00000015c0)=""/251, 0xfb}], 0x9, &(0x7f0000001780)=""/124, 0x7c}}, {{&(0x7f0000001800)=@xdp, 0x80, &(0x7f0000001f40)=[{&(0x7f0000001880)=""/128, 0x80}, {&(0x7f0000001900)=""/196, 0xc4}, {&(0x7f0000001a00)=""/237, 0xed}, {&(0x7f0000001b00)=""/95, 0x5f}, {&(0x7f0000001b80)=""/137, 0x89}, {&(0x7f0000001c40)=""/191, 0xbf}, {&(0x7f0000001d00)=""/73, 0x49}, {&(0x7f0000001d80)=""/211, 0xd3}, {&(0x7f0000001e80)=""/71, 0x47}, {&(0x7f0000001f00)=""/19, 0x13}], 0xa}, 0x800}], 0x6, 0x2, &(0x7f0000002180)) 18:44:09 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af3010004000000000000000000000001000000", 0x3c, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:09 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async) faccessat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x8) (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 18:44:09 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x8, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:09 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) faccessat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x8) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async) faccessat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x8) (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) (async) 18:44:09 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async, rerun: 32) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async, rerun: 32) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) (async) recvmsg(r4, &(0x7f00000004c0)={&(0x7f00000000c0)=@l2tp={0x2, 0x0, @remote}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000240)=""/77, 0x4d}, {&(0x7f00000002c0)=""/173, 0xad}, {&(0x7f0000000380)=""/142, 0x8e}, {&(0x7f0000000440)=""/59, 0x3b}], 0x4, &(0x7f0000000f40)=""/4096, 0x1000}, 0x571fbe421c3ecf70) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) ppoll(&(0x7f0000000500)=[{r0, 0x24c6}, {r3, 0x400}, {r4, 0x4218}, {r0, 0x2}], 0x4, &(0x7f0000000540), &(0x7f0000000580)={[0xffffffffe757bef8]}, 0x8) (async, rerun: 32) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (rerun: 32) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async, rerun: 32) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (rerun: 32) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) (async) sendfile(r5, r0, &(0x7f00000005c0)=0xffff, 0xfff) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) [ 833.077595][T30673] workingset_activate_file 0 [ 833.164730][T30673] Out of memory and no killable processes... [ 833.190280][T30711] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 833.202179][T30714] loop5: detected capacity change from 0 to 1024 18:44:09 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x26400, 0x8) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000100)='blkio.throttle.write_bps_device\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000080), 0x12) 18:44:09 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001d40), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'\x00', 0x2}) ioctl$SIOCSIFHWADDR(r0, 0x8927, &(0x7f0000000000)={'ipvlan1\x00', @local}) 18:44:09 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0xffffffffffffffff, 0xc, &(0x7f00000000c0)={0x7, 0x7}, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:44:09 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x9, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 833.246907][T30733] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 833.260648][T30714] EXT4-fs error (device loop5): ext4_ext_check_inode:497: inode #2: comm syz-executor.5: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) 18:44:09 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x26400, 0x8) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) r1 = openat$cgroup_int(r0, &(0x7f0000000100)='blkio.throttle.write_bps_device\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000080), 0x12) 18:44:09 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x26400, 0x8) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000100)='blkio.throttle.write_bps_device\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x26400, 0x8) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r0, &(0x7f0000000100)='blkio.throttle.write_bps_device\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r1, &(0x7f0000000080), 0x12) (async) [ 833.347674][T30714] EXT4-fs (loop5): get root inode failed [ 833.353402][T30714] EXT4-fs (loop5): mount failed [ 833.360151][T30744] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 833.370449][T30741] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 833.380500][T30741] CPU: 0 PID: 30741 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 833.391528][T30741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 833.401573][T30741] Call Trace: [ 833.404854][T30741] [ 833.407795][T30741] dump_stack_lvl+0xd6/0x122 [ 833.412393][T30741] dump_stack+0x11/0x12 [ 833.416547][T30741] dump_header+0x98/0x410 [ 833.420890][T30741] out_of_memory+0x65e/0x880 [ 833.425484][T30741] memory_max_write+0x31b/0x420 [ 833.430418][T30741] ? memory_max_show+0x70/0x70 [ 833.435179][T30741] cgroup_file_write+0x167/0x300 [ 833.440121][T30741] ? __check_object_size+0x235/0x380 18:44:09 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0xa, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 833.445482][T30741] ? cgroup_seqfile_stop+0x70/0x70 [ 833.450592][T30741] kernfs_fop_write_iter+0x1d3/0x2c0 [ 833.454820][T30750] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 833.455882][T30741] vfs_write+0x71c/0x890 [ 833.467034][T30741] ksys_write+0xe8/0x1a0 [ 833.471304][T30741] __x64_sys_write+0x3e/0x50 [ 833.475919][T30741] do_syscall_64+0x2b/0x70 [ 833.480334][T30741] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 833.486238][T30741] RIP: 0033:0x7f682d3270e9 [ 833.490712][T30741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 833.510316][T30741] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 833.518791][T30741] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 833.526753][T30741] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 833.534715][T30741] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 18:44:09 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af3010004000000000000000000000001000000", 0x3c, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:09 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0xb, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 833.542679][T30741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 833.550643][T30741] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 833.558611][T30741] [ 833.561687][T30741] memory: usage 84kB, limit 0kB, failcnt 7096 [ 833.567743][T30741] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 18:44:09 executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b40)={0x18, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000ffffff7f000000008000400095"], &(0x7f0000000180)='syzkaller\x00', 0x5, 0xa7, &(0x7f00000003c0)=""/167, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x14}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000dc0)={&(0x7f0000000d80)='io_uring_submit_sqe\x00', r0}, 0x10) [ 833.574633][T30741] Memory cgroup stats for /syz0: [ 833.615194][T30765] loop5: detected capacity change from 0 to 1024 [ 833.649723][T30767] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 833.663495][T30765] EXT4-fs error (device loop5): ext4_ext_check_inode:497: inode #2: comm syz-executor.5: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 833.692796][T30741] anon 0 [ 833.692796][T30741] file 53248 [ 833.692796][T30741] kernel 32768 [ 833.692796][T30741] kernel_stack 0 [ 833.692796][T30741] pagetables 0 [ 833.692796][T30741] percpu 0 [ 833.692796][T30741] sock 0 [ 833.692796][T30741] vmalloc 0 [ 833.692796][T30741] shmem 53248 [ 833.692796][T30741] file_mapped 53248 [ 833.692796][T30741] file_dirty 0 [ 833.692796][T30741] file_writeback 0 [ 833.692796][T30741] swapcached 0 [ 833.692796][T30741] inactive_anon 0 [ 833.692796][T30741] active_anon 53248 [ 833.692796][T30741] inactive_file 0 [ 833.692796][T30741] active_file 0 [ 833.692796][T30741] unevictable 0 [ 833.692796][T30741] slab_reclaimable 3056 [ 833.692796][T30741] slab_unreclaimable 21536 [ 833.692796][T30741] slab 24592 [ 833.692796][T30741] workingset_refault_anon 0 [ 833.692796][T30741] workingset_refault_file 7 [ 833.692796][T30741] workingset_activate_anon 0 [ 833.692796][T30741] workingset_activate_file 0 [ 833.695032][T30765] EXT4-fs (loop5): get root inode failed [ 833.779895][T30741] Out of memory and no killable processes... [ 833.791562][T30765] EXT4-fs (loop5): mount failed [ 834.069894][ T8] device hsr_slave_0 left promiscuous mode [ 834.075896][ T8] device hsr_slave_1 left promiscuous mode [ 834.082131][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 834.089524][ T8] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 834.097107][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 834.104643][ T8] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 834.112311][ T8] device bridge_slave_1 left promiscuous mode [ 834.118519][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 834.126126][ T8] device bridge_slave_0 left promiscuous mode [ 834.132284][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 834.141458][ T8] device veth1_macvtap left promiscuous mode [ 834.147425][ T8] device veth0_macvtap left promiscuous mode [ 834.153515][ T8] device veth1_vlan left promiscuous mode [ 834.159353][ T8] device veth0_vlan left promiscuous mode [ 834.239538][ T8] team0 (unregistering): Port device team_slave_1 removed [ 834.249737][ T8] team0 (unregistering): Port device team_slave_0 removed [ 834.259810][ T8] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 834.270862][ T8] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 834.298139][ T8] bond0 (unregistering): Released all slaves [ 835.079276][T30774] chnl_net:caif_netlink_parms(): no params data found [ 835.107896][T30774] bridge0: port 1(bridge_slave_0) entered blocking state [ 835.114968][T30774] bridge0: port 1(bridge_slave_0) entered disabled state [ 835.122966][T30774] device bridge_slave_0 entered promiscuous mode [ 835.131851][T30774] bridge0: port 2(bridge_slave_1) entered blocking state [ 835.138952][T30774] bridge0: port 2(bridge_slave_1) entered disabled state [ 835.146429][T30774] device bridge_slave_1 entered promiscuous mode [ 835.162796][T30774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 835.172864][T30774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 835.190357][T30774] team0: Port device team_slave_0 added [ 835.196650][T30774] team0: Port device team_slave_1 added [ 835.210720][T30774] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 835.217640][T30774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 835.243615][T30774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 835.255401][T30774] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 835.262346][T30774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 835.288425][T30774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 835.309081][T30774] device hsr_slave_0 entered promiscuous mode [ 835.315558][T30774] device hsr_slave_1 entered promiscuous mode [ 835.321951][T30774] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 835.329506][T30774] Cannot create hsr debugfs directory [ 835.357426][T30774] bridge0: port 2(bridge_slave_1) entered blocking state [ 835.364483][T30774] bridge0: port 2(bridge_slave_1) entered forwarding state [ 835.371722][T30774] bridge0: port 1(bridge_slave_0) entered blocking state [ 835.378737][T30774] bridge0: port 1(bridge_slave_0) entered forwarding state [ 835.407841][T30774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 835.418423][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 835.426191][ T25] bridge0: port 1(bridge_slave_0) entered disabled state [ 835.434203][ T25] bridge0: port 2(bridge_slave_1) entered disabled state [ 835.445482][T30774] 8021q: adding VLAN 0 to HW filter on device team0 [ 835.455689][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 835.464205][ T40] bridge0: port 1(bridge_slave_0) entered blocking state [ 835.471226][ T40] bridge0: port 1(bridge_slave_0) entered forwarding state [ 835.481652][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 835.490034][ T893] bridge0: port 2(bridge_slave_1) entered blocking state [ 835.497040][ T893] bridge0: port 2(bridge_slave_1) entered forwarding state [ 835.515197][T30774] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 835.525746][T30774] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 835.539937][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 835.548774][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 835.557197][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 835.565755][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 835.574015][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 835.581651][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 835.596111][T30774] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 835.604745][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 835.613171][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 835.677992][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 835.719232][T30774] device veth0_vlan entered promiscuous mode [ 835.727516][T30774] device veth1_vlan entered promiscuous mode [ 835.735230][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 835.743587][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 835.751470][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 835.759183][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 835.768066][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 835.781962][T30774] device veth0_macvtap entered promiscuous mode [ 835.789119][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 835.797718][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 835.806835][T30774] device veth1_macvtap entered promiscuous mode [ 835.818582][T30774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 835.829044][T30774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 835.838848][T30774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 835.849313][T30774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 835.859173][T30774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 835.869577][T30774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 835.879384][T30774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 835.889816][T30774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 835.899720][T30774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 835.910130][T30774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 835.921864][T30774] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 835.930491][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 835.940804][T30774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 835.951238][T30774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 835.961130][T30774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 835.971526][T30774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 835.981381][T30774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 835.991816][T30774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 836.001616][T30774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 836.012112][T30774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 18:44:12 executing program 2: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) timerfd_gettime(r0, 0x0) 18:44:12 executing program 0: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x490c80, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) getxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)=@random={'system.', '\xf2\xe1\xbaJ\xf0\xb8w-\xaa7s\xe1.\x89'}, &(0x7f00000000c0)=""/79, 0x4f) 18:44:12 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0xc, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:12 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) r4 = syz_clone(0x800, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) wait4(r4, &(0x7f0000000100), 0x2, &(0x7f0000000240)) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) getpeername$packet(r6, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000400)={'syztnl0\x00', &(0x7f0000000380)={'sit0\x00', 0x0, 0x4, 0x1, 0x2, 0x7, 0x0, @private0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x7, 0x800, 0x6}}) pipe(&(0x7f0000000440)={0xffffffffffffffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x7, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x3ff}, [@map_idx_val={0x18, 0x7, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2}, @map_fd={0x18, 0x2, 0x1, 0x0, r6}]}, &(0x7f0000000340)='GPL\x00', 0xb0, 0x0, 0x0, 0x41000, 0xb, '\x00', r7, 0x0, r8, 0x8, &(0x7f0000000480)={0x9, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x3, 0xe, 0x7, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r0]}, 0x80) close(r1) 18:44:12 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) prlimit64(0xffffffffffffffff, 0xc, &(0x7f00000000c0)={0x7, 0x7}, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async, rerun: 64) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async, rerun: 64) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:44:12 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) [ 836.021973][T30774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 836.032565][T30774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 836.044084][T30774] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 836.053196][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 18:44:12 executing program 2: syz_clone(0x10007000, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) 18:44:12 executing program 0: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x490c80, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) getxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)=@random={'system.', '\xf2\xe1\xbaJ\xf0\xb8w-\xaa7s\xe1.\x89'}, &(0x7f00000000c0)=""/79, 0x4f) 18:44:12 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async, rerun: 64) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async, rerun: 64) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) prlimit64(0xffffffffffffffff, 0xc, &(0x7f00000000c0)={0x7, 0x7}, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async, rerun: 32) write$cgroup_int(r2, &(0x7f0000000080), 0x12) (rerun: 32) 18:44:12 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0xd, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:12 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) r4 = syz_clone(0x800, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) wait4(r4, &(0x7f0000000100), 0x2, &(0x7f0000000240)) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) getpeername$packet(r6, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000400)={'syztnl0\x00', &(0x7f0000000380)={'sit0\x00', 0x0, 0x4, 0x1, 0x2, 0x7, 0x0, @private0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x7, 0x800, 0x6}}) pipe(&(0x7f0000000440)={0xffffffffffffffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x7, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x3ff}, [@map_idx_val={0x18, 0x7, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2}, @map_fd={0x18, 0x2, 0x1, 0x0, r6}]}, &(0x7f0000000340)='GPL\x00', 0xb0, 0x0, 0x0, 0x41000, 0xb, '\x00', r7, 0x0, r8, 0x8, &(0x7f0000000480)={0x9, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x3, 0xe, 0x7, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r0]}, 0x80) close(r1) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) (async) openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x800, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) (async) wait4(r4, &(0x7f0000000100), 0x2, &(0x7f0000000240)) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async) dup(r5) (async) getpeername$packet(r6, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000400)={'syztnl0\x00', &(0x7f0000000380)={'sit0\x00', 0x0, 0x4, 0x1, 0x2, 0x7, 0x0, @private0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x7, 0x800, 0x6}}) (async) pipe(&(0x7f0000000440)) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x7, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x3ff}, [@map_idx_val={0x18, 0x7, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2}, @map_fd={0x18, 0x2, 0x1, 0x0, r6}]}, &(0x7f0000000340)='GPL\x00', 0xb0, 0x0, 0x0, 0x41000, 0xb, '\x00', r7, 0x0, r8, 0x8, &(0x7f0000000480)={0x9, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x3, 0xe, 0x7, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r0]}, 0x80) (async) close(r1) (async) 18:44:12 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x8001, 0x48) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:44:12 executing program 0: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x490c80, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) (async) getxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000180)=@random={'system.', '\xf2\xe1\xbaJ\xf0\xb8w-\xaa7s\xe1.\x89'}, &(0x7f00000000c0)=""/79, 0x4f) [ 836.099281][T30818] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 836.107575][T30819] loop5: detected capacity change from 0 to 1024 18:44:12 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) r4 = syz_clone(0x800, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) (async) wait4(r4, &(0x7f0000000100), 0x2, &(0x7f0000000240)) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) getpeername$packet(r6, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000400)={'syztnl0\x00', &(0x7f0000000380)={'sit0\x00', 0x0, 0x4, 0x1, 0x2, 0x7, 0x0, @private0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x80, 0x7, 0x800, 0x6}}) (async) pipe(&(0x7f0000000440)={0xffffffffffffffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x7, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x3ff}, [@map_idx_val={0x18, 0x7, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2}, @map_fd={0x18, 0x2, 0x1, 0x0, r6}]}, &(0x7f0000000340)='GPL\x00', 0xb0, 0x0, 0x0, 0x41000, 0xb, '\x00', r7, 0x0, r8, 0x8, &(0x7f0000000480)={0x9, 0x3}, 0x8, 0x10, &(0x7f00000004c0)={0x3, 0xe, 0x7, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r0]}, 0x80) (async) close(r1) 18:44:12 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0xe, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:12 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) [ 836.164838][T30846] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 836.175601][T30819] EXT4-fs error (device loop5): __ext4_fill_super:5326: inode #2: comm syz-executor.5: iget: root inode unallocated [ 836.193578][T30872] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 836.198998][T30870] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 18:44:12 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) link(&(0x7f0000000100)='./file0\x00', &(0x7f0000000240)='./file0\x00') umount2(&(0x7f00000000c0)='./file0\x00', 0x8) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000280)=0xaf, 0x12) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) [ 836.210534][T30870] CPU: 1 PID: 30870 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 836.221685][T30870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 836.231850][T30870] Call Trace: [ 836.232489][T30819] EXT4-fs (loop5): get root inode failed [ 836.235121][T30870] [ 836.235130][T30870] dump_stack_lvl+0xd6/0x122 [ 836.240766][T30819] EXT4-fs (loop5): mount failed [ 836.243667][T30870] dump_stack+0x11/0x12 [ 836.257308][T30870] dump_header+0x98/0x410 [ 836.261624][T30870] oom_kill_process+0xfe/0x550 [ 836.266368][T30870] out_of_memory+0x620/0x880 [ 836.270955][T30870] memory_max_write+0x31b/0x420 [ 836.275794][T30870] ? memory_max_show+0x70/0x70 [ 836.280538][T30870] cgroup_file_write+0x167/0x300 [ 836.285513][T30870] ? __check_object_size+0x235/0x380 [ 836.290782][T30870] ? cgroup_seqfile_stop+0x70/0x70 [ 836.295994][T30870] kernfs_fop_write_iter+0x1d3/0x2c0 [ 836.301311][T30870] vfs_write+0x71c/0x890 [ 836.305532][T30870] ksys_write+0xe8/0x1a0 [ 836.309831][T30870] __x64_sys_write+0x3e/0x50 [ 836.314469][T30870] do_syscall_64+0x2b/0x70 [ 836.318897][T30870] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 836.325028][T30870] RIP: 0033:0x7f682d3270e9 [ 836.329462][T30870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 836.349099][T30870] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 836.357491][T30870] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 836.365526][T30870] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 836.373473][T30870] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 836.381423][T30870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 836.389400][T30870] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 836.397396][T30870] [ 836.400562][T30870] memory: usage 184kB, limit 0kB, failcnt 7115 [ 836.406745][T30870] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 836.413626][T30870] Memory cgroup stats for /syz0: [ 836.416446][T30870] anon 40960 [ 836.416446][T30870] file 53248 [ 836.416446][T30870] kernel 61440 [ 836.416446][T30870] kernel_stack 0 [ 836.416446][T30870] pagetables 8192 [ 836.416446][T30870] percpu 0 [ 836.416446][T30870] sock 0 [ 836.416446][T30870] vmalloc 0 [ 836.416446][T30870] shmem 53248 [ 836.416446][T30870] file_mapped 53248 [ 836.416446][T30870] file_dirty 0 [ 836.416446][T30870] file_writeback 0 [ 836.416446][T30870] swapcached 0 [ 836.416446][T30870] inactive_anon 40960 [ 836.416446][T30870] active_anon 53248 [ 836.416446][T30870] inactive_file 0 [ 836.416446][T30870] active_file 0 [ 836.416446][T30870] unevictable 0 [ 836.416446][T30870] slab_reclaimable 14304 [ 836.416446][T30870] slab_unreclaimable 28728 [ 836.416446][T30870] slab 43032 [ 836.416446][T30870] workingset_refault_anon 0 [ 836.416446][T30870] workingset_refault_file 7 [ 836.416446][T30870] workingset_activate_anon 0 [ 836.416446][T30870] workingset_activate_file 0 [ 836.509562][T30870] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=30774,uid=0 [ 836.524829][T30870] Memory cgroup out of memory: Killed process 30774 (syz-executor.0) total-vm:42336kB, anon-rss:380kB, file-rss:9064kB, shmem-rss:56kB, UID:0 pgtables:72kB oom_score_adj:0 [ 836.544144][T30870] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 836.554109][T30870] CPU: 1 PID: 30870 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 836.565121][T30870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 836.575175][T30870] Call Trace: [ 836.578430][T30870] [ 836.581360][T30870] dump_stack_lvl+0xd6/0x122 [ 836.585932][T30870] dump_stack+0x11/0x12 [ 836.590063][T30870] dump_header+0x98/0x410 [ 836.594439][T30870] out_of_memory+0x65e/0x880 [ 836.599013][T30870] memory_max_write+0x31b/0x420 [ 836.603850][T30870] ? memory_max_show+0x70/0x70 [ 836.608688][T30870] cgroup_file_write+0x167/0x300 [ 836.613734][T30870] ? __check_object_size+0x235/0x380 [ 836.619020][T30870] ? cgroup_seqfile_stop+0x70/0x70 [ 836.624168][T30870] kernfs_fop_write_iter+0x1d3/0x2c0 [ 836.629449][T30870] vfs_write+0x71c/0x890 [ 836.633681][T30870] ksys_write+0xe8/0x1a0 [ 836.637990][T30870] __x64_sys_write+0x3e/0x50 [ 836.642567][T30870] do_syscall_64+0x2b/0x70 [ 836.646964][T30870] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 836.652841][T30870] RIP: 0033:0x7f682d3270e9 [ 836.657247][T30870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 836.676832][T30870] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 836.685221][T30870] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 836.693168][T30870] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 836.701116][T30870] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 836.709067][T30870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 18:44:12 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:12 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0xf, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:12 executing program 2: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0xd, &(0x7f0000000000)=@framed={{}, [@kfunc, @map_idx_val, @cb_func, @func, @generic, @map_val, @call]}, &(0x7f0000000100)='syzkaller\x00', 0x82f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80) 18:44:12 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async, rerun: 64) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (rerun: 64) link(&(0x7f0000000100)='./file0\x00', &(0x7f0000000240)='./file0\x00') (async) umount2(&(0x7f00000000c0)='./file0\x00', 0x8) (async, rerun: 64) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 64) r1 = dup(r0) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) write$cgroup_int(r1, &(0x7f0000000280)=0xaf, 0x12) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async, rerun: 64) write$cgroup_int(r3, &(0x7f0000000080), 0x12) (rerun: 64) [ 836.717028][T30870] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 836.725030][T30870] [ 836.728135][T30870] memory: usage 92kB, limit 0kB, failcnt 7132 [ 836.734466][T30870] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 836.741320][T30870] Memory cgroup stats for /syz0: [ 836.742983][T30870] anon 0 [ 836.742983][T30870] file 53248 [ 836.742983][T30870] kernel 28672 [ 836.742983][T30870] kernel_stack 0 [ 836.742983][T30870] pagetables 0 [ 836.742983][T30870] percpu 0 18:44:12 executing program 2: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001340)={&(0x7f0000001240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@fwd={0x4}]}, {0x0, [0x0, 0x0, 0x0, 0x5f]}}, &(0x7f0000001280)=""/168, 0x2a, 0xa8, 0x1}, 0x20) [ 836.742983][T30870] sock 0 [ 836.742983][T30870] vmalloc 0 [ 836.742983][T30870] shmem 53248 [ 836.742983][T30870] file_mapped 53248 [ 836.742983][T30870] file_dirty 0 [ 836.742983][T30870] file_writeback 0 [ 836.742983][T30870] swapcached 0 [ 836.742983][T30870] inactive_anon 0 [ 836.742983][T30870] active_anon 53248 [ 836.742983][T30870] inactive_file 0 [ 836.742983][T30870] active_file 0 [ 836.742983][T30870] unevictable 0 [ 836.742983][T30870] slab_reclaimable 6984 [ 836.742983][T30870] slab_unreclaimable 18960 [ 836.742983][T30870] slab 25944 18:44:13 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) link(&(0x7f0000000100)='./file0\x00', &(0x7f0000000240)='./file0\x00') umount2(&(0x7f00000000c0)='./file0\x00', 0x8) (async, rerun: 64) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 64) r1 = dup(r0) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000280)=0xaf, 0x12) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32) prlimit64(0x0, 0x0, 0x0, 0x0) (async, rerun: 32) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) [ 836.742983][T30870] workingset_refault_anon 0 [ 836.742983][T30870] workingset_refault_file 7 [ 836.742983][T30870] workingset_activate_anon 0 [ 836.742983][T30870] workingset_activate_file 0 [ 836.795453][T30895] loop5: detected capacity change from 0 to 1024 [ 836.835244][T30870] Out of memory and no killable processes... [ 836.854304][T30896] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 18:44:13 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x8001, 0x48) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) open(&(0x7f00000000c0)='./file0\x00', 0x8001, 0x48) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) (async) 18:44:13 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x10, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:13 executing program 2: r0 = gettid() r1 = gettid() rt_tgsigqueueinfo(r0, r1, 0x0, &(0x7f0000000400)={0x0, 0x0, 0xaf3026ba}) 18:44:13 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) fchdir(r0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) [ 836.879600][T30895] EXT4-fs error (device loop5): __ext4_fill_super:5326: inode #2: comm syz-executor.5: iget: root inode unallocated [ 836.896074][T30895] EXT4-fs (loop5): get root inode failed [ 836.901803][T30895] EXT4-fs (loop5): mount failed [ 836.908560][T30909] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 836.938130][T30913] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 836.948477][T30913] CPU: 1 PID: 30913 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 836.959543][T30913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 836.969583][T30913] Call Trace: [ 836.972851][T30913] [ 836.975771][T30913] dump_stack_lvl+0xd6/0x122 [ 836.980528][T30913] dump_stack+0x11/0x12 [ 836.984692][T30913] dump_header+0x98/0x410 [ 836.989014][T30913] out_of_memory+0x65e/0x880 [ 836.993597][T30913] memory_max_write+0x31b/0x420 [ 836.998448][T30913] ? memory_max_show+0x70/0x70 [ 837.003271][T30913] cgroup_file_write+0x167/0x300 [ 837.008294][T30913] ? __check_object_size+0x235/0x380 [ 837.013576][T30913] ? cgroup_seqfile_stop+0x70/0x70 [ 837.018796][T30913] kernfs_fop_write_iter+0x1d3/0x2c0 [ 837.024076][T30913] vfs_write+0x71c/0x890 [ 837.028382][T30913] ksys_write+0xe8/0x1a0 [ 837.032612][T30913] __x64_sys_write+0x3e/0x50 [ 837.037228][T30913] do_syscall_64+0x2b/0x70 [ 837.041636][T30913] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 837.047519][T30913] RIP: 0033:0x7ff0acc260e9 [ 837.051915][T30913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 837.071599][T30913] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 837.080001][T30913] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 18:44:13 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 18:44:13 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f0000000240)={0x0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {}, {0x2, 0x0, @remote}, 0x24, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)='veth0_to_bond\x00'}) 18:44:13 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00698c", 0x20, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:13 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x11, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:13 executing program 2: setsockopt$pppl2tp_PPPOL2TP_SO_SENDSEQ(0xffffffffffffffff, 0x111, 0x3, 0x0, 0xffffffffffffffc8) [ 837.087962][T30913] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 837.095922][T30913] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 837.103891][T30913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 837.111870][T30913] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 837.119833][T30913] [ 837.122957][T30913] memory: usage 80kB, limit 0kB, failcnt 7132 [ 837.129179][T30913] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 18:44:13 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 18:44:13 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) open(&(0x7f00000000c0)='./file0\x00', 0x8001, 0x48) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) [ 837.136035][T30913] Memory cgroup stats for /syz0: [ 837.156666][T30933] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 837.165931][T30913] anon 0 [ 837.165931][T30913] file 53248 [ 837.165931][T30913] kernel 24576 [ 837.165931][T30913] kernel_stack 0 [ 837.165931][T30913] pagetables 0 [ 837.165931][T30913] percpu 0 [ 837.165931][T30913] sock 0 [ 837.165931][T30913] vmalloc 0 [ 837.165931][T30913] shmem 53248 [ 837.165931][T30913] file_mapped 53248 [ 837.165931][T30913] file_dirty 0 [ 837.165931][T30913] file_writeback 0 [ 837.165931][T30913] swapcached 0 [ 837.165931][T30913] inactive_anon 0 [ 837.165931][T30913] active_anon 53248 [ 837.165931][T30913] inactive_file 0 [ 837.165931][T30913] active_file 0 [ 837.165931][T30913] unevictable 0 [ 837.165931][T30913] slab_reclaimable 4432 [ 837.165931][T30913] slab_unreclaimable 15200 [ 837.165931][T30913] slab 19632 [ 837.165931][T30913] workingset_refault_anon 0 [ 837.165931][T30913] workingset_refault_file 7 [ 837.165931][T30913] workingset_activate_anon 0 [ 837.165931][T30913] workingset_activate_file 0 18:44:13 executing program 2: pselect6(0x40, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000000700), 0x0) 18:44:13 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x12, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:13 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x1) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) [ 837.255681][T30913] Out of memory and no killable processes... [ 837.274344][T30938] loop5: detected capacity change from 0 to 1024 18:44:13 executing program 2: keyctl$search(0xa, 0x0, &(0x7f0000001bc0)='dns_resolver\x00', &(0x7f0000001c00)={'syz', 0x2}, 0xfffffffffffffffd) 18:44:13 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async, rerun: 64) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (rerun: 64) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) fchdir(r0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) (async, rerun: 64) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async, rerun: 64) write$cgroup_int(r3, &(0x7f0000000080), 0x12) [ 837.307704][T30938] EXT4-fs error (device loop5): __ext4_fill_super:5326: inode #2: comm syz-executor.5: iget: root inode unallocated [ 837.339858][T30956] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 837.348487][T30938] EXT4-fs (loop5): get root inode failed [ 837.354130][T30938] EXT4-fs (loop5): mount failed [ 837.376285][T30948] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 837.386386][T30948] CPU: 1 PID: 30948 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 837.397486][T30948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 837.407535][T30948] Call Trace: [ 837.410862][T30948] [ 837.413786][T30948] dump_stack_lvl+0xd6/0x122 [ 837.418384][T30948] dump_stack+0x11/0x12 [ 837.422622][T30948] dump_header+0x98/0x410 [ 837.426949][T30948] out_of_memory+0x65e/0x880 [ 837.431556][T30948] memory_max_write+0x31b/0x420 [ 837.436469][T30948] ? memory_max_show+0x70/0x70 [ 837.441233][T30948] cgroup_file_write+0x167/0x300 [ 837.446171][T30948] ? __check_object_size+0x235/0x380 [ 837.451455][T30948] ? cgroup_seqfile_stop+0x70/0x70 [ 837.456566][T30948] kernfs_fop_write_iter+0x1d3/0x2c0 [ 837.461853][T30948] vfs_write+0x71c/0x890 [ 837.466100][T30948] ksys_write+0xe8/0x1a0 [ 837.470412][T30948] __x64_sys_write+0x3e/0x50 [ 837.475005][T30948] do_syscall_64+0x2b/0x70 [ 837.479431][T30948] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 837.485386][T30948] RIP: 0033:0x7f682d3270e9 [ 837.489859][T30948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 837.509466][T30948] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 837.517874][T30948] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 837.525846][T30948] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 837.533810][T30948] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 837.541826][T30948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 837.549890][T30948] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 18:44:13 executing program 2: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) accept4$vsock_stream(r0, 0x0, 0x0, 0x0) 18:44:13 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$sock_timeval(r0, 0x1, 0x43, 0x0, &(0x7f0000000080)) [ 837.557864][T30948] [ 837.560905][T30948] memory: usage 72kB, limit 0kB, failcnt 7132 [ 837.566960][T30948] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 837.573942][T30948] Memory cgroup stats for /syz0: [ 837.585669][T30948] anon 0 [ 837.585669][T30948] file 53248 [ 837.585669][T30948] kernel 20480 [ 837.585669][T30948] kernel_stack 0 [ 837.585669][T30948] pagetables 0 [ 837.585669][T30948] percpu 0 [ 837.585669][T30948] sock 0 [ 837.585669][T30948] vmalloc 0 [ 837.585669][T30948] shmem 53248 [ 837.585669][T30948] file_mapped 53248 [ 837.585669][T30948] file_dirty 0 [ 837.585669][T30948] file_writeback 0 [ 837.585669][T30948] swapcached 0 [ 837.585669][T30948] inactive_anon 0 [ 837.585669][T30948] active_anon 53248 [ 837.585669][T30948] inactive_file 0 [ 837.585669][T30948] active_file 0 [ 837.585669][T30948] unevictable 0 [ 837.585669][T30948] slab_reclaimable 3056 [ 837.585669][T30948] slab_unreclaimable 14936 [ 837.585669][T30948] slab 17992 [ 837.585669][T30948] workingset_refault_anon 0 [ 837.585669][T30948] workingset_refault_file 7 [ 837.585669][T30948] workingset_activate_anon 0 [ 837.585669][T30948] workingset_activate_file 0 [ 837.677797][T30948] Out of memory and no killable processes... [ 837.686815][T30955] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 837.697004][T30955] CPU: 1 PID: 30955 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 837.708018][T30955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 837.718067][T30955] Call Trace: [ 837.721335][T30955] [ 837.724260][T30955] dump_stack_lvl+0xd6/0x122 [ 837.728852][T30955] dump_stack+0x11/0x12 [ 837.733096][T30955] dump_header+0x98/0x410 [ 837.737460][T30955] out_of_memory+0x65e/0x880 [ 837.742048][T30955] memory_max_write+0x31b/0x420 [ 837.746906][T30955] ? memory_max_show+0x70/0x70 [ 837.751779][T30955] cgroup_file_write+0x167/0x300 [ 837.756726][T30955] ? __check_object_size+0x235/0x380 [ 837.762009][T30955] ? cgroup_seqfile_stop+0x70/0x70 [ 837.767191][T30955] kernfs_fop_write_iter+0x1d3/0x2c0 [ 837.772591][T30955] vfs_write+0x71c/0x890 [ 837.776837][T30955] ksys_write+0xe8/0x1a0 [ 837.781118][T30955] __x64_sys_write+0x3e/0x50 [ 837.785718][T30955] do_syscall_64+0x2b/0x70 [ 837.790138][T30955] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 837.796032][T30955] RIP: 0033:0x7ff0acc260e9 [ 837.800439][T30955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 837.820095][T30955] RSP: 002b:00007ff0ac35a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 837.828584][T30955] RAX: ffffffffffffffda RBX: 00007ff0acd39100 RCX: 00007ff0acc260e9 [ 837.836553][T30955] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000052 [ 837.844662][T30955] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 18:44:14 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:14 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x14, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:14 executing program 2: getresuid(&(0x7f0000000700), 0x0, 0x0) [ 837.852710][T30955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 837.860757][T30955] R13: 00007ffe7a47396f R14: 00007ff0ac35a300 R15: 0000000000022000 [ 837.868799][T30955] [ 837.871982][T30955] memory: usage 72kB, limit 0kB, failcnt 7132 [ 837.878042][T30955] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 837.884894][T30955] Memory cgroup stats for /syz0: [ 837.885265][T30955] anon 0 [ 837.885265][T30955] file 53248 [ 837.885265][T30955] kernel 20480 [ 837.885265][T30955] kernel_stack 0 [ 837.885265][T30955] pagetables 0 [ 837.885265][T30955] percpu 0 [ 837.885265][T30955] sock 0 [ 837.885265][T30955] vmalloc 0 [ 837.885265][T30955] shmem 53248 [ 837.885265][T30955] file_mapped 53248 [ 837.885265][T30955] file_dirty 0 [ 837.885265][T30955] file_writeback 0 [ 837.885265][T30955] swapcached 0 [ 837.885265][T30955] inactive_anon 0 [ 837.885265][T30955] active_anon 53248 [ 837.885265][T30955] inactive_file 0 [ 837.885265][T30955] active_file 0 [ 837.885265][T30955] unevictable 0 [ 837.885265][T30955] slab_reclaimable 3056 [ 837.885265][T30955] slab_unreclaimable 14936 [ 837.885265][T30955] slab 17992 [ 837.885265][T30955] workingset_refault_anon 0 [ 837.885265][T30955] workingset_refault_file 7 [ 837.885265][T30955] workingset_activate_anon 0 [ 837.885265][T30955] workingset_activate_file 0 [ 837.913758][T30965] loop5: detected capacity change from 0 to 1024 [ 837.977683][T30955] Out of memory and no killable processes... [ 837.985100][T30967] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 838.012702][T30965] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (60729!=0) [ 838.021970][T30965] EXT4-fs (loop5): group descriptors corrupted! [ 838.219832][ T1837] device hsr_slave_0 left promiscuous mode [ 838.225942][ T1837] device hsr_slave_1 left promiscuous mode [ 838.232291][ T1837] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 838.239682][ T1837] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 838.247195][ T1837] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 838.254587][ T1837] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 838.262478][ T1837] device bridge_slave_1 left promiscuous mode [ 838.268646][ T1837] bridge0: port 2(bridge_slave_1) entered disabled state [ 838.276969][ T1837] device bridge_slave_0 left promiscuous mode [ 838.283224][ T1837] bridge0: port 1(bridge_slave_0) entered disabled state [ 838.292820][ T1837] device veth1_macvtap left promiscuous mode [ 838.298814][ T1837] device veth0_macvtap left promiscuous mode [ 838.304873][ T1837] device veth1_vlan left promiscuous mode [ 838.310651][ T1837] device veth0_vlan left promiscuous mode [ 838.391742][ T1837] team0 (unregistering): Port device team_slave_1 removed [ 838.401220][ T1837] team0 (unregistering): Port device team_slave_0 removed [ 838.410696][ T1837] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 838.421514][ T1837] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 838.449579][ T1837] bond0 (unregistering): Released all slaves [ 839.040671][T30972] chnl_net:caif_netlink_parms(): no params data found [ 839.069566][T30972] bridge0: port 1(bridge_slave_0) entered blocking state [ 839.076586][T30972] bridge0: port 1(bridge_slave_0) entered disabled state [ 839.084143][T30972] device bridge_slave_0 entered promiscuous mode [ 839.091776][T30972] bridge0: port 2(bridge_slave_1) entered blocking state [ 839.098899][T30972] bridge0: port 2(bridge_slave_1) entered disabled state [ 839.106360][T30972] device bridge_slave_1 entered promiscuous mode [ 839.121247][T30972] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 839.131688][T30972] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 839.148071][T30972] team0: Port device team_slave_0 added [ 839.154395][T30972] team0: Port device team_slave_1 added [ 839.167688][T30972] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 839.174626][T30972] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 839.200571][T30972] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 839.212427][T30972] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 839.219376][T30972] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 839.245248][T30972] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 839.266572][T30972] device hsr_slave_0 entered promiscuous mode [ 839.273654][T30972] device hsr_slave_1 entered promiscuous mode [ 839.280004][T30972] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 839.287529][T30972] Cannot create hsr debugfs directory [ 839.314451][T30972] bridge0: port 2(bridge_slave_1) entered blocking state [ 839.321496][T30972] bridge0: port 2(bridge_slave_1) entered forwarding state [ 839.328745][T30972] bridge0: port 1(bridge_slave_0) entered blocking state [ 839.335762][T30972] bridge0: port 1(bridge_slave_0) entered forwarding state [ 839.363197][T30972] 8021q: adding VLAN 0 to HW filter on device bond0 [ 839.373120][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 839.382152][ T40] bridge0: port 1(bridge_slave_0) entered disabled state [ 839.389759][ T40] bridge0: port 2(bridge_slave_1) entered disabled state [ 839.400675][T30972] 8021q: adding VLAN 0 to HW filter on device team0 [ 839.410250][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 839.418520][ T1916] bridge0: port 1(bridge_slave_0) entered blocking state [ 839.425565][ T1916] bridge0: port 1(bridge_slave_0) entered forwarding state [ 839.444489][T30972] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 839.454887][T30972] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 839.467974][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 839.476361][ T1916] bridge0: port 2(bridge_slave_1) entered blocking state [ 839.483470][ T1916] bridge0: port 2(bridge_slave_1) entered forwarding state [ 839.491848][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 839.500396][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 839.509235][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 839.517664][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 839.528329][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 839.536013][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 839.547237][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 839.555401][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 839.564896][T30972] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 839.641013][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 839.651147][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 839.687103][T30972] device veth0_vlan entered promiscuous mode [ 839.693761][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 839.702250][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 839.710925][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 839.718804][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 839.729228][T30972] device veth1_vlan entered promiscuous mode [ 839.741402][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 839.750465][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 839.758450][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 839.766721][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 839.777380][T30972] device veth0_macvtap entered promiscuous mode [ 839.785711][T30972] device veth1_macvtap entered promiscuous mode [ 839.796299][T30972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 839.806755][T30972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 839.816575][T30972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 839.827005][T30972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 839.836979][T30972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 839.847411][T30972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 839.857222][T30972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 839.867679][T30972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 839.877577][T30972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 839.888026][T30972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 839.899674][T30972] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 839.907748][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 839.915923][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 839.924070][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 839.932618][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 839.942211][T30972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 839.952767][T30972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 839.962630][T30972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 839.973110][T30972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 839.982902][T30972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 839.993311][T30972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 840.003217][T30972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 840.013714][T30972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 840.023525][T30972] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 840.033935][T30972] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 18:44:16 executing program 0: sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="56992c00", @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25080000003400038008000200a026641b0800020017000000080001001f000000080003003f0000000800030000000000080001000200000004000680"], 0x4c}, 0x1, 0x0, 0x0, 0xc04}, 0xc0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='overlay\x00', 0x1080420, 0x0) listxattr(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 18:44:16 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async, rerun: 32) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x1) (rerun: 32) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:44:16 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x1d, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:16 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) fchdir(r0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) fchdir(r0) (async) openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) (async) 18:44:16 executing program 2: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, 0xffffffffffffffff, 0x0) accept4$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0x2711, @host}, 0x10, 0x800) syz_clone(0x40000000, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)="30b3943d3cb6ba3871ee58b0bf0849902634afb0788cbbe17ad7e8f7c8ee") 18:44:16 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) [ 840.044854][T30972] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 840.052771][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 840.062204][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 840.109209][T31014] loop5: detected capacity change from 0 to 1024 [ 840.120697][T31015] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 840.130359][T31019] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 840.140306][T31019] CPU: 0 PID: 31019 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 840.151394][T31019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 840.161441][T31019] Call Trace: [ 840.164734][T31019] [ 840.167658][T31019] dump_stack_lvl+0xd6/0x122 [ 840.172268][T31019] dump_stack+0x11/0x12 [ 840.176427][T31019] dump_header+0x98/0x410 [ 840.180798][T31019] oom_kill_process+0xfe/0x550 [ 840.185559][T31019] out_of_memory+0x620/0x880 [ 840.190212][T31019] memory_max_write+0x31b/0x420 [ 840.195054][T31019] ? memory_max_show+0x70/0x70 [ 840.199814][T31019] cgroup_file_write+0x167/0x300 [ 840.204940][T31019] ? __check_object_size+0x235/0x380 [ 840.210259][T31019] ? cgroup_seqfile_stop+0x70/0x70 [ 840.215406][T31019] kernfs_fop_write_iter+0x1d3/0x2c0 [ 840.220683][T31019] vfs_write+0x71c/0x890 [ 840.224959][T31019] ksys_write+0xe8/0x1a0 [ 840.229280][T31019] __x64_sys_write+0x3e/0x50 [ 840.233929][T31019] do_syscall_64+0x2b/0x70 [ 840.238342][T31019] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 840.244229][T31019] RIP: 0033:0x7f682d3270e9 [ 840.248702][T31019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 840.268302][T31019] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 840.276704][T31019] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 840.284675][T31019] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 840.292816][T31019] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 840.300769][T31019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 18:44:16 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqsrc(r0, 0x6, 0x10, &(0x7f0000000400)={@multicast1, @multicast2, @private}, 0xc) 18:44:16 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x1e, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 840.308779][T31019] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 840.316738][T31019] [ 840.319842][T31019] memory: usage 140kB, limit 0kB, failcnt 7151 [ 840.325984][T31019] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 840.332846][T31019] Memory cgroup stats for /syz0: [ 840.350409][T31019] anon 40960 [ 840.350409][T31019] file 53248 [ 840.350409][T31019] kernel 40960 [ 840.350409][T31019] kernel_stack 0 [ 840.350409][T31019] pagetables 8192 [ 840.350409][T31019] percpu 0 [ 840.350409][T31019] sock 0 [ 840.350409][T31019] vmalloc 0 [ 840.350409][T31019] shmem 53248 [ 840.350409][T31019] file_mapped 53248 [ 840.350409][T31019] file_dirty 0 [ 840.350409][T31019] file_writeback 0 [ 840.350409][T31019] swapcached 0 [ 840.350409][T31019] inactive_anon 40960 [ 840.350409][T31019] active_anon 53248 [ 840.350409][T31019] inactive_file 0 [ 840.350409][T31019] active_file 0 [ 840.350409][T31019] unevictable 0 [ 840.350409][T31019] slab_reclaimable 4232 [ 840.350409][T31019] slab_unreclaimable 18216 [ 840.350409][T31019] slab 22448 [ 840.350409][T31019] workingset_refault_anon 0 [ 840.350409][T31019] workingset_refault_file 7 [ 840.350409][T31019] workingset_activate_anon 0 [ 840.350409][T31019] workingset_activate_file 0 [ 840.352187][T31039] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 840.355451][T31019] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null) [ 840.447059][T31014] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (60729!=0) [ 840.450389][T31019] ,cpuset=syz4,mems_allowed=0,oom_memcg=/syz0,task_memcg= [ 840.457294][T31014] EXT4-fs (loop5): group descriptors corrupted! [ 840.466483][T31019] /syz0,task=syz-executor.0,pid=30972,uid=0 18:44:16 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$bind(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)='./file0\x00', &(0x7f00000005c0), 0x1080, 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.swap.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000100)={&(0x7f0000000240)="47691f2fcd6ddd10ee27f2f957075f78a5a939fbcd4d0c914e2ba718fb589268dfe7a07bf2da359be430e745c7be3b3b1f1e78cdad1ea4ca1962bcbb365db410c157d2abc064e70e42eb30289899a800f567f3f0948c7232796d49357400602f92b0aee4b2d6558c0ae968628afa3b12cb333eb9be6bd41c8aadefa483e9463d187fcbfd1d3ee709a73c34ae8a191d861fba176c801ffb998560af24872c8540ac44c134befb74134c810b6edf41edb902e6c30151c73757473bfc5d3fb9374f4a8f3530a42ce785", &(0x7f0000000340)=""/66, &(0x7f00000003c0)="1cbf47c6fa949feb1031f288d8aae764859d01bec7e6e5da028a396b5e76ae72ce478e24dc85291c6bf73c2a62d105c6e7db1f305df9743ae3e65711597cd5471e4c57159c78dd2e74a67c2026a644da85f433832b74cb4b43301d9c0769b1be0b23bf47c443d5a21c25d1a1a16cb9251395bf49205f9b39a616005acba91c68eddcad1d07167dfb578d85e82a49a70d5167e0cadf0591ddf92c769222cced34c0fadd7de8910806912f4421c37daa8dea46745d62b7f1e3fc6b817d03a145544c", &(0x7f00000004c0)="2233b54c06c0be308406ef4a1959f28928603b296c80b3c75347500e635e2fd92f11448807893e80dea76f84577ae28beadb55df3b0df34f85dc5b881af820f477d53fa638fec2899052a4d6fb253e38a363c7", 0xfff, r0}, 0x38) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:44:16 executing program 2: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f0000001480)) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, &(0x7f00000014c0)) 18:44:16 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x25, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:16 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) [ 840.466512][T31019] Memory cgroup out of memory: Killed process 30972 (syz-executor.0) total-vm:42336kB, anon-rss:364kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:0 [ 840.480926][T30972] socket: no more sockets [ 840.541009][ T24] audit: type=1400 audit(1651085056.735:357): avc: denied { ioctl } for pid=31046 comm="syz-executor.2" path="/dev/loop-control" dev="devtmpfs" ino=99 ioctlcmd=0x4c81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 840.541022][T31019] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 840.569126][T31047] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 840.577424][T31019] CPU: 1 PID: 31019 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 840.595319][T31019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 840.605390][T31019] Call Trace: [ 840.608660][T31019] [ 840.611633][T31019] dump_stack_lvl+0xd6/0x122 [ 840.616231][T31019] dump_stack+0x11/0x12 [ 840.620528][T31019] dump_header+0x98/0x410 [ 840.624942][T31019] out_of_memory+0x65e/0x880 [ 840.629533][T31019] memory_max_write+0x31b/0x420 [ 840.634375][T31019] ? memory_max_show+0x70/0x70 [ 840.639139][T31019] cgroup_file_write+0x167/0x300 [ 840.644071][T31019] ? __check_object_size+0x235/0x380 [ 840.649406][T31019] ? cgroup_seqfile_stop+0x70/0x70 [ 840.654512][T31019] kernfs_fop_write_iter+0x1d3/0x2c0 [ 840.659845][T31019] vfs_write+0x71c/0x890 [ 840.664137][T31019] ksys_write+0xe8/0x1a0 [ 840.668383][T31019] __x64_sys_write+0x3e/0x50 [ 840.672974][T31019] do_syscall_64+0x2b/0x70 [ 840.677400][T31019] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 840.683341][T31019] RIP: 0033:0x7f682d3270e9 [ 840.687743][T31019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 840.707363][T31019] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 840.715767][T31019] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 840.723724][T31019] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 840.731717][T31019] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 840.739726][T31019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 840.747689][T31019] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 840.755661][T31019] [ 840.758709][T31019] memory: usage 80kB, limit 0kB, failcnt 7168 [ 840.764764][T31019] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 840.771618][T31019] Memory cgroup stats for /syz0: [ 840.772706][T31019] anon 0 [ 840.772706][T31019] file 53248 [ 840.772706][T31019] kernel 28672 [ 840.772706][T31019] kernel_stack 0 [ 840.772706][T31019] pagetables 0 [ 840.772706][T31019] percpu 0 [ 840.772706][T31019] sock 0 [ 840.772706][T31019] vmalloc 0 [ 840.772706][T31019] shmem 53248 [ 840.772706][T31019] file_mapped 53248 [ 840.772706][T31019] file_dirty 0 [ 840.772706][T31019] file_writeback 0 [ 840.772706][T31019] swapcached 0 [ 840.772706][T31019] inactive_anon 0 [ 840.772706][T31019] active_anon 53248 [ 840.772706][T31019] inactive_file 0 [ 840.772706][T31019] active_file 0 [ 840.772706][T31019] unevictable 0 [ 840.772706][T31019] slab_reclaimable 4232 [ 840.772706][T31019] slab_unreclaimable 18216 [ 840.772706][T31019] slab 22448 [ 840.772706][T31019] workingset_refault_anon 0 [ 840.772706][T31019] workingset_refault_file 7 [ 840.772706][T31019] workingset_activate_anon 0 [ 840.772706][T31019] workingset_activate_file 0 [ 840.864804][T31019] Out of memory and no killable processes... 18:44:17 executing program 0: sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="56992c00", @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25080000003400038008000200a026641b0800020017000000080001001f000000080003003f0000000800030000000000080001000200000004000680"], 0x4c}, 0x1, 0x0, 0x0, 0xc04}, 0xc0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='overlay\x00', 0x1080420, 0x0) listxattr(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="56992c00", @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25080000003400038008000200a026641b0800020017000000080001001f000000080003003f0000000800030000000000080001000200000004000680"], 0x4c}, 0x1, 0x0, 0x0, 0xc04}, 0xc0) (async) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='overlay\x00', 0x1080420, 0x0) (async) listxattr(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) (async) 18:44:17 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x1) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:44:17 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x48, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:17 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$bind(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)='./file0\x00', &(0x7f00000005c0), 0x1080, 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.swap.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000100)={&(0x7f0000000240)="47691f2fcd6ddd10ee27f2f957075f78a5a939fbcd4d0c914e2ba718fb589268dfe7a07bf2da359be430e745c7be3b3b1f1e78cdad1ea4ca1962bcbb365db410c157d2abc064e70e42eb30289899a800f567f3f0948c7232796d49357400602f92b0aee4b2d6558c0ae968628afa3b12cb333eb9be6bd41c8aadefa483e9463d187fcbfd1d3ee709a73c34ae8a191d861fba176c801ffb998560af24872c8540ac44c134befb74134c810b6edf41edb902e6c30151c73757473bfc5d3fb9374f4a8f3530a42ce785", &(0x7f0000000340)=""/66, &(0x7f00000003c0)="1cbf47c6fa949feb1031f288d8aae764859d01bec7e6e5da028a396b5e76ae72ce478e24dc85291c6bf73c2a62d105c6e7db1f305df9743ae3e65711597cd5471e4c57159c78dd2e74a67c2026a644da85f433832b74cb4b43301d9c0769b1be0b23bf47c443d5a21c25d1a1a16cb9251395bf49205f9b39a616005acba91c68eddcad1d07167dfb578d85e82a49a70d5167e0cadf0591ddf92c769222cced34c0fadd7de8910806912f4421c37daa8dea46745d62b7f1e3fc6b817d03a145544c", &(0x7f00000004c0)="2233b54c06c0be308406ef4a1959f28928603b296c80b3c75347500e635e2fd92f11448807893e80dea76f84577ae28beadb55df3b0df34f85dc5b881af820f477d53fa638fec2899052a4d6fb253e38a363c7", 0xfff, r0}, 0x38) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount$bind(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)='./file0\x00', &(0x7f00000005c0), 0x1080, 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup(r1, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0) (async) openat$cgroup_int(r2, &(0x7f0000000180)='memory.swap.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000100)={&(0x7f0000000240)="47691f2fcd6ddd10ee27f2f957075f78a5a939fbcd4d0c914e2ba718fb589268dfe7a07bf2da359be430e745c7be3b3b1f1e78cdad1ea4ca1962bcbb365db410c157d2abc064e70e42eb30289899a800f567f3f0948c7232796d49357400602f92b0aee4b2d6558c0ae968628afa3b12cb333eb9be6bd41c8aadefa483e9463d187fcbfd1d3ee709a73c34ae8a191d861fba176c801ffb998560af24872c8540ac44c134befb74134c810b6edf41edb902e6c30151c73757473bfc5d3fb9374f4a8f3530a42ce785", &(0x7f0000000340)=""/66, &(0x7f00000003c0)="1cbf47c6fa949feb1031f288d8aae764859d01bec7e6e5da028a396b5e76ae72ce478e24dc85291c6bf73c2a62d105c6e7db1f305df9743ae3e65711597cd5471e4c57159c78dd2e74a67c2026a644da85f433832b74cb4b43301d9c0769b1be0b23bf47c443d5a21c25d1a1a16cb9251395bf49205f9b39a616005acba91c68eddcad1d07167dfb578d85e82a49a70d5167e0cadf0591ddf92c769222cced34c0fadd7de8910806912f4421c37daa8dea46745d62b7f1e3fc6b817d03a145544c", &(0x7f00000004c0)="2233b54c06c0be308406ef4a1959f28928603b296c80b3c75347500e635e2fd92f11448807893e80dea76f84577ae28beadb55df3b0df34f85dc5b881af820f477d53fa638fec2899052a4d6fb253e38a363c7", 0xfff, r0}, 0x38) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) (async) 18:44:17 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:17 executing program 2: socket$inet_tcp(0x2, 0x1, 0x0) syz_clone(0x8200000, 0x0, 0x0, 0x0, 0x0, 0x0) 18:44:17 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) ioctl$KDSIGACCEPT(r0, 0x4b4e, 0xa) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:44:17 executing program 2: r0 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_ADD_RULE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}, 0x8, 0x0, 0x9effffff00000000}, 0x0) 18:44:17 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x4c, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 840.924063][T31054] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 840.942141][T31062] loop5: detected capacity change from 0 to 1024 18:44:17 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$bind(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)='./file0\x00', &(0x7f00000005c0), 0x1080, 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) r2 = openat$cgroup(r1, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.swap.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000100)={&(0x7f0000000240)="47691f2fcd6ddd10ee27f2f957075f78a5a939fbcd4d0c914e2ba718fb589268dfe7a07bf2da359be430e745c7be3b3b1f1e78cdad1ea4ca1962bcbb365db410c157d2abc064e70e42eb30289899a800f567f3f0948c7232796d49357400602f92b0aee4b2d6558c0ae968628afa3b12cb333eb9be6bd41c8aadefa483e9463d187fcbfd1d3ee709a73c34ae8a191d861fba176c801ffb998560af24872c8540ac44c134befb74134c810b6edf41edb902e6c30151c73757473bfc5d3fb9374f4a8f3530a42ce785", &(0x7f0000000340)=""/66, &(0x7f00000003c0)="1cbf47c6fa949feb1031f288d8aae764859d01bec7e6e5da028a396b5e76ae72ce478e24dc85291c6bf73c2a62d105c6e7db1f305df9743ae3e65711597cd5471e4c57159c78dd2e74a67c2026a644da85f433832b74cb4b43301d9c0769b1be0b23bf47c443d5a21c25d1a1a16cb9251395bf49205f9b39a616005acba91c68eddcad1d07167dfb578d85e82a49a70d5167e0cadf0591ddf92c769222cced34c0fadd7de8910806912f4421c37daa8dea46745d62b7f1e3fc6b817d03a145544c", &(0x7f00000004c0)="2233b54c06c0be308406ef4a1959f28928603b296c80b3c75347500e635e2fd92f11448807893e80dea76f84577ae28beadb55df3b0df34f85dc5b881af820f477d53fa638fec2899052a4d6fb253e38a363c7", 0xfff, r0}, 0x38) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:44:17 executing program 2: r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x0) ioctl$EVIOCGBITSW(r0, 0x541b, 0x0) [ 840.982069][T31081] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 840.987220][T31078] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 840.999127][T31078] CPU: 0 PID: 31078 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 841.010156][T31078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 841.020240][T31078] Call Trace: [ 841.023517][T31078] [ 841.026489][T31078] dump_stack_lvl+0xd6/0x122 [ 841.031080][T31078] dump_stack+0x11/0x12 [ 841.035287][T31078] dump_header+0x98/0x410 [ 841.039641][T31078] out_of_memory+0x65e/0x880 [ 841.044236][T31078] memory_max_write+0x31b/0x420 [ 841.049093][T31078] ? memory_max_show+0x70/0x70 [ 841.053892][T31078] cgroup_file_write+0x167/0x300 [ 841.058881][T31078] ? __check_object_size+0x235/0x380 [ 841.064163][T31078] ? cgroup_seqfile_stop+0x70/0x70 [ 841.069289][T31078] kernfs_fop_write_iter+0x1d3/0x2c0 [ 841.074640][T31078] vfs_write+0x71c/0x890 [ 841.078874][T31078] ksys_write+0xe8/0x1a0 [ 841.083105][T31078] __x64_sys_write+0x3e/0x50 [ 841.087744][T31078] do_syscall_64+0x2b/0x70 [ 841.092265][T31078] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 841.098219][T31078] RIP: 0033:0x7f682d3270e9 [ 841.102664][T31078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 841.122335][T31078] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 841.130731][T31078] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 841.138685][T31078] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 841.146639][T31078] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 841.154700][T31078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 841.162736][T31078] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 841.170755][T31078] [ 841.173810][T31078] memory: usage 76kB, limit 0kB, failcnt 7168 [ 841.179888][T31078] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 841.186728][T31078] Memory cgroup stats for /syz0: [ 841.193572][T31078] anon 0 [ 841.193572][T31078] file 53248 [ 841.193572][T31078] kernel 24576 [ 841.193572][T31078] kernel_stack 0 [ 841.193572][T31078] pagetables 0 [ 841.193572][T31078] percpu 0 [ 841.193572][T31078] sock 0 [ 841.193572][T31078] vmalloc 0 [ 841.193572][T31078] shmem 53248 [ 841.193572][T31078] file_mapped 53248 [ 841.193572][T31078] file_dirty 0 [ 841.193572][T31078] file_writeback 0 [ 841.193572][T31078] swapcached 0 [ 841.193572][T31078] inactive_anon 0 [ 841.193572][T31078] active_anon 53248 [ 841.193572][T31078] inactive_file 0 [ 841.193572][T31078] active_file 0 [ 841.193572][T31078] unevictable 0 [ 841.193572][T31078] slab_reclaimable 3056 [ 841.193572][T31078] slab_unreclaimable 18216 [ 841.193572][T31078] slab 21272 [ 841.193572][T31078] workingset_refault_anon 0 [ 841.193572][T31078] workingset_refault_file 7 [ 841.193572][T31078] workingset_activate_anon 0 [ 841.193572][T31078] workingset_activate_file 0 [ 841.210032][ T24] audit: type=1400 audit(1651085057.395:358): avc: denied { read } for pid=31082 comm="syz-executor.2" name="event0" dev="devtmpfs" ino=217 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 841.285667][T31078] Out of memory and no killable processes... 18:44:17 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x60, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 841.309034][ T24] audit: type=1400 audit(1651085057.395:359): avc: denied { open } for pid=31082 comm="syz-executor.2" path="/dev/input/event0" dev="devtmpfs" ino=217 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 841.317227][T31062] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (60729!=0) [ 841.347074][T31086] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 841.348709][T31062] EXT4-fs (loop5): group descriptors corrupted! [ 842.240814][ T8] device hsr_slave_0 left promiscuous mode [ 842.246893][ T8] device hsr_slave_1 left promiscuous mode [ 842.253602][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 842.261006][ T8] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 842.268691][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 842.276093][ T8] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 842.283814][ T8] device bridge_slave_1 left promiscuous mode [ 842.290130][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 842.297732][ T8] device bridge_slave_0 left promiscuous mode [ 842.303980][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 842.313492][ T8] device veth1_macvtap left promiscuous mode [ 842.319547][ T8] device veth0_macvtap left promiscuous mode [ 842.325529][ T8] device veth1_vlan left promiscuous mode [ 842.331285][ T8] device veth0_vlan left promiscuous mode [ 842.411785][ T8] team0 (unregistering): Port device team_slave_1 removed [ 842.421133][ T8] team0 (unregistering): Port device team_slave_0 removed [ 842.431367][ T8] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 842.442822][ T8] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 842.470496][ T8] bond0 (unregistering): Released all slaves [ 842.821912][T31093] chnl_net:caif_netlink_parms(): no params data found [ 842.852507][T31093] bridge0: port 1(bridge_slave_0) entered blocking state [ 842.859553][T31093] bridge0: port 1(bridge_slave_0) entered disabled state [ 842.867043][T31093] device bridge_slave_0 entered promiscuous mode [ 842.874367][T31093] bridge0: port 2(bridge_slave_1) entered blocking state [ 842.881479][T31093] bridge0: port 2(bridge_slave_1) entered disabled state [ 842.889620][T31093] device bridge_slave_1 entered promiscuous mode [ 842.905007][T31093] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 842.915211][T31093] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 842.932867][T31093] team0: Port device team_slave_0 added [ 842.940044][T31093] team0: Port device team_slave_1 added [ 842.953230][T31093] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 842.960163][T31093] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 842.986111][T31093] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 842.997184][T31093] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 843.004128][T31093] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 843.030033][T31093] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 843.052621][T31093] device hsr_slave_0 entered promiscuous mode [ 843.058977][T31093] device hsr_slave_1 entered promiscuous mode [ 843.065314][T31093] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 843.073002][T31093] Cannot create hsr debugfs directory [ 843.100362][T31093] bridge0: port 2(bridge_slave_1) entered blocking state [ 843.107381][T31093] bridge0: port 2(bridge_slave_1) entered forwarding state [ 843.114764][T31093] bridge0: port 1(bridge_slave_0) entered blocking state [ 843.121794][T31093] bridge0: port 1(bridge_slave_0) entered forwarding state [ 843.149325][T31093] 8021q: adding VLAN 0 to HW filter on device bond0 [ 843.160985][T31093] 8021q: adding VLAN 0 to HW filter on device team0 [ 843.170179][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 843.178091][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 843.187551][ T1919] bridge0: port 2(bridge_slave_1) entered disabled state [ 843.201045][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 843.209738][ T1916] bridge0: port 2(bridge_slave_1) entered blocking state [ 843.216815][ T1916] bridge0: port 2(bridge_slave_1) entered forwarding state [ 843.234253][T31093] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 843.244613][T31093] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 843.258147][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 843.266922][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 843.275542][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 843.283785][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 843.292097][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 843.299858][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 843.313719][T31093] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 843.321107][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 843.328681][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 843.392418][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 843.431973][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 843.440152][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 843.447656][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 843.456614][T31093] device veth0_vlan entered promiscuous mode [ 843.465283][T31093] device veth1_vlan entered promiscuous mode [ 843.477177][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 843.485021][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 843.493246][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 843.503175][T31093] device veth0_macvtap entered promiscuous mode [ 843.513373][T31093] device veth1_macvtap entered promiscuous mode [ 843.524541][T31093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 843.535040][T31093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.544843][T31093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 843.555253][T31093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.565046][T31093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 843.575460][T31093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.585283][T31093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 843.595743][T31093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.605561][T31093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 843.616016][T31093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.627469][T31093] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 843.636527][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 843.646291][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 843.656122][T31093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 843.666552][T31093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.676446][T31093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 843.686931][T31093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.696767][T31093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 843.707185][T31093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.717091][T31093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 843.727509][T31093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 18:44:20 executing program 0: sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="56992c00", @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25080000003400038008000200a026641b0800020017000000080001001f000000080003003f0000000800030000000000080001000200000004000680"], 0x4c}, 0x1, 0x0, 0x0, 0xc04}, 0xc0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='overlay\x00', 0x1080420, 0x0) listxattr(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="56992c00", @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25080000003400038008000200a026641b0800020017000000080001001f000000080003003f0000000800030000000000080001000200000004000680"], 0x4c}, 0x1, 0x0, 0x0, 0xc04}, 0xc0) (async) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='overlay\x00', 0x1080420, 0x0) (async) listxattr(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) (async) 18:44:20 executing program 2: bpf$OBJ_GET_PROG(0xe, 0x0, 0x0) 18:44:20 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) prlimit64(r3, 0x9, &(0x7f00000000c0)={0x5, 0x2fe3}, &(0x7f0000000100)) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:44:20 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async, rerun: 64) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (rerun: 64) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) ioctl$KDSIGACCEPT(r0, 0x4b4e, 0xa) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async, rerun: 64) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async, rerun: 64) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:44:20 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x68, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:20 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {0x0, 0x0, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) [ 843.737360][T31093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 843.747779][T31093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 843.759213][T31093] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 843.767132][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 18:44:20 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, 0x1, 0x1, 0x101, 0x0, 0x0, {}, [@CTA_MARK={0x8, 0x19}]}, 0x1c}}, 0x0) [ 843.806989][T31133] loop5: detected capacity change from 0 to 1024 [ 843.825471][T31133] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (60729!=0) [ 843.827253][T31138] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 843.834750][T31133] EXT4-fs (loop5): group descriptors corrupted! 18:44:20 executing program 2: bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@enum={0x2}]}, {0x0, [0x0]}}, &(0x7f0000000480)=""/4096, 0x27, 0x1000, 0x1}, 0x20) 18:44:20 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x6c, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:20 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) recvmsg$can_j1939(r1, &(0x7f0000000100)={&(0x7f0000000080)=@caif, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)=""/165, 0xa5}, {&(0x7f0000000340)=""/76, 0x4c}], 0x2}, 0x0) 18:44:20 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) ioctl$KDSIGACCEPT(r0, 0x4b4e, 0xa) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) [ 843.857974][T31143] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 843.868292][T31143] CPU: 1 PID: 31143 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 843.879310][T31143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 843.889365][T31143] Call Trace: [ 843.892635][T31143] [ 843.895568][T31143] dump_stack_lvl+0xd6/0x122 [ 843.900241][T31143] dump_stack+0x11/0x12 [ 843.904395][T31143] dump_header+0x98/0x410 [ 843.908815][T31143] oom_kill_process+0xfe/0x550 [ 843.913680][T31143] out_of_memory+0x620/0x880 [ 843.918277][T31143] memory_max_write+0x31b/0x420 [ 843.923113][T31143] ? memory_max_show+0x70/0x70 [ 843.927864][T31143] cgroup_file_write+0x167/0x300 [ 843.932800][T31143] ? __check_object_size+0x235/0x380 [ 843.938074][T31143] ? cgroup_seqfile_stop+0x70/0x70 [ 843.943254][T31143] kernfs_fop_write_iter+0x1d3/0x2c0 [ 843.948578][T31143] vfs_write+0x71c/0x890 [ 843.952809][T31143] ksys_write+0xe8/0x1a0 [ 843.957034][T31143] __x64_sys_write+0x3e/0x50 [ 843.961606][T31143] do_syscall_64+0x2b/0x70 [ 843.966071][T31143] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 843.971969][T31143] RIP: 0033:0x7ff0acc260e9 [ 843.976428][T31143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 843.996017][T31143] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 844.004469][T31143] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 844.012588][T31143] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 844.020540][T31143] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 844.028521][T31143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 844.036551][T31143] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 844.044532][T31143] [ 844.047586][T31143] memory: usage 192kB, limit 0kB, failcnt 7187 [ 844.053746][T31143] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 844.060628][T31143] Memory cgroup stats for /syz0: [ 844.064812][T31143] anon 40960 [ 844.064812][T31143] file 53248 [ 844.064812][T31143] kernel 65536 [ 844.064812][T31143] kernel_stack 0 [ 844.064812][T31143] pagetables 12288 [ 844.064812][T31143] percpu 0 [ 844.064812][T31143] sock 0 [ 844.064812][T31143] vmalloc 0 [ 844.064812][T31143] shmem 53248 [ 844.064812][T31143] file_mapped 53248 [ 844.064812][T31143] file_dirty 0 [ 844.064812][T31143] file_writeback 0 [ 844.064812][T31143] swapcached 0 [ 844.064812][T31143] inactive_anon 40960 [ 844.064812][T31143] active_anon 53248 [ 844.064812][T31143] inactive_file 0 [ 844.064812][T31143] active_file 0 [ 844.064812][T31143] unevictable 0 [ 844.064812][T31143] slab_reclaimable 15080 [ 844.064812][T31143] slab_unreclaimable 28488 [ 844.064812][T31143] slab 43568 [ 844.064812][T31143] workingset_refault_anon 0 [ 844.064812][T31143] workingset_refault_file 7 [ 844.064812][T31143] workingset_activate_anon 0 [ 844.064812][T31143] workingset_activate_file 0 18:44:20 executing program 2: openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder-control\x00', 0x2, 0x0) msgsnd(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0300000000000000c981b761137128f54f0b2ac71e3679582e38bbea1ccbe983d82c3e159d938d4a78692c208bafb6f9fdabbe13de11d550f22e8f3bf052b7714eaa13e565a7d19e812bb09eb8cd9c9e3ca3cc5db4e3ba15dffda4055fc17da923a150901687e463db4fad31c36f52c18d85d5ca3086404e8cf6550fa95cc48c2b607ef9919b9d7c3e7ec86fca6a298889485e9a96bf8b3741ff88becb6bba00bd807d763ecdde245429ea2e8114c83cc65f754b1f7fb390c3186436fdcac44f91065e1b8debde1155e8bd94396b0b9eaea154ec9d33fb865803f586c47f67205d422d27c261c6114cbcb0e9adb38ef4093230466c53c790ff297c4d2c9176a4ad36fc941dbb2a5cc878453e4f9ad3b2b5d29abffaf5e9036ff03351b0cfbdab40910d3dddfc30e53fa3a8603ebf9d0c79361760dd8ad0c36aa0c2f485b0114702137e52a205f2418de339bb35b346311fe888166696d105f32c564ccc89a162d4fd85c55003a334f04c19f655dca2bd801113e48a5cdb45eed28ef61544c851e9862a654976d816cabf6456e8ad60047f56aa0e931131f79aceff489eb1a32431332b531b840c343e17a1e039f5ee9e1d31df2a2795581d80de90ebb5d74fed4f9918badf34bf1ae3d2902868f70ecf233edfe90a93af2a23665467e2c24eb6cbad187adabf1594c31518895d83228d13ad07f502a47ebc611f477347b3dfef981b59bfbf3bcb30fef78d0327a96bc7c55128e07fca148d75e828aec75a148f58b6d110e038c29d5d2f7597f09886189a03634feee27a2fbcfa903304371efe0fc4f2dbd855367d93774569e9284f6fe2a519942bc78487cf10bf942191241de7b05760aaeccd9a86aa8e69bdf57ff16effc5a3fbc95cd16cac3635c23f5f7be9bf26b07817a753af1af21aa6cc3ec5fca89a08761fc7ca445afa55a99f1fafae933b10b665afb2234a6db7163a50e0c7fe91df36d699ec31e21c01a2b79e11406dc2f6b20cf9346c2d0f545a0898dd72246348411f834b1038e2477d2c83392fa1377184a710eea8ebd51ed20b4ad7ff2a47af3a66f756934cd4e4f51784e00d912345c3e0c8d3e64b4dc98710efa54e0e66793f73cc8f49632d8acdecf8fcce236db5cc5ddb6976327d6219d2f9c230aca36e44dbbe1aa052b6391657b9e45bc72b26b1b4f3c6ec6de43ee7922c2831400b5f2fa0e635a60fc472fb60cdfca6de39374f56244cff144e0f2ef444d9f08170515593f03d8bbafb3e397ba0bf827b3ca3a02caf9b75140d74f45f4bd9b1011f043a48db12f4710f77cab71340d97bfb3c0e696055ae7e163008f0d13e9737aaa2a6876aa3df7a973941b89c25de4cc3e1e2da0a89384bd972de44741f2253524d528d51e706fb232599235a82639d89acbf19364e0b758fcbe7e5300390dab0cb83b59fabbda83373cf762f7c0b2a7d6333479a356e352c0dd9e3b6a112edbb4bdb1cfe49b1773703a0d7fd3e3f67c945adfe8daf61da8b9581dcbb1b3aae0d77497c88fed0ca9a5f256789c57049277e2e596f8230b9db13bd38e5cc9162bc2dca2f7155e534e02bf1c681c4438affca9afad1e42c3313eb1b6627924dcfbfb80164e3993428c3156942849c90c192518a18304d6c0052ecd6bf943ac2e5ca2a851a5c6c95054811ac135e5b9ea3ddf85970c66e893adbf8a01927f6e5f30f270492f02f656d1237c22c0db8efef97548e7321f04d6de3542ec0a90b24a3f0bfab3fab76366f809cb13ebf5dde4904ca65fae10101f916c9f1d7e9572bfda6ffcb86e47ba806ca386a0794df96cbea66303268c3f62a6049ae2056f67a9c0ab43acc33cb188a37cec478f5f60fd4e36e58d4506b76c0cb920c39b47063a2af0a65314a9ee7441510c20516ebbc7120911e5a6a30e9a5e86c6a6f3f89efb8f961e425b003cf049dd12b4119f35eb5a8800e930257a133fd673be06cd0d3aa033e3d67891b475abee1d81463f6b6ba858b16ddce59cbb28bdce86305b549332fd62c4933d19f233a68448fa3ef02ee0c7bdf79e149d97a432fa4d83b8f9ba9030c983fa66c7e4dadd7586d16ced51e2a5f7d28def044b47d412c0705fd3a6040ede87eb1acab49ab1dd0cf7f2b86614790c95bda218b43e475fbfd17705ffe4d3e13400cd6721071e0810517c2d3263ab5692bdb92f9be36d2283b452c16406d91ed9ad6473d8d63a2014b4534423e7ded8e45566c16f2fd15133898174a622236fcaabb57679ae664b566bb180eec4f6f239b7f5514760ffcf5f308a6c56d3ca347be0527d91d19b8e299ec4ab36c1b2ca97e5b1e39fb1177b5e1e32be01a00839c0dddb3ced9379e3e391fab389cf03fbd93309da5c332ce089fdc9e236611b044722875fe70b15d2f9ccb638a7b36f7a1295c3552bf1bd7ab50cfc77db9a535f6269d7f1a9b739d076a24d2a09238c93e8000649d94d72bc361c2131807cae784b1a395beccb1ca0518cb1eadfd3582dc640a4211518cccab48c77026d45591895a59b5143cf7a7afd9af95104e0911faa9fcfdb5e24e3f47595b41000cf6f9ff36f4351bae95fc040f8b23b521e29262aa566ad833fd292c3abc8ddc978eae53d39677614f2c8830ddabbd507d64d73c9ebde716b4ec1af60816285bdfaf79038ad29f72b0d36dd6af81fc523966c7d8399066e7be2056f9dd4a73a971cad5f0aad8f200c4885958ed7954749a6b43d7f3aa824de8a655e3886afd2f0be3b345d47eed0fc555512973d0c6430bd37b2084fb172df8d29683e0a09b67284c6238bb1cbaebfa3f2a6bada870fb7b21e11662f671291ed9b10491856b2d5e7310dda176b61f2220ee0992ba8ec5a4e4b34a8a66edc9eea3dd1439ea6b41e766791280540d311dcc6b468d91a0ea6a04f96ac5eaf45f174990e755462ee2be25617f1177d11be042cb6826499ff57e4e230004332e955c9b7d7bb6bc366d613eb362e2d6dccb1fc3e984075b48d0c00d89ac6b44f575af8d40c83db31ecec15ee6dd5461900e516a5546d29b10e792b1d8b549b7e9dfe041c107acf7be8ab6db68121e6dd2a464abae9c504a6165a687de0e88c2235522fb84031444e0ee5aff20aa930cb86f9c57caf062dd7e743f07d8a64d7a445a4c689c0f2f9ba9e35cc4b5150ccfaf8349247b14defeda96799f01441be6fdd4ec7edc374860764933195f1b350e2e0d19d0177c1b7d7b3e1d9e31a40d3f1b7951f0298de530def4d655292572ff655d7a4cd37ae09c74e678df08a36eb6a6cc4cf478bb15550f5990a0fa1f0744048fd3b551fa0b28e6c01b8763e27f751465f30c062c2a3962a7bf65d3d4a49af2fb4727a19646d46934a2e31b186c25e72d57ec6f324b77821c255196e4052159326d573d1978d2c46cd7d3588fd95117735c90b1afa1139b1ddd8bb10eaa7fd39875dc46d092d0acdf6d483e1268894505a28ed7e958dd26f8f355dbb2a4ff237282aa2c62aed1945e53313bbf677a226d5cb74dd3078a395d23b90b6379ecedf42db93f4c902bede24a249deea573b66ea3a01e585e52a84b614f8fab1d0ee6c25d45d7c9b19cd511b577f053c5b85b17b36fb39fe619ad8621d0e30523fb4ee1cfa21a9c5dab74eac75276ad21892d5d2f10cfb31b7b049d33da18c3c029a1a10c775f256486508a7a71b65d16796e236984bae27f775545342c64045935943786e11598e7b8ff068b72af5d3a9163e09e253bda80b216519b1cf69c6c795604fac232fcc3eb62ed211fbb5bcef980717cfd3e935fa7b5829138526907aa6cf7b627f8d8f84109196c008bb642d8153034f258fc8dc93d0d1e20ab21e9455464c98c12de44a1aee7067d0146f69975d300c2736916cc9f56bc390f8f21f88873d7b2fe206e1871cb0ffb6e551b63cccd35efc1eb434fb6a3beb237bb5c78181b19523c6ea2bfb74ed2405d186d406409bee148eb0d928a2f11d621835f7e28f86e7e60167c658dec8efa77318067559b4a6cb24937068ed1ae7d68827dd10d7682ab25aeb1f5127e3c351f34a9bdfe8d20e8afa786dbd084a3da8ceb6b458688f38001d560fbb673e466d1724475afe527af6ffac9c5acd65bb598225da0efde2d719f1b77f4988e31a3bf65521346a3f9727e4852d345f28d1b3ec3a0d3895426cdf84abb4668d109f51ad2df1c106003bd5423115ae8c97f3fd52f5034d45c57d5889fd1f7fedff139381746d072ac5038be5d56c7bed4389c61066850cce22a3edcec3cdb38762915c9e8e1386be4048961a0330a354f57c00a19d5effb41aa7cc054bbf02f23ecfdc5a045a27ebba9f13c954cc8b8aba4aef2011791b3e6b4eb44f6bca2f0dd614c9589fe81eb85b0bc5168a0b6c2b1a59a5ef01d6d5c835589b8437425e9d8f54b6c0ef6333fb116a0038400594173cdcce03c4390805bd2f7b160445bec86fb942e52a4c75c3af7a71fe8ee0d81d744c76bf46d92567e88424ccca53db07428d163baac8afd1eeffd24ba967c91cc694966808ef4b4521b5897e2cfa35dc0644379543c0ff6f3d9e0b078c2108c9cfe6efa73087353974218553bdb1161743b2e9d0fc1b415728193b00851e74999fce7d6a5919dd56d6f83358249b9b4dff3f4f82f00e9c148df69d13c93f25dcaaf7c7fd0934e30220cfd615ae13c23a250e2764cf2ea1f2f3402784d1ef9fd4d43971eaee599064847bbd08036faafbe28a5f4e99b8c65b4a927555ac35cf9ac1770dcb68186f5c337aedcbf801282d2ac14f07953ea3b92721674fc922ac9a88b2c07c9860f4e5904520fa644b7a813b32be44e7da7993e3d1be2bff2cf8afd5c1c188dd0ccbfcbb858bd9c4e7cf90fd2bbf8ec5cc32ea0eb3b8b83d3340e5ef29154e08bb9007fca15abd6b0a8fbce01887e103d8c81d43bca001ebda027019bf12fe49ac397ea74dab6107378847002cfe13ee8b7597b46b1131e0188e7bd29d451faafb09342e421af28fdea757a3cbc4c28b8d841cedfedcc87558eac42fb32b89903893de816d8b48c83fbc367c0ca4e5eeca4ae33df602073b5ca05a2e12512c781c6477705bca249451cd9ee877caf657e5845578105192748f4cee85b8aac5d39686e8ff285139135fbd222c1e059beefed6bfa4c994f10c9b662d993b72dc5694f2ce60e336a30edc24eb6a550cc4c6b05caf84a40e85b6ffc634dc2a62dfbe0318e4d2a81119f61e3adeb4af2a5160fbb52708709c05e53112d9faa30ab165ab9468329a37e00a9bd0d03aa5e9f4b14ca6a1720ce99ab30f11cc99ae2c4c1a0bee854cbec2b4579aa262296c944d3abf6fd8f9194c3a51ef44fc8386ec44fd13f36e2bd927eb95cb1fd0f8f8d8efd84adcf834008dc46a58fb6dec4a33cdb1d6d2b5c2777d09b2bb34f11867486f5a8f97d16c8c750769d0f98c1d6ba3d56d23f3bf04c359cfb84163f41d17e35d37c9639c80ab6c5f3308eb6d5d65d21410354c5b5dbb68862e0fdd4c2dd53baac47fbb04ef9c4c1a78493c6829f40b0ec0c1f0f77f7adf4304ded58b2bc0a031fb0887e60e987808929ea0f914dc3ffb2e6724d11b41bc11e561fbb8bf3b68fc88845e537757fdcd4fb5b8fc45c27a9279d057f8a1f64c94071d5e3dab39aaaff01964bb9999ea0112a72669830b227265a62236e692f74dd63d805d0f47f3142683afd256faeac1e1404a8833fae5614a06bc1b6e74f30112117042183315b2112ffdf21"], 0xfd1, 0x0) r0 = msgget(0x3, 0x75a) msgctl$MSG_STAT_ANY(r0, 0xd, &(0x7f0000000000)=""/200) 18:44:20 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {0x0, 0x0, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) [ 844.075183][T31158] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 844.158242][T31143] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=31093,uid=0 [ 844.158327][T31143] Memory cgroup out of memory: Killed process 31093 (syz-executor.0) total-vm:42336kB, anon-rss:364kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:76kB oom_score_adj:0 18:44:20 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x2ca1e3ae8a1d947f) mount(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f00000001c0)='bfs\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={r1, 0xd, 0x1, 0x7, &(0x7f0000000280)=[0x0, 0x0, 0x0], 0x3}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) name_to_handle_at(r4, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=ANY=[@ANYBLOB="08693804ff1db2ff070000009747cc53"], &(0x7f0000000240), 0x400) write$cgroup_int(r2, &(0x7f0000000080), 0x12) [ 844.212026][T31143] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 844.222383][T31143] CPU: 1 PID: 31143 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 844.233407][T31143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 844.234373][T31169] loop5: detected capacity change from 0 to 1024 [ 844.243543][T31143] Call Trace: [ 844.243551][T31143] [ 844.243558][T31143] dump_stack_lvl+0xd6/0x122 [ 844.243587][T31143] dump_stack+0x11/0x12 [ 844.264828][T31143] dump_header+0x98/0x410 [ 844.269414][T31143] out_of_memory+0x65e/0x880 [ 844.273996][T31143] memory_max_write+0x31b/0x420 [ 844.278839][T31143] ? memory_max_show+0x70/0x70 [ 844.283680][T31143] cgroup_file_write+0x167/0x300 [ 844.288610][T31143] ? __check_object_size+0x235/0x380 [ 844.293956][T31143] ? cgroup_seqfile_stop+0x70/0x70 [ 844.299058][T31143] kernfs_fop_write_iter+0x1d3/0x2c0 [ 844.304336][T31143] vfs_write+0x71c/0x890 [ 844.308571][T31143] ksys_write+0xe8/0x1a0 [ 844.312805][T31143] __x64_sys_write+0x3e/0x50 [ 844.317387][T31143] do_syscall_64+0x2b/0x70 [ 844.321807][T31143] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 844.327691][T31143] RIP: 0033:0x7ff0acc260e9 [ 844.332090][T31143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 844.351686][T31143] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 844.360130][T31143] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 844.368116][T31143] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 844.376177][T31143] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 844.384142][T31143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 844.392101][T31143] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 844.400063][T31143] [ 844.403111][T31143] memory: usage 84kB, limit 0kB, failcnt 7204 [ 844.409191][T31143] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 844.411262][T31169] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (60729!=0) [ 844.416036][T31143] Memory cgroup stats for /syz0: [ 844.425274][T31169] EXT4-fs (loop5): group descriptors corrupted! [ 844.432191][T31143] anon 0 [ 844.432191][T31143] file 53248 [ 844.432191][T31143] kernel 32768 [ 844.432191][T31143] kernel_stack 0 [ 844.432191][T31143] pagetables 0 [ 844.432191][T31143] percpu 0 [ 844.432191][T31143] sock 0 [ 844.432191][T31143] vmalloc 0 [ 844.432191][T31143] shmem 53248 [ 844.432191][T31143] file_mapped 53248 [ 844.432191][T31143] file_dirty 0 [ 844.432191][T31143] file_writeback 0 [ 844.432191][T31143] swapcached 0 [ 844.432191][T31143] inactive_anon 0 [ 844.432191][T31143] active_anon 53248 [ 844.432191][T31143] inactive_file 0 [ 844.432191][T31143] active_file 0 [ 844.432191][T31143] unevictable 0 [ 844.432191][T31143] slab_reclaimable 6008 [ 844.432191][T31143] slab_unreclaimable 18720 [ 844.432191][T31143] slab 24728 [ 844.432191][T31143] workingset_refault_anon 0 18:44:20 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async, rerun: 32) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async, rerun: 32) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async, rerun: 32) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (rerun: 32) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) prlimit64(r3, 0x9, &(0x7f00000000c0)={0x5, 0x2fe3}, &(0x7f0000000100)) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:44:20 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x74, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:20 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x2ca1e3ae8a1d947f) (async) mount(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f00000001c0)='bfs\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={r1, 0xd, 0x1, 0x7, &(0x7f0000000280)=[0x0, 0x0, 0x0], 0x3}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async, rerun: 32) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 32) r4 = dup(r3) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) name_to_handle_at(r4, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=ANY=[@ANYBLOB="08693804ff1db2ff070000009747cc53"], &(0x7f0000000240), 0x400) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:44:20 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) recvmsg$can_j1939(r1, &(0x7f0000000100)={&(0x7f0000000080)=@caif, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)=""/165, 0xa5}, {&(0x7f0000000340)=""/76, 0x4c}], 0x2}, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async) dup(r0) (async) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) recvmsg$can_j1939(r1, &(0x7f0000000100)={&(0x7f0000000080)=@caif, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)=""/165, 0xa5}, {&(0x7f0000000340)=""/76, 0x4c}], 0x2}, 0x0) (async) [ 844.432191][T31143] workingset_refault_file 7 [ 844.432191][T31143] workingset_activate_anon 0 [ 844.432191][T31143] workingset_activate_file 0 [ 844.523519][T31143] Out of memory and no killable processes... 18:44:20 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x2ca1e3ae8a1d947f) (async) mount(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f00000001c0)='bfs\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={r1, 0xd, 0x1, 0x7, &(0x7f0000000280)=[0x0, 0x0, 0x0], 0x3}, 0x20) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) name_to_handle_at(r4, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=ANY=[@ANYBLOB="08693804ff1db2ff070000009747cc53"], &(0x7f0000000240), 0x400) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:44:20 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async, rerun: 64) recvmsg$can_j1939(r1, &(0x7f0000000100)={&(0x7f0000000080)=@caif, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)=""/165, 0xa5}, {&(0x7f0000000340)=""/76, 0x4c}], 0x2}, 0x0) (rerun: 64) 18:44:20 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async, rerun: 32) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (rerun: 32) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) (async, rerun: 64) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async, rerun: 64) prlimit64(r3, 0x9, &(0x7f00000000c0)={0x5, 0x2fe3}, &(0x7f0000000100)) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:44:20 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {0x0, 0x0, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) [ 844.556667][T31177] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 18:44:20 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) [ 844.607335][T31192] loop5: detected capacity change from 0 to 1024 [ 844.627532][T31192] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (60729!=0) [ 844.637124][T31192] EXT4-fs (loop5): group descriptors corrupted! [ 844.677916][T31203] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 844.688207][T31203] CPU: 1 PID: 31203 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 844.699228][T31203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 844.709280][T31203] Call Trace: [ 844.712640][T31203] [ 844.715568][T31203] dump_stack_lvl+0xd6/0x122 [ 844.720175][T31203] dump_stack+0x11/0x12 [ 844.724359][T31203] dump_header+0x98/0x410 [ 844.728724][T31203] out_of_memory+0x65e/0x880 [ 844.733317][T31203] memory_max_write+0x31b/0x420 [ 844.738311][T31203] ? memory_max_show+0x70/0x70 [ 844.743079][T31203] cgroup_file_write+0x167/0x300 [ 844.748055][T31203] ? __check_object_size+0x235/0x380 [ 844.753392][T31203] ? cgroup_seqfile_stop+0x70/0x70 [ 844.758536][T31203] kernfs_fop_write_iter+0x1d3/0x2c0 [ 844.763895][T31203] vfs_write+0x71c/0x890 [ 844.768147][T31203] ksys_write+0xe8/0x1a0 [ 844.772533][T31203] __x64_sys_write+0x3e/0x50 [ 844.777136][T31203] do_syscall_64+0x2b/0x70 [ 844.781561][T31203] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 844.787462][T31203] RIP: 0033:0x7ff0acc260e9 [ 844.791921][T31203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 844.811525][T31203] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 844.820004][T31203] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 844.828026][T31203] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 844.836040][T31203] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 844.844005][T31203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 844.852072][T31203] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 844.860081][T31203] [ 844.863136][T31203] memory: usage 72kB, limit 0kB, failcnt 7204 [ 844.869213][T31203] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 844.876092][T31203] Memory cgroup stats for /syz0: [ 844.881941][T31203] anon 0 [ 844.881941][T31203] file 53248 [ 844.881941][T31203] kernel 20480 [ 844.881941][T31203] kernel_stack 0 [ 844.881941][T31203] pagetables 0 [ 844.881941][T31203] percpu 0 [ 844.881941][T31203] sock 0 [ 844.881941][T31203] vmalloc 0 [ 844.881941][T31203] shmem 53248 [ 844.881941][T31203] file_mapped 53248 [ 844.881941][T31203] file_dirty 0 [ 844.881941][T31203] file_writeback 0 [ 844.881941][T31203] swapcached 0 [ 844.881941][T31203] inactive_anon 0 [ 844.881941][T31203] active_anon 53248 [ 844.881941][T31203] inactive_file 0 [ 844.881941][T31203] active_file 0 [ 844.881941][T31203] unevictable 0 [ 844.881941][T31203] slab_reclaimable 3056 [ 844.881941][T31203] slab_unreclaimable 14936 [ 844.881941][T31203] slab 17992 [ 844.881941][T31203] workingset_refault_anon 0 [ 844.881941][T31203] workingset_refault_file 7 [ 844.881941][T31203] workingset_activate_anon 0 [ 844.881941][T31203] workingset_activate_file 0 [ 844.974145][T31203] Out of memory and no killable processes... 18:44:21 executing program 2: r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x0) ioctl$EVIOCGBITSW(r0, 0x40044591, &(0x7f0000000000)=""/191) 18:44:21 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x7a, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:21 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x99, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f0000000000)='()\'\'\x00') prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1a4ce4b84e5fc90d}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, r5, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1000}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x2c}}, 0x48041) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000340)={0xfffffffd}, 0x8) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r0, 0xc0189374, &(0x7f0000001540)={{0x1, 0x1, 0x18, r1, {0x100}}, './file0/file0\x00'}) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000001580)={&(0x7f0000000380)="a45830396fb0aed16ff4b4c43eff34311b5c7e48138671b56d1aa600a5eadd084f665723bdae2634b4f6f810a416eeb800a4b48cc7bbf8887a380723613ef8b3004cdc2fb8abee", &(0x7f0000000400)=""/85, &(0x7f0000000480)="e2939b66e7a083af0950be1d22bcbd5158803162a95b3c7b935e4189dbedcdd7a3b44782f894cecf83720b9e0fc49719392ebe238f5b1e47882f71d195003c5beae68712c62fccab14e2822b6b70f7c90b7933b664a7567e547f6956cc44b63d676c4bfaa960e3c9d6242b1e4680b9efb96e0d9a5f02536a54236ec1d0ccbc16492dfc233c3d2e", &(0x7f0000000540)="bae0ca4bc59bda8b693ac4b1f9d924b6165cd5618d423dc76a6db7f5ceb37bc85f07c7ae0ec711a25f7cf6953120a088fc0d2fb3e92be7aa6a939a87c8c46d5fc5bcb404a6c5e7d5cd8bcbf8aed84bc5185c41e349ad3b510a73fcbb72b1cf46091dd285bfe4ec03e0c6064d47751aebdf9db9dabb88352400e27cbb7fe853c3c276c40bd9445d2751b817855af745ddd5f98bc044a30ce67259c85747ac59f9ac45eb16bbca9d04b7e8e048989ec9c39dc0555ec08550c794208eedeb78824ac9b4695fcb78c3b39282710afae140a2070c15e5e9a3ce149c7aa192890d14b5a97d6ff2993f9934e30f439b69a2d58837d5352d4ae2db9ae69aab199804e68d31b7935ec6a48692833696460d8ec0dd01181fa905260a030e45708a6c89e6dc0de52d4310be5e63ff8dbacee1c8e4fd26b05b6de7b83881ec2e3a8e7056103404b952a8b72265766e9722c2cd289930857b5e32b570bab9f5e601ebff5f8918985de71840c84e9b856fdb846a98bb8a57f7face81ee72f805759e9e80b88a9032c4c72153e75b7dc95913b52b2f962433b72b894ad8798e42ad366098e168fb4befa08c652f811536d9b0eb15f5d28dada33dfcbbd2b955045b9c6c0f5497513dd5c878bffe7d03c7e0fcbea596670add1ff44ce7ad0b5f1a7922f4ba0432ffc02ac9d3374123ff7646d5de0d1d6b563e846b3cc93cf4e0b7dca4126bec14e0264699cd4783119abe75f5c9612034575ec6b8cfb9b18b0da5496663f1227142096d881673119f3dba72ecc608c1095033d92ae480772baa5ea9ed9e98b8ed101c6d30155da127451b4c318df9c4797ef5d5850fbe014f6199aad450a7e323541150c624ce90fb23f3b997fbc524169f756ebe745b7e8fb9083d65a938e6601b911ea509959391d275fc0ad0bf2140879e6178b04d3a91c51063e1db79988e5ce0e8bbd14e32ad461a0ea6e539e4a681578cd3ea3aa1808b883295229ce53cdbaa7f28fde0a7d5991c0ba9e4e22a3f76eff7b08400f5227ee6439b7ca6f8592a81a22bce9044d45c1732ff7ceb00e207f84ceb0d77432896583e9e1c8a6716189b2a9a27076741abc898243cb034b0b2a17ba55a52974aa5ba4c63e042e46bfd0cc82683487d651e8f1754604532c5794f1f5372ba41263bb85c0576d41d76b2cea3ccc4231aac0fb9a24457406e4024e6529b7af8383c0ddfc765c991df51ab3688334cb44594d39730f0e2df68c1256c30f9cc4ad894096964430485ab012385a3b1ce33bae18f46c20c47721ce487cbed8c8dc1ce147d00af8a7a26d0554440f0092fd3b2b0ff5d3325ae0413c914d73f1a714108eba32d1cf9a644c2fc3fde3ea514b2883c06fb64b600bb586f93d2a54eaaec53a0db0fbaaa299d6dbb713ab619036b5c72ecd7f9f8c6ab3d1d8de1ac2b75a60ad3170a4e92975e54fb2df799d9503cf8585e6f092ab3125cf5c4bbd92755f9c0bc4607650434914786ee8769f36458d09a1286b70b0977aaef491d01140d3154dc7f98b20b0e65773185a318f28ab4dd409d818e3a12943f73b43739df950017fa63ec5db4af44554f666b7f1fe2fe0ad3fa83d590c7eac537af72ee58edfe4052391dfe94e10450aacb92f5476cdee9164e7c552a4cc58efb35fdaf8732465f6440383460a4ff602d00f4fc03ea2ee91330ca323c843fa04e4a1ac600c83022134aa93283cd922767da649e63e8013d2cdf5cc517beca5a6271ad9cb3019242424443600eeee61b7301b277aee43d7d2515d7198a694bddf459d3b267663efc22834fb9d5725f3a9afe759c7d79a75450ed25b033cb7c04d552baca8313f2bd84e190052cc7984f389f44e4d608fdcf5ad951b14ae75fd1be75e537eef45a7b4e81552233b101d0d470eb49d0a55206b1f4b1972ff70e487f29d28f266acedc7499dc20abc57aaa570fdfd261e7fd41c3c3fc119a65e4f507f0e210da727949af8d47e7b6d3ab56c344779872a06a635ee251715fd914cac9faeae56701ae0425cfaa82cbff693c41c9d8ca73ab4cf36f1ee37d8ca1133f8513529076fb236af7f3f730fbce64904b85d34d13b40dc5f6ab7b9a146335544dd30b5d6baec196479543a0ca9d69cb7ee7145f6be7bb74d189074fa7810bcaa33eef3f0570b252fb26c46294b139a0223549dce23a18eefc7fb67567d985284e723d8f0ebf8293f87e0a1f57788e7843b3915fdf359c2ec380464705e71f08e30a45928ec35b9daa6993fbdbe7551a43f92cff3b5951cc67267a4ee9dfef1f5db51c17be77af251dbb42442f8d4c0a7577c3abdf6263263ae4a306d3bd216f6f13e906285aa8b988cb2801452cad6ae38f5ad6753242145c364452f02d7e9a9fe1468ca6a4f547e3f6955c80c45145506d12dd701cdfeea2a75de5955f3eddf17803b86074c347575b7b972cd0f662a6f09372727505f6657bc888f7e5949c40bd732b3b11f460fe13a90f7b19b3e01fe0c952ca4997d8e4c4eb6eec902c65007c979b92b2471fb409bd68f4a7e139cb983af2293459c582c55801e6d45188eb3cfc4aa4135d2b39a6b13a42f901ec03b210a1780ffdaf72554422dd21d3f0eaf15045607178de7306e15536ec0393099682f376cc4081b282831e6526c5497416ac93657956734fb7df4fc0481a891dd3529a9066cc0013436c7610ab92215d304146bed21fe808cbe9cfcd6c0d5a0fb3f7c00e25290292d97c72e8a5fd6bdfc9c748cbcfae9195b1587804f1fe520a8b2a1631f8aaa63b958dc4548f0cd06f22fc39483ef853887ec708aa0f0a96ecd04b649f5db6860a536c16fd10c5fd5288016de4ecbfb583ad627e5ca23b58e0b856e6cca57553424f8508e88fe37dda0ac63153784ebda78f46b76d56cc6d2fd9470b46dfa5b63d9887490907e7664d1e28b1ed4c9e51b87af554d04a649d0dbe8a0ffeb1d853d7b540c69d774d4fc00e107c4f39a54445b6f50fbf47ed52d7fe51bc2d1ce549677b5689d641b7a7d2f8d58863281e3ba777e417cf9fc7e77fbef28ece7d6852f3062c4729467169fc5a62605a13f9c47f1d63c3ef9e23d5d5ee8f217c5b01e3684e12efb7ed74f064544686836ac3d46c26d5585a3dc040650bc802a21c9c15b810004158f3115c0827a2e98de11ec8617dd9bd52a099824732cedc9bab6533372b859bc6cc7e7aa9d5d773bf48173e523354b242aa7ba98cad5f77a026001bebc8ff52abda3ddb3a2744fc8ac1ec5849d8ac06cd39d533ebede7364d3367f0640474db17ac33bde63391a77f0a26fc11b92fb31a00698d57e0909a27f34204cc8102ec3a64e6a55b81eac621f311d76780c4bcdf51586d2f8961dbc5e7128a093024e29febadeecf6e9ae36e743b9a5325e34a30b87b823f0deafebcbdeea1010078cbeb2128b2247b0897a22ba9a2f8a4406f402b32751b0dfcda7057c26c19c33f40e5c28f0dc72534f092f43974ea49a348dbba807d86e748bd52c3eb7656ef443b7e1f873457119f2d7bf990eccd9760c189727d2e2f5bc1324f59e1310ccef4e968e4c2f6b289788daebb936dfe21fa5207d3268d2ea195e699e84baa18cfa53d573f165b7353f62a474eb896cd43410444a92d4866643e76f5356728edd79d0195d90a4456e82630754687ef6e2c0d1eeb2142208e319830043690314f7ecf2dc4e0fdbc16594e7487e6a9c6b12eff5f8f76bdc75eb168b66b96465427ed89ad4bc3cf3277f5bbb55313a4b9194fe792386c58dcc71679e1c3132b7932da6fed51171ec8a067bed84b5b0ea71bf655481650be3571af8b06497a7f8057396adde78e7af3832c894b14169c07220ed3fe88d215670c18e2610c783da1f040d27a8a926152755c6face671ff93ed3b0714da450707f24a9f6dabe44b83f2f9de8907fbdb798991bc1b46491d614f6f92e3888bba97e542aaf5e8b09ffbbb1010b2407cc48be2742819505dbcb7d0ed27ff7b18807b663b569847e46470a6cd8599f75506356f084ecb5713fdc9a5c794efa22e5c527724c5c2dbda79be1bf3c8d3eb699cecf666a557791b74e364a43011d73f898a6975d1ee9b8701948fb180ab39cd52f7efa2adf37758ef8f2dd4f356e721f6ba205f2c08e8bb0409be8e2bfe3e6c2a3f1058bdf9ebe9103c32628e8aedbba576a93102e6cb8e5fdb291de38fadfdf619b75b75acf95b52e6011cf54a2e3ffba97de4074e3227a1a53847f173ea35c1e5d5a7fc50d6481391c7d38a02320515a15f605b2b69d41200936606f33502f82b82fae141995486442832691fb43a70f786856c2c7309b537258fb077a6179981bd1a333de9222489455f58eb6dc0f94b722a317bdc3cd313a61528a51f024cd78d0669d191d7d03108068e0e0c75833590313b9d2539440a979ab1fcd464250fdbf0b1747e6f4777e01646cfa711f7ca8d8c4d3f40c4c58db209e18851ee9afcde60a0183c541dcfd8d0b5c4556615b85c2d19a228df80dd67cad58830f2664da3478fa14e6fab7336cbac1620818db971a889c22f7c1a60bb0290526aeb78bbcff7a589cc74541009297c73066bc554ca2012e1433fb079d38ac9410dfe72739f38995b62d6e1baf51fd929df431188fb4f88bf6401c1466b36c0dc1a51cdb6091e39a686787c2df7e9af1c43f43869db0d012abc18d5dd7d931050ae2f2df4240fd081430f10d745f88e384abc7fa69a9f7b40b527c315c917d9e37ecf136fa7e1d617ecdccfc14ead2903eb26093f212d7415b5dd5bc22be690960ae8ee0dc74c4d81e7439a9379297d3a888efb0b5186e59a241d6b0387f0c8864b6b9cda3eb5a59d9cfd7b967ad9095ca0d16a013834f8e7fca1c4c49c5e6aac1a5b9c85c1aaf970b526a826a4fcba77b78c44dd7268096b7cc72ec667fe9f9780bc6d8320170003dda45f7e04eb146792f376e131a1e54111ce09e4c18ad4b6405862b4f77813893a32cfdd4dc6e0b16204b992d2cc41821666e09f48211e18960a8221e1b94974a9743ef4a9f9c0ae98bfc776e70b040435e553a54bda795c1a3a0df0c450b9fb860effd6f973dd3f8fa9d9abd82c5e03a9e4b5491e376b786d0ba1544d96f05288c9b88be8541a0be8937072d0020c40ecfedc622754a05f05e3528c3a036e0d693b2284f5940645d07ae075923479c18b9c7abf232aa124522210b92584c3cebc49a6b062e0db354745b60e04703082da701022aba37f285feda9f708a2068abfccd2ccca2b6d77229d912cb7fc481eaafa303fc056f98edbdd9b1fcd23dd88dac33f0edcaece46a97886fb0f6d5640c7a3321288e57365562df05442d2b922952e9de2b4774f2a1c5611bfe1101b3c69bb0f36a8234f10a3c8515cd9616d90f1c1da166bf5373f9a23c4f4ca6b7b78f0c3d4f9f6394c2b99107b976e8d95d1798af65dcec84e7fc8df8ed810d732fc3a3688d360c3b4eb3d011d78e47287c0da8a9faa69f8614bbb7f949ca4d65554534a1024c2a931345db649799109a893b9692cd44cd671e4533e4c2d993b2e2b253e19a01705e4b474fd6e048463b5bcd09b73c0b8b162ebe0d1c8aa58a1c579f6805e70c73cc45a045ab55df0db881d5ea9315fd0d5a66a4e682dca247cb7bc681a8ffeb35ac1776010ab5879057e3062458eaa693e90811dd7e8eda5b2be01a545c7c7fea4341ab14552c5b1b50bf33d4239acec92411437c02f28893bb9b6c459f33a401f246986b8dbd26adb81d06211e1b433629a069ce7a5c3c5e3cdea58208741150a8db8fb08a7e40bca6e581d5042d9e50aa1df1e10f2ac3854", 0x1, r6, 0x4}, 0x38) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:44:21 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400), 0x0, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:21 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r0, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) (async) 18:44:21 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x300, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 845.058242][T31211] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 845.065662][T31213] loop5: detected capacity change from 0 to 1024 [ 845.068320][ T24] audit: type=1400 audit(1651085061.255:360): avc: denied { ioctl } for pid=31208 comm="syz-executor.2" path="/dev/input/event0" dev="devtmpfs" ino=217 ioctlcmd=0x4591 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 18:44:21 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) r4 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x99, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f0000000000)='()\'\'\x00') (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1a4ce4b84e5fc90d}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, r5, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1000}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x2c}}, 0x48041) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000340)={0xfffffffd}, 0x8) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r0, 0xc0189374, &(0x7f0000001540)={{0x1, 0x1, 0x18, r1, {0x100}}, './file0/file0\x00'}) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000001580)={&(0x7f0000000380)="a45830396fb0aed16ff4b4c43eff34311b5c7e48138671b56d1aa600a5eadd084f665723bdae2634b4f6f810a416eeb800a4b48cc7bbf8887a380723613ef8b3004cdc2fb8abee", &(0x7f0000000400)=""/85, &(0x7f0000000480)="e2939b66e7a083af0950be1d22bcbd5158803162a95b3c7b935e4189dbedcdd7a3b44782f894cecf83720b9e0fc49719392ebe238f5b1e47882f71d195003c5beae68712c62fccab14e2822b6b70f7c90b7933b664a7567e547f6956cc44b63d676c4bfaa960e3c9d6242b1e4680b9efb96e0d9a5f02536a54236ec1d0ccbc16492dfc233c3d2e", &(0x7f0000000540)="bae0ca4bc59bda8b693ac4b1f9d924b6165cd5618d423dc76a6db7f5ceb37bc85f07c7ae0ec711a25f7cf6953120a088fc0d2fb3e92be7aa6a939a87c8c46d5fc5bcb404a6c5e7d5cd8bcbf8aed84bc5185c41e349ad3b510a73fcbb72b1cf46091dd285bfe4ec03e0c6064d47751aebdf9db9dabb88352400e27cbb7fe853c3c276c40bd9445d2751b817855af745ddd5f98bc044a30ce67259c85747ac59f9ac45eb16bbca9d04b7e8e048989ec9c39dc0555ec08550c794208eedeb78824ac9b4695fcb78c3b39282710afae140a2070c15e5e9a3ce149c7aa192890d14b5a97d6ff2993f9934e30f439b69a2d58837d5352d4ae2db9ae69aab199804e68d31b7935ec6a48692833696460d8ec0dd01181fa905260a030e45708a6c89e6dc0de52d4310be5e63ff8dbacee1c8e4fd26b05b6de7b83881ec2e3a8e7056103404b952a8b72265766e9722c2cd289930857b5e32b570bab9f5e601ebff5f8918985de71840c84e9b856fdb846a98bb8a57f7face81ee72f805759e9e80b88a9032c4c72153e75b7dc95913b52b2f962433b72b894ad8798e42ad366098e168fb4befa08c652f811536d9b0eb15f5d28dada33dfcbbd2b955045b9c6c0f5497513dd5c878bffe7d03c7e0fcbea596670add1ff44ce7ad0b5f1a7922f4ba0432ffc02ac9d3374123ff7646d5de0d1d6b563e846b3cc93cf4e0b7dca4126bec14e0264699cd4783119abe75f5c9612034575ec6b8cfb9b18b0da5496663f1227142096d881673119f3dba72ecc608c1095033d92ae480772baa5ea9ed9e98b8ed101c6d30155da127451b4c318df9c4797ef5d5850fbe014f6199aad450a7e323541150c624ce90fb23f3b997fbc524169f756ebe745b7e8fb9083d65a938e6601b911ea509959391d275fc0ad0bf2140879e6178b04d3a91c51063e1db79988e5ce0e8bbd14e32ad461a0ea6e539e4a681578cd3ea3aa1808b883295229ce53cdbaa7f28fde0a7d5991c0ba9e4e22a3f76eff7b08400f5227ee6439b7ca6f8592a81a22bce9044d45c1732ff7ceb00e207f84ceb0d77432896583e9e1c8a6716189b2a9a27076741abc898243cb034b0b2a17ba55a52974aa5ba4c63e042e46bfd0cc82683487d651e8f1754604532c5794f1f5372ba41263bb85c0576d41d76b2cea3ccc4231aac0fb9a24457406e4024e6529b7af8383c0ddfc765c991df51ab3688334cb44594d39730f0e2df68c1256c30f9cc4ad894096964430485ab012385a3b1ce33bae18f46c20c47721ce487cbed8c8dc1ce147d00af8a7a26d0554440f0092fd3b2b0ff5d3325ae0413c914d73f1a714108eba32d1cf9a644c2fc3fde3ea514b2883c06fb64b600bb586f93d2a54eaaec53a0db0fbaaa299d6dbb713ab619036b5c72ecd7f9f8c6ab3d1d8de1ac2b75a60ad3170a4e92975e54fb2df799d9503cf8585e6f092ab3125cf5c4bbd92755f9c0bc4607650434914786ee8769f36458d09a1286b70b0977aaef491d01140d3154dc7f98b20b0e65773185a318f28ab4dd409d818e3a12943f73b43739df950017fa63ec5db4af44554f666b7f1fe2fe0ad3fa83d590c7eac537af72ee58edfe4052391dfe94e10450aacb92f5476cdee9164e7c552a4cc58efb35fdaf8732465f6440383460a4ff602d00f4fc03ea2ee91330ca323c843fa04e4a1ac600c83022134aa93283cd922767da649e63e8013d2cdf5cc517beca5a6271ad9cb3019242424443600eeee61b7301b277aee43d7d2515d7198a694bddf459d3b267663efc22834fb9d5725f3a9afe759c7d79a75450ed25b033cb7c04d552baca8313f2bd84e190052cc7984f389f44e4d608fdcf5ad951b14ae75fd1be75e537eef45a7b4e81552233b101d0d470eb49d0a55206b1f4b1972ff70e487f29d28f266acedc7499dc20abc57aaa570fdfd261e7fd41c3c3fc119a65e4f507f0e210da727949af8d47e7b6d3ab56c344779872a06a635ee251715fd914cac9faeae56701ae0425cfaa82cbff693c41c9d8ca73ab4cf36f1ee37d8ca1133f8513529076fb236af7f3f730fbce64904b85d34d13b40dc5f6ab7b9a146335544dd30b5d6baec196479543a0ca9d69cb7ee7145f6be7bb74d189074fa7810bcaa33eef3f0570b252fb26c46294b139a0223549dce23a18eefc7fb67567d985284e723d8f0ebf8293f87e0a1f57788e7843b3915fdf359c2ec380464705e71f08e30a45928ec35b9daa6993fbdbe7551a43f92cff3b5951cc67267a4ee9dfef1f5db51c17be77af251dbb42442f8d4c0a7577c3abdf6263263ae4a306d3bd216f6f13e906285aa8b988cb2801452cad6ae38f5ad6753242145c364452f02d7e9a9fe1468ca6a4f547e3f6955c80c45145506d12dd701cdfeea2a75de5955f3eddf17803b86074c347575b7b972cd0f662a6f09372727505f6657bc888f7e5949c40bd732b3b11f460fe13a90f7b19b3e01fe0c952ca4997d8e4c4eb6eec902c65007c979b92b2471fb409bd68f4a7e139cb983af2293459c582c55801e6d45188eb3cfc4aa4135d2b39a6b13a42f901ec03b210a1780ffdaf72554422dd21d3f0eaf15045607178de7306e15536ec0393099682f376cc4081b282831e6526c5497416ac93657956734fb7df4fc0481a891dd3529a9066cc0013436c7610ab92215d304146bed21fe808cbe9cfcd6c0d5a0fb3f7c00e25290292d97c72e8a5fd6bdfc9c748cbcfae9195b1587804f1fe520a8b2a1631f8aaa63b958dc4548f0cd06f22fc39483ef853887ec708aa0f0a96ecd04b649f5db6860a536c16fd10c5fd5288016de4ecbfb583ad627e5ca23b58e0b856e6cca57553424f8508e88fe37dda0ac63153784ebda78f46b76d56cc6d2fd9470b46dfa5b63d9887490907e7664d1e28b1ed4c9e51b87af554d04a649d0dbe8a0ffeb1d853d7b540c69d774d4fc00e107c4f39a54445b6f50fbf47ed52d7fe51bc2d1ce549677b5689d641b7a7d2f8d58863281e3ba777e417cf9fc7e77fbef28ece7d6852f3062c4729467169fc5a62605a13f9c47f1d63c3ef9e23d5d5ee8f217c5b01e3684e12efb7ed74f064544686836ac3d46c26d5585a3dc040650bc802a21c9c15b810004158f3115c0827a2e98de11ec8617dd9bd52a099824732cedc9bab6533372b859bc6cc7e7aa9d5d773bf48173e523354b242aa7ba98cad5f77a026001bebc8ff52abda3ddb3a2744fc8ac1ec5849d8ac06cd39d533ebede7364d3367f0640474db17ac33bde63391a77f0a26fc11b92fb31a00698d57e0909a27f34204cc8102ec3a64e6a55b81eac621f311d76780c4bcdf51586d2f8961dbc5e7128a093024e29febadeecf6e9ae36e743b9a5325e34a30b87b823f0deafebcbdeea1010078cbeb2128b2247b0897a22ba9a2f8a4406f402b32751b0dfcda7057c26c19c33f40e5c28f0dc72534f092f43974ea49a348dbba807d86e748bd52c3eb7656ef443b7e1f873457119f2d7bf990eccd9760c189727d2e2f5bc1324f59e1310ccef4e968e4c2f6b289788daebb936dfe21fa5207d3268d2ea195e699e84baa18cfa53d573f165b7353f62a474eb896cd43410444a92d4866643e76f5356728edd79d0195d90a4456e82630754687ef6e2c0d1eeb2142208e319830043690314f7ecf2dc4e0fdbc16594e7487e6a9c6b12eff5f8f76bdc75eb168b66b96465427ed89ad4bc3cf3277f5bbb55313a4b9194fe792386c58dcc71679e1c3132b7932da6fed51171ec8a067bed84b5b0ea71bf655481650be3571af8b06497a7f8057396adde78e7af3832c894b14169c07220ed3fe88d215670c18e2610c783da1f040d27a8a926152755c6face671ff93ed3b0714da450707f24a9f6dabe44b83f2f9de8907fbdb798991bc1b46491d614f6f92e3888bba97e542aaf5e8b09ffbbb1010b2407cc48be2742819505dbcb7d0ed27ff7b18807b663b569847e46470a6cd8599f75506356f084ecb5713fdc9a5c794efa22e5c527724c5c2dbda79be1bf3c8d3eb699cecf666a557791b74e364a43011d73f898a6975d1ee9b8701948fb180ab39cd52f7efa2adf37758ef8f2dd4f356e721f6ba205f2c08e8bb0409be8e2bfe3e6c2a3f1058bdf9ebe9103c32628e8aedbba576a93102e6cb8e5fdb291de38fadfdf619b75b75acf95b52e6011cf54a2e3ffba97de4074e3227a1a53847f173ea35c1e5d5a7fc50d6481391c7d38a02320515a15f605b2b69d41200936606f33502f82b82fae141995486442832691fb43a70f786856c2c7309b537258fb077a6179981bd1a333de9222489455f58eb6dc0f94b722a317bdc3cd313a61528a51f024cd78d0669d191d7d03108068e0e0c75833590313b9d2539440a979ab1fcd464250fdbf0b1747e6f4777e01646cfa711f7ca8d8c4d3f40c4c58db209e18851ee9afcde60a0183c541dcfd8d0b5c4556615b85c2d19a228df80dd67cad58830f2664da3478fa14e6fab7336cbac1620818db971a889c22f7c1a60bb0290526aeb78bbcff7a589cc74541009297c73066bc554ca2012e1433fb079d38ac9410dfe72739f38995b62d6e1baf51fd929df431188fb4f88bf6401c1466b36c0dc1a51cdb6091e39a686787c2df7e9af1c43f43869db0d012abc18d5dd7d931050ae2f2df4240fd081430f10d745f88e384abc7fa69a9f7b40b527c315c917d9e37ecf136fa7e1d617ecdccfc14ead2903eb26093f212d7415b5dd5bc22be690960ae8ee0dc74c4d81e7439a9379297d3a888efb0b5186e59a241d6b0387f0c8864b6b9cda3eb5a59d9cfd7b967ad9095ca0d16a013834f8e7fca1c4c49c5e6aac1a5b9c85c1aaf970b526a826a4fcba77b78c44dd7268096b7cc72ec667fe9f9780bc6d8320170003dda45f7e04eb146792f376e131a1e54111ce09e4c18ad4b6405862b4f77813893a32cfdd4dc6e0b16204b992d2cc41821666e09f48211e18960a8221e1b94974a9743ef4a9f9c0ae98bfc776e70b040435e553a54bda795c1a3a0df0c450b9fb860effd6f973dd3f8fa9d9abd82c5e03a9e4b5491e376b786d0ba1544d96f05288c9b88be8541a0be8937072d0020c40ecfedc622754a05f05e3528c3a036e0d693b2284f5940645d07ae075923479c18b9c7abf232aa124522210b92584c3cebc49a6b062e0db354745b60e04703082da701022aba37f285feda9f708a2068abfccd2ccca2b6d77229d912cb7fc481eaafa303fc056f98edbdd9b1fcd23dd88dac33f0edcaece46a97886fb0f6d5640c7a3321288e57365562df05442d2b922952e9de2b4774f2a1c5611bfe1101b3c69bb0f36a8234f10a3c8515cd9616d90f1c1da166bf5373f9a23c4f4ca6b7b78f0c3d4f9f6394c2b99107b976e8d95d1798af65dcec84e7fc8df8ed810d732fc3a3688d360c3b4eb3d011d78e47287c0da8a9faa69f8614bbb7f949ca4d65554534a1024c2a931345db649799109a893b9692cd44cd671e4533e4c2d993b2e2b253e19a01705e4b474fd6e048463b5bcd09b73c0b8b162ebe0d1c8aa58a1c579f6805e70c73cc45a045ab55df0db881d5ea9315fd0d5a66a4e682dca247cb7bc681a8ffeb35ac1776010ab5879057e3062458eaa693e90811dd7e8eda5b2be01a545c7c7fea4341ab14552c5b1b50bf33d4239acec92411437c02f28893bb9b6c459f33a401f246986b8dbd26adb81d06211e1b433629a069ce7a5c3c5e3cdea58208741150a8db8fb08a7e40bca6e581d5042d9e50aa1df1e10f2ac3854", 0x1, r6, 0x4}, 0x38) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:44:21 executing program 2: r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RNDGETENTCNT(r0, 0x40045201, &(0x7f0000000180)) [ 845.107052][T31218] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 845.115182][T31213] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (60729!=0) [ 845.124497][T31213] EXT4-fs (loop5): group descriptors corrupted! [ 845.161824][T31215] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 845.172080][T31215] CPU: 0 PID: 31215 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 845.183103][T31215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 845.193154][T31215] Call Trace: [ 845.196428][T31215] [ 845.199362][T31215] dump_stack_lvl+0xd6/0x122 [ 845.204016][T31215] dump_stack+0x11/0x12 [ 845.208173][T31215] dump_header+0x98/0x410 [ 845.212510][T31215] out_of_memory+0x65e/0x880 [ 845.217103][T31215] memory_max_write+0x31b/0x420 [ 845.221957][T31215] ? memory_max_show+0x70/0x70 [ 845.226792][T31215] cgroup_file_write+0x167/0x300 [ 845.231831][T31215] ? __check_object_size+0x235/0x380 [ 845.240154][T31215] ? cgroup_seqfile_stop+0x70/0x70 [ 845.245335][T31215] kernfs_fop_write_iter+0x1d3/0x2c0 [ 845.250631][T31215] vfs_write+0x71c/0x890 [ 845.254916][T31215] ksys_write+0xe8/0x1a0 [ 845.259149][T31215] __x64_sys_write+0x3e/0x50 [ 845.263720][T31215] do_syscall_64+0x2b/0x70 [ 845.268167][T31215] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 845.274059][T31215] RIP: 0033:0x7ff0acc260e9 [ 845.278526][T31215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 845.298126][T31215] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 845.306518][T31215] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 845.314464][T31215] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 845.322443][T31215] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 845.330391][T31215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 845.338368][T31215] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 845.346316][T31215] [ 845.349393][T31215] memory: usage 72kB, limit 0kB, failcnt 7204 [ 845.355447][T31215] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 845.362288][T31215] Memory cgroup stats for /syz0: [ 845.365034][T31215] anon 0 [ 845.365034][T31215] file 53248 [ 845.365034][T31215] kernel 20480 [ 845.365034][T31215] kernel_stack 0 [ 845.365034][T31215] pagetables 0 [ 845.365034][T31215] percpu 0 [ 845.365034][T31215] sock 0 [ 845.365034][T31215] vmalloc 0 [ 845.365034][T31215] shmem 53248 [ 845.365034][T31215] file_mapped 53248 [ 845.365034][T31215] file_dirty 0 [ 845.365034][T31215] file_writeback 0 [ 845.365034][T31215] swapcached 0 [ 845.365034][T31215] inactive_anon 0 [ 845.365034][T31215] active_anon 53248 [ 845.365034][T31215] inactive_file 0 [ 845.365034][T31215] active_file 0 [ 845.365034][T31215] unevictable 0 [ 845.365034][T31215] slab_reclaimable 3056 [ 845.365034][T31215] slab_unreclaimable 14936 [ 845.365034][T31215] slab 17992 [ 845.365034][T31215] workingset_refault_anon 0 [ 845.365034][T31215] workingset_refault_file 7 [ 845.365034][T31215] workingset_activate_anon 0 [ 845.365034][T31215] workingset_activate_file 0 [ 845.457184][T31215] Out of memory and no killable processes... [ 845.600822][ T8] device hsr_slave_0 left promiscuous mode [ 845.607043][ T8] device hsr_slave_1 left promiscuous mode [ 845.613389][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 845.620819][ T8] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 845.629100][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 845.636477][ T8] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 845.644361][ T8] device bridge_slave_1 left promiscuous mode [ 845.650560][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 845.657919][ T8] device bridge_slave_0 left promiscuous mode [ 845.664119][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 845.673383][ T8] device veth1_macvtap left promiscuous mode [ 845.679384][ T8] device veth0_macvtap left promiscuous mode [ 845.685380][ T8] device veth1_vlan left promiscuous mode [ 845.691144][ T8] device veth0_vlan left promiscuous mode [ 845.771323][ T8] team0 (unregistering): Port device team_slave_1 removed [ 845.781239][ T8] team0 (unregistering): Port device team_slave_0 removed [ 845.790496][ T8] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 845.801657][ T8] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 845.830193][ T8] bond0 (unregistering): Released all slaves [ 846.423319][T31239] chnl_net:caif_netlink_parms(): no params data found [ 846.451612][T31239] bridge0: port 1(bridge_slave_0) entered blocking state [ 846.458743][T31239] bridge0: port 1(bridge_slave_0) entered disabled state [ 846.466409][T31239] device bridge_slave_0 entered promiscuous mode [ 846.473546][T31239] bridge0: port 2(bridge_slave_1) entered blocking state [ 846.480699][T31239] bridge0: port 2(bridge_slave_1) entered disabled state [ 846.489401][T31239] device bridge_slave_1 entered promiscuous mode [ 846.504894][T31239] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 846.515043][T31239] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 846.532315][T31239] team0: Port device team_slave_0 added [ 846.538673][T31239] team0: Port device team_slave_1 added [ 846.551926][T31239] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 846.558868][T31239] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 846.584885][T31239] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 846.596213][T31239] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 846.603169][T31239] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 846.629117][T31239] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 846.652176][T31239] device hsr_slave_0 entered promiscuous mode [ 846.658777][T31239] device hsr_slave_1 entered promiscuous mode [ 846.664994][T31239] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 846.672574][T31239] Cannot create hsr debugfs directory [ 846.700352][T31239] bridge0: port 2(bridge_slave_1) entered blocking state [ 846.707548][T31239] bridge0: port 2(bridge_slave_1) entered forwarding state [ 846.714833][T31239] bridge0: port 1(bridge_slave_0) entered blocking state [ 846.721859][T31239] bridge0: port 1(bridge_slave_0) entered forwarding state [ 846.751418][T31239] 8021q: adding VLAN 0 to HW filter on device bond0 [ 846.763596][T31239] 8021q: adding VLAN 0 to HW filter on device team0 [ 846.771253][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 846.779158][ T77] bridge0: port 1(bridge_slave_0) entered disabled state [ 846.786738][ T77] bridge0: port 2(bridge_slave_1) entered disabled state [ 846.810584][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 846.818931][ T77] bridge0: port 1(bridge_slave_0) entered blocking state [ 846.826121][ T77] bridge0: port 1(bridge_slave_0) entered forwarding state [ 846.834115][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 846.842438][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 846.849689][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 846.858311][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 846.866922][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 846.875477][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 846.885900][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 846.893929][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 846.903231][T31239] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 846.916405][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 846.924032][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 846.933800][T31239] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 847.007429][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 847.016303][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 847.051712][T31239] device veth0_vlan entered promiscuous mode [ 847.058310][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 847.066621][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 847.075503][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 847.083486][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 847.093442][T31239] device veth1_vlan entered promiscuous mode [ 847.105876][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 847.115271][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 847.123261][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 847.132505][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 847.142404][T31239] device veth0_macvtap entered promiscuous mode [ 847.150345][T31239] device veth1_macvtap entered promiscuous mode [ 847.161240][T31239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 847.171794][T31239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 847.181643][T31239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 847.192049][T31239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 847.201840][T31239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 847.212335][T31239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 847.222211][T31239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 847.232626][T31239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 847.242461][T31239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 847.252865][T31239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 847.263817][T31239] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 847.272510][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 847.280724][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 847.289045][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 847.297581][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 847.307442][T31239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 847.317873][T31239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 847.327688][T31239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 847.338104][T31239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 847.347889][T31239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 847.358307][T31239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 847.368119][T31239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 847.378536][T31239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 847.388440][T31239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 18:44:23 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x6) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) mount(&(0x7f00000000c0)=ANY=[@ANYBLOB="2e02582c99ad44f48415f773adae17de2f66696c653000"], &(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x80, &(0x7f0000000100)='cgroup2\x00') listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 18:44:23 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x500, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:23 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x99, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f0000000000)='()\'\'\x00') prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1a4ce4b84e5fc90d}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, r5, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1000}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x2c}}, 0x48041) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000340)={0xfffffffd}, 0x8) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r0, 0xc0189374, &(0x7f0000001540)={{0x1, 0x1, 0x18, r1, {0x100}}, './file0/file0\x00'}) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000001580)={&(0x7f0000000380)="a45830396fb0aed16ff4b4c43eff34311b5c7e48138671b56d1aa600a5eadd084f665723bdae2634b4f6f810a416eeb800a4b48cc7bbf8887a380723613ef8b3004cdc2fb8abee", &(0x7f0000000400)=""/85, &(0x7f0000000480)="e2939b66e7a083af0950be1d22bcbd5158803162a95b3c7b935e4189dbedcdd7a3b44782f894cecf83720b9e0fc49719392ebe238f5b1e47882f71d195003c5beae68712c62fccab14e2822b6b70f7c90b7933b664a7567e547f6956cc44b63d676c4bfaa960e3c9d6242b1e4680b9efb96e0d9a5f02536a54236ec1d0ccbc16492dfc233c3d2e", &(0x7f0000000540)="bae0ca4bc59bda8b693ac4b1f9d924b6165cd5618d423dc76a6db7f5ceb37bc85f07c7ae0ec711a25f7cf6953120a088fc0d2fb3e92be7aa6a939a87c8c46d5fc5bcb404a6c5e7d5cd8bcbf8aed84bc5185c41e349ad3b510a73fcbb72b1cf46091dd285bfe4ec03e0c6064d47751aebdf9db9dabb88352400e27cbb7fe853c3c276c40bd9445d2751b817855af745ddd5f98bc044a30ce67259c85747ac59f9ac45eb16bbca9d04b7e8e048989ec9c39dc0555ec08550c794208eedeb78824ac9b4695fcb78c3b39282710afae140a2070c15e5e9a3ce149c7aa192890d14b5a97d6ff2993f9934e30f439b69a2d58837d5352d4ae2db9ae69aab199804e68d31b7935ec6a48692833696460d8ec0dd01181fa905260a030e45708a6c89e6dc0de52d4310be5e63ff8dbacee1c8e4fd26b05b6de7b83881ec2e3a8e7056103404b952a8b72265766e9722c2cd289930857b5e32b570bab9f5e601ebff5f8918985de71840c84e9b856fdb846a98bb8a57f7face81ee72f805759e9e80b88a9032c4c72153e75b7dc95913b52b2f962433b72b894ad8798e42ad366098e168fb4befa08c652f811536d9b0eb15f5d28dada33dfcbbd2b955045b9c6c0f5497513dd5c878bffe7d03c7e0fcbea596670add1ff44ce7ad0b5f1a7922f4ba0432ffc02ac9d3374123ff7646d5de0d1d6b563e846b3cc93cf4e0b7dca4126bec14e0264699cd4783119abe75f5c9612034575ec6b8cfb9b18b0da5496663f1227142096d881673119f3dba72ecc608c1095033d92ae480772baa5ea9ed9e98b8ed101c6d30155da127451b4c318df9c4797ef5d5850fbe014f6199aad450a7e323541150c624ce90fb23f3b997fbc524169f756ebe745b7e8fb9083d65a938e6601b911ea509959391d275fc0ad0bf2140879e6178b04d3a91c51063e1db79988e5ce0e8bbd14e32ad461a0ea6e539e4a681578cd3ea3aa1808b883295229ce53cdbaa7f28fde0a7d5991c0ba9e4e22a3f76eff7b08400f5227ee6439b7ca6f8592a81a22bce9044d45c1732ff7ceb00e207f84ceb0d77432896583e9e1c8a6716189b2a9a27076741abc898243cb034b0b2a17ba55a52974aa5ba4c63e042e46bfd0cc82683487d651e8f1754604532c5794f1f5372ba41263bb85c0576d41d76b2cea3ccc4231aac0fb9a24457406e4024e6529b7af8383c0ddfc765c991df51ab3688334cb44594d39730f0e2df68c1256c30f9cc4ad894096964430485ab012385a3b1ce33bae18f46c20c47721ce487cbed8c8dc1ce147d00af8a7a26d0554440f0092fd3b2b0ff5d3325ae0413c914d73f1a714108eba32d1cf9a644c2fc3fde3ea514b2883c06fb64b600bb586f93d2a54eaaec53a0db0fbaaa299d6dbb713ab619036b5c72ecd7f9f8c6ab3d1d8de1ac2b75a60ad3170a4e92975e54fb2df799d9503cf8585e6f092ab3125cf5c4bbd92755f9c0bc4607650434914786ee8769f36458d09a1286b70b0977aaef491d01140d3154dc7f98b20b0e65773185a318f28ab4dd409d818e3a12943f73b43739df950017fa63ec5db4af44554f666b7f1fe2fe0ad3fa83d590c7eac537af72ee58edfe4052391dfe94e10450aacb92f5476cdee9164e7c552a4cc58efb35fdaf8732465f6440383460a4ff602d00f4fc03ea2ee91330ca323c843fa04e4a1ac600c83022134aa93283cd922767da649e63e8013d2cdf5cc517beca5a6271ad9cb3019242424443600eeee61b7301b277aee43d7d2515d7198a694bddf459d3b267663efc22834fb9d5725f3a9afe759c7d79a75450ed25b033cb7c04d552baca8313f2bd84e190052cc7984f389f44e4d608fdcf5ad951b14ae75fd1be75e537eef45a7b4e81552233b101d0d470eb49d0a55206b1f4b1972ff70e487f29d28f266acedc7499dc20abc57aaa570fdfd261e7fd41c3c3fc119a65e4f507f0e210da727949af8d47e7b6d3ab56c344779872a06a635ee251715fd914cac9faeae56701ae0425cfaa82cbff693c41c9d8ca73ab4cf36f1ee37d8ca1133f8513529076fb236af7f3f730fbce64904b85d34d13b40dc5f6ab7b9a146335544dd30b5d6baec196479543a0ca9d69cb7ee7145f6be7bb74d189074fa7810bcaa33eef3f0570b252fb26c46294b139a0223549dce23a18eefc7fb67567d985284e723d8f0ebf8293f87e0a1f57788e7843b3915fdf359c2ec380464705e71f08e30a45928ec35b9daa6993fbdbe7551a43f92cff3b5951cc67267a4ee9dfef1f5db51c17be77af251dbb42442f8d4c0a7577c3abdf6263263ae4a306d3bd216f6f13e906285aa8b988cb2801452cad6ae38f5ad6753242145c364452f02d7e9a9fe1468ca6a4f547e3f6955c80c45145506d12dd701cdfeea2a75de5955f3eddf17803b86074c347575b7b972cd0f662a6f09372727505f6657bc888f7e5949c40bd732b3b11f460fe13a90f7b19b3e01fe0c952ca4997d8e4c4eb6eec902c65007c979b92b2471fb409bd68f4a7e139cb983af2293459c582c55801e6d45188eb3cfc4aa4135d2b39a6b13a42f901ec03b210a1780ffdaf72554422dd21d3f0eaf15045607178de7306e15536ec0393099682f376cc4081b282831e6526c5497416ac93657956734fb7df4fc0481a891dd3529a9066cc0013436c7610ab92215d304146bed21fe808cbe9cfcd6c0d5a0fb3f7c00e25290292d97c72e8a5fd6bdfc9c748cbcfae9195b1587804f1fe520a8b2a1631f8aaa63b958dc4548f0cd06f22fc39483ef853887ec708aa0f0a96ecd04b649f5db6860a536c16fd10c5fd5288016de4ecbfb583ad627e5ca23b58e0b856e6cca57553424f8508e88fe37dda0ac63153784ebda78f46b76d56cc6d2fd9470b46dfa5b63d9887490907e7664d1e28b1ed4c9e51b87af554d04a649d0dbe8a0ffeb1d853d7b540c69d774d4fc00e107c4f39a54445b6f50fbf47ed52d7fe51bc2d1ce549677b5689d641b7a7d2f8d58863281e3ba777e417cf9fc7e77fbef28ece7d6852f3062c4729467169fc5a62605a13f9c47f1d63c3ef9e23d5d5ee8f217c5b01e3684e12efb7ed74f064544686836ac3d46c26d5585a3dc040650bc802a21c9c15b810004158f3115c0827a2e98de11ec8617dd9bd52a099824732cedc9bab6533372b859bc6cc7e7aa9d5d773bf48173e523354b242aa7ba98cad5f77a026001bebc8ff52abda3ddb3a2744fc8ac1ec5849d8ac06cd39d533ebede7364d3367f0640474db17ac33bde63391a77f0a26fc11b92fb31a00698d57e0909a27f34204cc8102ec3a64e6a55b81eac621f311d76780c4bcdf51586d2f8961dbc5e7128a093024e29febadeecf6e9ae36e743b9a5325e34a30b87b823f0deafebcbdeea1010078cbeb2128b2247b0897a22ba9a2f8a4406f402b32751b0dfcda7057c26c19c33f40e5c28f0dc72534f092f43974ea49a348dbba807d86e748bd52c3eb7656ef443b7e1f873457119f2d7bf990eccd9760c189727d2e2f5bc1324f59e1310ccef4e968e4c2f6b289788daebb936dfe21fa5207d3268d2ea195e699e84baa18cfa53d573f165b7353f62a474eb896cd43410444a92d4866643e76f5356728edd79d0195d90a4456e82630754687ef6e2c0d1eeb2142208e319830043690314f7ecf2dc4e0fdbc16594e7487e6a9c6b12eff5f8f76bdc75eb168b66b96465427ed89ad4bc3cf3277f5bbb55313a4b9194fe792386c58dcc71679e1c3132b7932da6fed51171ec8a067bed84b5b0ea71bf655481650be3571af8b06497a7f8057396adde78e7af3832c894b14169c07220ed3fe88d215670c18e2610c783da1f040d27a8a926152755c6face671ff93ed3b0714da450707f24a9f6dabe44b83f2f9de8907fbdb798991bc1b46491d614f6f92e3888bba97e542aaf5e8b09ffbbb1010b2407cc48be2742819505dbcb7d0ed27ff7b18807b663b569847e46470a6cd8599f75506356f084ecb5713fdc9a5c794efa22e5c527724c5c2dbda79be1bf3c8d3eb699cecf666a557791b74e364a43011d73f898a6975d1ee9b8701948fb180ab39cd52f7efa2adf37758ef8f2dd4f356e721f6ba205f2c08e8bb0409be8e2bfe3e6c2a3f1058bdf9ebe9103c32628e8aedbba576a93102e6cb8e5fdb291de38fadfdf619b75b75acf95b52e6011cf54a2e3ffba97de4074e3227a1a53847f173ea35c1e5d5a7fc50d6481391c7d38a02320515a15f605b2b69d41200936606f33502f82b82fae141995486442832691fb43a70f786856c2c7309b537258fb077a6179981bd1a333de9222489455f58eb6dc0f94b722a317bdc3cd313a61528a51f024cd78d0669d191d7d03108068e0e0c75833590313b9d2539440a979ab1fcd464250fdbf0b1747e6f4777e01646cfa711f7ca8d8c4d3f40c4c58db209e18851ee9afcde60a0183c541dcfd8d0b5c4556615b85c2d19a228df80dd67cad58830f2664da3478fa14e6fab7336cbac1620818db971a889c22f7c1a60bb0290526aeb78bbcff7a589cc74541009297c73066bc554ca2012e1433fb079d38ac9410dfe72739f38995b62d6e1baf51fd929df431188fb4f88bf6401c1466b36c0dc1a51cdb6091e39a686787c2df7e9af1c43f43869db0d012abc18d5dd7d931050ae2f2df4240fd081430f10d745f88e384abc7fa69a9f7b40b527c315c917d9e37ecf136fa7e1d617ecdccfc14ead2903eb26093f212d7415b5dd5bc22be690960ae8ee0dc74c4d81e7439a9379297d3a888efb0b5186e59a241d6b0387f0c8864b6b9cda3eb5a59d9cfd7b967ad9095ca0d16a013834f8e7fca1c4c49c5e6aac1a5b9c85c1aaf970b526a826a4fcba77b78c44dd7268096b7cc72ec667fe9f9780bc6d8320170003dda45f7e04eb146792f376e131a1e54111ce09e4c18ad4b6405862b4f77813893a32cfdd4dc6e0b16204b992d2cc41821666e09f48211e18960a8221e1b94974a9743ef4a9f9c0ae98bfc776e70b040435e553a54bda795c1a3a0df0c450b9fb860effd6f973dd3f8fa9d9abd82c5e03a9e4b5491e376b786d0ba1544d96f05288c9b88be8541a0be8937072d0020c40ecfedc622754a05f05e3528c3a036e0d693b2284f5940645d07ae075923479c18b9c7abf232aa124522210b92584c3cebc49a6b062e0db354745b60e04703082da701022aba37f285feda9f708a2068abfccd2ccca2b6d77229d912cb7fc481eaafa303fc056f98edbdd9b1fcd23dd88dac33f0edcaece46a97886fb0f6d5640c7a3321288e57365562df05442d2b922952e9de2b4774f2a1c5611bfe1101b3c69bb0f36a8234f10a3c8515cd9616d90f1c1da166bf5373f9a23c4f4ca6b7b78f0c3d4f9f6394c2b99107b976e8d95d1798af65dcec84e7fc8df8ed810d732fc3a3688d360c3b4eb3d011d78e47287c0da8a9faa69f8614bbb7f949ca4d65554534a1024c2a931345db649799109a893b9692cd44cd671e4533e4c2d993b2e2b253e19a01705e4b474fd6e048463b5bcd09b73c0b8b162ebe0d1c8aa58a1c579f6805e70c73cc45a045ab55df0db881d5ea9315fd0d5a66a4e682dca247cb7bc681a8ffeb35ac1776010ab5879057e3062458eaa693e90811dd7e8eda5b2be01a545c7c7fea4341ab14552c5b1b50bf33d4239acec92411437c02f28893bb9b6c459f33a401f246986b8dbd26adb81d06211e1b433629a069ce7a5c3c5e3cdea58208741150a8db8fb08a7e40bca6e581d5042d9e50aa1df1e10f2ac3854", 0x1, r6, 0x4}, 0x38) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async) openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x99, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) (async) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f0000000000)='()\'\'\x00') (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) (async) sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1a4ce4b84e5fc90d}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, r5, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1000}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x2c}}, 0x48041) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000340)={0xfffffffd}, 0x8) (async) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r0, 0xc0189374, &(0x7f0000001540)={{0x1, 0x1, 0x18, r1, {0x100}}, './file0/file0\x00'}) (async) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000001580)={&(0x7f0000000380)="a45830396fb0aed16ff4b4c43eff34311b5c7e48138671b56d1aa600a5eadd084f665723bdae2634b4f6f810a416eeb800a4b48cc7bbf8887a380723613ef8b3004cdc2fb8abee", &(0x7f0000000400)=""/85, &(0x7f0000000480)="e2939b66e7a083af0950be1d22bcbd5158803162a95b3c7b935e4189dbedcdd7a3b44782f894cecf83720b9e0fc49719392ebe238f5b1e47882f71d195003c5beae68712c62fccab14e2822b6b70f7c90b7933b664a7567e547f6956cc44b63d676c4bfaa960e3c9d6242b1e4680b9efb96e0d9a5f02536a54236ec1d0ccbc16492dfc233c3d2e", &(0x7f0000000540)="bae0ca4bc59bda8b693ac4b1f9d924b6165cd5618d423dc76a6db7f5ceb37bc85f07c7ae0ec711a25f7cf6953120a088fc0d2fb3e92be7aa6a939a87c8c46d5fc5bcb404a6c5e7d5cd8bcbf8aed84bc5185c41e349ad3b510a73fcbb72b1cf46091dd285bfe4ec03e0c6064d47751aebdf9db9dabb88352400e27cbb7fe853c3c276c40bd9445d2751b817855af745ddd5f98bc044a30ce67259c85747ac59f9ac45eb16bbca9d04b7e8e048989ec9c39dc0555ec08550c794208eedeb78824ac9b4695fcb78c3b39282710afae140a2070c15e5e9a3ce149c7aa192890d14b5a97d6ff2993f9934e30f439b69a2d58837d5352d4ae2db9ae69aab199804e68d31b7935ec6a48692833696460d8ec0dd01181fa905260a030e45708a6c89e6dc0de52d4310be5e63ff8dbacee1c8e4fd26b05b6de7b83881ec2e3a8e7056103404b952a8b72265766e9722c2cd289930857b5e32b570bab9f5e601ebff5f8918985de71840c84e9b856fdb846a98bb8a57f7face81ee72f805759e9e80b88a9032c4c72153e75b7dc95913b52b2f962433b72b894ad8798e42ad366098e168fb4befa08c652f811536d9b0eb15f5d28dada33dfcbbd2b955045b9c6c0f5497513dd5c878bffe7d03c7e0fcbea596670add1ff44ce7ad0b5f1a7922f4ba0432ffc02ac9d3374123ff7646d5de0d1d6b563e846b3cc93cf4e0b7dca4126bec14e0264699cd4783119abe75f5c9612034575ec6b8cfb9b18b0da5496663f1227142096d881673119f3dba72ecc608c1095033d92ae480772baa5ea9ed9e98b8ed101c6d30155da127451b4c318df9c4797ef5d5850fbe014f6199aad450a7e323541150c624ce90fb23f3b997fbc524169f756ebe745b7e8fb9083d65a938e6601b911ea509959391d275fc0ad0bf2140879e6178b04d3a91c51063e1db79988e5ce0e8bbd14e32ad461a0ea6e539e4a681578cd3ea3aa1808b883295229ce53cdbaa7f28fde0a7d5991c0ba9e4e22a3f76eff7b08400f5227ee6439b7ca6f8592a81a22bce9044d45c1732ff7ceb00e207f84ceb0d77432896583e9e1c8a6716189b2a9a27076741abc898243cb034b0b2a17ba55a52974aa5ba4c63e042e46bfd0cc82683487d651e8f1754604532c5794f1f5372ba41263bb85c0576d41d76b2cea3ccc4231aac0fb9a24457406e4024e6529b7af8383c0ddfc765c991df51ab3688334cb44594d39730f0e2df68c1256c30f9cc4ad894096964430485ab012385a3b1ce33bae18f46c20c47721ce487cbed8c8dc1ce147d00af8a7a26d0554440f0092fd3b2b0ff5d3325ae0413c914d73f1a714108eba32d1cf9a644c2fc3fde3ea514b2883c06fb64b600bb586f93d2a54eaaec53a0db0fbaaa299d6dbb713ab619036b5c72ecd7f9f8c6ab3d1d8de1ac2b75a60ad3170a4e92975e54fb2df799d9503cf8585e6f092ab3125cf5c4bbd92755f9c0bc4607650434914786ee8769f36458d09a1286b70b0977aaef491d01140d3154dc7f98b20b0e65773185a318f28ab4dd409d818e3a12943f73b43739df950017fa63ec5db4af44554f666b7f1fe2fe0ad3fa83d590c7eac537af72ee58edfe4052391dfe94e10450aacb92f5476cdee9164e7c552a4cc58efb35fdaf8732465f6440383460a4ff602d00f4fc03ea2ee91330ca323c843fa04e4a1ac600c83022134aa93283cd922767da649e63e8013d2cdf5cc517beca5a6271ad9cb3019242424443600eeee61b7301b277aee43d7d2515d7198a694bddf459d3b267663efc22834fb9d5725f3a9afe759c7d79a75450ed25b033cb7c04d552baca8313f2bd84e190052cc7984f389f44e4d608fdcf5ad951b14ae75fd1be75e537eef45a7b4e81552233b101d0d470eb49d0a55206b1f4b1972ff70e487f29d28f266acedc7499dc20abc57aaa570fdfd261e7fd41c3c3fc119a65e4f507f0e210da727949af8d47e7b6d3ab56c344779872a06a635ee251715fd914cac9faeae56701ae0425cfaa82cbff693c41c9d8ca73ab4cf36f1ee37d8ca1133f8513529076fb236af7f3f730fbce64904b85d34d13b40dc5f6ab7b9a146335544dd30b5d6baec196479543a0ca9d69cb7ee7145f6be7bb74d189074fa7810bcaa33eef3f0570b252fb26c46294b139a0223549dce23a18eefc7fb67567d985284e723d8f0ebf8293f87e0a1f57788e7843b3915fdf359c2ec380464705e71f08e30a45928ec35b9daa6993fbdbe7551a43f92cff3b5951cc67267a4ee9dfef1f5db51c17be77af251dbb42442f8d4c0a7577c3abdf6263263ae4a306d3bd216f6f13e906285aa8b988cb2801452cad6ae38f5ad6753242145c364452f02d7e9a9fe1468ca6a4f547e3f6955c80c45145506d12dd701cdfeea2a75de5955f3eddf17803b86074c347575b7b972cd0f662a6f09372727505f6657bc888f7e5949c40bd732b3b11f460fe13a90f7b19b3e01fe0c952ca4997d8e4c4eb6eec902c65007c979b92b2471fb409bd68f4a7e139cb983af2293459c582c55801e6d45188eb3cfc4aa4135d2b39a6b13a42f901ec03b210a1780ffdaf72554422dd21d3f0eaf15045607178de7306e15536ec0393099682f376cc4081b282831e6526c5497416ac93657956734fb7df4fc0481a891dd3529a9066cc0013436c7610ab92215d304146bed21fe808cbe9cfcd6c0d5a0fb3f7c00e25290292d97c72e8a5fd6bdfc9c748cbcfae9195b1587804f1fe520a8b2a1631f8aaa63b958dc4548f0cd06f22fc39483ef853887ec708aa0f0a96ecd04b649f5db6860a536c16fd10c5fd5288016de4ecbfb583ad627e5ca23b58e0b856e6cca57553424f8508e88fe37dda0ac63153784ebda78f46b76d56cc6d2fd9470b46dfa5b63d9887490907e7664d1e28b1ed4c9e51b87af554d04a649d0dbe8a0ffeb1d853d7b540c69d774d4fc00e107c4f39a54445b6f50fbf47ed52d7fe51bc2d1ce549677b5689d641b7a7d2f8d58863281e3ba777e417cf9fc7e77fbef28ece7d6852f3062c4729467169fc5a62605a13f9c47f1d63c3ef9e23d5d5ee8f217c5b01e3684e12efb7ed74f064544686836ac3d46c26d5585a3dc040650bc802a21c9c15b810004158f3115c0827a2e98de11ec8617dd9bd52a099824732cedc9bab6533372b859bc6cc7e7aa9d5d773bf48173e523354b242aa7ba98cad5f77a026001bebc8ff52abda3ddb3a2744fc8ac1ec5849d8ac06cd39d533ebede7364d3367f0640474db17ac33bde63391a77f0a26fc11b92fb31a00698d57e0909a27f34204cc8102ec3a64e6a55b81eac621f311d76780c4bcdf51586d2f8961dbc5e7128a093024e29febadeecf6e9ae36e743b9a5325e34a30b87b823f0deafebcbdeea1010078cbeb2128b2247b0897a22ba9a2f8a4406f402b32751b0dfcda7057c26c19c33f40e5c28f0dc72534f092f43974ea49a348dbba807d86e748bd52c3eb7656ef443b7e1f873457119f2d7bf990eccd9760c189727d2e2f5bc1324f59e1310ccef4e968e4c2f6b289788daebb936dfe21fa5207d3268d2ea195e699e84baa18cfa53d573f165b7353f62a474eb896cd43410444a92d4866643e76f5356728edd79d0195d90a4456e82630754687ef6e2c0d1eeb2142208e319830043690314f7ecf2dc4e0fdbc16594e7487e6a9c6b12eff5f8f76bdc75eb168b66b96465427ed89ad4bc3cf3277f5bbb55313a4b9194fe792386c58dcc71679e1c3132b7932da6fed51171ec8a067bed84b5b0ea71bf655481650be3571af8b06497a7f8057396adde78e7af3832c894b14169c07220ed3fe88d215670c18e2610c783da1f040d27a8a926152755c6face671ff93ed3b0714da450707f24a9f6dabe44b83f2f9de8907fbdb798991bc1b46491d614f6f92e3888bba97e542aaf5e8b09ffbbb1010b2407cc48be2742819505dbcb7d0ed27ff7b18807b663b569847e46470a6cd8599f75506356f084ecb5713fdc9a5c794efa22e5c527724c5c2dbda79be1bf3c8d3eb699cecf666a557791b74e364a43011d73f898a6975d1ee9b8701948fb180ab39cd52f7efa2adf37758ef8f2dd4f356e721f6ba205f2c08e8bb0409be8e2bfe3e6c2a3f1058bdf9ebe9103c32628e8aedbba576a93102e6cb8e5fdb291de38fadfdf619b75b75acf95b52e6011cf54a2e3ffba97de4074e3227a1a53847f173ea35c1e5d5a7fc50d6481391c7d38a02320515a15f605b2b69d41200936606f33502f82b82fae141995486442832691fb43a70f786856c2c7309b537258fb077a6179981bd1a333de9222489455f58eb6dc0f94b722a317bdc3cd313a61528a51f024cd78d0669d191d7d03108068e0e0c75833590313b9d2539440a979ab1fcd464250fdbf0b1747e6f4777e01646cfa711f7ca8d8c4d3f40c4c58db209e18851ee9afcde60a0183c541dcfd8d0b5c4556615b85c2d19a228df80dd67cad58830f2664da3478fa14e6fab7336cbac1620818db971a889c22f7c1a60bb0290526aeb78bbcff7a589cc74541009297c73066bc554ca2012e1433fb079d38ac9410dfe72739f38995b62d6e1baf51fd929df431188fb4f88bf6401c1466b36c0dc1a51cdb6091e39a686787c2df7e9af1c43f43869db0d012abc18d5dd7d931050ae2f2df4240fd081430f10d745f88e384abc7fa69a9f7b40b527c315c917d9e37ecf136fa7e1d617ecdccfc14ead2903eb26093f212d7415b5dd5bc22be690960ae8ee0dc74c4d81e7439a9379297d3a888efb0b5186e59a241d6b0387f0c8864b6b9cda3eb5a59d9cfd7b967ad9095ca0d16a013834f8e7fca1c4c49c5e6aac1a5b9c85c1aaf970b526a826a4fcba77b78c44dd7268096b7cc72ec667fe9f9780bc6d8320170003dda45f7e04eb146792f376e131a1e54111ce09e4c18ad4b6405862b4f77813893a32cfdd4dc6e0b16204b992d2cc41821666e09f48211e18960a8221e1b94974a9743ef4a9f9c0ae98bfc776e70b040435e553a54bda795c1a3a0df0c450b9fb860effd6f973dd3f8fa9d9abd82c5e03a9e4b5491e376b786d0ba1544d96f05288c9b88be8541a0be8937072d0020c40ecfedc622754a05f05e3528c3a036e0d693b2284f5940645d07ae075923479c18b9c7abf232aa124522210b92584c3cebc49a6b062e0db354745b60e04703082da701022aba37f285feda9f708a2068abfccd2ccca2b6d77229d912cb7fc481eaafa303fc056f98edbdd9b1fcd23dd88dac33f0edcaece46a97886fb0f6d5640c7a3321288e57365562df05442d2b922952e9de2b4774f2a1c5611bfe1101b3c69bb0f36a8234f10a3c8515cd9616d90f1c1da166bf5373f9a23c4f4ca6b7b78f0c3d4f9f6394c2b99107b976e8d95d1798af65dcec84e7fc8df8ed810d732fc3a3688d360c3b4eb3d011d78e47287c0da8a9faa69f8614bbb7f949ca4d65554534a1024c2a931345db649799109a893b9692cd44cd671e4533e4c2d993b2e2b253e19a01705e4b474fd6e048463b5bcd09b73c0b8b162ebe0d1c8aa58a1c579f6805e70c73cc45a045ab55df0db881d5ea9315fd0d5a66a4e682dca247cb7bc681a8ffeb35ac1776010ab5879057e3062458eaa693e90811dd7e8eda5b2be01a545c7c7fea4341ab14552c5b1b50bf33d4239acec92411437c02f28893bb9b6c459f33a401f246986b8dbd26adb81d06211e1b433629a069ce7a5c3c5e3cdea58208741150a8db8fb08a7e40bca6e581d5042d9e50aa1df1e10f2ac3854", 0x1, r6, 0x4}, 0x38) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) (async) 18:44:23 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x4) bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc) 18:44:23 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400), 0x0, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:23 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) [ 847.398927][T31239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 847.410164][T31239] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 847.417570][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 847.426140][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 18:44:23 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0x9, 0x3, 0x220, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x188, 0xffffffff, 0xffffffff, 0x188, 0xffffffff, 0x3, &(0x7f0000000280), {[{{@ip={@private=0xa010100, @rand_addr=0x64010102, 0xffffffff, 0xff, 'rose0\x00', 'syz_tun\x00', {0xff}, {0xff}, 0x8, 0x3, 0x9}, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x81, 0x8, "13671480d3306bb931842b27bfd2d0d57275664dfe57361b7f64b7d26758"}}}, {{@ip={@local, @dev={0xac, 0x14, 0x14, 0x3d}, 0xff, 0xffffff00, 'vlan1\x00', 'ip_vti0\x00', {}, {0xff}, 0x0, 0x0, 0x4}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x4, 0x9, 0x4, 0x2, 'snmp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) syz_clone(0x21002180, 0x0, 0xfffffffffffffeaf, 0x0, 0x0, 0x0) fcntl$notify(r3, 0x402, 0x80000029) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) utimes(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000240)={{r4, r5/1000+60000}, {0x77359400}}) write$cgroup_int(r3, &(0x7f0000000080), 0x12) [ 847.473038][T31291] loop5: detected capacity change from 0 to 1024 [ 847.482598][T31309] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 847.490034][ T24] audit: type=1400 audit(1651085063.685:361): avc: denied { bind } for pid=31280 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 847.511360][T31291] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (60729!=0) 18:44:23 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x600, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:23 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$setown(r0, 0x8, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x0, 0x6000) dup3(r1, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x20102, 0x18) r3 = openat$cgroup(r2, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) open(&(0x7f0000000240)='./file0\x00', 0x8000, 0x12) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r4, &(0x7f0000000080), 0x12) 18:44:23 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x2}, 0x48) 18:44:23 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400), 0x0, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:23 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x6) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) mount(&(0x7f00000000c0)=ANY=[@ANYBLOB="2e02582c99ad44f48415f773adae17de2f66696c653000"], &(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x80, &(0x7f0000000100)='cgroup2\x00') listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mkdir(&(0x7f0000000180)='./file0\x00', 0x6) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async) mount(&(0x7f00000000c0)=ANY=[@ANYBLOB="2e02582c99ad44f48415f773adae17de2f66696c653000"], &(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x80, &(0x7f0000000100)='cgroup2\x00') (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) (async) [ 847.520633][T31291] EXT4-fs (loop5): group descriptors corrupted! 18:44:23 executing program 2: syz_mount_image$ext4(0x0, &(0x7f0000000100)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000004c0)='mnt/encrypted_dir\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='mnt/encrypted_dir\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000540)=@v1={0x0, @aes128, 0x0, @desc1}) newfstatat(0xffffffffffffff9c, &(0x7f0000000040)='mnt/encrypted_dir\x00', &(0x7f0000000080), 0x0) [ 847.573626][T31239] syz-executor.0 invoked oom-killer: gfp_mask=0xdc0(GFP_KERNEL|__GFP_ZERO), order=0, oom_score_adj=0 [ 847.574928][T31323] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 847.584541][T31239] CPU: 0 PID: 31239 Comm: syz-executor.0 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 847.602436][T31239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 847.612484][T31239] Call Trace: [ 847.615752][T31239] [ 847.617203][T31325] loop5: detected capacity change from 0 to 1024 [ 847.618674][T31239] dump_stack_lvl+0xd6/0x122 [ 847.629592][T31239] dump_stack+0x11/0x12 [ 847.633747][T31239] dump_header+0x98/0x410 [ 847.638123][T31239] oom_kill_process+0xfe/0x550 [ 847.642884][T31239] out_of_memory+0x620/0x880 [ 847.647465][T31239] mem_cgroup_oom+0x475/0x4f0 [ 847.652212][T31239] try_charge_memcg+0x746/0x960 [ 847.657049][T31239] ? __d_lookup_rcu+0x405/0x440 [ 847.661888][T31239] obj_cgroup_charge+0x171/0x2b0 [ 847.666818][T31239] kmem_cache_alloc+0x92/0x300 [ 847.671580][T31239] ? __alloc_file+0x2e/0x150 [ 847.676154][T31239] __alloc_file+0x2e/0x150 [ 847.680558][T31239] alloc_empty_file+0xcd/0x1c0 [ 847.685369][T31239] path_openat+0x65/0x1b30 [ 847.689768][T31239] ? lockref_get_not_dead+0xeb/0x190 [ 847.695046][T31239] ? __rcu_read_unlock+0x4a/0x70 [ 847.700096][T31239] ? try_to_unlazy+0x3c9/0x540 [ 847.704915][T31239] ? __rcu_read_unlock+0x4a/0x70 [ 847.709886][T31239] ? avc_has_perm_noaudit+0x1c0/0x270 [ 847.715281][T31239] do_filp_open+0x105/0x220 [ 847.719874][T31239] do_sys_openat2+0xb5/0x2a0 [ 847.724549][T31239] __x64_sys_openat+0xef/0x110 [ 847.729370][T31239] do_syscall_64+0x2b/0x70 [ 847.733946][T31239] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 847.739832][T31239] RIP: 0033:0x7fa4aff09c28 [ 847.744231][T31239] Code: 24 18 31 c0 41 83 e2 40 75 40 89 f0 25 00 00 41 00 3d 00 00 41 00 74 32 44 89 c2 4c 89 ce bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 40 48 8b 4c 24 18 64 48 2b 0c 25 28 00 00 00 [ 847.763826][T31239] RSP: 002b:00007fff1ca14dc0 EFLAGS: 00000287 ORIG_RAX: 0000000000000101 [ 847.772318][T31239] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa4aff09c28 [ 847.780276][T31239] RDX: 0000000000090800 RSI: 00007fff1ca15ff0 RDI: 00000000ffffff9c [ 847.788236][T31239] RBP: 00007fff1ca15ff0 R08: 0000000000090800 R09: 00007fff1ca15ff0 [ 847.796193][T31239] R10: 0000000000000000 R11: 0000000000000287 R12: 00007fa4aff631f8 [ 847.804149][T31239] R13: 00007fff1ca15ff0 R14: 0000555556a716f0 R15: 00007fff1ca170f0 [ 847.812106][T31239] [ 847.815402][T31239] memory: usage 160kB, limit 0kB, failcnt 7223 18:44:24 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x700, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:24 executing program 2: syz_io_uring_setup(0x4aaf, &(0x7f0000000240)={0x0, 0x84c6}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, 0x0, 0x0) syz_io_uring_setup(0x2685, &(0x7f0000000480), &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000500), &(0x7f0000000540)) [ 847.821587][T31239] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 847.828446][T31239] Memory cgroup stats for /syz0: [ 847.835008][T31325] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (60729!=0) [ 847.840800][T31330] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 847.849183][T31325] EXT4-fs (loop5): group descriptors corrupted! [ 847.855565][T31239] anon 45056 [ 847.855565][T31239] file 53248 [ 847.855565][T31239] kernel 40960 [ 847.855565][T31239] kernel_stack 0 18:44:24 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x900, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 847.855565][T31239] pagetables 8192 [ 847.855565][T31239] percpu 0 [ 847.855565][T31239] sock 0 [ 847.855565][T31239] vmalloc 0 [ 847.855565][T31239] shmem 53248 [ 847.855565][T31239] file_mapped 53248 [ 847.855565][T31239] file_dirty 0 [ 847.855565][T31239] file_writeback 0 [ 847.855565][T31239] swapcached 0 [ 847.855565][T31239] inactive_anon 45056 [ 847.855565][T31239] active_anon 53248 [ 847.855565][T31239] inactive_file 0 [ 847.855565][T31239] active_file 0 [ 847.855565][T31239] unevictable 0 [ 847.855565][T31239] slab_reclaimable 5608 18:44:24 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0xa00, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 847.855565][T31239] slab_unreclaimable 18720 [ 847.855565][T31239] slab 24328 [ 847.855565][T31239] workingset_refault_anon 0 [ 847.855565][T31239] workingset_refault_file 7 [ 847.855565][T31239] workingset_activate_anon 0 [ 847.855565][T31239] workingset_activate_file 0 [ 847.886178][T31334] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 847.950406][T31239] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=31239,uid=0 18:44:24 executing program 2: r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RNDGETENTCNT(r0, 0x80045200, &(0x7f0000000180)) [ 847.972585][T31239] Memory cgroup out of memory: Killed process 31239 (syz-executor.0) total-vm:42336kB, anon-rss:360kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:0 [ 848.006390][T31317] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 848.016062][T31339] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 848.016747][T31317] CPU: 0 PID: 31317 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 848.034657][T31317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 848.044702][T31317] Call Trace: [ 848.048010][T31317] [ 848.050919][T31317] dump_stack_lvl+0xd6/0x122 [ 848.055551][T31317] dump_stack+0x11/0x12 [ 848.059685][T31317] dump_header+0x98/0x410 [ 848.063993][T31317] out_of_memory+0x65e/0x880 [ 848.068565][T31317] memory_max_write+0x31b/0x420 [ 848.073448][T31317] ? memory_max_show+0x70/0x70 [ 848.078217][T31317] cgroup_file_write+0x167/0x300 [ 848.083218][T31317] ? __check_object_size+0x235/0x380 [ 848.088484][T31317] ? cgroup_seqfile_stop+0x70/0x70 [ 848.093596][T31317] kernfs_fop_write_iter+0x1d3/0x2c0 [ 848.098872][T31317] vfs_write+0x71c/0x890 [ 848.103097][T31317] ksys_write+0xe8/0x1a0 [ 848.107377][T31317] __x64_sys_write+0x3e/0x50 [ 848.111946][T31317] do_syscall_64+0x2b/0x70 [ 848.116339][T31317] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 848.122300][T31317] RIP: 0033:0x7ff0acc260e9 [ 848.126691][T31317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 848.146283][T31317] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 848.154729][T31317] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 848.162794][T31317] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 848.170744][T31317] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 848.178697][T31317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 848.186719][T31317] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 848.194731][T31317] [ 848.197760][T31317] memory: usage 80kB, limit 0kB, failcnt 7240 [ 848.203860][T31317] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 848.210707][T31317] Memory cgroup stats for /syz0: [ 848.212137][T31317] anon 0 [ 848.212137][T31317] file 53248 [ 848.212137][T31317] kernel 28672 [ 848.212137][T31317] kernel_stack 0 [ 848.212137][T31317] pagetables 0 [ 848.212137][T31317] percpu 0 [ 848.212137][T31317] sock 0 [ 848.212137][T31317] vmalloc 0 [ 848.212137][T31317] shmem 53248 [ 848.212137][T31317] file_mapped 53248 [ 848.212137][T31317] file_dirty 0 [ 848.212137][T31317] file_writeback 0 [ 848.212137][T31317] swapcached 0 [ 848.212137][T31317] inactive_anon 0 [ 848.212137][T31317] active_anon 53248 [ 848.212137][T31317] inactive_file 0 [ 848.212137][T31317] active_file 0 [ 848.212137][T31317] unevictable 0 [ 848.212137][T31317] slab_reclaimable 5608 [ 848.212137][T31317] slab_unreclaimable 18720 [ 848.212137][T31317] slab 24328 [ 848.212137][T31317] workingset_refault_anon 0 [ 848.212137][T31317] workingset_refault_file 7 [ 848.212137][T31317] workingset_activate_anon 0 [ 848.212137][T31317] workingset_activate_file 0 [ 848.304336][T31317] Out of memory and no killable processes... [ 848.310415][T31319] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 18:44:24 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0x9, 0x3, 0x220, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x188, 0xffffffff, 0xffffffff, 0x188, 0xffffffff, 0x3, &(0x7f0000000280), {[{{@ip={@private=0xa010100, @rand_addr=0x64010102, 0xffffffff, 0xff, 'rose0\x00', 'syz_tun\x00', {0xff}, {0xff}, 0x8, 0x3, 0x9}, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x81, 0x8, "13671480d3306bb931842b27bfd2d0d57275664dfe57361b7f64b7d26758"}}}, {{@ip={@local, @dev={0xac, 0x14, 0x14, 0x3d}, 0xff, 0xffffff00, 'vlan1\x00', 'ip_vti0\x00', {}, {0xff}, 0x0, 0x0, 0x4}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x4, 0x9, 0x4, 0x2, 'snmp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) (async, rerun: 64) syz_clone(0x21002180, 0x0, 0xfffffffffffffeaf, 0x0, 0x0, 0x0) (async, rerun: 64) fcntl$notify(r3, 0x402, 0x80000029) (async, rerun: 64) prlimit64(0x0, 0x0, 0x0, 0x0) (async, rerun: 64) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async, rerun: 64) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) (rerun: 64) utimes(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000240)={{r4, r5/1000+60000}, {0x77359400}}) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:44:24 executing program 2: syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open$cgroup(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$P9_RLERROR(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='\x001'], 0x10) [ 848.320408][T31319] CPU: 0 PID: 31319 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 848.331474][T31319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 848.341569][T31319] Call Trace: [ 848.344845][T31319] [ 848.347773][T31319] dump_stack_lvl+0xd6/0x122 [ 848.352388][T31319] dump_stack+0x11/0x12 [ 848.356539][T31319] dump_header+0x98/0x410 [ 848.360848][T31319] out_of_memory+0x65e/0x880 [ 848.365530][T31319] memory_max_write+0x31b/0x420 [ 848.370364][T31319] ? memory_max_show+0x70/0x70 [ 848.375122][T31319] cgroup_file_write+0x167/0x300 [ 848.380183][T31319] ? __check_object_size+0x235/0x380 [ 848.385513][T31319] ? cgroup_seqfile_stop+0x70/0x70 [ 848.390649][T31319] kernfs_fop_write_iter+0x1d3/0x2c0 [ 848.395996][T31319] vfs_write+0x71c/0x890 [ 848.400231][T31319] ksys_write+0xe8/0x1a0 [ 848.404503][T31319] __x64_sys_write+0x3e/0x50 [ 848.409250][T31319] do_syscall_64+0x2b/0x70 [ 848.413791][T31319] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 848.419687][T31319] RIP: 0033:0x7f682d3270e9 [ 848.424277][T31319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 848.443942][T31319] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 848.452406][T31319] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 848.460496][T31319] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 848.468447][T31319] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 848.476440][T31319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 848.484388][T31319] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 848.492342][T31319] [ 848.495451][T31319] memory: usage 80kB, limit 0kB, failcnt 7240 [ 848.501531][T31319] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 848.508446][T31319] Memory cgroup stats for /syz0: [ 848.510418][T31319] anon 0 [ 848.510418][T31319] file 53248 [ 848.510418][T31319] kernel 28672 [ 848.510418][T31319] kernel_stack 0 [ 848.510418][T31319] pagetables 0 [ 848.510418][T31319] percpu 0 [ 848.510418][T31319] sock 0 [ 848.510418][T31319] vmalloc 0 [ 848.510418][T31319] shmem 53248 [ 848.510418][T31319] file_mapped 53248 [ 848.510418][T31319] file_dirty 0 [ 848.510418][T31319] file_writeback 0 [ 848.510418][T31319] swapcached 0 [ 848.510418][T31319] inactive_anon 0 [ 848.510418][T31319] active_anon 53248 [ 848.510418][T31319] inactive_file 0 [ 848.510418][T31319] active_file 0 [ 848.510418][T31319] unevictable 0 [ 848.510418][T31319] slab_reclaimable 5608 18:44:24 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$setown(r0, 0x8, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x0, 0x6000) dup3(r1, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x20102, 0x18) r3 = openat$cgroup(r2, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) open(&(0x7f0000000240)='./file0\x00', 0x8000, 0x12) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r4, &(0x7f0000000080), 0x12) 18:44:24 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0xb00, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:24 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f00", 0x10, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) [ 848.510418][T31319] slab_unreclaimable 18480 [ 848.510418][T31319] slab 24088 [ 848.510418][T31319] workingset_refault_anon 0 [ 848.510418][T31319] workingset_refault_file 7 [ 848.510418][T31319] workingset_activate_anon 0 [ 848.510418][T31319] workingset_activate_file 0 [ 848.602853][T31319] Out of memory and no killable processes... 18:44:24 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mkdir(&(0x7f0000000180)='./file0\x00', 0x6) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async) mount(&(0x7f00000000c0)=ANY=[@ANYBLOB="2e02582c99ad44f48415f773adae17de2f66696c653000"], &(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x80, &(0x7f0000000100)='cgroup2\x00') listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 18:44:24 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0x9, 0x3, 0x220, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x188, 0xffffffff, 0xffffffff, 0x188, 0xffffffff, 0x3, &(0x7f0000000280), {[{{@ip={@private=0xa010100, @rand_addr=0x64010102, 0xffffffff, 0xff, 'rose0\x00', 'syz_tun\x00', {0xff}, {0xff}, 0x8, 0x3, 0x9}, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x81, 0x8, "13671480d3306bb931842b27bfd2d0d57275664dfe57361b7f64b7d26758"}}}, {{@ip={@local, @dev={0xac, 0x14, 0x14, 0x3d}, 0xff, 0xffffff00, 'vlan1\x00', 'ip_vti0\x00', {}, {0xff}, 0x0, 0x0, 0x4}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x4, 0x9, 0x4, 0x2, 'snmp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) syz_clone(0x21002180, 0x0, 0xfffffffffffffeaf, 0x0, 0x0, 0x0) fcntl$notify(r3, 0x402, 0x80000029) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) utimes(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000240)={{r4, r5/1000+60000}, {0x77359400}}) write$cgroup_int(r3, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0x9, 0x3, 0x220, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x188, 0xffffffff, 0xffffffff, 0x188, 0xffffffff, 0x3, &(0x7f0000000280), {[{{@ip={@private=0xa010100, @rand_addr=0x64010102, 0xffffffff, 0xff, 'rose0\x00', 'syz_tun\x00', {0xff}, {0xff}, 0x8, 0x3, 0x9}, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x81, 0x8, "13671480d3306bb931842b27bfd2d0d57275664dfe57361b7f64b7d26758"}}}, {{@ip={@local, @dev={0xac, 0x14, 0x14, 0x3d}, 0xff, 0xffffff00, 'vlan1\x00', 'ip_vti0\x00', {}, {0xff}, 0x0, 0x0, 0x4}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x4, 0x9, 0x4, 0x2, 'snmp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) (async) syz_clone(0x21002180, 0x0, 0xfffffffffffffeaf, 0x0, 0x0, 0x0) (async) fcntl$notify(r3, 0x402, 0x80000029) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) clock_gettime(0x0, &(0x7f0000000100)) (async) utimes(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000240)={{r4, r5/1000+60000}, {0x77359400}}) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) (async) 18:44:24 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0xc00, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:24 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$setown(r0, 0x8, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x0, 0x6000) dup3(r1, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x20102, 0x18) r3 = openat$cgroup(r2, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) open(&(0x7f0000000240)='./file0\x00', 0x8000, 0x12) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r4, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) fcntl$setown(r0, 0x8, 0x0) (async) syz_open_dev$usbfs(&(0x7f0000000100), 0x0, 0x6000) (async) dup3(r1, 0xffffffffffffffff, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) open(&(0x7f00000000c0)='./file0\x00', 0x20102, 0x18) (async) openat$cgroup(r2, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r3, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) open(&(0x7f0000000240)='./file0\x00', 0x8000, 0x12) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r4, &(0x7f0000000080), 0x12) (async) [ 848.626793][T31356] loop5: detected capacity change from 0 to 1024 [ 848.633784][T31357] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 848.643116][T31356] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (5596!=0) [ 848.652385][T31356] EXT4-fs (loop5): group descriptors corrupted! 18:44:24 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x82002, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 18:44:24 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f00", 0x10, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) [ 848.706887][T31370] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 848.737020][T31368] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 848.747297][T31368] CPU: 1 PID: 31368 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 848.758343][T31368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 848.768395][T31368] Call Trace: [ 848.771678][T31368] [ 848.774832][T31368] dump_stack_lvl+0xd6/0x122 [ 848.779525][T31368] dump_stack+0x11/0x12 [ 848.783698][T31368] dump_header+0x98/0x410 [ 848.788032][T31368] out_of_memory+0x65e/0x880 [ 848.792721][T31368] memory_max_write+0x31b/0x420 [ 848.797579][T31368] ? memory_max_show+0x70/0x70 [ 848.802352][T31368] cgroup_file_write+0x167/0x300 18:44:25 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0xd00, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 848.807382][T31368] ? __check_object_size+0x235/0x380 [ 848.812733][T31368] ? cgroup_seqfile_stop+0x70/0x70 [ 848.818038][T31368] kernfs_fop_write_iter+0x1d3/0x2c0 [ 848.823388][T31368] vfs_write+0x71c/0x890 [ 848.827637][T31368] ksys_write+0xe8/0x1a0 [ 848.831949][T31368] __x64_sys_write+0x3e/0x50 [ 848.836545][T31368] do_syscall_64+0x2b/0x70 [ 848.840982][T31368] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 848.846982][T31368] RIP: 0033:0x7ff0acc260e9 [ 848.851476][T31368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 848.871128][T31368] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 848.879596][T31368] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 848.887560][T31368] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 848.895551][T31368] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 848.903517][T31368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 848.911496][T31368] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 848.919478][T31368] [ 848.922536][T31368] memory: usage 76kB, limit 0kB, failcnt 7240 [ 848.928613][T31368] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 848.935451][T31368] Memory cgroup stats for /syz0: [ 848.942839][T31368] anon 0 [ 848.942839][T31368] file 53248 [ 848.942839][T31368] kernel 20480 [ 848.942839][T31368] kernel_stack 0 [ 848.942839][T31368] pagetables 0 [ 848.942839][T31368] percpu 0 [ 848.942839][T31368] sock 0 [ 848.942839][T31368] vmalloc 0 [ 848.942839][T31368] shmem 53248 [ 848.942839][T31368] file_mapped 53248 [ 848.942839][T31368] file_dirty 0 [ 848.942839][T31368] file_writeback 0 [ 848.942839][T31368] swapcached 0 [ 848.942839][T31368] inactive_anon 0 [ 848.942839][T31368] active_anon 53248 [ 848.942839][T31368] inactive_file 0 [ 848.942839][T31368] active_file 0 [ 848.942839][T31368] unevictable 0 [ 848.942839][T31368] slab_reclaimable 3056 [ 848.942839][T31368] slab_unreclaimable 14936 [ 848.942839][T31368] slab 17992 [ 848.942839][T31368] workingset_refault_anon 0 [ 848.942839][T31368] workingset_refault_file 7 [ 848.942839][T31368] workingset_activate_anon 0 [ 848.942839][T31368] workingset_activate_file 0 [ 848.942994][T31409] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 848.947894][T31368] Out of memory and no killable processes... [ 849.039439][T31393] loop5: detected capacity change from 0 to 1024 18:44:25 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r0, 0xc018937a, &(0x7f0000000280)=ANY=[@ANYBLOB="6ee5508a1dcaec96", @ANYRES32=r1, @ANYBLOB="ff030000000000002e2f66696c653100"]) bind$unix(r2, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) r3 = openat$cgroup(r1, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100), 0x24000, 0x0) openat$cgroup_ro(r5, &(0x7f00000002c0)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg(r0, &(0x7f0000000840)={&(0x7f0000000300)=@x25={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x3}}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000380)="ce8ea3fcbeaf60112bb689776d138f60450aa142b096a5409dbd6237f642b36dd8e9b037e277fba8bbbe666c34dfd615c54432befe958e94ad35baf7d509092fabdcb4824c2e931295d9172725f756b26f5f984ee35c71593ebbe09bae0e4ecc25ad25a5a411ed755e2d0824fe027c8248b46b5c55497834fc4f5e006da7b73d37ee6f38a83abec878a74253a05454c0bc5450173dc3db09f374", 0x9a}, {&(0x7f0000000440)="eeff840418521e9c0e07e743e6a06bbcc2b4c2fe3e364f29848c05777040934acc01cc1cf6ef8dc1070cd6285281be8b1c26fe338a64491d7f7bff9892b64aded0780a6b0bb2af56cbfc1428fcd59c50c423f10073b7379466d9d60cf15048bf0aca906874f49de608e2edbfbe1d63b174ea1aac4ce2d9b0f9d475243eacceebcb6138a876ed08a1511c8ad395e08c07ecc3d9831832a484252506ef80a0ae182254a39a25414e331ad19bed61a6efa323aafe96796f3ea344b932972792b7b91737dcf0fc535f58af39760b12c6437d523cdfdb9716a620ee5ce39f0608e3a05e6ad0d97e96a342b997dd194cba19a1", 0xf0}, {&(0x7f0000000540)="75027e35b12cd1e486de55d99aa76b3a548b084a4308562dacfea0100ad42606f7ecbbbdc64aa5364c32caf1a1ec45b7794fa0418525d4efd036c9b08b58db66009be866f1974572f95789505a70061073c9f7c41345bebdbb917b0762bd11cb79bcbe6896b6cccdaa06009c486bde", 0x6f}], 0x3, &(0x7f0000000600)=[{0x98, 0xff, 0x510b, "2c278f5b254f784dcc00ba625e1c22245a94fd324b9bbbcceafa068c50614628c6622f90498b924dd85eee4f715777e1a46faed0eb1c78f8d4df76b6537c5a4301292ed0231262e0f31d87fc788fbe798d3a752eed0356e4e9209e00cb49777de6913e03f6fef0d7336e4abc8531bf14c98ccef91d1b9718a105723dc2777330140b3c9539d04d"}, {0x10, 0x110, 0x3}, {0x18, 0x10b, 0x8, "7ad0f05adb"}, {0xa0, 0x107, 0x3, "994e1e59a14bb41d925fceb4c004645457c8f41d6e8d6ce5acf68afd5ad03f2f3637574395135570d391a1af60bd193cab29a4af30c265c4e03487ef4fb231da256bf5624216e4cbdb5b769e9e10b44b72bc5ffd2edc9494316ea2ff5c7cd54c93a6cb3b65957d1cb450633125a09f4dbf467f841a55afbede1bb1c79b535ea045e45cc86cb2337811865b459f"}, {0xb8, 0x115, 0x7fffffff, "4337c4f385e9252735c11d0dc2b7f6c615d905ff229e1180397162a96ac56f132627c2797b2395ef8acb2c821ff4d39adf541289c36c14fa52a8490b432dfc30531f4322869941b38b5f161a0e55555a70af0a6c3ba7b8c3e7b4cea936acbb6928101d77d58e5055bf9108cd4ad7ed4c329bdf2a6da7aed017a15b397de3cac3b34e2b975f0b6c38f8265fee480c0288eeaf22da741df948d7a7dfb30b15d4a585bd7393e69b6f"}], 0x218}, 0x8000) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r4, &(0x7f0000000080), 0x12) [ 849.058993][T31393] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (5596!=0) [ 849.068173][T31393] EXT4-fs (loop5): group descriptors corrupted! [ 849.122916][T31412] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 849.132876][T31412] CPU: 1 PID: 31412 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 849.143986][T31412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 849.154094][T31412] Call Trace: [ 849.157359][T31412] [ 849.160288][T31412] dump_stack_lvl+0xd6/0x122 [ 849.164935][T31412] dump_stack+0x11/0x12 [ 849.169084][T31412] dump_header+0x98/0x410 [ 849.173406][T31412] out_of_memory+0x65e/0x880 [ 849.177984][T31412] memory_max_write+0x31b/0x420 [ 849.182982][T31412] ? memory_max_show+0x70/0x70 [ 849.187739][T31412] cgroup_file_write+0x167/0x300 [ 849.192667][T31412] ? __check_object_size+0x235/0x380 [ 849.197939][T31412] ? cgroup_seqfile_stop+0x70/0x70 [ 849.203100][T31412] kernfs_fop_write_iter+0x1d3/0x2c0 [ 849.208500][T31412] vfs_write+0x71c/0x890 [ 849.212755][T31412] ksys_write+0xe8/0x1a0 [ 849.216987][T31412] __x64_sys_write+0x3e/0x50 [ 849.221568][T31412] do_syscall_64+0x2b/0x70 [ 849.226007][T31412] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 849.231978][T31412] RIP: 0033:0x7f682d3270e9 [ 849.236376][T31412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 849.255991][T31412] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 849.264388][T31412] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 849.272463][T31412] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 849.280466][T31412] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 849.288433][T31412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 849.296421][T31412] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 849.304471][T31412] [ 849.307507][T31412] memory: usage 72kB, limit 0kB, failcnt 7240 [ 849.313588][T31412] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 18:44:25 executing program 2: syz_clone(0x0, 0x0, 0xffffffffffffffc0, 0x0, 0x0, 0x0) perf_event_open$cgroup(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$P9_RLERROR(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="ff0fdc"], 0xc) 18:44:25 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0xe00, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:25 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) lsetxattr$security_capability(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), &(0x7f0000000240)=@v1={0x1000000, [{0x1, 0xffffffff}]}, 0xc, 0x1) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) ioctl$AUTOFS_DEV_IOCTL_VERSION(r3, 0xc0189371, &(0x7f0000000300)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) openat(r4, &(0x7f0000000340)='./file0\x00', 0x2000, 0x80) perf_event_open$cgroup(&(0x7f0000000280)={0x1, 0x80, 0x7f, 0x4, 0xe4, 0x6, 0x0, 0xc3d, 0x2008, 0x8, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9, 0x4, @perf_config_ext={0x1ff, 0x2}, 0x20, 0x3, 0x7fffffff, 0x9, 0xffffffff, 0x80000000, 0xd4b, 0x0, 0x2, 0x0, 0x9}, r1, 0xe, r3, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r5, &(0x7f0000000080), 0x12) 18:44:25 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0xe62, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 849.320439][T31412] Memory cgroup stats for /syz0: [ 849.437078][T31417] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 18:44:25 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0xf00, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 849.497522][T31424] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 849.530054][T31412] anon 0 [ 849.530054][T31412] file 53248 [ 849.530054][T31412] kernel 20480 [ 849.530054][T31412] kernel_stack 0 [ 849.530054][T31412] pagetables 0 18:44:25 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async, rerun: 64) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async, rerun: 64) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) lsetxattr$security_capability(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), &(0x7f0000000240)=@v1={0x1000000, [{0x1, 0xffffffff}]}, 0xc, 0x1) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) ioctl$AUTOFS_DEV_IOCTL_VERSION(r3, 0xc0189371, &(0x7f0000000300)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) openat(r4, &(0x7f0000000340)='./file0\x00', 0x2000, 0x80) (async) perf_event_open$cgroup(&(0x7f0000000280)={0x1, 0x80, 0x7f, 0x4, 0xe4, 0x6, 0x0, 0xc3d, 0x2008, 0x8, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9, 0x4, @perf_config_ext={0x1ff, 0x2}, 0x20, 0x3, 0x7fffffff, 0x9, 0xffffffff, 0x80000000, 0xd4b, 0x0, 0x2, 0x0, 0x9}, r1, 0xe, r3, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r5, &(0x7f0000000080), 0x12) [ 849.530054][T31412] percpu 0 [ 849.530054][T31412] sock 0 [ 849.530054][T31412] vmalloc 0 [ 849.530054][T31412] shmem 53248 [ 849.530054][T31412] file_mapped 53248 [ 849.530054][T31412] file_dirty 0 [ 849.530054][T31412] file_writeback 0 [ 849.530054][T31412] swapcached 0 [ 849.530054][T31412] inactive_anon 0 [ 849.530054][T31412] active_anon 53248 [ 849.530054][T31412] inactive_file 0 [ 849.530054][T31412] active_file 0 [ 849.530054][T31412] unevictable 0 [ 849.530054][T31412] slab_reclaimable 3056 [ 849.530054][T31412] slab_unreclaimable 14936 18:44:25 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) lsetxattr$security_capability(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), &(0x7f0000000240)=@v1={0x1000000, [{0x1, 0xffffffff}]}, 0xc, 0x1) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) ioctl$AUTOFS_DEV_IOCTL_VERSION(r3, 0xc0189371, &(0x7f0000000300)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) openat(r4, &(0x7f0000000340)='./file0\x00', 0x2000, 0x80) (async) perf_event_open$cgroup(&(0x7f0000000280)={0x1, 0x80, 0x7f, 0x4, 0xe4, 0x6, 0x0, 0xc3d, 0x2008, 0x8, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9, 0x4, @perf_config_ext={0x1ff, 0x2}, 0x20, 0x3, 0x7fffffff, 0x9, 0xffffffff, 0x80000000, 0xd4b, 0x0, 0x2, 0x0, 0x9}, r1, 0xe, r3, 0x0) (async) r5 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r5, &(0x7f0000000080), 0x12) 18:44:25 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x1100, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 849.530054][T31412] slab 17992 [ 849.530054][T31412] workingset_refault_anon 0 [ 849.530054][T31412] workingset_refault_file 7 [ 849.530054][T31412] workingset_activate_anon 0 [ 849.530054][T31412] workingset_activate_file 0 [ 849.571948][T31432] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 849.617586][T31412] Out of memory and no killable processes... [ 849.651759][T31440] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 849.729843][ T34] device hsr_slave_0 left promiscuous mode [ 849.735903][ T34] device hsr_slave_1 left promiscuous mode [ 849.742249][ T34] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 849.749673][ T34] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 849.758502][ T34] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 849.765978][ T34] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 849.773737][ T34] device bridge_slave_1 left promiscuous mode [ 849.779972][ T34] bridge0: port 2(bridge_slave_1) entered disabled state [ 849.787510][ T34] device bridge_slave_0 left promiscuous mode [ 849.793725][ T34] bridge0: port 1(bridge_slave_0) entered disabled state [ 849.803583][ T34] device veth1_macvtap left promiscuous mode [ 849.809603][ T34] device veth0_macvtap left promiscuous mode [ 849.815637][ T34] device veth1_vlan left promiscuous mode [ 849.821378][ T34] device veth0_vlan left promiscuous mode [ 849.902119][ T34] team0 (unregistering): Port device team_slave_1 removed [ 849.911508][ T34] team0 (unregistering): Port device team_slave_0 removed [ 849.920935][ T34] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 849.933267][ T34] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 849.961293][ T34] bond0 (unregistering): Released all slaves [ 850.703830][T31442] chnl_net:caif_netlink_parms(): no params data found [ 850.732362][T31442] bridge0: port 1(bridge_slave_0) entered blocking state [ 850.739405][T31442] bridge0: port 1(bridge_slave_0) entered disabled state [ 850.746866][T31442] device bridge_slave_0 entered promiscuous mode [ 850.754139][T31442] bridge0: port 2(bridge_slave_1) entered blocking state [ 850.761249][T31442] bridge0: port 2(bridge_slave_1) entered disabled state [ 850.768822][T31442] device bridge_slave_1 entered promiscuous mode [ 850.784779][T31442] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 850.794854][T31442] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 850.811995][T31442] team0: Port device team_slave_0 added [ 850.818423][T31442] team0: Port device team_slave_1 added [ 850.833050][T31442] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 850.840031][T31442] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 850.865911][T31442] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 850.877780][T31442] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 850.884739][T31442] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 850.910924][T31442] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 850.931707][T31442] device hsr_slave_0 entered promiscuous mode [ 850.938451][T31442] device hsr_slave_1 entered promiscuous mode [ 850.944812][T31442] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 850.952530][T31442] Cannot create hsr debugfs directory [ 850.982898][T31442] bridge0: port 2(bridge_slave_1) entered blocking state [ 850.989972][T31442] bridge0: port 2(bridge_slave_1) entered forwarding state [ 850.997214][T31442] bridge0: port 1(bridge_slave_0) entered blocking state [ 851.004333][T31442] bridge0: port 1(bridge_slave_0) entered forwarding state [ 851.031160][T31442] 8021q: adding VLAN 0 to HW filter on device bond0 [ 851.042130][T31442] 8021q: adding VLAN 0 to HW filter on device team0 [ 851.050590][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 851.058877][ T1915] bridge0: port 1(bridge_slave_0) entered disabled state [ 851.066468][ T1915] bridge0: port 2(bridge_slave_1) entered disabled state [ 851.079382][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 851.087709][ T40] bridge0: port 1(bridge_slave_0) entered blocking state [ 851.094829][ T40] bridge0: port 1(bridge_slave_0) entered forwarding state [ 851.105067][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 851.113466][ T1916] bridge0: port 2(bridge_slave_1) entered blocking state [ 851.120524][ T1916] bridge0: port 2(bridge_slave_1) entered forwarding state [ 851.136883][T31442] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 851.147221][T31442] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 851.160773][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 851.169537][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 851.178124][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 851.187703][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 851.196579][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 851.205292][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 851.213780][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 851.222292][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 851.230870][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 851.239164][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 851.247396][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 851.255350][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 851.267728][T31442] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 851.274983][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 851.282393][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 851.346346][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 851.355187][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 851.390922][T31442] device veth0_vlan entered promiscuous mode [ 851.398810][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 851.406849][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 851.415910][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 851.423710][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 851.431893][T31442] device veth1_vlan entered promiscuous mode [ 851.444700][T31442] device veth0_macvtap entered promiscuous mode [ 851.452024][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 851.459978][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 851.467845][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 851.476266][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 851.484940][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 851.493603][T31442] device veth1_macvtap entered promiscuous mode [ 851.504588][T31442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 851.515011][T31442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 851.524955][T31442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 851.535365][T31442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 851.545165][T31442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 851.555573][T31442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 851.565405][T31442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 851.575908][T31442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 851.585921][T31442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 851.596332][T31442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 851.607844][T31442] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 851.618377][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 851.626504][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 851.635795][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 851.645407][T31442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 851.655847][T31442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 851.665677][T31442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 851.676161][T31442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 851.685971][T31442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 851.696526][T31442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 851.706442][T31442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 851.716863][T31442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 851.726684][T31442] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 18:44:28 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x82002, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 18:44:28 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x38}, 0x10) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:44:28 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f00", 0x10, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:28 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async, rerun: 32) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (rerun: 32) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r0, 0xc018937a, &(0x7f0000000280)=ANY=[@ANYBLOB="6ee5508a1dcaec96", @ANYRES32=r1, @ANYBLOB="ff030000000000002e2f66696c653100"]) bind$unix(r2, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) (async) r3 = openat$cgroup(r1, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async, rerun: 64) prlimit64(0x0, 0x0, 0x0, 0x0) (rerun: 64) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100), 0x24000, 0x0) openat$cgroup_ro(r5, &(0x7f00000002c0)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) sendmsg(r0, &(0x7f0000000840)={&(0x7f0000000300)=@x25={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x3}}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000380)="ce8ea3fcbeaf60112bb689776d138f60450aa142b096a5409dbd6237f642b36dd8e9b037e277fba8bbbe666c34dfd615c54432befe958e94ad35baf7d509092fabdcb4824c2e931295d9172725f756b26f5f984ee35c71593ebbe09bae0e4ecc25ad25a5a411ed755e2d0824fe027c8248b46b5c55497834fc4f5e006da7b73d37ee6f38a83abec878a74253a05454c0bc5450173dc3db09f374", 0x9a}, {&(0x7f0000000440)="eeff840418521e9c0e07e743e6a06bbcc2b4c2fe3e364f29848c05777040934acc01cc1cf6ef8dc1070cd6285281be8b1c26fe338a64491d7f7bff9892b64aded0780a6b0bb2af56cbfc1428fcd59c50c423f10073b7379466d9d60cf15048bf0aca906874f49de608e2edbfbe1d63b174ea1aac4ce2d9b0f9d475243eacceebcb6138a876ed08a1511c8ad395e08c07ecc3d9831832a484252506ef80a0ae182254a39a25414e331ad19bed61a6efa323aafe96796f3ea344b932972792b7b91737dcf0fc535f58af39760b12c6437d523cdfdb9716a620ee5ce39f0608e3a05e6ad0d97e96a342b997dd194cba19a1", 0xf0}, {&(0x7f0000000540)="75027e35b12cd1e486de55d99aa76b3a548b084a4308562dacfea0100ad42606f7ecbbbdc64aa5364c32caf1a1ec45b7794fa0418525d4efd036c9b08b58db66009be866f1974572f95789505a70061073c9f7c41345bebdbb917b0762bd11cb79bcbe6896b6cccdaa06009c486bde", 0x6f}], 0x3, &(0x7f0000000600)=[{0x98, 0xff, 0x510b, "2c278f5b254f784dcc00ba625e1c22245a94fd324b9bbbcceafa068c50614628c6622f90498b924dd85eee4f715777e1a46faed0eb1c78f8d4df76b6537c5a4301292ed0231262e0f31d87fc788fbe798d3a752eed0356e4e9209e00cb49777de6913e03f6fef0d7336e4abc8531bf14c98ccef91d1b9718a105723dc2777330140b3c9539d04d"}, {0x10, 0x110, 0x3}, {0x18, 0x10b, 0x8, "7ad0f05adb"}, {0xa0, 0x107, 0x3, "994e1e59a14bb41d925fceb4c004645457c8f41d6e8d6ce5acf68afd5ad03f2f3637574395135570d391a1af60bd193cab29a4af30c265c4e03487ef4fb231da256bf5624216e4cbdb5b769e9e10b44b72bc5ffd2edc9494316ea2ff5c7cd54c93a6cb3b65957d1cb450633125a09f4dbf467f841a55afbede1bb1c79b535ea045e45cc86cb2337811865b459f"}, {0xb8, 0x115, 0x7fffffff, "4337c4f385e9252735c11d0dc2b7f6c615d905ff229e1180397162a96ac56f132627c2797b2395ef8acb2c821ff4d39adf541289c36c14fa52a8490b432dfc30531f4322869941b38b5f161a0e55555a70af0a6c3ba7b8c3e7b4cea936acbb6928101d77d58e5055bf9108cd4ad7ed4c329bdf2a6da7aed017a15b397de3cac3b34e2b975f0b6c38f8265fee480c0288eeaf22da741df948d7a7dfb30b15d4a585bd7393e69b6f"}], 0x218}, 0x8000) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r4, &(0x7f0000000080), 0x12) 18:44:28 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x1200, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:28 executing program 2: syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open$cgroup(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) recvmsg$unix(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$P9_RLERROR(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="0048b9003cc757eea274e95a"], 0x10) [ 851.737144][T31442] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 851.749088][T31442] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 851.756780][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 851.765552][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 18:44:28 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async, rerun: 64) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (rerun: 64) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r0, 0xc018937a, &(0x7f0000000280)=ANY=[@ANYBLOB="6ee5508a1dcaec96", @ANYRES32=r1, @ANYBLOB="ff030000000000002e2f66696c653100"]) bind$unix(r2, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) (async) r3 = openat$cgroup(r1, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100), 0x24000, 0x0) openat$cgroup_ro(r5, &(0x7f00000002c0)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg(r0, &(0x7f0000000840)={&(0x7f0000000300)=@x25={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x3}}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000380)="ce8ea3fcbeaf60112bb689776d138f60450aa142b096a5409dbd6237f642b36dd8e9b037e277fba8bbbe666c34dfd615c54432befe958e94ad35baf7d509092fabdcb4824c2e931295d9172725f756b26f5f984ee35c71593ebbe09bae0e4ecc25ad25a5a411ed755e2d0824fe027c8248b46b5c55497834fc4f5e006da7b73d37ee6f38a83abec878a74253a05454c0bc5450173dc3db09f374", 0x9a}, {&(0x7f0000000440)="eeff840418521e9c0e07e743e6a06bbcc2b4c2fe3e364f29848c05777040934acc01cc1cf6ef8dc1070cd6285281be8b1c26fe338a64491d7f7bff9892b64aded0780a6b0bb2af56cbfc1428fcd59c50c423f10073b7379466d9d60cf15048bf0aca906874f49de608e2edbfbe1d63b174ea1aac4ce2d9b0f9d475243eacceebcb6138a876ed08a1511c8ad395e08c07ecc3d9831832a484252506ef80a0ae182254a39a25414e331ad19bed61a6efa323aafe96796f3ea344b932972792b7b91737dcf0fc535f58af39760b12c6437d523cdfdb9716a620ee5ce39f0608e3a05e6ad0d97e96a342b997dd194cba19a1", 0xf0}, {&(0x7f0000000540)="75027e35b12cd1e486de55d99aa76b3a548b084a4308562dacfea0100ad42606f7ecbbbdc64aa5364c32caf1a1ec45b7794fa0418525d4efd036c9b08b58db66009be866f1974572f95789505a70061073c9f7c41345bebdbb917b0762bd11cb79bcbe6896b6cccdaa06009c486bde", 0x6f}], 0x3, &(0x7f0000000600)=[{0x98, 0xff, 0x510b, "2c278f5b254f784dcc00ba625e1c22245a94fd324b9bbbcceafa068c50614628c6622f90498b924dd85eee4f715777e1a46faed0eb1c78f8d4df76b6537c5a4301292ed0231262e0f31d87fc788fbe798d3a752eed0356e4e9209e00cb49777de6913e03f6fef0d7336e4abc8531bf14c98ccef91d1b9718a105723dc2777330140b3c9539d04d"}, {0x10, 0x110, 0x3}, {0x18, 0x10b, 0x8, "7ad0f05adb"}, {0xa0, 0x107, 0x3, "994e1e59a14bb41d925fceb4c004645457c8f41d6e8d6ce5acf68afd5ad03f2f3637574395135570d391a1af60bd193cab29a4af30c265c4e03487ef4fb231da256bf5624216e4cbdb5b769e9e10b44b72bc5ffd2edc9494316ea2ff5c7cd54c93a6cb3b65957d1cb450633125a09f4dbf467f841a55afbede1bb1c79b535ea045e45cc86cb2337811865b459f"}, {0xb8, 0x115, 0x7fffffff, "4337c4f385e9252735c11d0dc2b7f6c615d905ff229e1180397162a96ac56f132627c2797b2395ef8acb2c821ff4d39adf541289c36c14fa52a8490b432dfc30531f4322869941b38b5f161a0e55555a70af0a6c3ba7b8c3e7b4cea936acbb6928101d77d58e5055bf9108cd4ad7ed4c329bdf2a6da7aed017a15b397de3cac3b34e2b975f0b6c38f8265fee480c0288eeaf22da741df948d7a7dfb30b15d4a585bd7393e69b6f"}], 0x218}, 0x8000) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r4, &(0x7f0000000080), 0x12) [ 851.812224][T31486] loop5: detected capacity change from 0 to 1024 [ 851.812665][T31484] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 851.836679][T31442] syz-executor.0 invoked oom-killer: gfp_mask=0xdc0(GFP_KERNEL|__GFP_ZERO), order=0, oom_score_adj=0 [ 851.846268][T31486] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (5596!=0) [ 851.847634][T31442] CPU: 0 PID: 31442 Comm: syz-executor.0 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 851.856728][T31486] EXT4-fs (loop5): group descriptors corrupted! [ 851.867686][T31442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 851.867698][T31442] Call Trace: [ 851.867704][T31442] [ 851.867710][T31442] dump_stack_lvl+0xd6/0x122 [ 851.894783][T31442] dump_stack+0x11/0x12 [ 851.899005][T31442] dump_header+0x98/0x410 [ 851.903338][T31442] oom_kill_process+0xfe/0x550 [ 851.908177][T31442] out_of_memory+0x620/0x880 18:44:28 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00)={0x0, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0xf, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000632c00000000000002000000c50202000100000095000000000000009500000000000000183000000100000000000000000000001850000000000000000004000000000085100000fcffffff9500000000000000d57cdfeff89c4a183fc6094d6551"], &(0x7f00000001c0)='syzkaller\x00', 0x1, 0x49, &(0x7f0000000c80)=""/73, 0x40f00, 0xa, '\x00', 0x0, 0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000ec0)={0x1, 0xd, 0xa54}, 0x10, r5, 0xffffffffffffffff, 0x0, &(0x7f0000000f40)=[0xffffffffffffffff]}, 0x80) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x0, &(0x7f00000004c0), &(0x7f0000000500)='GPL\x00', 0x7e, 0x0, &(0x7f0000000540), 0x0, 0x6, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x1}, 0x8, 0x10, &(0x7f00000005c0)={0x0, 0x7, 0x81, 0x23}, 0x10, r5}, 0x80) ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0xc0189377, &(0x7f0000000480)={{0x1, 0x1, 0x18, r1, {0x6, 0x6}}, './file0\x00'}) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000004c0)='/sys/module/ip6_gre', 0x404000, 0x44) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0xe, &(0x7f0000000240)=@raw=[@map_fd={0x18, 0x10}, @map_idx={0x18, 0x5, 0x5, 0x0, 0x9}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x5}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @alu={0x4, 0x1, 0x2, 0x7, 0x1, 0x18, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @call={0x85, 0x0, 0x0, 0xb2}, @call={0x85, 0x0, 0x0, 0x67}, @cb_func={0x18, 0x5, 0x4, 0x0, 0xfffffffffffffffd}], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, 0xe, r0, 0x8, &(0x7f0000000400)={0x1, 0x1}, 0x8, 0x10, &(0x7f0000000440)={0x4, 0x2, 0x1ff, 0x6}, 0x10, r5, r6, 0x0, &(0x7f0000000500)=[r4, r0, r4, r0, r0, r7]}, 0x80) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:44:28 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x1400, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:28 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x1d00, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:28 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x1e00, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 851.912771][T31442] mem_cgroup_oom+0x475/0x4f0 [ 851.912940][T31501] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 851.917486][T31442] try_charge_memcg+0x746/0x960 [ 851.917519][T31442] ? ext4_inode_csum+0x330/0x3b0 [ 851.934163][T31442] ? chksum_update+0x39/0x50 [ 851.938099][T31503] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 851.938824][T31442] obj_cgroup_charge+0x171/0x2b0 [ 851.950671][T31442] kmem_cache_alloc+0x92/0x300 [ 851.955433][T31442] ? __alloc_file+0x2e/0x150 18:44:28 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x2000, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 851.957280][T31506] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 851.960081][T31442] __alloc_file+0x2e/0x150 [ 851.960103][T31442] alloc_empty_file+0xcd/0x1c0 [ 851.960121][T31442] path_openat+0x65/0x1b30 [ 851.980555][T31442] ? jbd2_journal_dirty_metadata+0x162/0x490 [ 851.982682][T31508] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 851.986551][T31442] ? preempt_count_add+0x5e/0xa0 [ 851.986579][T31442] ? ___cache_free+0x46/0x340 [ 852.003151][T31442] ? kmem_cache_free+0x65/0x110 [ 852.008015][T31442] do_filp_open+0x105/0x220 [ 852.012568][T31442] do_sys_openat2+0xb5/0x2a0 [ 852.017164][T31442] ? xfd_validate_state+0x4e/0xf0 [ 852.022188][T31442] __x64_sys_openat+0xef/0x110 [ 852.026935][T31442] do_syscall_64+0x2b/0x70 [ 852.031363][T31442] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 852.037587][T31442] RIP: 0033:0x7fad08c83f87 [ 852.041981][T31442] Code: 25 00 00 41 00 3d 00 00 41 00 74 47 64 8b 04 25 18 00 00 00 85 c0 75 6b 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 95 00 00 00 48 8b 4c 24 28 64 48 2b 0c 25 [ 852.061590][T31442] RSP: 002b:00007fff14116020 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 852.069985][T31442] RAX: ffffffffffffffda RBX: 00007fff14116120 RCX: 00007fad08c83f87 [ 852.077935][T31442] RDX: 0000000000000002 RSI: 00007fff14116160 RDI: 00000000ffffff9c [ 852.085915][T31442] RBP: 00007fff14116160 R08: 0000000000000000 R09: 00007fff14115f30 [ 852.093870][T31442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 852.101820][T31442] R13: 00000000000cff95 R14: 0000000000000004 R15: 00007fff14116160 [ 852.109774][T31442] [ 852.113094][T31442] memory: usage 152kB, limit 0kB, failcnt 7259 [ 852.119258][T31442] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 852.126086][T31442] Memory cgroup stats for /syz0: [ 852.126438][T31442] anon 45056 [ 852.126438][T31442] file 53248 [ 852.126438][T31442] kernel 57344 [ 852.126438][T31442] kernel_stack 0 [ 852.126438][T31442] pagetables 8192 [ 852.126438][T31442] percpu 0 [ 852.126438][T31442] sock 0 [ 852.126438][T31442] vmalloc 0 [ 852.126438][T31442] shmem 53248 [ 852.126438][T31442] file_mapped 53248 [ 852.126438][T31442] file_dirty 0 [ 852.126438][T31442] file_writeback 0 [ 852.126438][T31442] swapcached 0 [ 852.126438][T31442] inactive_anon 45056 [ 852.126438][T31442] active_anon 53248 [ 852.126438][T31442] inactive_file 0 [ 852.126438][T31442] active_file 0 [ 852.126438][T31442] unevictable 0 [ 852.126438][T31442] slab_reclaimable 14480 [ 852.126438][T31442] slab_unreclaimable 24776 [ 852.126438][T31442] slab 39256 [ 852.126438][T31442] workingset_refault_anon 0 [ 852.126438][T31442] workingset_refault_file 7 [ 852.126438][T31442] workingset_activate_anon 0 [ 852.126438][T31442] workingset_activate_file 0 [ 852.220166][T31442] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=31442,uid=0 [ 852.235551][T31442] Memory cgroup out of memory: Killed process 31442 (syz-executor.0) total-vm:42336kB, anon-rss:364kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:0 [ 852.254786][T31482] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 852.265000][T31482] CPU: 1 PID: 31482 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 852.276060][T31482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 852.286217][T31482] Call Trace: [ 852.289494][T31482] [ 852.292424][T31482] dump_stack_lvl+0xd6/0x122 [ 852.297003][T31482] dump_stack+0x11/0x12 [ 852.301137][T31482] dump_header+0x98/0x410 [ 852.305445][T31482] out_of_memory+0x65e/0x880 [ 852.310021][T31482] memory_max_write+0x31b/0x420 [ 852.315007][T31482] ? memory_max_show+0x70/0x70 [ 852.319749][T31482] cgroup_file_write+0x167/0x300 [ 852.324760][T31482] ? __check_object_size+0x235/0x380 [ 852.330128][T31482] ? cgroup_seqfile_stop+0x70/0x70 [ 852.335300][T31482] kernfs_fop_write_iter+0x1d3/0x2c0 [ 852.340572][T31482] vfs_write+0x71c/0x890 [ 852.344802][T31482] ksys_write+0xe8/0x1a0 [ 852.349076][T31482] __x64_sys_write+0x3e/0x50 [ 852.353763][T31482] do_syscall_64+0x2b/0x70 [ 852.358166][T31482] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 852.364075][T31482] RIP: 0033:0x7ff0acc260e9 [ 852.368469][T31482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 852.388072][T31482] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 852.396463][T31482] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 852.404417][T31482] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 852.412466][T31482] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 852.420417][T31482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 852.428407][T31482] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 852.436435][T31482] [ 852.439648][T31482] memory: usage 80kB, limit 0kB, failcnt 7260 [ 852.445706][T31482] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 852.452558][T31482] Memory cgroup stats for /syz0: [ 852.453213][T31482] anon 0 [ 852.453213][T31482] file 53248 [ 852.453213][T31482] kernel 28672 [ 852.453213][T31482] kernel_stack 0 [ 852.453213][T31482] pagetables 0 [ 852.453213][T31482] percpu 0 [ 852.453213][T31482] sock 0 [ 852.453213][T31482] vmalloc 0 [ 852.453213][T31482] shmem 53248 [ 852.453213][T31482] file_mapped 53248 [ 852.453213][T31482] file_dirty 0 [ 852.453213][T31482] file_writeback 0 [ 852.453213][T31482] swapcached 0 [ 852.453213][T31482] inactive_anon 0 [ 852.453213][T31482] active_anon 53248 [ 852.453213][T31482] inactive_file 0 [ 852.453213][T31482] active_file 0 [ 852.453213][T31482] unevictable 0 [ 852.453213][T31482] slab_reclaimable 4432 [ 852.453213][T31482] slab_unreclaimable 18480 [ 852.453213][T31482] slab 22912 [ 852.453213][T31482] workingset_refault_anon 0 [ 852.453213][T31482] workingset_refault_file 7 [ 852.453213][T31482] workingset_activate_anon 0 [ 852.453213][T31482] workingset_activate_file 0 [ 852.545274][T31482] Out of memory and no killable processes... [ 852.551362][T31504] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 852.561372][T31504] CPU: 1 PID: 31504 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 852.572508][T31504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 852.582578][T31504] Call Trace: [ 852.585838][T31504] [ 852.588748][T31504] dump_stack_lvl+0xd6/0x122 [ 852.593395][T31504] dump_stack+0x11/0x12 [ 852.597534][T31504] dump_header+0x98/0x410 [ 852.601852][T31504] out_of_memory+0x65e/0x880 [ 852.606431][T31504] memory_max_write+0x31b/0x420 [ 852.611313][T31504] ? memory_max_show+0x70/0x70 [ 852.616144][T31504] cgroup_file_write+0x167/0x300 [ 852.621101][T31504] ? __check_object_size+0x235/0x380 [ 852.626524][T31504] ? cgroup_seqfile_stop+0x70/0x70 [ 852.631667][T31504] kernfs_fop_write_iter+0x1d3/0x2c0 [ 852.636971][T31504] vfs_write+0x71c/0x890 [ 852.641203][T31504] ksys_write+0xe8/0x1a0 [ 852.645430][T31504] __x64_sys_write+0x3e/0x50 [ 852.650024][T31504] do_syscall_64+0x2b/0x70 [ 852.654446][T31504] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 852.660321][T31504] RIP: 0033:0x7f682d3270e9 [ 852.664712][T31504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 852.684474][T31504] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 852.692912][T31504] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 852.700972][T31504] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 852.709115][T31504] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 852.717092][T31504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 852.725069][T31504] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 852.733030][T31504] [ 852.736124][T31504] memory: usage 80kB, limit 0kB, failcnt 7260 [ 852.742337][T31504] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 852.749189][T31504] Memory cgroup stats for /syz0: [ 852.750581][T31504] anon 0 [ 852.750581][T31504] file 53248 [ 852.750581][T31504] kernel 28672 [ 852.750581][T31504] kernel_stack 0 [ 852.750581][T31504] pagetables 0 [ 852.750581][T31504] percpu 0 [ 852.750581][T31504] sock 0 [ 852.750581][T31504] vmalloc 0 [ 852.750581][T31504] shmem 53248 [ 852.750581][T31504] file_mapped 53248 [ 852.750581][T31504] file_dirty 0 [ 852.750581][T31504] file_writeback 0 [ 852.750581][T31504] swapcached 0 [ 852.750581][T31504] inactive_anon 0 [ 852.750581][T31504] active_anon 53248 [ 852.750581][T31504] inactive_file 0 [ 852.750581][T31504] active_file 0 [ 852.750581][T31504] unevictable 0 [ 852.750581][T31504] slab_reclaimable 4232 [ 852.750581][T31504] slab_unreclaimable 18216 [ 852.750581][T31504] slab 22448 [ 852.750581][T31504] workingset_refault_anon 0 [ 852.750581][T31504] workingset_refault_file 7 [ 852.750581][T31504] workingset_activate_anon 0 [ 852.750581][T31504] workingset_activate_file 0 [ 852.842556][T31504] Out of memory and no killable processes... 18:44:29 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x82002, 0x0) (async, rerun: 64) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async, rerun: 64) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 18:44:29 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x2500, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:29 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000", 0x18, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:29 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x38}, 0x10) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:44:29 executing program 2: syz_clone(0x0, 0x0, 0xffffffffffffffc0, 0x0, 0x0, 0x0) perf_event_open$cgroup(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$P9_RLERROR(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="460700000000000000c9c19ef1"], 0x10) 18:44:29 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async, rerun: 32) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async, rerun: 32) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) r4 = bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async, rerun: 32) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00)={0x0, 0x0}, 0x8) (rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0xf, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000632c00000000000002000000c50202000100000095000000000000009500000000000000183000000100000000000000000000001850000000000000000004000000000085100000fcffffff9500000000000000d57cdfeff89c4a183fc6094d6551"], &(0x7f00000001c0)='syzkaller\x00', 0x1, 0x49, &(0x7f0000000c80)=""/73, 0x40f00, 0xa, '\x00', 0x0, 0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000ec0)={0x1, 0xd, 0xa54}, 0x10, r5, 0xffffffffffffffff, 0x0, &(0x7f0000000f40)=[0xffffffffffffffff]}, 0x80) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x0, &(0x7f00000004c0), &(0x7f0000000500)='GPL\x00', 0x7e, 0x0, &(0x7f0000000540), 0x0, 0x6, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x1}, 0x8, 0x10, &(0x7f00000005c0)={0x0, 0x7, 0x81, 0x23}, 0x10, r5}, 0x80) (async) ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0xc0189377, &(0x7f0000000480)={{0x1, 0x1, 0x18, r1, {0x6, 0x6}}, './file0\x00'}) (async) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000004c0)='/sys/module/ip6_gre', 0x404000, 0x44) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0xe, &(0x7f0000000240)=@raw=[@map_fd={0x18, 0x10}, @map_idx={0x18, 0x5, 0x5, 0x0, 0x9}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x5}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @alu={0x4, 0x1, 0x2, 0x7, 0x1, 0x18, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @call={0x85, 0x0, 0x0, 0xb2}, @call={0x85, 0x0, 0x0, 0x67}, @cb_func={0x18, 0x5, 0x4, 0x0, 0xfffffffffffffffd}], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, 0xe, r0, 0x8, &(0x7f0000000400)={0x1, 0x1}, 0x8, 0x10, &(0x7f0000000440)={0x4, 0x2, 0x1ff, 0x6}, 0x10, r5, r6, 0x0, &(0x7f0000000500)=[r4, r0, r4, r0, r0, r7]}, 0x80) (async, rerun: 64) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async, rerun: 64) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) [ 852.909480][T31519] loop5: detected capacity change from 0 to 1024 [ 852.918467][T31520] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 852.927614][T31519] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (26474!=0) [ 852.937016][T31519] EXT4-fs (loop5): group descriptors corrupted! [ 852.939108][T31516] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 852.953442][T31516] CPU: 1 PID: 31516 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 852.964511][T31516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 852.978304][T31516] Call Trace: [ 852.981581][T31516] [ 852.984508][T31516] dump_stack_lvl+0xd6/0x122 [ 852.989100][T31516] dump_stack+0x11/0x12 [ 852.993256][T31516] dump_header+0x98/0x410 [ 852.997594][T31516] out_of_memory+0x65e/0x880 [ 853.002237][T31516] memory_max_write+0x31b/0x420 [ 853.007260][T31516] ? memory_max_show+0x70/0x70 [ 853.012028][T31516] cgroup_file_write+0x167/0x300 [ 853.017052][T31516] ? __check_object_size+0x235/0x380 [ 853.022339][T31516] ? cgroup_seqfile_stop+0x70/0x70 [ 853.027451][T31516] kernfs_fop_write_iter+0x1d3/0x2c0 [ 853.032818][T31516] vfs_write+0x71c/0x890 [ 853.037063][T31516] ksys_write+0xe8/0x1a0 [ 853.041370][T31516] __x64_sys_write+0x3e/0x50 [ 853.045993][T31516] do_syscall_64+0x2b/0x70 [ 853.050411][T31516] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 853.056301][T31516] RIP: 0033:0x7ff0acc260e9 [ 853.060776][T31516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 853.080398][T31516] RSP: 002b:00007ff0ac37b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 853.088959][T31516] RAX: ffffffffffffffda RBX: 00007ff0acd39030 RCX: 00007ff0acc260e9 [ 853.097007][T31516] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 18:44:29 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='udf\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6, 0x40}}, './file0\x00'}) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 18:44:29 executing program 2: syz_clone(0x0, 0x0, 0xffffffffffffffc0, 0x0, 0x0, 0x0) perf_event_open$cgroup(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$P9_RLERROR(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1610dc5ac25e75421703cd54f131fab5933f1c02a03cf8385843f7b7b689ef672de6d47d7a983178902c767c64576e0d9db5f1b967f4da6defb865752ef02c2d02abc12a063f2b26bd9b3ffce2"], 0x50) [ 853.105075][T31516] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 853.113049][T31516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 853.121108][T31516] R13: 00007ffe7a47396f R14: 00007ff0ac37b300 R15: 0000000000022000 [ 853.129162][T31516] [ 853.132393][T31516] memory: usage 72kB, limit 0kB, failcnt 7260 [ 853.138473][T31516] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 853.145408][T31516] Memory cgroup stats for /syz0: [ 853.148776][T31516] anon 0 [ 853.148776][T31516] file 53248 18:44:29 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x4800, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 853.148776][T31516] kernel 20480 [ 853.148776][T31516] kernel_stack 0 [ 853.148776][T31516] pagetables 0 [ 853.148776][T31516] percpu 0 [ 853.148776][T31516] sock 0 [ 853.148776][T31516] vmalloc 0 [ 853.148776][T31516] shmem 53248 [ 853.148776][T31516] file_mapped 53248 [ 853.148776][T31516] file_dirty 0 [ 853.148776][T31516] file_writeback 0 [ 853.148776][T31516] swapcached 0 [ 853.148776][T31516] inactive_anon 0 [ 853.148776][T31516] active_anon 53248 [ 853.148776][T31516] inactive_file 0 [ 853.148776][T31516] active_file 0 18:44:29 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async, rerun: 32) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (rerun: 32) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) r4 = bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00)={0x0, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0xf, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000632c00000000000002000000c50202000100000095000000000000009500000000000000183000000100000000000000000000001850000000000000000004000000000085100000fcffffff9500000000000000d57cdfeff89c4a183fc6094d6551"], &(0x7f00000001c0)='syzkaller\x00', 0x1, 0x49, &(0x7f0000000c80)=""/73, 0x40f00, 0xa, '\x00', 0x0, 0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000ec0)={0x1, 0xd, 0xa54}, 0x10, r5, 0xffffffffffffffff, 0x0, &(0x7f0000000f40)=[0xffffffffffffffff]}, 0x80) (async, rerun: 32) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x0, &(0x7f00000004c0), &(0x7f0000000500)='GPL\x00', 0x7e, 0x0, &(0x7f0000000540), 0x0, 0x6, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x1}, 0x8, 0x10, &(0x7f00000005c0)={0x0, 0x7, 0x81, 0x23}, 0x10, r5}, 0x80) (async, rerun: 32) ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0xc0189377, &(0x7f0000000480)={{0x1, 0x1, 0x18, r1, {0x6, 0x6}}, './file0\x00'}) (async) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000004c0)='/sys/module/ip6_gre', 0x404000, 0x44) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0xe, &(0x7f0000000240)=@raw=[@map_fd={0x18, 0x10}, @map_idx={0x18, 0x5, 0x5, 0x0, 0x9}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x5}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @alu={0x4, 0x1, 0x2, 0x7, 0x1, 0x18, 0x1}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @call={0x85, 0x0, 0x0, 0xb2}, @call={0x85, 0x0, 0x0, 0x67}, @cb_func={0x18, 0x5, 0x4, 0x0, 0xfffffffffffffffd}], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, 0xe, r0, 0x8, &(0x7f0000000400)={0x1, 0x1}, 0x8, 0x10, &(0x7f0000000440)={0x4, 0x2, 0x1ff, 0x6}, 0x10, r5, r6, 0x0, &(0x7f0000000500)=[r4, r0, r4, r0, r0, r7]}, 0x80) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.io_serviced_recursive\x00', 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async, rerun: 32) bpf$PROG_LOAD(0x5, 0x0, 0x0) (rerun: 32) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:44:29 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f0000000240)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r3, 0xc018937c, &(0x7f0000000280)={{0x1, 0x1, 0x18, r4, {0x4}}, './file0/file0\x00'}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f00000000c0)={0x4}) r5 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r6 = openat$cgroup_int(r5, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) openat$cgroup_ro(r1, &(0x7f0000000100)='memory.events\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r6, &(0x7f0000000080), 0x12) 18:44:29 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x4c00, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:29 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x38}, 0x10) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x38}, 0x10) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) (async) [ 853.148776][T31516] unevictable 0 [ 853.148776][T31516] slab_reclaimable 4232 [ 853.148776][T31516] slab_unreclaimable 14936 [ 853.148776][T31516] slab 19168 [ 853.148776][T31516] workingset_refault_anon 0 [ 853.148776][T31516] workingset_refault_file 7 [ 853.148776][T31516] workingset_activate_anon 0 [ 853.148776][T31516] workingset_activate_file 0 [ 853.240907][T31516] Out of memory and no killable processes... [ 853.252117][T31543] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 18:44:29 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000", 0x18, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) [ 853.296103][T31545] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 853.306051][T31545] CPU: 1 PID: 31545 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 853.317149][T31545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 853.318077][T31548] loop5: detected capacity change from 0 to 1024 [ 853.327280][T31545] Call Trace: [ 853.327288][T31545] [ 853.339798][T31545] dump_stack_lvl+0xd6/0x122 [ 853.344400][T31545] dump_stack+0x11/0x12 [ 853.348560][T31545] dump_header+0x98/0x410 [ 853.352889][T31545] out_of_memory+0x65e/0x880 [ 853.357570][T31545] memory_max_write+0x31b/0x420 [ 853.362421][T31545] ? memory_max_show+0x70/0x70 [ 853.367241][T31545] cgroup_file_write+0x167/0x300 [ 853.372175][T31545] ? __check_object_size+0x235/0x380 [ 853.377453][T31545] ? cgroup_seqfile_stop+0x70/0x70 [ 853.382618][T31545] kernfs_fop_write_iter+0x1d3/0x2c0 [ 853.387899][T31545] vfs_write+0x71c/0x890 [ 853.392213][T31545] ksys_write+0xe8/0x1a0 [ 853.396500][T31545] __x64_sys_write+0x3e/0x50 [ 853.401247][T31545] do_syscall_64+0x2b/0x70 [ 853.405657][T31545] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 853.411591][T31545] RIP: 0033:0x7f682d3270e9 [ 853.416036][T31545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 853.435637][T31545] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 853.444046][T31545] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 853.452098][T31545] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 853.460069][T31545] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 853.468027][T31545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 853.476088][T31545] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 853.484047][T31545] [ 853.487280][T31545] memory: usage 72kB, limit 0kB, failcnt 7260 18:44:29 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x6000, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 853.493418][T31545] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 853.500332][T31545] Memory cgroup stats for /syz0: [ 853.503938][T31548] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (26474!=0) [ 853.507377][T31549] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 853.508919][T31548] EXT4-fs (loop5): group descriptors corrupted! 18:44:29 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000440)={&(0x7f0000000400)='./file0\x00', 0x0, 0x8}, 0x10) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f00000002c0)=ANY=[@ANYBLOB="01dfffff7f00000018000000", @ANYRES32=r1, @ANYBLOB="00000000000000000000040001000008e48590d37ecf39e7ff815f790e6c254e7f7ebaa9e1681450deff56a708899869428f38630ebed9ae4d071736936c8e61c64a38c8c4ce34289f3da539cbb8585e3c08500a3818ae00cd56db1dcce7890686f12c493ad181b9cbc911d24cd53f7ef50b646a0d89de15003a3d7498c17198a8acea97c55baf6c54a7a6c4256a59f319a72317c8043f0fca3c8d5cd1633f26ca01c871fdd3905550f039e909b9418d19991f3f308bbd7ef19fd7cc8804a09890e362ed5930334fafce25"]) r4 = openat$cgroup_int(r3, &(0x7f0000000240)='blkio.throttle.read_iops_device\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) perf_event_open$cgroup(&(0x7f0000000480)={0x4, 0x80, 0x20, 0x1, 0x4, 0x5, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf529, 0x1, @perf_config_ext={0x81, 0x800}, 0x110, 0x1ff, 0x1, 0x1, 0x9, 0x6, 0x1000, 0x0, 0x1ffe0, 0x0, 0x8c}, 0xffffffffffffffff, 0x4, r0, 0x2) socket$inet_dccp(0x2, 0x6, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') copy_file_range(r1, &(0x7f0000000180)=0x8080000000000000, r1, &(0x7f0000000100)=0x8100000002, 0x80, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r4, &(0x7f0000000080), 0x12) sendfile(r0, r2, &(0x7f0000000280)=0x400, 0x6) 18:44:29 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x620e, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:29 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x6800, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 853.567994][T31554] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 853.599792][T31568] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 853.640305][T31573] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 853.656454][T31545] anon 0 [ 853.656454][T31545] file 53248 [ 853.656454][T31545] kernel 20480 [ 853.656454][T31545] kernel_stack 0 [ 853.656454][T31545] pagetables 0 [ 853.656454][T31545] percpu 0 [ 853.656454][T31545] sock 0 [ 853.656454][T31545] vmalloc 0 [ 853.656454][T31545] shmem 53248 [ 853.656454][T31545] file_mapped 53248 [ 853.656454][T31545] file_dirty 0 [ 853.656454][T31545] file_writeback 0 [ 853.656454][T31545] swapcached 0 [ 853.656454][T31545] inactive_anon 0 [ 853.656454][T31545] active_anon 53248 [ 853.656454][T31545] inactive_file 0 [ 853.656454][T31545] active_file 0 [ 853.656454][T31545] unevictable 0 [ 853.656454][T31545] slab_reclaimable 3056 [ 853.656454][T31545] slab_unreclaimable 14936 [ 853.656454][T31545] slab 17992 [ 853.656454][T31545] workingset_refault_anon 0 [ 853.656454][T31545] workingset_refault_file 7 [ 853.656454][T31545] workingset_activate_anon 0 [ 853.656454][T31545] workingset_activate_file 0 [ 853.743712][T31545] Out of memory and no killable processes... [ 853.980580][ T8] device hsr_slave_0 left promiscuous mode [ 853.986649][ T8] device hsr_slave_1 left promiscuous mode [ 853.992838][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 854.000280][ T8] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 854.007702][ T8] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 854.015144][ T8] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 854.022758][ T8] device bridge_slave_1 left promiscuous mode [ 854.028883][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 854.037180][ T8] device bridge_slave_0 left promiscuous mode [ 854.043629][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 854.053302][ T8] device veth1_macvtap left promiscuous mode [ 854.059294][ T8] device veth0_macvtap left promiscuous mode [ 854.065284][ T8] device veth1_vlan left promiscuous mode [ 854.071061][ T8] device veth0_vlan left promiscuous mode [ 854.150593][ T8] team0 (unregistering): Port device team_slave_1 removed [ 854.160149][ T8] team0 (unregistering): Port device team_slave_0 removed [ 854.170049][ T8] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 854.181136][ T8] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 854.208931][ T8] bond0 (unregistering): Released all slaves [ 854.984787][T31575] chnl_net:caif_netlink_parms(): no params data found [ 855.013765][T31575] bridge0: port 1(bridge_slave_0) entered blocking state [ 855.020897][T31575] bridge0: port 1(bridge_slave_0) entered disabled state [ 855.028505][T31575] device bridge_slave_0 entered promiscuous mode [ 855.035593][T31575] bridge0: port 2(bridge_slave_1) entered blocking state [ 855.042677][T31575] bridge0: port 2(bridge_slave_1) entered disabled state [ 855.050244][T31575] device bridge_slave_1 entered promiscuous mode [ 855.065319][T31575] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 855.075407][T31575] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 855.093028][T31575] team0: Port device team_slave_0 added [ 855.099236][T31575] team0: Port device team_slave_1 added [ 855.113254][T31575] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 855.120196][T31575] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 855.146168][T31575] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 855.157311][T31575] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 855.164253][T31575] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 855.190203][T31575] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 855.211857][T31575] device hsr_slave_0 entered promiscuous mode [ 855.219533][T31575] device hsr_slave_1 entered promiscuous mode [ 855.225855][T31575] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 855.234625][T31575] Cannot create hsr debugfs directory [ 855.262268][T31575] bridge0: port 2(bridge_slave_1) entered blocking state [ 855.269309][T31575] bridge0: port 2(bridge_slave_1) entered forwarding state [ 855.276515][T31575] bridge0: port 1(bridge_slave_0) entered blocking state [ 855.283654][T31575] bridge0: port 1(bridge_slave_0) entered forwarding state [ 855.291853][ T1918] bridge0: port 1(bridge_slave_0) entered disabled state [ 855.299690][ T1918] bridge0: port 2(bridge_slave_1) entered disabled state [ 855.329006][T31575] 8021q: adding VLAN 0 to HW filter on device bond0 [ 855.340271][T31575] 8021q: adding VLAN 0 to HW filter on device team0 [ 855.348907][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 855.356536][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 855.364344][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 855.372879][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 855.381353][ T893] bridge0: port 1(bridge_slave_0) entered blocking state [ 855.388382][ T893] bridge0: port 1(bridge_slave_0) entered forwarding state [ 855.398151][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 855.407016][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 855.416539][ T1918] bridge0: port 2(bridge_slave_1) entered blocking state [ 855.423684][ T1918] bridge0: port 2(bridge_slave_1) entered forwarding state [ 855.433511][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 855.448384][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 855.457294][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 855.465809][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 855.474505][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 855.483182][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 855.491807][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 855.500448][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 855.508713][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 855.516861][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 855.525409][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 855.534439][T31575] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 855.546338][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 855.554748][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 855.564048][T31575] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 855.638213][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 855.646993][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 855.683448][T31575] device veth0_vlan entered promiscuous mode [ 855.689889][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 855.698052][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 855.707465][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 855.715464][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 855.724719][T31575] device veth1_vlan entered promiscuous mode [ 855.737332][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 855.745925][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 855.755684][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 855.764172][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 855.774303][T31575] device veth0_macvtap entered promiscuous mode [ 855.782841][T31575] device veth1_macvtap entered promiscuous mode [ 855.792963][T31575] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 855.803407][T31575] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 855.813214][T31575] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 855.823617][T31575] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 855.833405][T31575] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 855.843912][T31575] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 855.853741][T31575] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 855.864157][T31575] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 855.873977][T31575] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 855.884410][T31575] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 855.895248][T31575] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 855.902879][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 855.911727][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 855.919566][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 855.927948][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 855.938733][T31575] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 855.949158][T31575] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 855.958979][T31575] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 855.969385][T31575] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 855.979206][T31575] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 855.989626][T31575] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 855.999432][T31575] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 856.009833][T31575] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.019646][T31575] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 856.030072][T31575] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.041180][T31575] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 856.049625][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 856.058095][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 856.072043][T31575] ================================================================== [ 856.080102][T31575] BUG: KCSAN: data-race in dev_get_tstats64 / udp_tunnel6_xmit_skb [ 856.087971][T31575] [ 856.090271][T31575] read-write to 0xffffe8ffffd4a498 of 8 bytes by task 225 on cpu 1: [ 856.098220][T31575] udp_tunnel6_xmit_skb+0x387/0x470 [ 856.103398][T31575] send6+0x2ed/0x3b0 [ 856.107267][T31575] wg_socket_send_skb_to_peer+0xbb/0x120 [ 856.112876][T31575] wg_socket_send_buffer_to_peer+0xd2/0xf0 [ 856.118660][T31575] wg_packet_handshake_send_worker+0x109/0x150 [ 856.124789][T31575] process_one_work+0x3d3/0x720 [ 856.129617][T31575] worker_thread+0x618/0xa70 [ 856.134180][T31575] kthread+0x1a9/0x1e0 [ 856.138224][T31575] ret_from_fork+0x1f/0x30 [ 856.142618][T31575] [ 856.144916][T31575] read to 0xffffe8ffffd4a498 of 8 bytes by task 31575 on cpu 0: [ 856.152522][T31575] dev_get_tstats64+0x147/0x1e0 [ 856.157346][T31575] dev_get_stats+0x69/0x240 [ 856.161820][T31575] rtnl_fill_stats+0x45/0x320 [ 856.166469][T31575] rtnl_fill_ifinfo+0xc19/0x1050 [ 856.171385][T31575] rtmsg_ifinfo_build_skb+0xa2/0x130 [ 856.176647][T31575] rtmsg_ifinfo+0x55/0xc0 [ 856.180954][T31575] __dev_notify_flags+0x65/0x3a0 [ 856.185869][T31575] dev_change_flags+0xa2/0xc0 [ 856.190525][T31575] do_setlink+0x7f9/0x2120 [ 856.194914][T31575] rtnl_newlink+0x1116/0x1580 [ 856.199564][T31575] rtnetlink_rcv_msg+0x74f/0x7e0 [ 856.204477][T31575] netlink_rcv_skb+0x13e/0x240 [ 856.209216][T31575] rtnetlink_rcv+0x18/0x20 [ 856.213605][T31575] netlink_unicast+0x58a/0x660 [ 856.218343][T31575] netlink_sendmsg+0x661/0x750 [ 856.223080][T31575] __sys_sendto+0x21e/0x2c0 [ 856.227558][T31575] __x64_sys_sendto+0x74/0x90 [ 856.232208][T31575] do_syscall_64+0x2b/0x70 [ 856.236601][T31575] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 856.242471][T31575] [ 856.244768][T31575] value changed: 0x0000000000000000 -> 0x0000000000000094 [ 856.251845][T31575] [ 856.254142][T31575] Reported by Kernel Concurrency Sanitizer on: [ 856.260260][T31575] CPU: 0 PID: 31575 Comm: syz-executor.0 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 856.271249][T31575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 856.281276][T31575] ================================================================== 18:44:32 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='udf\x00', 0x0, 0x0) (async) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6, 0x40}}, './file0\x00'}) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 18:44:32 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000", 0x18, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:32 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x6c00, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:32 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000440)={&(0x7f0000000400)='./file0\x00', 0x0, 0x8}, 0x10) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f00000002c0)=ANY=[@ANYBLOB="01dfffff7f00000018000000", @ANYRES32=r1, @ANYBLOB="00000000000000000000040001000008e48590d37ecf39e7ff815f790e6c254e7f7ebaa9e1681450deff56a708899869428f38630ebed9ae4d071736936c8e61c64a38c8c4ce34289f3da539cbb8585e3c08500a3818ae00cd56db1dcce7890686f12c493ad181b9cbc911d24cd53f7ef50b646a0d89de15003a3d7498c17198a8acea97c55baf6c54a7a6c4256a59f319a72317c8043f0fca3c8d5cd1633f26ca01c871fdd3905550f039e909b9418d19991f3f308bbd7ef19fd7cc8804a09890e362ed5930334fafce25"]) (async) r4 = openat$cgroup_int(r3, &(0x7f0000000240)='blkio.throttle.read_iops_device\x00', 0x2, 0x0) (async, rerun: 64) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 64) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) perf_event_open$cgroup(&(0x7f0000000480)={0x4, 0x80, 0x20, 0x1, 0x4, 0x5, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf529, 0x1, @perf_config_ext={0x81, 0x800}, 0x110, 0x1ff, 0x1, 0x1, 0x9, 0x6, 0x1000, 0x0, 0x1ffe0, 0x0, 0x8c}, 0xffffffffffffffff, 0x4, r0, 0x2) socket$inet_dccp(0x2, 0x6, 0x0) (async) chdir(&(0x7f00000003c0)='./file0\x00') (async) copy_file_range(r1, &(0x7f0000000180)=0x8080000000000000, r1, &(0x7f0000000100)=0x8100000002, 0x80, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r4, &(0x7f0000000080), 0x12) sendfile(r0, r2, &(0x7f0000000280)=0x400, 0x6) 18:44:32 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f0000000240)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r3, 0xc018937c, &(0x7f0000000280)={{0x1, 0x1, 0x18, r4, {0x4}}, './file0/file0\x00'}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f00000000c0)={0x4}) r5 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r6 = openat$cgroup_int(r5, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) openat$cgroup_ro(r1, &(0x7f0000000100)='memory.events\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r6, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) (async) dup(r2) (async) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f0000000240)={{0x1, 0x1, 0x18}, './file0\x00'}) (async) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r3, 0xc018937c, &(0x7f0000000280)={{0x1, 0x1, 0x18, r4, {0x4}}, './file0/file0\x00'}) (async) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f00000000c0)={0x4}) (async) openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r5, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) openat$cgroup_ro(r1, &(0x7f0000000100)='memory.events\x00', 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r6, &(0x7f0000000080), 0x12) (async) 18:44:32 executing program 2: syz_clone(0x0, 0x0, 0xffffffffffffffc0, 0x0, 0x0, 0x0) perf_event_open$cgroup(&(0x7f00000001c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$P9_RLERROR(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="460700000000000000c9c19e"], 0x10) [ 856.331611][T31616] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 856.337853][T31618] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 856.342509][T31625] loop5: detected capacity change from 0 to 1024 [ 856.348612][T31618] CPU: 1 PID: 31618 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 856.365900][T31618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 856.375952][T31618] Call Trace: [ 856.379223][T31618] [ 856.382146][T31618] dump_stack_lvl+0xd6/0x122 [ 856.386733][T31618] dump_stack+0x11/0x12 [ 856.391010][T31618] dump_header+0x98/0x410 [ 856.395333][T31618] oom_kill_process+0xfe/0x550 [ 856.400085][T31618] out_of_memory+0x620/0x880 [ 856.404662][T31618] memory_max_write+0x31b/0x420 [ 856.409520][T31618] ? memory_max_show+0x70/0x70 [ 856.414272][T31618] cgroup_file_write+0x167/0x300 [ 856.419201][T31618] ? __check_object_size+0x235/0x380 [ 856.424576][T31618] ? cgroup_seqfile_stop+0x70/0x70 [ 856.429672][T31618] kernfs_fop_write_iter+0x1d3/0x2c0 [ 856.434966][T31618] vfs_write+0x71c/0x890 [ 856.439265][T31618] ksys_write+0xe8/0x1a0 [ 856.443573][T31618] __x64_sys_write+0x3e/0x50 [ 856.448224][T31618] do_syscall_64+0x2b/0x70 [ 856.452626][T31618] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 856.458504][T31618] RIP: 0033:0x7f682d3270e9 [ 856.462996][T31618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 856.482612][T31618] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 856.491058][T31618] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 856.499058][T31618] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 856.507017][T31618] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 856.514968][T31618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 856.523003][T31618] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 18:44:32 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x7400, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:32 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000440)={&(0x7f0000000400)='./file0\x00', 0x0, 0x8}, 0x10) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f00000002c0)=ANY=[@ANYBLOB="01dfffff7f00000018000000", @ANYRES32=r1, @ANYBLOB="00000000000000000000040001000008e48590d37ecf39e7ff815f790e6c254e7f7ebaa9e1681450deff56a708899869428f38630ebed9ae4d071736936c8e61c64a38c8c4ce34289f3da539cbb8585e3c08500a3818ae00cd56db1dcce7890686f12c493ad181b9cbc911d24cd53f7ef50b646a0d89de15003a3d7498c17198a8acea97c55baf6c54a7a6c4256a59f319a72317c8043f0fca3c8d5cd1633f26ca01c871fdd3905550f039e909b9418d19991f3f308bbd7ef19fd7cc8804a09890e362ed5930334fafce25"]) r4 = openat$cgroup_int(r3, &(0x7f0000000240)='blkio.throttle.read_iops_device\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9000000}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0) (async) perf_event_open$cgroup(&(0x7f0000000480)={0x4, 0x80, 0x20, 0x1, 0x4, 0x5, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf529, 0x1, @perf_config_ext={0x81, 0x800}, 0x110, 0x1ff, 0x1, 0x1, 0x9, 0x6, 0x1000, 0x0, 0x1ffe0, 0x0, 0x8c}, 0xffffffffffffffff, 0x4, r0, 0x2) (async) socket$inet_dccp(0x2, 0x6, 0x0) (async) chdir(&(0x7f00000003c0)='./file0\x00') copy_file_range(r1, &(0x7f0000000180)=0x8080000000000000, r1, &(0x7f0000000100)=0x8100000002, 0x80, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r4, &(0x7f0000000080), 0x12) (async) sendfile(r0, r2, &(0x7f0000000280)=0x400, 0x6) [ 856.531030][T31618] [ 856.534086][T31618] memory: usage 156kB, limit 0kB, failcnt 7279 [ 856.540270][T31618] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 856.547192][T31618] Memory cgroup stats for /syz0: [ 856.549743][T31618] anon 32768 [ 856.549743][T31618] file 53248 [ 856.549743][T31618] kernel 73728 [ 856.549743][T31618] kernel_stack 0 [ 856.549743][T31618] pagetables 8192 [ 856.549743][T31618] percpu 0 [ 856.549743][T31618] sock 0 [ 856.549743][T31618] vmalloc 0 [ 856.549743][T31618] shmem 53248 [ 856.549743][T31618] file_mapped 53248 [ 856.549743][T31618] file_dirty 0 [ 856.549743][T31618] file_writeback 0 [ 856.549743][T31618] swapcached 0 [ 856.549743][T31618] inactive_anon 32768 [ 856.549743][T31618] active_anon 53248 [ 856.549743][T31618] inactive_file 0 [ 856.549743][T31618] active_file 0 [ 856.549743][T31618] unevictable 0 [ 856.549743][T31618] slab_reclaimable 19512 [ 856.549743][T31618] slab_unreclaimable 35896 [ 856.549743][T31618] slab 55408 [ 856.549743][T31618] workingset_refault_anon 0 [ 856.549743][T31618] workingset_refault_file 7 [ 856.549743][T31618] workingset_activate_anon 0 [ 856.549743][T31618] workingset_activate_file 0 [ 856.557246][T31625] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (26474!=0) [ 856.642837][T31618] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null) [ 856.652089][T31625] EXT4-fs (loop5): group descriptors corrupted! [ 856.665233][T31618] ,cpuset=syz4,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=31575,uid=0 18:44:32 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:44:32 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x7a00, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:32 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f0000000240)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r3, 0xc018937c, &(0x7f0000000280)={{0x1, 0x1, 0x18, r4, {0x4}}, './file0/file0\x00'}) (async) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f00000000c0)={0x4}) (async) r5 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r6 = openat$cgroup_int(r5, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) openat$cgroup_ro(r1, &(0x7f0000000100)='memory.events\x00', 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r6, &(0x7f0000000080), 0x12) 18:44:32 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x34000, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 856.675997][T31618] Memory cgroup out of memory: Killed process 31575 (syz-executor.0) total-vm:42336kB, anon-rss:368kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:0 [ 856.685297][T31658] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 856.740492][T31659] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 856.749138][T31663] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 856.750701][T31659] CPU: 1 PID: 31659 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 856.768594][T31659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 856.778646][T31659] Call Trace: [ 856.781909][T31659] [ 856.784868][T31659] dump_stack_lvl+0xd6/0x122 [ 856.789501][T31659] dump_stack+0x11/0x12 [ 856.793701][T31659] dump_header+0x98/0x410 [ 856.798033][T31659] out_of_memory+0x65e/0x880 [ 856.802621][T31659] memory_max_write+0x31b/0x420 [ 856.807473][T31659] ? memory_max_show+0x70/0x70 [ 856.812249][T31659] cgroup_file_write+0x167/0x300 [ 856.817238][T31659] ? __check_object_size+0x235/0x380 [ 856.822527][T31659] ? cgroup_seqfile_stop+0x70/0x70 [ 856.827652][T31659] kernfs_fop_write_iter+0x1d3/0x2c0 [ 856.832983][T31659] vfs_write+0x71c/0x890 [ 856.837210][T31659] ksys_write+0xe8/0x1a0 [ 856.841504][T31659] __x64_sys_write+0x3e/0x50 [ 856.846157][T31659] do_syscall_64+0x2b/0x70 [ 856.850555][T31659] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 856.856458][T31659] RIP: 0033:0x7ff0acc260e9 [ 856.860855][T31659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 856.880462][T31659] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 856.888863][T31659] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 856.896811][T31659] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 856.904763][T31659] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 856.912711][T31659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 856.920834][T31659] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 856.928785][T31659] [ 856.931931][T31659] memory: usage 80kB, limit 0kB, failcnt 7296 [ 856.938004][T31659] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 856.944863][T31659] Memory cgroup stats for /syz0: [ 856.946399][T31659] anon 0 [ 856.946399][T31659] file 53248 [ 856.946399][T31659] kernel 28672 [ 856.946399][T31659] kernel_stack 0 [ 856.946399][T31659] pagetables 0 [ 856.946399][T31659] percpu 0 [ 856.946399][T31659] sock 0 [ 856.946399][T31659] vmalloc 0 [ 856.946399][T31659] shmem 53248 [ 856.946399][T31659] file_mapped 53248 [ 856.946399][T31659] file_dirty 0 [ 856.946399][T31659] file_writeback 0 [ 856.946399][T31659] swapcached 0 [ 856.946399][T31659] inactive_anon 0 [ 856.946399][T31659] active_anon 53248 [ 856.946399][T31659] inactive_file 0 [ 856.946399][T31659] active_file 0 [ 856.946399][T31659] unevictable 0 [ 856.946399][T31659] slab_reclaimable 5608 [ 856.946399][T31659] slab_unreclaimable 18480 [ 856.946399][T31659] slab 24088 [ 856.946399][T31659] workingset_refault_anon 0 [ 856.946399][T31659] workingset_refault_file 7 [ 856.946399][T31659] workingset_activate_anon 0 [ 856.946399][T31659] workingset_activate_file 0 [ 857.038445][T31659] Out of memory and no killable processes... 18:44:33 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='udf\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x6, 0x40}}, './file0\x00'}) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 18:44:33 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') (async) openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) (async) 18:44:33 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x400300, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:33 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f00030004000000000000000000", 0x1c, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:33 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) mount(&(0x7f00000000c0)=ANY=[@ANYBLOB="07ca79"], &(0x7f0000000100)='./file0\x00', &(0x7f0000000240)='pvfs2\x00', 0x1000, &(0x7f0000000280)='\\)+$\x00') r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open$cgroup(&(0x7f0000000300)={0x1, 0x80, 0x3, 0x1, 0x5, 0x2, 0x0, 0x8000, 0x4a000, 0x60a3004ec5fed6d, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x1, @perf_bp={&(0x7f00000002c0), 0xc}, 0xa4, 0x7, 0x7fff, 0xc, 0x9, 0x3, 0x3ff, 0x0, 0x9}, r0, 0xffffffffffffffff, r2, 0x9) r3 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) openat$cgroup_ro(r5, &(0x7f00000003c0)='devices.list\x00', 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) [ 857.088377][T31575] syz-executor.0 (31575) used greatest stack depth: 9600 bytes left [ 857.103658][T31672] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 857.111100][T31670] loop5: detected capacity change from 0 to 1024 [ 857.134858][T31673] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 857.144846][T31673] CPU: 0 PID: 31673 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 857.146093][T31670] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (26474!=0) [ 857.155867][T31673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 857.155884][T31673] Call Trace: [ 857.155891][T31673] [ 857.155899][T31673] dump_stack_lvl+0xd6/0x122 [ 857.155930][T31673] dump_stack+0x11/0x12 [ 857.165189][T31670] EXT4-fs (loop5): group descriptors corrupted! [ 857.175178][T31673] dump_header+0x98/0x410 [ 857.200592][T31673] out_of_memory+0x65e/0x880 [ 857.205206][T31673] memory_max_write+0x31b/0x420 [ 857.210065][T31673] ? memory_max_show+0x70/0x70 [ 857.214830][T31673] cgroup_file_write+0x167/0x300 [ 857.219779][T31673] ? __check_object_size+0x235/0x380 [ 857.225076][T31673] ? cgroup_seqfile_stop+0x70/0x70 [ 857.230274][T31673] kernfs_fop_write_iter+0x1d3/0x2c0 [ 857.235570][T31673] vfs_write+0x71c/0x890 [ 857.239828][T31673] ksys_write+0xe8/0x1a0 [ 857.244073][T31673] __x64_sys_write+0x3e/0x50 [ 857.248668][T31673] do_syscall_64+0x2b/0x70 [ 857.253091][T31673] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 857.259001][T31673] RIP: 0033:0x7f682d3270e9 [ 857.263438][T31673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 18:44:33 executing program 2: bpf$MAP_CREATE(0xa, &(0x7f0000000400), 0x48) 18:44:33 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x1000000, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:33 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') (async) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) [ 857.283043][T31673] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 857.291459][T31673] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 857.299435][T31673] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000014 [ 857.307468][T31673] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 857.315466][T31673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 857.323436][T31673] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 857.331445][T31673] [ 857.334492][T31673] memory: usage 76kB, limit 0kB, failcnt 7296 [ 857.340558][T31673] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 857.347395][T31673] Memory cgroup stats for /syz0: [ 857.352286][T31697] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 18:44:33 executing program 2: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8940, &(0x7f00000004c0)={'vcan0\x00'}) 18:44:33 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x2000000, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 857.384566][T31673] anon 0 [ 857.384566][T31673] file 53248 [ 857.384566][T31673] kernel 20480 [ 857.384566][T31673] kernel_stack 0 [ 857.384566][T31673] pagetables 0 [ 857.384566][T31673] percpu 0 [ 857.384566][T31673] sock 0 [ 857.384566][T31673] vmalloc 0 [ 857.384566][T31673] shmem 53248 [ 857.384566][T31673] file_mapped 53248 [ 857.384566][T31673] file_dirty 0 [ 857.384566][T31673] file_writeback 0 [ 857.384566][T31673] swapcached 0 [ 857.384566][T31673] inactive_anon 0 [ 857.384566][T31673] active_anon 53248 [ 857.384566][T31673] inactive_file 0 [ 857.384566][T31673] active_file 0 [ 857.384566][T31673] unevictable 0 [ 857.384566][T31673] slab_reclaimable 3056 [ 857.384566][T31673] slab_unreclaimable 14936 [ 857.384566][T31673] slab 17992 [ 857.384566][T31673] workingset_refault_anon 0 [ 857.384566][T31673] workingset_refault_file 7 [ 857.384566][T31673] workingset_activate_anon 0 [ 857.384566][T31673] workingset_activate_file 0 [ 857.471802][T31673] Out of memory and no killable processes... [ 857.479719][T31701] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 857.488341][T31694] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 857.498253][T31694] CPU: 0 PID: 31694 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 857.509279][T31694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 857.519356][T31694] Call Trace: [ 857.522708][T31694] [ 857.525681][T31694] dump_stack_lvl+0xd6/0x122 [ 857.530359][T31694] dump_stack+0x11/0x12 18:44:33 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) mount(&(0x7f00000000c0)=ANY=[@ANYBLOB="07ca79"], &(0x7f0000000100)='./file0\x00', &(0x7f0000000240)='pvfs2\x00', 0x1000, &(0x7f0000000280)='\\)+$\x00') (async) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open$cgroup(&(0x7f0000000300)={0x1, 0x80, 0x3, 0x1, 0x5, 0x2, 0x0, 0x8000, 0x4a000, 0x60a3004ec5fed6d, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x1, @perf_bp={&(0x7f00000002c0), 0xc}, 0xa4, 0x7, 0x7fff, 0xc, 0x9, 0x3, 0x3ff, 0x0, 0x9}, r0, 0xffffffffffffffff, r2, 0x9) r3 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) openat$cgroup_ro(r5, &(0x7f00000003c0)='devices.list\x00', 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) [ 857.534525][T31694] dump_header+0x98/0x410 [ 857.538926][T31694] out_of_memory+0x65e/0x880 [ 857.543581][T31694] memory_max_write+0x31b/0x420 [ 857.548433][T31694] ? memory_max_show+0x70/0x70 [ 857.553197][T31694] cgroup_file_write+0x167/0x300 [ 857.558231][T31694] ? __check_object_size+0x235/0x380 [ 857.563601][T31694] ? cgroup_seqfile_stop+0x70/0x70 [ 857.568791][T31694] kernfs_fop_write_iter+0x1d3/0x2c0 [ 857.574078][T31694] vfs_write+0x71c/0x890 [ 857.578326][T31694] ksys_write+0xe8/0x1a0 [ 857.582627][T31694] __x64_sys_write+0x3e/0x50 [ 857.587219][T31694] do_syscall_64+0x2b/0x70 [ 857.591638][T31694] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 857.597533][T31694] RIP: 0033:0x7ff0acc260e9 [ 857.601935][T31694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 857.621632][T31694] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 857.630039][T31694] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 857.638056][T31694] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 857.646027][T31694] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 857.654172][T31694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 857.662138][T31694] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 857.670114][T31694] [ 857.673308][T31694] memory: usage 72kB, limit 0kB, failcnt 7296 [ 857.679382][T31694] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 18:44:33 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_NOOP(r0, 0x0, 0x0) [ 857.686222][T31694] Memory cgroup stats for /syz0: [ 857.687198][ T24] audit: type=1400 audit(1651085073.825:362): avc: denied { ioctl } for pid=31700 comm="syz-executor.2" path="socket:[101036]" dev="sockfs" ino=101036 ioctlcmd=0x8940 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 857.727919][T31694] anon 0 [ 857.727919][T31694] file 53248 [ 857.727919][T31694] kernel 20480 [ 857.727919][T31694] kernel_stack 0 [ 857.727919][T31694] pagetables 0 [ 857.727919][T31694] percpu 0 [ 857.727919][T31694] sock 0 [ 857.727919][T31694] vmalloc 0 [ 857.727919][T31694] shmem 53248 [ 857.727919][T31694] file_mapped 53248 [ 857.727919][T31694] file_dirty 0 [ 857.727919][T31694] file_writeback 0 [ 857.727919][T31694] swapcached 0 [ 857.727919][T31694] inactive_anon 0 [ 857.727919][T31694] active_anon 53248 [ 857.727919][T31694] inactive_file 0 [ 857.727919][T31694] active_file 0 [ 857.727919][T31694] unevictable 0 [ 857.727919][T31694] slab_reclaimable 3056 [ 857.727919][T31694] slab_unreclaimable 14936 [ 857.727919][T31694] slab 17992 [ 857.727919][T31694] workingset_refault_anon 0 [ 857.727919][T31694] workingset_refault_file 7 [ 857.727919][T31694] workingset_activate_anon 0 [ 857.727919][T31694] workingset_activate_file 0 [ 857.815156][T31694] Out of memory and no killable processes... [ 858.210029][ T225] device hsr_slave_0 left promiscuous mode [ 858.217019][ T225] device hsr_slave_1 left promiscuous mode [ 858.228332][ T225] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 858.235710][ T225] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 858.243400][ T225] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 858.250835][ T225] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 858.258453][ T225] device bridge_slave_1 left promiscuous mode [ 858.264639][ T225] bridge0: port 2(bridge_slave_1) entered disabled state [ 858.272470][ T225] device bridge_slave_0 left promiscuous mode [ 858.278624][ T225] bridge0: port 1(bridge_slave_0) entered disabled state [ 858.289108][ T225] device veth1_macvtap left promiscuous mode [ 858.295129][ T225] device veth0_macvtap left promiscuous mode [ 858.301272][ T225] device veth1_vlan left promiscuous mode [ 858.307338][ T225] device veth0_vlan left promiscuous mode [ 858.385293][ T225] team0 (unregistering): Port device team_slave_1 removed [ 858.394947][ T225] team0 (unregistering): Port device team_slave_0 removed [ 858.404903][ T225] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 858.415949][ T225] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 858.444938][ T225] bond0 (unregistering): Released all slaves [ 859.054766][T31711] chnl_net:caif_netlink_parms(): no params data found [ 859.085631][T31711] bridge0: port 1(bridge_slave_0) entered blocking state [ 859.092677][T31711] bridge0: port 1(bridge_slave_0) entered disabled state [ 859.100376][T31711] device bridge_slave_0 entered promiscuous mode [ 859.107558][T31711] bridge0: port 2(bridge_slave_1) entered blocking state [ 859.114597][T31711] bridge0: port 2(bridge_slave_1) entered disabled state [ 859.122096][T31711] device bridge_slave_1 entered promiscuous mode [ 859.137434][T31711] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 859.148801][T31711] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 859.165693][T31711] team0: Port device team_slave_0 added [ 859.172716][T31711] team0: Port device team_slave_1 added [ 859.187115][T31711] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 859.194084][T31711] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 859.220117][T31711] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 859.231339][T31711] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 859.238292][T31711] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 859.264363][T31711] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 859.285534][T31711] device hsr_slave_0 entered promiscuous mode [ 859.294718][T31711] device hsr_slave_1 entered promiscuous mode [ 859.301061][T31711] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 859.308600][T31711] Cannot create hsr debugfs directory [ 859.335632][T31711] bridge0: port 2(bridge_slave_1) entered blocking state [ 859.342704][T31711] bridge0: port 2(bridge_slave_1) entered forwarding state [ 859.349933][T31711] bridge0: port 1(bridge_slave_0) entered blocking state [ 859.357109][T31711] bridge0: port 1(bridge_slave_0) entered forwarding state [ 859.385020][T31711] 8021q: adding VLAN 0 to HW filter on device bond0 [ 859.395461][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 859.404269][ T1916] bridge0: port 1(bridge_slave_0) entered disabled state [ 859.412088][ T1916] bridge0: port 2(bridge_slave_1) entered disabled state [ 859.423589][T31711] 8021q: adding VLAN 0 to HW filter on device team0 [ 859.433138][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 859.441471][ T1915] bridge0: port 1(bridge_slave_0) entered blocking state [ 859.448576][ T1915] bridge0: port 1(bridge_slave_0) entered forwarding state [ 859.459046][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 859.467278][ T1919] bridge0: port 2(bridge_slave_1) entered blocking state [ 859.474383][ T1919] bridge0: port 2(bridge_slave_1) entered forwarding state [ 859.488735][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 859.497600][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 859.506537][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 859.514837][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 859.523422][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 859.531895][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 859.540525][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 859.548914][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 859.558960][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 859.566835][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 859.575173][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 859.584392][T31711] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 859.596139][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 859.604326][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 859.614022][T31711] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 859.688767][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 859.697538][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 859.732422][T31711] device veth0_vlan entered promiscuous mode [ 859.740107][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 859.748505][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 859.757004][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 859.764866][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 859.775427][T31711] device veth1_vlan entered promiscuous mode [ 859.787768][T31711] device veth0_macvtap entered promiscuous mode [ 859.794876][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 859.802965][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 859.811004][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 859.819775][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 859.828739][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 859.837506][T31711] device veth1_macvtap entered promiscuous mode [ 859.848277][T31711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 859.858722][T31711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 859.868527][T31711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 859.878961][T31711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 859.888754][T31711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 859.899160][T31711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 859.908957][T31711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 859.919452][T31711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 859.929261][T31711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 859.939684][T31711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 859.950647][T31711] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 859.959086][T31711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 859.969537][T31711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 859.979328][T31711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 859.989731][T31711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 859.999555][T31711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 860.010040][T31711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 860.019829][T31711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 860.030234][T31711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 860.040036][T31711] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 860.050456][T31711] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 860.061401][T31711] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 860.070360][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 860.078413][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready 18:44:36 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000000c0)='./file0\x00') listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) [ 860.086900][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 860.096428][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 860.104881][ T1916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 18:44:36 executing program 2: r0 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_DEL_RULE(r0, &(0x7f0000000640)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f00000006c0)=ANY=[@ANYBLOB='8'], 0x438}}, 0x0) 18:44:36 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f00030004000000000000000000", 0x1c, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:36 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x3000000, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:36 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x4}, 0x10) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:44:36 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async, rerun: 64) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (rerun: 64) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async, rerun: 64) mount(&(0x7f00000000c0)=ANY=[@ANYBLOB="07ca79"], &(0x7f0000000100)='./file0\x00', &(0x7f0000000240)='pvfs2\x00', 0x1000, &(0x7f0000000280)='\\)+$\x00') (rerun: 64) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async, rerun: 64) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 64) perf_event_open$cgroup(&(0x7f0000000300)={0x1, 0x80, 0x3, 0x1, 0x5, 0x2, 0x0, 0x8000, 0x4a000, 0x60a3004ec5fed6d, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x1, @perf_bp={&(0x7f00000002c0), 0xc}, 0xa4, 0x7, 0x7fff, 0xc, 0x9, 0x3, 0x3ff, 0x0, 0x9}, r0, 0xffffffffffffffff, r2, 0x9) (async) r3 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async, rerun: 64) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async, rerun: 64) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0xfda6) (async) openat$cgroup_ro(r5, &(0x7f00000003c0)='devices.list\x00', 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) [ 860.151574][T31750] loop5: detected capacity change from 0 to 1024 [ 860.159771][T31753] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=31753 comm=syz-executor.2 [ 860.177050][T31758] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 860.183122][T31754] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 860.193896][T31754] CPU: 0 PID: 31754 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 860.204985][T31754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 860.215030][T31754] Call Trace: [ 860.218353][T31754] [ 860.221337][T31754] dump_stack_lvl+0xd6/0x122 [ 860.225952][T31754] dump_stack+0x11/0x12 [ 860.230110][T31754] dump_header+0x98/0x410 [ 860.234433][T31754] oom_kill_process+0xfe/0x550 [ 860.239236][T31754] out_of_memory+0x620/0x880 [ 860.243838][T31754] memory_max_write+0x31b/0x420 [ 860.248729][T31754] ? memory_max_show+0x70/0x70 [ 860.253538][T31754] cgroup_file_write+0x167/0x300 [ 860.258499][T31754] ? __check_object_size+0x235/0x380 [ 860.263845][T31754] ? cgroup_seqfile_stop+0x70/0x70 [ 860.268946][T31754] kernfs_fop_write_iter+0x1d3/0x2c0 [ 860.274293][T31754] vfs_write+0x71c/0x890 [ 860.278591][T31754] ksys_write+0xe8/0x1a0 [ 860.282878][T31754] __x64_sys_write+0x3e/0x50 [ 860.287471][T31754] do_syscall_64+0x2b/0x70 [ 860.291878][T31754] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 860.297757][T31754] RIP: 0033:0x7ff0acc260e9 [ 860.302209][T31754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 860.321863][T31754] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 860.330257][T31754] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 860.338299][T31754] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 18:44:36 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0), &(0x7f0000000100)=0x4) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) openat$cgroup_ro(r2, &(0x7f0000000240)='memory.events.local\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:44:36 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x4000000, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:36 executing program 2: socket(0x1d, 0x800, 0x0) [ 860.346253][T31754] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 860.354210][T31754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 860.362216][T31754] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 860.370173][T31754] [ 860.373325][T31754] memory: usage 144kB, limit 0kB, failcnt 7327 [ 860.379535][T31754] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 860.386451][T31754] Memory cgroup stats for /syz0: [ 860.391519][T31765] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 860.400582][T31750] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (26474!=0) [ 860.403498][T31767] can: request_module (can-proto-0) failed. [ 860.412700][T31750] EXT4-fs (loop5): group descriptors corrupted! [ 860.427030][T31754] anon 40960 [ 860.427030][T31754] file 53248 [ 860.427030][T31754] kernel 49152 [ 860.427030][T31754] kernel_stack 0 [ 860.427030][T31754] pagetables 8192 [ 860.427030][T31754] percpu 0 [ 860.427030][T31754] sock 0 [ 860.427030][T31754] vmalloc 0 [ 860.427030][T31754] shmem 53248 [ 860.427030][T31754] file_mapped 53248 [ 860.427030][T31754] file_dirty 0 [ 860.427030][T31754] file_writeback 0 [ 860.427030][T31754] swapcached 0 [ 860.427030][T31754] inactive_anon 40960 [ 860.427030][T31754] active_anon 53248 [ 860.427030][T31754] inactive_file 0 [ 860.427030][T31754] active_file 0 [ 860.427030][T31754] unevictable 0 [ 860.427030][T31754] slab_reclaimable 4232 [ 860.427030][T31754] slab_unreclaimable 22384 [ 860.427030][T31754] slab 26616 [ 860.427030][T31754] workingset_refault_anon 0 18:44:36 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), r0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000440)={&(0x7f0000000340), 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x14, r2, 0x1}, 0x14}}, 0x0) 18:44:36 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x5000000, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 860.427030][T31754] workingset_refault_file 7 [ 860.427030][T31754] workingset_activate_anon 0 [ 860.427030][T31754] workingset_activate_file 0 [ 860.515151][T31754] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=31711,uid=0 [ 860.530459][T31754] Memory cgroup out of memory: Killed process 31711 (syz-executor.0) total-vm:42336kB, anon-rss:368kB, file-rss:8192kB, shmem-rss:0kB, UID:0 pgtables:68kB oom_score_adj:0 [ 860.553028][T31769] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 860.554314][T31773] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 860.563101][T31769] CPU: 0 PID: 31769 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 860.581001][T31769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 860.591128][T31769] Call Trace: [ 860.594403][T31769] [ 860.597382][T31769] dump_stack_lvl+0xd6/0x122 [ 860.602015][T31769] dump_stack+0x11/0x12 [ 860.606162][T31769] dump_header+0x98/0x410 [ 860.610500][T31769] out_of_memory+0x65e/0x880 [ 860.615089][T31769] memory_max_write+0x31b/0x420 [ 860.619945][T31769] ? memory_max_show+0x70/0x70 [ 860.624824][T31769] cgroup_file_write+0x167/0x300 [ 860.629755][T31769] ? __check_object_size+0x235/0x380 [ 860.635131][T31769] ? cgroup_seqfile_stop+0x70/0x70 [ 860.640249][T31769] kernfs_fop_write_iter+0x1d3/0x2c0 [ 860.645573][T31769] vfs_write+0x71c/0x890 [ 860.649853][T31769] ksys_write+0xe8/0x1a0 [ 860.654089][T31769] __x64_sys_write+0x3e/0x50 [ 860.658717][T31769] do_syscall_64+0x2b/0x70 [ 860.663177][T31769] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 860.669068][T31769] RIP: 0033:0x7f682d3270e9 [ 860.673524][T31769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 860.693154][T31769] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 860.701647][T31769] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 860.709680][T31769] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 860.717642][T31769] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 860.725621][T31769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 860.733582][T31769] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 860.741550][T31769] [ 860.744592][T31769] memory: usage 100kB, limit 0kB, failcnt 7344 18:44:36 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x15, 0x8, 0x5}, 0x48) [ 860.750758][T31769] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 860.757600][T31769] Memory cgroup stats for /syz0: [ 860.770508][T31769] anon 0 [ 860.770508][T31769] file 53248 [ 860.770508][T31769] kernel 28672 [ 860.770508][T31769] kernel_stack 0 [ 860.770508][T31769] pagetables 0 [ 860.770508][T31769] percpu 0 [ 860.770508][T31769] sock 0 [ 860.770508][T31769] vmalloc 0 [ 860.770508][T31769] shmem 53248 [ 860.770508][T31769] file_mapped 53248 [ 860.770508][T31769] file_dirty 0 [ 860.770508][T31769] file_writeback 0 [ 860.770508][T31769] swapcached 0 [ 860.770508][T31769] inactive_anon 0 [ 860.770508][T31769] active_anon 53248 [ 860.770508][T31769] inactive_file 0 [ 860.770508][T31769] active_file 0 [ 860.770508][T31769] unevictable 0 [ 860.770508][T31769] slab_reclaimable 4232 [ 860.770508][T31769] slab_unreclaimable 18216 [ 860.770508][T31769] slab 22448 [ 860.770508][T31769] workingset_refault_anon 0 [ 860.770508][T31769] workingset_refault_file 7 [ 860.770508][T31769] workingset_activate_anon 0 [ 860.770508][T31769] workingset_activate_file 0 [ 860.863046][T31769] Out of memory and no killable processes... [ 860.872533][T31754] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 860.882521][T31754] CPU: 1 PID: 31754 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 860.893632][T31754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 860.903684][T31754] Call Trace: [ 860.906940][T31754] [ 860.909910][T31754] dump_stack_lvl+0xd6/0x122 [ 860.914648][T31754] dump_stack+0x11/0x12 [ 860.918799][T31754] dump_header+0x98/0x410 [ 860.923113][T31754] out_of_memory+0x65e/0x880 [ 860.927686][T31754] memory_max_write+0x31b/0x420 [ 860.932614][T31754] ? memory_max_show+0x70/0x70 [ 860.937363][T31754] cgroup_file_write+0x167/0x300 [ 860.942347][T31754] ? __check_object_size+0x235/0x380 [ 860.947613][T31754] ? cgroup_seqfile_stop+0x70/0x70 [ 860.952708][T31754] kernfs_fop_write_iter+0x1d3/0x2c0 [ 860.957979][T31754] vfs_write+0x71c/0x890 [ 860.962209][T31754] ksys_write+0xe8/0x1a0 [ 860.966444][T31754] __x64_sys_write+0x3e/0x50 [ 860.971017][T31754] do_syscall_64+0x2b/0x70 [ 860.975507][T31754] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 860.981387][T31754] RIP: 0033:0x7ff0acc260e9 [ 860.985778][T31754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 861.005369][T31754] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 861.013775][T31754] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 861.021736][T31754] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 861.029691][T31754] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 861.037645][T31754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 861.045644][T31754] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 861.053644][T31754] [ 861.056677][T31754] memory: usage 80kB, limit 0kB, failcnt 7344 [ 861.062744][T31754] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 861.069598][T31754] Memory cgroup stats for /syz0: [ 861.072133][T31754] anon 0 [ 861.072133][T31754] file 53248 [ 861.072133][T31754] kernel 28672 [ 861.072133][T31754] kernel_stack 0 [ 861.072133][T31754] pagetables 0 [ 861.072133][T31754] percpu 0 [ 861.072133][T31754] sock 0 [ 861.072133][T31754] vmalloc 0 [ 861.072133][T31754] shmem 53248 [ 861.072133][T31754] file_mapped 53248 [ 861.072133][T31754] file_dirty 0 [ 861.072133][T31754] file_writeback 0 [ 861.072133][T31754] swapcached 0 [ 861.072133][T31754] inactive_anon 0 [ 861.072133][T31754] active_anon 53248 [ 861.072133][T31754] inactive_file 0 [ 861.072133][T31754] active_file 0 [ 861.072133][T31754] unevictable 0 [ 861.072133][T31754] slab_reclaimable 4232 [ 861.072133][T31754] slab_unreclaimable 18216 [ 861.072133][T31754] slab 22448 [ 861.072133][T31754] workingset_refault_anon 0 [ 861.072133][T31754] workingset_refault_file 7 18:44:37 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async) pivot_root(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000000c0)='./file0\x00') (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) 18:44:37 executing program 2: socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r0, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000002040)=[{&(0x7f0000001bc0)="16", 0x1}], 0x1}, 0x0) recvmsg(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000019c0)=[{0x0, 0x777ef58d3f37}, {&(0x7f00000004c0)=""/170, 0xaa}], 0x2}, 0x0) 18:44:37 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x6000000, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:37 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f00030004000000000000000000", 0x1c, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:37 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) (async, rerun: 64) getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0), &(0x7f0000000100)=0x4) (async, rerun: 64) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async, rerun: 64) openat$cgroup_ro(r2, &(0x7f0000000240)='memory.events.local\x00', 0x0, 0x0) (async, rerun: 64) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async, rerun: 32) write$cgroup_int(r3, &(0x7f0000000080), 0x12) (rerun: 32) 18:44:37 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x4}, 0x10) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) (async) openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x4}, 0x10) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) (async) 18:44:37 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000000c0)='./file0\x00') listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='cgroup2\x00', 0x0, 0x0) (async) pivot_root(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000000c0)='./file0\x00') (async) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) (async) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) (async) 18:44:37 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0), &(0x7f0000000100)=0x4) (async) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) (async) openat$cgroup_ro(r2, &(0x7f0000000240)='memory.events.local\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:44:37 executing program 2: r0 = epoll_create(0x200) epoll_ctl$EPOLL_CTL_DEL(r0, 0x2, 0xffffffffffffffff) 18:44:37 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x7000000, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 861.072133][T31754] workingset_activate_anon 0 [ 861.072133][T31754] workingset_activate_file 0 [ 861.164122][T31754] Out of memory and no killable processes... [ 861.189170][T31791] loop5: detected capacity change from 0 to 1024 [ 861.195780][T31792] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 861.244572][T31791] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (26474!=0) [ 861.248001][T31794] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 861.253915][T31791] EXT4-fs (loop5): group descriptors corrupted! [ 861.263786][T31794] CPU: 0 PID: 31794 Comm: syz-executor.1 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 861.281172][T31794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 861.291370][T31794] Call Trace: [ 861.294756][T31794] [ 861.297679][T31794] dump_stack_lvl+0xd6/0x122 [ 861.302275][T31794] dump_stack+0x11/0x12 [ 861.306430][T31794] dump_header+0x98/0x410 [ 861.309008][ T24] audit: type=1400 audit(1651085077.465:363): avc: denied { read } for pid=31805 comm="syz-executor.2" name="usbmon0" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 861.310859][T31794] out_of_memory+0x65e/0x880 [ 861.334464][ T24] audit: type=1400 audit(1651085077.465:364): avc: denied { open } for pid=31805 comm="syz-executor.2" path="/dev/usbmon0" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 861.339006][T31794] memory_max_write+0x31b/0x420 [ 861.339035][T31794] ? memory_max_show+0x70/0x70 [ 861.363084][ T24] audit: type=1400 audit(1651085077.465:365): avc: denied { ioctl } for pid=31805 comm="syz-executor.2" path="/dev/usbmon0" dev="devtmpfs" ino=117 ioctlcmd=0x9206 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 861.367938][T31794] cgroup_file_write+0x167/0x300 [ 861.403075][T31794] ? __check_object_size+0x235/0x380 [ 861.408415][T31794] ? cgroup_seqfile_stop+0x70/0x70 [ 861.413763][T31794] kernfs_fop_write_iter+0x1d3/0x2c0 [ 861.419164][T31794] vfs_write+0x71c/0x890 [ 861.423419][T31794] ksys_write+0xe8/0x1a0 [ 861.427754][T31794] __x64_sys_write+0x3e/0x50 [ 861.432404][T31794] do_syscall_64+0x2b/0x70 [ 861.436876][T31794] entry_SYSCALL_64_after_hwframe+0x44/0xae 18:44:37 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) ioctl$MON_IOCX_GET(r0, 0x40189206, 0x0) ioctl$MON_IOCX_GETX(r0, 0x4018920a, &(0x7f00000002c0)={&(0x7f0000000180), 0x0}) [ 861.442768][T31794] RIP: 0033:0x7ff0acc260e9 [ 861.447305][T31794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 861.466913][T31794] RSP: 002b:00007ff0ac39c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 861.475389][T31794] RAX: ffffffffffffffda RBX: 00007ff0acd38f60 RCX: 00007ff0acc260e9 [ 861.483459][T31794] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 861.491427][T31794] RBP: 00007ff0acc8008d R08: 0000000000000000 R09: 0000000000000000 [ 861.499398][T31794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 861.507442][T31794] R13: 00007ffe7a47396f R14: 00007ff0ac39c300 R15: 0000000000022000 [ 861.515414][T31794] [ 861.518562][T31794] memory: usage 72kB, limit 0kB, failcnt 7344 [ 861.524728][T31794] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 18:44:37 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x8000000, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:37 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) recvmmsg$unix(r3, &(0x7f0000003cc0)=[{{&(0x7f00000000c0)=@abs, 0x6e, &(0x7f0000000240)=[{&(0x7f0000000f40)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000280)=""/233, 0xe9}, {&(0x7f0000000380)=""/86, 0x56}, {&(0x7f0000000400)=""/61, 0x3d}], 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000c715a74687942b0600000000000100000001000000", @ANYRES32, @ANYRES32], 0x18}}, {{&(0x7f00000004c0), 0x6e, &(0x7f0000000b80)=[{&(0x7f0000003ec0)=""/100, 0x64}, {&(0x7f00000005c0)=""/150, 0x96}, {&(0x7f0000001f40)=""/4096, 0x1000}, {&(0x7f0000000680)=""/233, 0xe9}, {&(0x7f0000003f40)=""/236, 0xec}, {&(0x7f0000000880)=""/221, 0xdd}, {&(0x7f0000000980)=""/226, 0xe2}, {&(0x7f0000000a80)=""/237, 0xed}], 0x8}}, {{&(0x7f0000000c00), 0x6e, &(0x7f0000000e00)=[{&(0x7f0000000c80)=""/10, 0xa}, {&(0x7f0000000cc0)=""/158, 0x9e}, {&(0x7f0000000d80)=""/87, 0x57}], 0x3}}, {{0x0, 0x0, &(0x7f00000032c0)=[{&(0x7f0000000e40)=""/130, 0x82}, {&(0x7f0000002f40)}, {&(0x7f0000002f80)=""/233, 0xe9}, {&(0x7f0000003080)=""/241, 0xf1}, {&(0x7f0000003180)=""/170, 0xaa}, {&(0x7f0000003240)=""/71, 0x47}], 0x6, &(0x7f0000004040)=ANY=[@ANYBLOB="28000000000000000100000001000000c96f8f53d4a4b8b1dece6233b9e4dcd52538da5f5f6e07fb1368ef0bab52d1f49678e335291436fedbd3ba168f587b4b102ae17366ec9a9f3acc3682d4264242a083216410c33ac0eef37c66dad86aaa101cef54a052b49368440589b65087c998378e70c61156c73aca55c07f32f93213df4dcb92d703619ddc8a4a887a3e9bb6dcbd51f1a6ce2078b4187b0600d7ca1eda82747ef05c65c0aee1edba3c84dec39e2970b190f156ac1383a7a7ddc0847f3a1f4192710b1077034e0000d412ed4cd06720aae2150cf8487e522e781270560799f79daf421321afbc571f3daba4011913f3de4aa2daa60ea1160b06eeff0c5374ada74050e51c0e57c4962fb2e810065c32c6820eaefd1585f2a0aca4c1323b358f0ba6fb31d9b8752cfbab703a303c23475d994e32e780b87fa292c827dbde309f157586c9d1cc9cf81fa5104059fe9059fec004f702b950373ed6569bc0a8823716fffa6e055c413f71d71493b88e8582fcea0d966400748040bc59157a50a401bdd972ccf3a996c8435a15c1c11c94", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="28000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32], 0x90}}, {{&(0x7f0000003400), 0x6e, &(0x7f0000003900)=[{&(0x7f0000003480)=""/135, 0x87}, {&(0x7f0000003540)=""/227, 0xe3}, {&(0x7f0000003640)=""/236, 0xec}, {&(0x7f0000000780)=""/142, 0x8e}, {&(0x7f0000003800)=""/249, 0xf9}], 0x5, &(0x7f0000003980)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f00000039c0), 0x6e, &(0x7f0000003bc0)=[{&(0x7f0000003a40)=""/83, 0x53}, {&(0x7f0000003ac0)=""/236, 0xec}], 0x2, &(0x7f0000003c00)=[@cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xb0}}], 0x7, 0x40000000, &(0x7f0000003e80)={0x0, 0x3938700}) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x12) [ 861.531604][T31794] Memory cgroup stats for /syz0: [ 861.554153][T31794] anon 0 [ 861.554153][T31794] file 53248 [ 861.554153][T31794] kernel 20480 [ 861.554153][T31794] kernel_stack 0 [ 861.554153][T31794] pagetables 0 [ 861.554153][T31794] percpu 0 [ 861.554153][T31794] sock 0 [ 861.554153][T31794] vmalloc 0 [ 861.554153][T31794] shmem 53248 [ 861.554153][T31794] file_mapped 53248 [ 861.554153][T31794] file_dirty 0 [ 861.554153][T31794] file_writeback 0 [ 861.554153][T31794] swapcached 0 [ 861.554153][T31794] inactive_anon 0 [ 861.554153][T31794] active_anon 53248 [ 861.554153][T31794] inactive_file 0 [ 861.554153][T31794] active_file 0 [ 861.554153][T31794] unevictable 0 [ 861.554153][T31794] slab_reclaimable 3056 [ 861.554153][T31794] slab_unreclaimable 14936 [ 861.554153][T31794] slab 17992 [ 861.554153][T31794] workingset_refault_anon 0 [ 861.554153][T31794] workingset_refault_file 7 [ 861.554153][T31794] workingset_activate_anon 0 [ 861.554153][T31794] workingset_activate_file 0 [ 861.646301][T31794] Out of memory and no killable processes... [ 861.652613][T31822] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 861.655327][T31823] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 861.662627][T31822] CPU: 1 PID: 31822 Comm: syz-executor.4 Not tainted 5.18.0-rc4-syzkaller-00050-g46cf2c613f4b-dirty #0 [ 861.680551][T31822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 861.690631][T31822] Call Trace: [ 861.693905][T31822] [ 861.696839][T31822] dump_stack_lvl+0xd6/0x122 [ 861.701524][T31822] dump_stack+0x11/0x12 [ 861.705734][T31822] dump_header+0x98/0x410 [ 861.710140][T31822] out_of_memory+0x65e/0x880 [ 861.714755][T31822] memory_max_write+0x31b/0x420 [ 861.719669][T31822] ? memory_max_show+0x70/0x70 [ 861.724506][T31822] cgroup_file_write+0x167/0x300 [ 861.729446][T31822] ? __check_object_size+0x235/0x380 [ 861.734733][T31822] ? cgroup_seqfile_stop+0x70/0x70 [ 861.739849][T31822] kernfs_fop_write_iter+0x1d3/0x2c0 [ 861.745141][T31822] vfs_write+0x71c/0x890 [ 861.749385][T31822] ksys_write+0xe8/0x1a0 [ 861.753635][T31822] __x64_sys_write+0x3e/0x50 [ 861.758335][T31822] do_syscall_64+0x2b/0x70 [ 861.762759][T31822] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 861.768654][T31822] RIP: 0033:0x7f682d3270e9 [ 861.773126][T31822] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 861.792737][T31822] RSP: 002b:00007f682ca9d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 18:44:37 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0x9000000, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:37 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000100)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x4}, 0x10) (async) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) [ 861.801164][T31822] RAX: ffffffffffffffda RBX: 00007f682d439f60 RCX: 00007f682d3270e9 [ 861.809202][T31822] RDX: 0000000000000012 RSI: 0000000020000080 RDI: 0000000000000006 [ 861.817175][T31822] RBP: 00007f682d38108d R08: 0000000000000000 R09: 0000000000000000 [ 861.825147][T31822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 861.833117][T31822] R13: 00007ffe8093137f R14: 00007f682ca9d300 R15: 0000000000022000 [ 861.841098][T31822] [ 861.844337][T31822] memory: usage 72kB, limit 0kB, failcnt 7344 18:44:38 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00", 0x1e, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) [ 861.850426][T31822] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 861.857262][T31822] Memory cgroup stats for /syz0: [ 861.861096][T31825] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 861.891513][T31836] loop5: detected capacity change from 0 to 1024 18:44:38 executing program 1: sendmsg$NL802154_CMD_NEW_SEC_DEV(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40a4024}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fddbdf251a000000400023800600020001000000060002000000000008000600020000000500050000000000050005000100002005000500000000000c0004000203aaaaaaaaaaaa0c00238006000200ffff0000"], 0x60}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000044) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x2) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000013c0)='cgroup2\x00', 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000a, 0x8010, r0, 0x58012000) open(&(0x7f0000000300)='./file0\x00', 0x200, 0x90) pipe2$watch_queue(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r3 = openat$cgroup_int(r2, &(0x7f0000001400)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0) setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), &(0x7f00000003c0)="c1226af5d2ce5ff891a471ade7459327f3f7a10ab0e797aa73d7e42bd70f0490d24a56c85f9f245b7be169db58eac07acc5504fe8671c1cde99ebbcf440d1a098ead06c849afd1f098f0301f8526debc922abfae592442a67c412868ea70e1d12b258e9e1f2a803f7d1c5aa2bd52a43a46c996753f64ca5bd92c706e428db912daa19272ff65b0f2b9ef3b2cad6e98bc5c7b8ce42c199a8a7bc66b4394175cb662266a1c594ecb5569b0c194190f20ec57308e4c172585aaa18427bd236911f0c0c4087ba1586d0ebaf59e77d9cd9b69deb628b0f01598aaf3306906fbf11d50e35044f31e6a644c7d9bc30166dc27200a927e4635506f3b798988e44a431381a2d70d3df4097a3fbb35d41220ceb302496e0f6d2d329cba9e85d62727c9fde390b5e4e0c1d093e7b62f2f9f735cc01e1c09372434c133c149acf8a45b90d06e7785e0f0283b7ce2eaf2df5e00ef76f6170f4571268e66ebcee42391dcac2124ab418d5f331fa6c397d2915ae31e97fbd879c172f3157aeb076820c2a29595a1a3c968224f73fddf51cef8afbbd3d8fc61969ab9fb879a87b628e9208ac1298d47da5f1edfcb4945c1f6964f2a9d33f7a297f07fb32695c80b7ad80542aa0026312577c2bb26ea4fef13136a8a8e99c5f63056bb444375d8c26eda0d23685c6f20059c30748b197db411a171331278d79f8094b64868c92200ac6b3459d381fcd688c91837f2d8ee8b6024b3a4775b677a7409565d20bce68ac29ba2ef779752b768202cde722c7e98ccf84b05b5ac9a02d1172a3e7e1c7379a69bac2766487c857dd6b0d768f0474effb51f86edf2afaf75a2dec22427f6221098d1ea830538188204173f8686f7903f920bd66fd4151c4d4b3e46cac91a9b7bfe6869e8ae69452e4220121871f6cd704478ac631062f6a7c7ee931041e77e0d9d3cbdd6dc67aa675fe368cc783278e7486e46687dbbb80788b8422171c587ea5f80bf0b6e5e1c30350faa336613e5661d9658e6e446f0c89bb6268682c47c608255f744a0746688a25621f5352fc8fe9b887cbb24b8eaace9c9490e1594431f54368990c8dbfd0a9ced0414bd32d3c241854379bfd92d65d4e03ebd9d7972b31e481cb5671c2b82efabafca2e76db283a74708ae07608e0181141761d20ae01d3f43d230690eb46c53694a2ca990e3ca702894f86520e04c30c0047a46ad1d7e400629a6f9587bdb296e83d63e22cf622b89f9e864ea727ef3249dc40257d6667bad5d45365ca012e0d0ed9b28049ca1a71c52a06cb737d5377e245d9baa2c514a0087dd287e7d797ef2a10f22bd95d6c9e2c33ccf477f0d88672ceb846179c78251b688c29fd4566bcd7e9e509971844429e560647d8dea22825241f6d7c0528c02bee88870f59eaea2a2465d49274103e29d041010b01429ddebb7cec58b21e2549a5496b9349cbc9949354d78bd96e7ed4bc876a72ee8a50139adcc9adacc8832f439ff1fea4279006280c8d8d851da9d7b67b5d4d823e34ef25a3f1e5b6365edcccf9017ba5108c9c5bf4d13150730706b5faa5117ffc0d9e5ec5cb46797000d50b4c5ddbd71cfbffd8352fcaf58b8877be02e909911410b7a523eda5c799113036f03eb6c853cea5765ad8f176b26d6f816e5537e22b6d8b2b4d2b26e57742d80da68c484a2d2bdfd38d28ba58e49b8dfb2d82fc8ab65a145207143c712e5722316ce4777b07180cf8c64885aaa74f95ef7da9774983ad86a10481859681ae2b4dc04c761bffb540961aecddc17dd5233b507f2fd6477efa6c0be3e130b1cd140637ec696ae5ab6a56edf5d3a120658dc76101731b010deb0658dcc2ea5a2e8a431ba49aa8fd34847aaec22fcb42206a138a90ba995b4d1689ed89ed10da15ee772be1e6efd85f2924556cef803eb21a0084e4ae646e5a9bb2ef38f18686fc97cf91f7b0ad6d01215c91998d88feb47994e47ac2b0b85bb89c52a7e3e93ea73edfdb2e6cf93dc4dae61cff16df3b099c11acf81eceda9545c39609d9c46bef907512599cfc18c00f56c55b68cee700925e60b4900c562d72843d5e009e584735fc90b43faf209f977734330b5e2acef5a97f140c67ae51f54c1d44afed647c23e85448aaa556928638224e4ca00746d8311833c9c992e1fb1a51bdb2f2618652f5c33856c6c6728fed98e5404ecfde01e0fbaedc42f0577a229c05914cc63ccd1af15f46d9d8d9f7d00ff0f4062cf884908af4823dd12359a4e72bc7588b6e0ef29b99e9a58386727c5d7ffefe4e04e52f7936e2298db71aa611ad1e0ea68858636c172d792e02eeef8a7b125f055bb81f3a03e63afe819cfe253f45560b2df81986e21fea40bf84c529e02c0093155eb93c28b0aa2d2cea7ed701b54d3d17d59612279e2f5b77f13994c8594dcb71a58b1b23d99909b71fd5220bd4d8cfbd0bdfbc3c8cad075606a7b308548b27cf0638e69a4654bfd844bb65dafaa4705a04e5e736dc603554c750240fba615ad3fe923d8b2ad612e2bed3644833c3e3df547ebe607df6f472b588430c15978dee817f77bfc20c21dac49702d4566fa5f10f6dc5722ae35bfd4f416b22af399c5b2b4bc368a8ca865e7afb51958676b5584644dd010f82f311b97490c5ec452dafaa5f71ca7031237ef27e5f3eb0afcc630a1d1be3a0c7d4f80d089be54e3f733450ba64df332f87190846cb4c656c8d8f9ed4c3d4abe46f82fb4bc0550a8876764182aa407b7b385648714e17f00716818d899a2318890956513febc682f40057185a7ac18c0c8af629e171854fdf4963413682cbd1469a2b13b06eb093d38d4952ef5a7fec4408c0f2594f97f2923265afe166529483199abe60bb7cb936ae0c6bb1de0605b6f67a175e59fed32550eb4911ecda8842972239832fcc171bc4763eb5334e6cd42467f6f3e743aa6edec3eb1234b76ee3abb951f9ca0d33803d9a9a8f81d1dad93451496d851a1013b6c04480936e0eff5d0d979c499d368ebc8d8a5f77a6caa263ee2c0b3243b74dcb80a46d98c89136a3b36b8a63a08d7f8dcd4405ccf726911f4f1aa90d2d31157b404e4219abb90b087fe91837c0539265122029c846127c07c926e27788ad95f68568dc1c93e5ff01aad3a5f04c163f0bfbb007bf7d4ca64023fd62ed09d4287c59bb8571a73aba0f78e6b45c84e5543b01827b396906cfc7372a39efb4069f018563d8d279692c048c861c3a7c9885a7911eec0a17fdc2af0418956171c9f74e83a27ed97c35602de7b4ac27b24b9f97f5766434c57391f9b6f75b8f04a5e7d8cf55fbf1bffb742a2b0eaafb3bced13ee4fbd2ad7a0c2dbbf074b7d3c5b2a3db427f82c55e310f2dfca16e7c3f7b6ae7b552820cbe4521e11be1fbe57d61196e110c48c0f59dbf141977701747da453c4d001c2d5ad4b210674a6e5fba1032719d3b0978f6db818e6e9086ccbc67cd71a68c12abc2763f6a837a3baebd3608eaac57fd2ad8c8058ec13db7a763cddb44a0e5daa78cc5097df32833e4a1fce2a31619ccea6045219e4e2c98473b48485ccd131f64a5d6c2d418bfb200c1f073e4d9d64650e54d7552c283eb8ef93c7d1542080d184df4a1834dfdd5342b83ae06341ab90f23a106180143035ce465ca4f66de1d3f6689c05757c8263277929503d82cf930060c0ebd0d66660b23d732302abfaf7ade0404351d855d41edcd0137edc6622441fe26c7795030338dfb60b046f45e88ca15278a455bfb6d5065cc5630c63e5c9401dc431b9f10c7fd98258fadc73f962dc9c1260a0c5eb3c2b6b908286034d39b3d806c6260157c923a4dcc0c2dbddb52d010d2d8db15a1dcd01d8eb5272081b9c1d34d0220c4d9e44bf395740bcfa4f57a2cf4bbcc6ffb5fb1985be90e7da339c268bce97e8cd371208aafe71ce5c410f26470b8f839c67951c388ab0f2dca1eb1df41be30f6725453568604039f8d6362543e78a5fa733c8f33027e1f24a1fe4cf54b56f2ee214a6a8faab73bda375bc9e22a1663300d310ce2230aeb50c57a2198383d0c24aa17cccd968554666236d5d445e846561a11c2d8b894029229e30b0890bb39bfd9d973749355d9d1792203ae2ae00fb2a1fd8549e453c5cddabd2b430e3ff182adb9f0fcc2cc95fb04cf26fa923b762e156de470f5e5a8b9fe92a1f3ed35b508998293f49e04fa0dafe0c9f970e01a33da2e3516904c8ef21b0c62fd0d744658551c47b7d3e03734dec6daa3ef2efd06423bfdba05a2bccbc441b58f466b2be3b7d5a4eee65b053bd777ecd3cf0757dd46e4a49128eaf194dc9f9280d3003fc4f52d46c26a15bebaef405e1c62bcf9dfb4a95c3d02dd022e775668f0157c304c5e4017d4d4e859c7b16607cae97489d78f1e2c0ea6c384263b7d7d673057aeaa6c557969af372a50f59b3cf5b0f7ef0de59b8bb0a76dcca44bafab2896c9d3d450578ed81bc0a11be01d858e558e906dea5d877aa9ad0fe8f41b291caf6de46b9606c7d4b0c2700434647e829bd76523fa404ef3d5eec5c50211dde408f9a28151ec9f159bb59522970396d6107293f6f56684cbe165661f4fad069173c1104dc1d68ee65d84ab16bd3134ed42686fb4a8bbe99de8991f94c9dfa21ebe8f3fc503da608d67cce153f88e03dc9952c9dfa56d8eac174690d9d715f85836301cd36f8132709e55a8cce7acb06559af16e0a1c64bd57792353f73b114ab1e8281d3c3ff9df2b20daca624f2835cabe2ec2bab10d972bee265fc0074cfc4b368005d49b0a9dcf6c2a948372de1ed2028907523bd190215be64f56ea77b7eb3e1ee626139f111b5aa0c5a07ae04eaa03bc34611e08b91573ae5431a2d13d1e5487db2b855ed3232e5874644befd5333129ef19ca2e8ebdf9b12357e55fcb6bfa7fb0f3bc60de579295427fbd8e523cc4e4fbd9214c557a99e47be06a20c27914a316dd069db1720ba36e041535b30728273b24b461f7339225286d4e874432c34eb1d6d98b7ab697d952463efda355934be5432e84b56720f85e0e59a82f0114e5a626139622cb1125440baa00f69395064f602a597c2bd2c48c4d94aa9bdd99f076cfde97d1eb5afc613054e5404da1b88c30fc1baa2946fd971e7d981c9c7d7c6a40150febfcec41e3d74ed489ecb0a454741ed42d1c7e85785e8caaeb5ee5fed86a26a808317d3785436ccc3dd3badc0a20cbd77f3efb7d884b0709e1a67d188228728b55f79b10196aa22f7fd466f200dd0e46393f5b60bc2c3c2252dabe1bd0b46150c98220aec08d1bb4badaeafb4e1abc676b45245cea0d7a7007cec9f23a01421ede0184bb928dc8c3161b522b81cca57e384c530a32bfb6a700a9e56ed09b9131acf35aa2687ea526b0f1a9257e55dbc8b8d9a2f43973541d4e22efcb60f41d2fde60c08321de37b719362a54550c8e60443921731a3eec032822a4a9e25cc908cf447684305f50e38ec254954b027e68666b8d5438ff3a86c129319e18c9e6f4e216f76c2d1ffeab61b1c90b66b128ffd16055f9ef5536d457ecfe8deb5c8745ee0266fb43f31982f076404408e4ced3ff7164c12ec054a77e160bd8184a2a9b029019b5dfc7634cd4afc53fc3432609b7342dfad020b79e6aa6546cd6abd7ac15a569efe43f0a5af46563b56e0c96018215687ff5aaf4c3aff8f9d12151a9cd82b5f5fa0d64edb92a0b8b0e63480a0b2441bfd8fd455ef5d17aa32d47071b88916694d76e8e9f8bea31d3d488aaca1fffa6b48dfa5dde6092bb616a293ab6aa205b7ef573f6f1b65a0307eb948240729a78453c639bfef", 0x1000, 0x1) prlimit64(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:44:38 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0xa000000, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) [ 861.920591][T31836] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (35945!=0) [ 861.929843][T31836] EXT4-fs (loop5): group descriptors corrupted! [ 861.974193][T31840] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 861.995218][T31822] anon 0 [ 861.995218][T31822] file 53248 [ 861.995218][T31822] kernel 20480 [ 861.995218][T31822] kernel_stack 0 [ 861.995218][T31822] pagetables 0 [ 861.995218][T31822] percpu 0 [ 861.995218][T31822] sock 0 [ 861.995218][T31822] vmalloc 0 [ 861.995218][T31822] shmem 53248 [ 861.995218][T31822] file_mapped 53248 [ 861.995218][T31822] file_dirty 0 [ 861.995218][T31822] file_writeback 0 [ 861.995218][T31822] swapcached 0 [ 861.995218][T31822] inactive_anon 0 [ 861.995218][T31822] active_anon 53248 [ 861.995218][T31822] inactive_file 0 [ 861.995218][T31822] active_file 0 [ 861.995218][T31822] unevictable 0 [ 861.995218][T31822] slab_reclaimable 3056 [ 861.995218][T31822] slab_unreclaimable 14936 [ 861.995218][T31822] slab 17992 [ 861.995218][T31822] workingset_refault_anon 0 [ 861.995218][T31822] workingset_refault_file 7 [ 861.995218][T31822] workingset_activate_anon 0 [ 861.995218][T31822] workingset_activate_file 0 [ 862.082430][T31822] Out of memory and no killable processes... [ 862.300098][T31313] device hsr_slave_0 left promiscuous mode [ 862.306242][T31313] device hsr_slave_1 left promiscuous mode [ 862.312367][T31313] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 862.319837][T31313] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 862.327996][T31313] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 862.335459][T31313] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 862.343330][T31313] device bridge_slave_1 left promiscuous mode [ 862.349497][T31313] bridge0: port 2(bridge_slave_1) entered disabled state [ 862.356959][T31313] device bridge_slave_0 left promiscuous mode [ 862.363102][T31313] bridge0: port 1(bridge_slave_0) entered disabled state [ 862.372418][T31313] device veth1_macvtap left promiscuous mode [ 862.378653][T31313] device veth0_macvtap left promiscuous mode [ 862.384691][T31313] device veth1_vlan left promiscuous mode [ 862.390485][T31313] device veth0_vlan left promiscuous mode [ 862.467955][T31313] team0 (unregistering): Port device team_slave_1 removed [ 862.477991][T31313] team0 (unregistering): Port device team_slave_0 removed [ 862.487266][T31313] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 862.499802][T31313] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 862.528249][T31313] bond0 (unregistering): Released all slaves [ 863.188591][T31843] chnl_net:caif_netlink_parms(): no params data found [ 863.219728][T31843] bridge0: port 1(bridge_slave_0) entered blocking state [ 863.226768][T31843] bridge0: port 1(bridge_slave_0) entered disabled state [ 863.234504][T31843] device bridge_slave_0 entered promiscuous mode [ 863.241646][T31843] bridge0: port 2(bridge_slave_1) entered blocking state [ 863.248674][T31843] bridge0: port 2(bridge_slave_1) entered disabled state [ 863.256343][T31843] device bridge_slave_1 entered promiscuous mode [ 863.272009][T31843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 863.282213][T31843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 863.299991][T31843] team0: Port device team_slave_0 added [ 863.306193][T31843] team0: Port device team_slave_1 added [ 863.319873][T31843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 863.326811][T31843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 863.352736][T31843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 863.364496][T31843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 863.371457][T31843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 863.397414][T31843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 863.419025][T31843] device hsr_slave_0 entered promiscuous mode [ 863.425522][T31843] device hsr_slave_1 entered promiscuous mode [ 863.431935][T31843] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 863.439476][T31843] Cannot create hsr debugfs directory [ 863.466345][T31843] bridge0: port 2(bridge_slave_1) entered blocking state [ 863.473458][T31843] bridge0: port 2(bridge_slave_1) entered forwarding state [ 863.480730][T31843] bridge0: port 1(bridge_slave_0) entered blocking state [ 863.487746][T31843] bridge0: port 1(bridge_slave_0) entered forwarding state [ 863.515430][T31843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 863.525332][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 863.533999][ T1919] bridge0: port 1(bridge_slave_0) entered disabled state [ 863.541958][ T1919] bridge0: port 2(bridge_slave_1) entered disabled state [ 863.554027][T31843] 8021q: adding VLAN 0 to HW filter on device team0 [ 863.563675][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 863.572911][ T77] bridge0: port 1(bridge_slave_0) entered blocking state [ 863.579936][ T77] bridge0: port 1(bridge_slave_0) entered forwarding state [ 863.599059][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 863.607544][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 863.614579][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 863.623144][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 863.631712][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 863.640444][ T77] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 863.650987][T31843] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 863.661938][T31843] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 863.670466][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 863.678480][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 863.693006][T31843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 863.700429][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 863.707852][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 863.772222][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 863.781051][ T893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 863.815760][T31843] device veth0_vlan entered promiscuous mode [ 863.822246][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 863.830605][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 863.840160][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 863.847905][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 863.857426][T31843] device veth1_vlan entered promiscuous mode [ 863.870222][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 863.878362][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 863.886341][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 863.895231][ T1918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 863.904735][T31843] device veth0_macvtap entered promiscuous mode [ 863.913545][T31843] device veth1_macvtap entered promiscuous mode [ 863.924511][T31843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 863.934995][T31843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 863.944791][T31843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 863.955217][T31843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 863.965039][T31843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 863.975444][T31843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 863.985283][T31843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 863.995737][T31843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 864.005631][T31843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 864.016042][T31843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 864.026821][T31843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 864.034352][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 864.042642][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 864.050702][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 864.059426][ T1915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 864.069041][T31843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 864.079465][T31843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 864.089263][T31843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 864.099689][T31843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 864.109490][T31843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 864.119901][T31843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 864.129698][T31843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 864.140185][T31843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 864.150055][T31843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 864.160555][T31843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 18:44:40 executing program 0: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(&(0x7f0000000200)=ANY=[@ANYBLOB="c52a896ab8cf19bc29d85f4461b291ee152a3de5c782ea4b499b9a3648b8b355c0a028a5e2202ad38db6c9f4d35cba90a60f2e37552ba9cdfcb33884fb2ee7f088254b45a81ace0fb0c753fbc2e63292be7bca4d082b0745079e7c191700000000000500917c7ca9"], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='pipefs\x00', 0x10000, &(0x7f0000000100)='](#/\x00') setxattr$security_selinux(&(0x7f0000000040)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f00000005c0)='system_u:object_r:iptables_initrc_exec_t:s0\x00', 0x2c, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000440)='./file0\x00', 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000002c0)=0x0) statx(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x1000, 0x8, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchownat(0xffffffffffffffff, &(0x7f0000000600)='./file1\x00', r0, r1, 0x400) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000006c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file1\x00'}) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000740)=@security={'security\x00', 0xe, 0x4, 0x498, 0xffffffff, 0x0, 0x248, 0x248, 0xffffffff, 0xffffffff, 0x3c8, 0x3c8, 0x3c8, 0xffffffff, 0x4, &(0x7f0000000700), {[{{@uncond, 0x0, 0x140, 0x178, 0x0, {}, [@common=@unspec=@physdev={{0x68}, {'veth0_vlan\x00', {0xff}, 'ip6gre0\x00', {0xff}, 0x4}}, @common=@srh={{0x30}, {0x0, 0xfd, 0x80, 0x4, 0x8, 0x0, 0x2008}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x0, 0x1}, {0x2, 0x0, 0x6}, {0x2, 0x0, 0x4}, 0xfffffffb, 0x9}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x1, 0xb9, 0x1}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @remote}, @private0={0xfc, 0x0, '\x00', 0x1}, [0x0, 0xff, 0xffffff, 0xffffffff], [0xff000000, 0xffffff00, 0xff000000, 0xffff00], 'ip6_vti0\x00', 'batadv0\x00', {}, {0xff}, 0x8, 0x7f, 0x1, 0x1}, 0x0, 0x138, 0x180, 0x0, {}, [@common=@srh1={{0x90}, {0x4, 0xd, 0x3, 0x65, 0x6, @loopback, @local, @loopback, [0x0, 0xff, 0x0, 0xffffff00], [0x0, 0xffffffff, 0xffffffff, 0xff000000], [0xff000000, 0xff, 0x181ffff80], 0x400, 0x2400}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x0, 0x7fffffff, {0x8d}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4f8) syz_io_uring_setup(0x73d6, &(0x7f0000000480)={0x0, 0x36e5, 0x20, 0x3, 0x34f}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000500), &(0x7f0000000540)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000580)=@IORING_OP_ASYNC_CANCEL={0xe, 0x5, 0x0, 0x0, 0x0, 0x23457, 0x0, 0x0, 0x1, {0x0, r4}}, 0x3) listxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) r5 = open(&(0x7f0000000000)='./file0/file0\x00', 0x10000, 0x49) getsockname$unix(r5, &(0x7f0000000640), &(0x7f0000000180)=0x6e) 18:44:40 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x114, 0x10, 0x713, 0xb000000, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@in=@local, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@mcast2}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x114}}, 0x0) 18:44:40 executing program 1: sendmsg$NL802154_CMD_NEW_SEC_DEV(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40a4024}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fddbdf251a000000400023800600020001000000060002000000000008000600020000000500050000000000050005000100002005000500000000000c0004000203aaaaaaaaaaaa0c00238006000200ffff0000"], 0x60}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000044) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async, rerun: 32) fcntl$setlease(0xffffffffffffffff, 0x400, 0x2) (async, rerun: 32) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async, rerun: 32) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000013c0)='cgroup2\x00', 0x0, 0x0) (async, rerun: 32) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000a, 0x8010, r0, 0x58012000) (async) open(&(0x7f0000000300)='./file0\x00', 0x200, 0x90) (async) pipe2$watch_queue(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r3 = openat$cgroup_int(r2, &(0x7f0000001400)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0) (async) setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), &(0x7f00000003c0)="c1226af5d2ce5ff891a471ade7459327f3f7a10ab0e797aa73d7e42bd70f0490d24a56c85f9f245b7be169db58eac07acc5504fe8671c1cde99ebbcf440d1a098ead06c849afd1f098f0301f8526debc922abfae592442a67c412868ea70e1d12b258e9e1f2a803f7d1c5aa2bd52a43a46c996753f64ca5bd92c706e428db912daa19272ff65b0f2b9ef3b2cad6e98bc5c7b8ce42c199a8a7bc66b4394175cb662266a1c594ecb5569b0c194190f20ec57308e4c172585aaa18427bd236911f0c0c4087ba1586d0ebaf59e77d9cd9b69deb628b0f01598aaf3306906fbf11d50e35044f31e6a644c7d9bc30166dc27200a927e4635506f3b798988e44a431381a2d70d3df4097a3fbb35d41220ceb302496e0f6d2d329cba9e85d62727c9fde390b5e4e0c1d093e7b62f2f9f735cc01e1c09372434c133c149acf8a45b90d06e7785e0f0283b7ce2eaf2df5e00ef76f6170f4571268e66ebcee42391dcac2124ab418d5f331fa6c397d2915ae31e97fbd879c172f3157aeb076820c2a29595a1a3c968224f73fddf51cef8afbbd3d8fc61969ab9fb879a87b628e9208ac1298d47da5f1edfcb4945c1f6964f2a9d33f7a297f07fb32695c80b7ad80542aa0026312577c2bb26ea4fef13136a8a8e99c5f63056bb444375d8c26eda0d23685c6f20059c30748b197db411a171331278d79f8094b64868c92200ac6b3459d381fcd688c91837f2d8ee8b6024b3a4775b677a7409565d20bce68ac29ba2ef779752b768202cde722c7e98ccf84b05b5ac9a02d1172a3e7e1c7379a69bac2766487c857dd6b0d768f0474effb51f86edf2afaf75a2dec22427f6221098d1ea830538188204173f8686f7903f920bd66fd4151c4d4b3e46cac91a9b7bfe6869e8ae69452e4220121871f6cd704478ac631062f6a7c7ee931041e77e0d9d3cbdd6dc67aa675fe368cc783278e7486e46687dbbb80788b8422171c587ea5f80bf0b6e5e1c30350faa336613e5661d9658e6e446f0c89bb6268682c47c608255f744a0746688a25621f5352fc8fe9b887cbb24b8eaace9c9490e1594431f54368990c8dbfd0a9ced0414bd32d3c241854379bfd92d65d4e03ebd9d7972b31e481cb5671c2b82efabafca2e76db283a74708ae07608e0181141761d20ae01d3f43d230690eb46c53694a2ca990e3ca702894f86520e04c30c0047a46ad1d7e400629a6f9587bdb296e83d63e22cf622b89f9e864ea727ef3249dc40257d6667bad5d45365ca012e0d0ed9b28049ca1a71c52a06cb737d5377e245d9baa2c514a0087dd287e7d797ef2a10f22bd95d6c9e2c33ccf477f0d88672ceb846179c78251b688c29fd4566bcd7e9e509971844429e560647d8dea22825241f6d7c0528c02bee88870f59eaea2a2465d49274103e29d041010b01429ddebb7cec58b21e2549a5496b9349cbc9949354d78bd96e7ed4bc876a72ee8a50139adcc9adacc8832f439ff1fea4279006280c8d8d851da9d7b67b5d4d823e34ef25a3f1e5b6365edcccf9017ba5108c9c5bf4d13150730706b5faa5117ffc0d9e5ec5cb46797000d50b4c5ddbd71cfbffd8352fcaf58b8877be02e909911410b7a523eda5c799113036f03eb6c853cea5765ad8f176b26d6f816e5537e22b6d8b2b4d2b26e57742d80da68c484a2d2bdfd38d28ba58e49b8dfb2d82fc8ab65a145207143c712e5722316ce4777b07180cf8c64885aaa74f95ef7da9774983ad86a10481859681ae2b4dc04c761bffb540961aecddc17dd5233b507f2fd6477efa6c0be3e130b1cd140637ec696ae5ab6a56edf5d3a120658dc76101731b010deb0658dcc2ea5a2e8a431ba49aa8fd34847aaec22fcb42206a138a90ba995b4d1689ed89ed10da15ee772be1e6efd85f2924556cef803eb21a0084e4ae646e5a9bb2ef38f18686fc97cf91f7b0ad6d01215c91998d88feb47994e47ac2b0b85bb89c52a7e3e93ea73edfdb2e6cf93dc4dae61cff16df3b099c11acf81eceda9545c39609d9c46bef907512599cfc18c00f56c55b68cee700925e60b4900c562d72843d5e009e584735fc90b43faf209f977734330b5e2acef5a97f140c67ae51f54c1d44afed647c23e85448aaa556928638224e4ca00746d8311833c9c992e1fb1a51bdb2f2618652f5c33856c6c6728fed98e5404ecfde01e0fbaedc42f0577a229c05914cc63ccd1af15f46d9d8d9f7d00ff0f4062cf884908af4823dd12359a4e72bc7588b6e0ef29b99e9a58386727c5d7ffefe4e04e52f7936e2298db71aa611ad1e0ea68858636c172d792e02eeef8a7b125f055bb81f3a03e63afe819cfe253f45560b2df81986e21fea40bf84c529e02c0093155eb93c28b0aa2d2cea7ed701b54d3d17d59612279e2f5b77f13994c8594dcb71a58b1b23d99909b71fd5220bd4d8cfbd0bdfbc3c8cad075606a7b308548b27cf0638e69a4654bfd844bb65dafaa4705a04e5e736dc603554c750240fba615ad3fe923d8b2ad612e2bed3644833c3e3df547ebe607df6f472b588430c15978dee817f77bfc20c21dac49702d4566fa5f10f6dc5722ae35bfd4f416b22af399c5b2b4bc368a8ca865e7afb51958676b5584644dd010f82f311b97490c5ec452dafaa5f71ca7031237ef27e5f3eb0afcc630a1d1be3a0c7d4f80d089be54e3f733450ba64df332f87190846cb4c656c8d8f9ed4c3d4abe46f82fb4bc0550a8876764182aa407b7b385648714e17f00716818d899a2318890956513febc682f40057185a7ac18c0c8af629e171854fdf4963413682cbd1469a2b13b06eb093d38d4952ef5a7fec4408c0f2594f97f2923265afe166529483199abe60bb7cb936ae0c6bb1de0605b6f67a175e59fed32550eb4911ecda8842972239832fcc171bc4763eb5334e6cd42467f6f3e743aa6edec3eb1234b76ee3abb951f9ca0d33803d9a9a8f81d1dad93451496d851a1013b6c04480936e0eff5d0d979c499d368ebc8d8a5f77a6caa263ee2c0b3243b74dcb80a46d98c89136a3b36b8a63a08d7f8dcd4405ccf726911f4f1aa90d2d31157b404e4219abb90b087fe91837c0539265122029c846127c07c926e27788ad95f68568dc1c93e5ff01aad3a5f04c163f0bfbb007bf7d4ca64023fd62ed09d4287c59bb8571a73aba0f78e6b45c84e5543b01827b396906cfc7372a39efb4069f018563d8d279692c048c861c3a7c9885a7911eec0a17fdc2af0418956171c9f74e83a27ed97c35602de7b4ac27b24b9f97f5766434c57391f9b6f75b8f04a5e7d8cf55fbf1bffb742a2b0eaafb3bced13ee4fbd2ad7a0c2dbbf074b7d3c5b2a3db427f82c55e310f2dfca16e7c3f7b6ae7b552820cbe4521e11be1fbe57d61196e110c48c0f59dbf141977701747da453c4d001c2d5ad4b210674a6e5fba1032719d3b0978f6db818e6e9086ccbc67cd71a68c12abc2763f6a837a3baebd3608eaac57fd2ad8c8058ec13db7a763cddb44a0e5daa78cc5097df32833e4a1fce2a31619ccea6045219e4e2c98473b48485ccd131f64a5d6c2d418bfb200c1f073e4d9d64650e54d7552c283eb8ef93c7d1542080d184df4a1834dfdd5342b83ae06341ab90f23a106180143035ce465ca4f66de1d3f6689c05757c8263277929503d82cf930060c0ebd0d66660b23d732302abfaf7ade0404351d855d41edcd0137edc6622441fe26c7795030338dfb60b046f45e88ca15278a455bfb6d5065cc5630c63e5c9401dc431b9f10c7fd98258fadc73f962dc9c1260a0c5eb3c2b6b908286034d39b3d806c6260157c923a4dcc0c2dbddb52d010d2d8db15a1dcd01d8eb5272081b9c1d34d0220c4d9e44bf395740bcfa4f57a2cf4bbcc6ffb5fb1985be90e7da339c268bce97e8cd371208aafe71ce5c410f26470b8f839c67951c388ab0f2dca1eb1df41be30f6725453568604039f8d6362543e78a5fa733c8f33027e1f24a1fe4cf54b56f2ee214a6a8faab73bda375bc9e22a1663300d310ce2230aeb50c57a2198383d0c24aa17cccd968554666236d5d445e846561a11c2d8b894029229e30b0890bb39bfd9d973749355d9d1792203ae2ae00fb2a1fd8549e453c5cddabd2b430e3ff182adb9f0fcc2cc95fb04cf26fa923b762e156de470f5e5a8b9fe92a1f3ed35b508998293f49e04fa0dafe0c9f970e01a33da2e3516904c8ef21b0c62fd0d744658551c47b7d3e03734dec6daa3ef2efd06423bfdba05a2bccbc441b58f466b2be3b7d5a4eee65b053bd777ecd3cf0757dd46e4a49128eaf194dc9f9280d3003fc4f52d46c26a15bebaef405e1c62bcf9dfb4a95c3d02dd022e775668f0157c304c5e4017d4d4e859c7b16607cae97489d78f1e2c0ea6c384263b7d7d673057aeaa6c557969af372a50f59b3cf5b0f7ef0de59b8bb0a76dcca44bafab2896c9d3d450578ed81bc0a11be01d858e558e906dea5d877aa9ad0fe8f41b291caf6de46b9606c7d4b0c2700434647e829bd76523fa404ef3d5eec5c50211dde408f9a28151ec9f159bb59522970396d6107293f6f56684cbe165661f4fad069173c1104dc1d68ee65d84ab16bd3134ed42686fb4a8bbe99de8991f94c9dfa21ebe8f3fc503da608d67cce153f88e03dc9952c9dfa56d8eac174690d9d715f85836301cd36f8132709e55a8cce7acb06559af16e0a1c64bd57792353f73b114ab1e8281d3c3ff9df2b20daca624f2835cabe2ec2bab10d972bee265fc0074cfc4b368005d49b0a9dcf6c2a948372de1ed2028907523bd190215be64f56ea77b7eb3e1ee626139f111b5aa0c5a07ae04eaa03bc34611e08b91573ae5431a2d13d1e5487db2b855ed3232e5874644befd5333129ef19ca2e8ebdf9b12357e55fcb6bfa7fb0f3bc60de579295427fbd8e523cc4e4fbd9214c557a99e47be06a20c27914a316dd069db1720ba36e041535b30728273b24b461f7339225286d4e874432c34eb1d6d98b7ab697d952463efda355934be5432e84b56720f85e0e59a82f0114e5a626139622cb1125440baa00f69395064f602a597c2bd2c48c4d94aa9bdd99f076cfde97d1eb5afc613054e5404da1b88c30fc1baa2946fd971e7d981c9c7d7c6a40150febfcec41e3d74ed489ecb0a454741ed42d1c7e85785e8caaeb5ee5fed86a26a808317d3785436ccc3dd3badc0a20cbd77f3efb7d884b0709e1a67d188228728b55f79b10196aa22f7fd466f200dd0e46393f5b60bc2c3c2252dabe1bd0b46150c98220aec08d1bb4badaeafb4e1abc676b45245cea0d7a7007cec9f23a01421ede0184bb928dc8c3161b522b81cca57e384c530a32bfb6a700a9e56ed09b9131acf35aa2687ea526b0f1a9257e55dbc8b8d9a2f43973541d4e22efcb60f41d2fde60c08321de37b719362a54550c8e60443921731a3eec032822a4a9e25cc908cf447684305f50e38ec254954b027e68666b8d5438ff3a86c129319e18c9e6f4e216f76c2d1ffeab61b1c90b66b128ffd16055f9ef5536d457ecfe8deb5c8745ee0266fb43f31982f076404408e4ced3ff7164c12ec054a77e160bd8184a2a9b029019b5dfc7634cd4afc53fc3432609b7342dfad020b79e6aa6546cd6abd7ac15a569efe43f0a5af46563b56e0c96018215687ff5aaf4c3aff8f9d12151a9cd82b5f5fa0d64edb92a0b8b0e63480a0b2441bfd8fd455ef5d17aa32d47071b88916694d76e8e9f8bea31d3d488aaca1fffa6b48dfa5dde6092bb616a293ab6aa205b7ef573f6f1b65a0307eb948240729a78453c639bfef", 0x1000, 0x1) prlimit64(0x0, 0x0, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) write$cgroup_int(r3, &(0x7f0000000080), 0x12) 18:44:40 executing program 5: r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80000, 0x5, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000600100000f000000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f0000010100)="0000000000000000000000006856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010400)="03000000040000000500000016000f000300040000000000000000000f00", 0x1e, 0x800}, {&(0x7f0000010e00)="ed41000000040000ddf4655fddf4655fddf4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010", 0x3d, 0x1500}, {&(0x7f0000000740)="02000089eb0001022e", 0x9, 0x4000}], 0x0, &(0x7f0000000380)=ANY=[]) getdents(r0, &(0x7f0000000140)=""/189, 0xbd) 18:44:40 executing program 4: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='memory.max\x00', 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) (async) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) (async) recvmmsg$unix(r3, &(0x7f0000003cc0)=[{{&(0x7f00000000c0)=@abs, 0x6e, &(0x7f0000000240)=[{&(0x7f0000000f40)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000280)=""/233, 0xe9}, {&(0x7f0000000380)=""/86, 0x56}, {&(0x7f0000000400)=""/61, 0x3d}], 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000c715a74687942b0600000000000100000001000000", @ANYRES32, @ANYRES32], 0x18}}, {{&(0x7f00000004c0), 0x6e, &(0x7f0000000b80)=[{&(0x7f0000003ec0)=""/100, 0x64}, {&(0x7f00000005c0)=""/150, 0x96}, {&(0x7f0000001f40)=""/4096, 0x1000}, {&(0x7f0000000680)=""/233, 0xe9}, {&(0x7f0000003f40)=""/236, 0xec}, {&(0x7f0000000880)=""/221, 0xdd}, {&(0x7f0000000980)=""/226, 0xe2}, {&(0x7f0000000a80)=""/237, 0xed}], 0x8}}, {{&(0x7f0000000c00), 0x6e, &(0x7f0000000e00)=[{&(0x7f0000000c80)=""/10, 0xa}, {&(0x7f0000000cc0)=""/158, 0x9e}, {&(0x7f0000000d80)=""/87, 0x57}], 0x3}}, {{0x0, 0x0, &(0x7f00000032c0)=[{&(0x7f0000000e40)=""/130, 0x82}, {&(0x7f0000002f40)}, {&(0x7f0000002f80)=""/233, 0xe9}, {&(0x7f0000003080)=""/241, 0xf1}, {&(0x7f0000003180)=""/170, 0xaa}, {&(0x7f0000003240)=""/71, 0x47}], 0x6, &(0x7f0000004040)=ANY=[@ANYBLOB="28000000000000000100000001000000c96f8f53d4a4b8b1dece6233b9e4dcd52538da5f5f6e07fb1368ef0bab52d1f49678e335291436fedbd3ba168f587b4b102ae17366ec9a9f3acc3682d4264242a083216410c33ac0eef37c66dad86aaa101cef54a052b49368440589b65087c998378e70c61156c73aca55c07f32f93213df4dcb92d703619ddc8a4a887a3e9bb6dcbd51f1a6ce2078b4187b0600d7ca1eda82747ef05c65c0aee1edba3c84dec39e2970b190f156ac1383a7a7ddc0847f3a1f4192710b1077034e0000d412ed4cd06720aae2150cf8487e522e781270560799f79daf421321afbc571f3daba4011913f3de4aa2daa60ea1160b06eeff0c5374ada74050e51c0e57c4962fb2e810065c32c6820eaefd1585f2a0aca4c1323b358f0ba6fb31d9b8752cfbab703a303c23475d994e32e780b87fa292c827dbde309f157586c9d1cc9cf81fa5104059fe9059fec004f702b950373ed6569bc0a8823716fffa6e055c413f71d71493b88e8582fcea0d966400748040bc59157a50a401bdd972ccf3a996c8435a15c1c11c94", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="28000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32], 0x90}}, {{&(0x7f0000003400), 0x6e, &(0x7f0000003900)=[{&(0x7f0000003480)=""/135, 0x87}, {&(0x7f0000003540)=""/227, 0xe3}, {&(0x7f0000003640)=""/236, 0xec}, {&(0x7f0000000780)=""/142, 0x8e}, {&(0x7f0000003800)=""/249, 0xf9}], 0x5, &(0x7f0000003980)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f00000039c0), 0x6e, &(0x7f0000003bc0)=[{&(0x7f0000003a40)=""/83, 0x53}, {&(0x7f0000003ac0)=""/236, 0xec}], 0x2, &(0x7f0000003c00)=[@cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xb0}}], 0x7, 0x40000000, &(0x7f0000003e80)={0x0, 0x3938700}) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) (async) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000f00), 0x8) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) write$cgroup_int(r2, &(0x7f0000000080), 0x12) 18:44:40 executing program 2: write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000000)={0xb}, 0xb) pipe2$9p(&(0x7f00000002c0), 0x0) [ 864.171578][T31843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 864.180909][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 864.189634][ T1919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 18:44:40 executing program 1: sendmsg$NL802154_CMD_NEW_SEC_DEV(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40a4024}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fddbdf251a000000400023800600020001000000060002000000000008000600020000000500050000000000050005000100002005000500000000000c0004000203aaaaaaaaaaaa0c00238006000200ffff0000"], 0x60}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000044) (async) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) (async) fcntl$setlease(0xffffffffffffffff, 0x400, 0x2) (async) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000013c0)='cgroup2\x00', 0x0, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup(r1, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000a, 0x8010, r0, 0x58012000) (async) open(&(0x7f0000000300)='./file0\x00', 0x200, 0x90) pipe2$watch_queue(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r3 = openat$cgroup_int(r2, &(0x7f0000001400)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0) setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), &(0x7f00000003c0)="c1226af5d2ce5ff891a471ade7459327f3f7a10ab0e797aa73d7e42bd70f0490d24a56c85f9f245b7be169db58eac07acc5504fe8671c1cde99ebbcf440d1a098ead06c849afd1f098f0301f8526debc922abfae592442a67c412868ea70e1d12b258e9e1f2a803f7d1c5aa2bd52a43a46c996753f64ca5bd92c706e428db912daa19272ff65b0f2b9ef3b2cad6e98bc5c7b8ce42c199a8a7bc66b4394175cb662266a1c594ecb5569b0c194190f20ec57308e4c172585aaa18427bd236911f0c0c4087ba1586d0ebaf59e77d9cd9b69deb628b0f01598aaf3306906fbf11d50e35044f31e6a644c7d9bc30166dc27200a927e4635506f3b798988e44a431381a2d70d3df4097a3fbb35d41220ceb302496e0f6d2d329cba9e85d62727c9fde390b5e4e0c1d093e7b62f2f9f735cc01e1c09372434c133c149acf8a45b90d06e7785e0f0283b7ce2eaf2df5e00ef76f6170f4571268e66ebcee42391dcac2124ab418d5f331fa6c397d2915ae31e97fbd879c172f3157aeb076820c2a29595a1a3c968224f73fddf51cef8afbbd3d8fc61969ab9fb879a87b628e9208ac1298d47da5f1edfcb4945c1f6964f2a9d33f7a297f07fb32695c80b7ad80542aa0026312577c2bb26ea4fef13136a8a8e99c5f63056bb444375d8c26eda0d23685c6f20059c30748b197db411a171331278d79f8094b64868c92200ac6b3459d381fcd688c91837f2d8ee8b6024b3a4775b677a7409565d20bce68ac29ba2ef779752b768202cde722c7e98ccf84b05b5ac9a02d1172a3e7e1c7379a69bac2766487c857dd6b0d768f0474effb51f86edf2afaf75a2dec22427f6221098d1ea830538188204173f8686f7903f920bd66fd4151c4d4b3e46cac91a9b7bfe6869e8ae69452e4220121871f6cd704478ac631062f6a7c7ee931041e77e0d9d3cbdd6dc67aa675fe368cc783278e7486e46687dbbb80788b8422171c587ea5f80bf0b6e5e1c30350faa336613e5661d9658e6e446f0c89bb6268682c47c608255f744a0746688a25621f5352fc8fe9b887cbb24b8eaace9c9490e1594431f54368990c8dbfd0a9ced0414bd32d3c241854379bfd92d65d4e03ebd9d7972b31e481cb5671c2b82efabafca2e76db283a74708ae07608e0181141761d20ae01d3f43d230690eb46c53694a2ca990e3ca702894f86520e04c30c0047a46ad1d7e400629a6f9587bdb296e83d63e22cf622b89f9e864ea727ef3249dc40257d6667bad5d45365ca012e0d0ed9b28049ca1a71c52a06cb737d5377e245d9baa2c514a0087dd287e7d797ef2a10f22bd95d6c9e2c33ccf477f0d88672ceb846179c78251b688c29fd4566bcd7e9e509971844429e560647d8dea22825241f6d7c0528c02bee88870f59eaea2a2465d49274103e29d041010b01429ddebb7cec58b21e2549a5496b9349cbc9949354d78bd96e7ed4bc876a72ee8a50139adcc9adacc8832f439ff1fea4279006280c8d8d851da9d7b67b5d4d823e34ef25a3f1e5b6365edcccf9017ba5108c9c5bf4d13150730706b5faa5117ffc0d9e5ec5cb46797000d50b4c5ddbd71cfbffd8352fcaf58b8877be02e909911410b7a523eda5c799113036f03eb6c853cea5765ad8f176b26d6f816e5537e22b6d8b2b4d2b26e57742d80da68c484a2d2bdfd38d28ba58e49b8dfb2d82fc8ab65a145207143c712e5722316ce4777b07180cf8c64885aaa74f95ef7da9774983ad86a10481859681ae2b4dc04c761bffb540961aecddc17dd5233b507f2fd6477efa6c0be3e130b1cd140637ec696ae5ab6a56edf5d3a120658dc76101731b010deb0658dcc2ea5a2e8a431ba49aa8fd34847aaec22fcb42206a138a90ba995b4d1689ed89ed10da15ee772be1e6efd85f2924556cef803eb21a0084e4ae646e5a9bb2ef38f18686fc97cf91f7b0ad6d01215c91998d88feb47994e47ac2b0b85bb89c52a7e3e93ea73edfdb2e6cf93dc4dae61cff16df3b099c11acf81eceda9545c39609d9c46bef907512599cfc18c00f56c55b68cee700925e60b4900c562d72843d5e009e584735fc90b43faf209f977734330b5e2acef5a97f140c67ae51f54c1d44afed647c23e85448aaa556928638224e4ca00746d8311833c9c992e1fb1a51bdb2f2618652f5c33856c6c6728fed98e5404ecfde01e0fbaedc42f0577a229c05914cc63ccd1af15f46d9d8d9f7d00ff0f4062cf884908af4823dd12359a4e72bc7588b6e0ef29b99e9a58