[ 68.797335][ T27] audit: type=1800 audit(1565613408.008:27): pid=10076 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 68.817879][ T27] audit: type=1800 audit(1565613408.008:28): pid=10076 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 69.456127][ T27] audit: type=1800 audit(1565613408.748:29): pid=10076 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 69.481337][ T27] audit: type=1800 audit(1565613408.748:30): pid=10076 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.48' (ECDSA) to the list of known hosts. 2019/08/12 12:36:57 fuzzer started 2019/08/12 12:37:00 dialing manager at 10.128.0.26:45847 2019/08/12 12:37:07 syscalls: 2487 2019/08/12 12:37:07 code coverage: enabled 2019/08/12 12:37:07 comparison tracing: enabled 2019/08/12 12:37:07 extra coverage: extra coverage is not supported by the kernel 2019/08/12 12:37:07 setuid sandbox: enabled 2019/08/12 12:37:07 namespace sandbox: enabled 2019/08/12 12:37:07 Android sandbox: /sys/fs/selinux/policy does not exist 2019/08/12 12:37:07 fault injection: enabled 2019/08/12 12:37:07 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/08/12 12:37:07 net packet injection: enabled 2019/08/12 12:37:07 net device setup: enabled 12:38:37 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup\x00F\xee\xdc\xb6\x02i\xac\x8d\xa1\xdd!D\xee\x1b\x1a\x8e\x8a\x9c\xa1evI\xa4\x03\'\xe5\n\xecf\xfb\x979\xca`@\x93\x1dtB\x102\xd1\xcc\x18\x92\xd3\xb4\xeb\xa4\x8b\xb8@\xec\xba\x9aEg\xb0\x91\xfe\x03\x97\x9eAv\x1bf\x13-\xf9``\x92|ZY&L\xf9_\xb70\x9a\n\xc9\xe0m\x0el\xe6\xfe\x01\x1e@\x1a\x90\x94X\xaf@\xc1\x95\xdbjmg\x8cb\x90\xd4\xd9S\x8e\xcd\n\xdf\x16e\xcc\xfa\xb0\bw)\'\xa8\x90\xd4\x83\x0f\xb1\xfc\xb9\xd3\xa5\xe2;H &,\xb2\xc0\xddT\xd6\x10RJ\xb4\x82\xb20Z\xda[,\x19MD\xf89\xa5\xbc+\tF\x88\x0e\xe2\xce\xaf\xdd\n\x13\xc5\x80\'k0\"=\x8f\x16\x0f\x91S\x04\xbc', 0x200002, 0x0) socketpair$unix(0x1, 0x8000000000001, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$cgroup_ro(r0, &(0x7f0000000040)='cpu.stat\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x7ffff000) 12:38:37 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup\x00F\xee\xdc\xb6\x02i\xac\x8d\xa1\xdd!D\xee\x1b\x1a\x8e\x8a\x9c\xa1evI\xa4\x03\'\xe5\n\xecf\xfb\x979\xca`@\x93\x1dtB\x102\xd1\xcc\x18\x92\xd3\xb4\xeb\xa4\x8b\xb8@\xec\xba\x9aEg\xb0\x91\xfe\x03\x97\x9eAv\x1bf\x13-\xf9``\x92|ZY&L\xf9_\xb70\x9a\n\xc9\xe0m\x0el\xe6\xfe\x01\x1e@\x1a\x90\x94X\xaf@\xc1\x95\xdbjmg\x8cb\x90\xd4\xd9S\x8e\xcd\n\xdf\x16e\xcc\xfa\xb0\bw)\'\xa8\x90\xd4\x83\x0f\xb1\xfc\xb9\xd3\xa5\xe2;H &,\xb2\xc0\xddT\xd6\x10RJ\xb4\x82\xb20Z\xda[,\x19MD\xf89\xa5\xbc+\tF\x88\x0e\xe2\xce\xaf\xdd\n\x13\xc5\x80\'k0\"=\x8f\x16\x0f\x91S\x04\xbc', 0x200002, 0x0) socketpair$unix(0x1, 0x8000000000001, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$cgroup_ro(r0, &(0x7f0000000040)='io.stat\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0x200) syzkaller login: [ 177.829747][T10243] IPVS: ftp: loaded support on port[0] = 21 [ 177.966408][T10243] chnl_net:caif_netlink_parms(): no params data found [ 177.989634][T10246] IPVS: ftp: loaded support on port[0] = 21 [ 178.009543][T10243] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.018304][T10243] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.026568][T10243] device bridge_slave_0 entered promiscuous mode [ 178.046712][T10243] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.054858][T10243] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.062905][T10243] device bridge_slave_1 entered promiscuous mode 12:38:37 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x8000000000000802, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0xd) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r0, &(0x7f0000000040)="e0", 0xfffffe00) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)) [ 178.105676][T10243] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 178.125741][T10243] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 178.191600][T10243] team0: Port device team_slave_0 added [ 178.201518][T10243] team0: Port device team_slave_1 added [ 178.212572][T10246] chnl_net:caif_netlink_parms(): no params data found 12:38:37 executing program 3: r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000000)=0x1000) 12:38:37 executing program 4: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffa000/0x4000)=nil) geteuid() r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000d40)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040004,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) syz_genetlink_get_family_id$tipc2(0x0) umount2(&(0x7f0000000600)='./file0\x00', 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0) [ 178.415145][T10243] device hsr_slave_0 entered promiscuous mode [ 178.443427][T10243] device hsr_slave_1 entered promiscuous mode [ 178.500459][T10249] IPVS: ftp: loaded support on port[0] = 21 [ 178.502793][T10243] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.513519][T10243] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.520881][T10243] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.528010][T10243] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.622677][T10251] IPVS: ftp: loaded support on port[0] = 21 [ 178.629186][T10246] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.637980][T10246] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.649192][T10246] device bridge_slave_0 entered promiscuous mode [ 178.665705][T10246] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.672794][T10246] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.682622][T10254] IPVS: ftp: loaded support on port[0] = 21 [ 178.704013][T10246] device bridge_slave_1 entered promiscuous mode 12:38:38 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000000)) [ 178.730430][T10246] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 178.742544][T10246] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 178.803360][T10246] team0: Port device team_slave_0 added [ 178.827124][T10246] team0: Port device team_slave_1 added [ 178.927784][T10249] chnl_net:caif_netlink_parms(): no params data found [ 178.975314][T10246] device hsr_slave_0 entered promiscuous mode [ 179.013567][T10246] device hsr_slave_1 entered promiscuous mode [ 179.053230][T10246] debugfs: Directory 'hsr0' with parent '/' already present! [ 179.084289][ T3490] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.092203][T10257] IPVS: ftp: loaded support on port[0] = 21 [ 179.098412][ T3490] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.118491][T10243] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.202017][T10243] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.219573][T10251] chnl_net:caif_netlink_parms(): no params data found [ 179.227690][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.235659][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.260417][T10249] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.268015][T10249] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.275783][T10249] device bridge_slave_0 entered promiscuous mode [ 179.313832][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 179.322503][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.330905][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.337947][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.345523][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 179.354210][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.362653][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.369787][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.377631][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 179.386158][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 179.394627][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 179.402972][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 179.411285][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 179.419624][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 179.428058][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 179.436270][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.444649][T10249] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.451711][T10249] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.460197][T10249] device bridge_slave_1 entered promiscuous mode [ 179.483349][T10249] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 179.496490][T10254] chnl_net:caif_netlink_parms(): no params data found [ 179.508200][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 179.528736][T10249] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 179.572745][T10249] team0: Port device team_slave_0 added [ 179.580104][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 179.589793][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 179.606528][T10251] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.613864][T10251] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.621416][T10251] device bridge_slave_0 entered promiscuous mode [ 179.629106][T10251] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.636603][T10251] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.644498][T10251] device bridge_slave_1 entered promiscuous mode [ 179.652206][T10249] team0: Port device team_slave_1 added [ 179.673463][T10243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 179.694137][T10254] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.701225][T10254] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.709001][T10254] device bridge_slave_0 entered promiscuous mode [ 179.717493][T10254] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.724648][T10254] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.732450][T10254] device bridge_slave_1 entered promiscuous mode [ 179.762204][T10251] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 179.775360][T10251] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 179.866127][T10249] device hsr_slave_0 entered promiscuous mode [ 179.903726][T10249] device hsr_slave_1 entered promiscuous mode [ 179.943310][T10249] debugfs: Directory 'hsr0' with parent '/' already present! [ 179.963767][T10243] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.971340][T10257] chnl_net:caif_netlink_parms(): no params data found [ 179.984853][T10254] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 180.011641][T10251] team0: Port device team_slave_0 added [ 180.021653][T10249] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.028754][T10249] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.036083][T10249] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.043288][T10249] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.053245][T10254] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 180.065901][T10246] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.082879][T10251] team0: Port device team_slave_1 added [ 180.119153][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.127757][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.155706][T10251] device hsr_slave_0 entered promiscuous mode [ 180.203625][T10251] device hsr_slave_1 entered promiscuous mode [ 180.263286][T10251] debugfs: Directory 'hsr0' with parent '/' already present! [ 180.272335][T10254] team0: Port device team_slave_0 added [ 180.280096][T10254] team0: Port device team_slave_1 added [ 180.322117][T10246] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.406385][T10254] device hsr_slave_0 entered promiscuous mode [ 180.453329][T10254] device hsr_slave_1 entered promiscuous mode [ 180.493175][T10254] debugfs: Directory 'hsr0' with parent '/' already present! [ 180.501531][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 180.509651][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 180.520934][T10257] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.528418][T10257] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.536512][T10257] device bridge_slave_0 entered promiscuous mode 12:38:39 executing program 0: [ 180.563545][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 180.572529][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 180.583643][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.590749][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.599524][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 12:38:39 executing program 0: [ 180.610903][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 180.630956][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.638088][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.646599][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 12:38:39 executing program 0: [ 180.656025][T10257] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.671286][T10257] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.679456][T10257] device bridge_slave_1 entered promiscuous mode 12:38:40 executing program 0: [ 180.716463][T10249] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.733836][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 180.749376][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 12:38:40 executing program 0: [ 180.772813][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 180.783979][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 12:38:40 executing program 0: [ 180.823066][T10246] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 180.835289][T10246] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 180.854120][T10249] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.860994][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 12:38:40 executing program 0: [ 180.869386][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 180.878264][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 180.887046][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 180.896509][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 180.905120][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 180.914486][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 180.922978][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 180.931034][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 180.944524][T10257] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 180.961408][T10257] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 180.986442][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 180.995152][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.003811][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.012183][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.019329][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.027686][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.036320][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.044682][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.051708][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.059334][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.078892][T10251] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.101978][T10257] team0: Port device team_slave_0 added [ 181.119674][T10257] team0: Port device team_slave_1 added [ 181.126945][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.140019][T10251] 8021q: adding VLAN 0 to HW filter on device team0 [ 181.162303][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 181.170166][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 181.178053][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.186946][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.195671][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 181.212134][T10246] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 181.286951][T10257] device hsr_slave_0 entered promiscuous mode [ 181.343784][T10257] device hsr_slave_1 entered promiscuous mode [ 181.383311][T10257] debugfs: Directory 'hsr0' with parent '/' already present! [ 181.391752][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.400475][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.408814][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.415925][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.423760][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 181.432196][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.440669][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 181.448909][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 181.463315][T10254] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.477553][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.486250][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.495023][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.505402][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.512435][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.520403][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 181.529167][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 181.537441][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 181.545320][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 181.552959][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.562822][T10249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 181.581281][T10254] 8021q: adding VLAN 0 to HW filter on device team0 [ 181.603305][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.612009][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.621773][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.630482][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 181.639141][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.659589][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 181.667991][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 181.677064][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 181.687542][ T3490] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.695369][ T3490] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.705019][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 181.714857][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 181.723910][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 181.733633][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 181.744210][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.763362][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 181.772258][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 181.786072][ T3490] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.793218][ T3490] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.834949][T10251] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 181.864554][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.874120][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.882655][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.891323][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.900265][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 181.909273][T10249] 8021q: adding VLAN 0 to HW filter on device batadv0 12:38:41 executing program 1: [ 181.941195][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 181.954585][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.970283][T10257] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.998012][T10254] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 182.015621][T10254] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 182.030250][T10251] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 182.041522][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 182.058053][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 182.076078][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 182.084884][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 182.099232][T10257] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.112177][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 182.120101][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 182.128847][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 182.147943][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.156729][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.166264][ T3490] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.173355][ T3490] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.180999][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.189920][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.198351][ T3490] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.205425][ T3490] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.213187][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.232637][T10254] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 182.247635][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 182.286043][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 182.307900][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 182.318251][T10311] EXT4-fs warning (device sda1): ext4_group_extend:1768: can't shrink FS - resize aborted [ 182.341581][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 182.350581][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 12:38:41 executing program 2: 12:38:41 executing program 3: [ 182.371947][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 182.393339][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 182.413804][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 182.448555][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 182.476432][T10257] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 182.490596][T10257] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 182.500965][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 182.520451][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 182.546562][T10257] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 182.680138][T10327] fuse: Bad value for 'subtype' [ 182.700653][T10332] fuse: Bad value for 'subtype' 12:38:42 executing program 4: 12:38:42 executing program 0: 12:38:42 executing program 1: 12:38:42 executing program 2: 12:38:42 executing program 3: 12:38:42 executing program 5: 12:38:42 executing program 1: 12:38:42 executing program 2: 12:38:42 executing program 4: 12:38:42 executing program 3: 12:38:42 executing program 5: 12:38:42 executing program 0: 12:38:42 executing program 4: 12:38:42 executing program 5: 12:38:42 executing program 3: 12:38:42 executing program 0: 12:38:42 executing program 2: 12:38:42 executing program 4: 12:38:42 executing program 1: 12:38:42 executing program 3: 12:38:42 executing program 5: 12:38:42 executing program 2: 12:38:42 executing program 0: 12:38:42 executing program 3: 12:38:42 executing program 1: 12:38:42 executing program 4: 12:38:42 executing program 5: 12:38:42 executing program 0: 12:38:42 executing program 2: 12:38:42 executing program 1: 12:38:42 executing program 4: 12:38:42 executing program 3: 12:38:42 executing program 0: 12:38:42 executing program 5: 12:38:42 executing program 2: 12:38:42 executing program 1: 12:38:42 executing program 4: 12:38:43 executing program 3: 12:38:43 executing program 5: 12:38:43 executing program 0: 12:38:43 executing program 2: 12:38:43 executing program 4: 12:38:43 executing program 1: 12:38:43 executing program 0: 12:38:43 executing program 5: 12:38:43 executing program 2: 12:38:43 executing program 4: 12:38:43 executing program 3: 12:38:43 executing program 1: 12:38:43 executing program 0: 12:38:43 executing program 2: 12:38:43 executing program 5: 12:38:43 executing program 1: 12:38:43 executing program 3: 12:38:43 executing program 0: 12:38:43 executing program 4: 12:38:43 executing program 2: 12:38:43 executing program 3: 12:38:43 executing program 5: 12:38:43 executing program 0: 12:38:43 executing program 1: 12:38:43 executing program 4: 12:38:43 executing program 2: 12:38:43 executing program 5: 12:38:43 executing program 1: 12:38:43 executing program 3: 12:38:43 executing program 4: 12:38:43 executing program 0: 12:38:43 executing program 2: 12:38:43 executing program 5: 12:38:43 executing program 3: 12:38:43 executing program 1: 12:38:44 executing program 2: 12:38:44 executing program 5: 12:38:44 executing program 4: 12:38:44 executing program 0: add_key$keyring(0x0, &(0x7f0000000000)={'syz'}, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x8004002, 0x0) truncate(&(0x7f0000000240)='./file0\x00', 0x90002) recvmmsg(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x0, 0x0) sendfile(r0, r0, 0x0, 0x8800000) 12:38:44 executing program 1: mknod(&(0x7f0000000140)='./bus\x00', 0xa8a, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) execve(&(0x7f00000001c0)='./bus\x00', 0x0, 0x0) 12:38:44 executing program 3: 12:38:44 executing program 3: 12:38:44 executing program 4: 12:38:44 executing program 5: [ 184.911970][ T27] audit: type=1800 audit(1565613524.198:31): pid=10485 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16558 res=0 12:38:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="11dca50d5e0bcfe47bf070") syz_emit_ethernet(0xfe19, &(0x7f0000000180)={@local, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0xfde3, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x140]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x7000000]}, {[], @tcp={{0x2c00, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 184.986055][ T27] audit: type=1800 audit(1565613524.268:32): pid=10479 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16558 res=0 [ 185.010380][ C0] hrtimer: interrupt took 51962 ns 12:38:44 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) write$apparmor_exec(0xffffffffffffffff, &(0x7f0000000080)={'exec ', '/dev/kvm\x00'}, 0xe) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x3, 0x0, 0x0, 0x1000, &(0x7f0000015000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:38:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) connect$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x307, {0x0, 0x0, 0x0, 0x0, 0x6}}, 0xe) ioctl$sock_proto_private(0xffffffffffffffff, 0x0, 0x0) semget(0x2, 0x0, 0x0) 12:38:44 executing program 0: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) clone(0x100, 0x0, 0x0, 0x0, 0x0) 12:38:44 executing program 4: r0 = socket$kcm(0x2b, 0x8000000000001, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) semctl$IPC_STAT(0x0, 0x0, 0x2, 0x0) 12:38:44 executing program 1: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) socketpair$unix(0x1, 0x8000000000001, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) mknodat(r1, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) 12:38:44 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23}, 0x10) 12:38:44 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="204d0100000073b808ed9238801300cee3c30b0b000000000000f7f81b5409898202800175c287b67cb01275984b00000000000000ba791772"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 12:38:44 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) r2 = socket$kcm(0x29, 0x5, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f00000006c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xae\xff\x045\x83\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xbd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x16\xc3Z\xa38tu\xdbN\xb8\x1e\x95\xafyB\xf4X\x05\x00\x00\xe95\xa1\x00\x00') write$cgroup_subtree(r1, &(0x7f0000000080)={[{0x0, '\x03\x8a\xa1t\x03n\xd7\xe0\x8f\x93\xdd\x86\xdd'}]}, 0xfdef) [ 185.242780][T10515] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 12:38:44 executing program 4: syz_emit_ethernet(0xfe19, &(0x7f0000000180)={@local, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0xfde3, 0x2c, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x140]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x7000000]}, {[], @tcp={{0x2c00, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 12:38:44 executing program 2: msgget(0x1, 0x40) 12:38:44 executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) connect$tipc(r0, &(0x7f0000000280)=@name={0x1e, 0x2, 0x0, {{}, 0xfffff000}}, 0x10) 12:38:44 executing program 1: clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x2, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$inet6(r0, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0) 12:38:44 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x5}}, 0x1c) 12:38:44 executing program 4: syz_emit_ethernet(0x3e, &(0x7f0000000040)={@broadcast, @remote, [], {@ipv4={0x806, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={0xac, 0x223}}, @icmp=@parameter_prob={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x223}}}}}}}, 0x0) 12:38:44 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x4001fc) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cpuset.memory_pressure\x00', 0x0, 0x0) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000140)={0x7ff, 0xc8, 0x3fffc00000000000, 0x2, 0x14, 0x4, 0x6, 0x8001, 0x1, 0xfffffffffffffff9}) epoll_pwait(r2, &(0x7f0000000240)=[{}], 0x1, 0x0, 0x0, 0x0) ioctl(0xffffffffffffffff, 0x0, 0x0) write(r1, &(0x7f0000000280)="dcd41c2670ded7afe55e1ee9129a0e3eabdd7a86787b307c91ba740a4505747b9aa3824422bac476dfb18426160b0422b06a5bf3f6a607fa4c29610a4a247ed97303273832aede0b", 0x48) socket$inet6_udp(0xa, 0x2, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x0) request_key(0x0, 0x0, 0x0, 0xfffffffffffffffa) request_key(0x0, 0x0, 0x0, 0xfffffffffffffffb) keyctl$unlink(0x9, 0x0, 0x0) ioctl$SIOCGSTAMP(0xffffffffffffffff, 0x8906, 0x0) r3 = socket$inet6(0xa, 0x400000000001, 0x0) r4 = dup(r3) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x20000004, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r5 = open(&(0x7f0000000000)='./bus\x00', 0x100000141042, 0x0) ftruncate(r5, 0x10099b7) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x1005}]}, 0x10) sendfile(r4, r5, 0x0, 0xfffffffd) connect$unix(r4, &(0x7f0000006780)=@file={0x0, './bus\x00'}, 0x6e) [ 185.660219][T10528] device nr0 entered promiscuous mode 12:38:45 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x800005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:38:45 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) connect$bt_l2cap(r1, &(0x7f0000000000), 0xe) dup3(r0, r1, 0x0) 12:38:45 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000001280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000001c0)=0x1fd, 0x4) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendto(r0, &(0x7f0000000040)="95", 0x1, 0x0, 0x0, 0x0) [ 185.784099][T10555] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 12:38:45 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='gid_map\x00') r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x4000000000000002) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup3(r2, r0, 0x0) write$P9_RATTACH(r4, &(0x7f00000001c0)={0x8}, 0x9ad2562b) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) [ 186.049160][ T27] audit: type=1800 audit(1565613525.338:33): pid=10555 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="bus" dev="sda1" ino=16561 res=0 12:38:45 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x20, r0, 0x0, 0x7) 12:38:45 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x5}}, 0x1c) 12:38:45 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2100000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() r2 = dup(r0) setsockopt$inet_opts(r2, 0x0, 0x3, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x2c) fcntl$setstatus(r0, 0x4, 0x80000000002c00) 12:38:45 executing program 4: syz_emit_ethernet(0x2a, &(0x7f0000000940)=ANY=[@ANYBLOB="aaaaaaaaaaaa0ebaba38a8c808060001080006040001aaffffffac1414aa000000000000805ca6375300bb799d3b0e706528dc0b598136364a36d96f844df8af3faeb7ca951411"], 0x0) 12:38:45 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040), 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) 12:38:45 executing program 1: r0 = gettid() sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000a40)=ANY=[@ANYBLOB="6aaf0f34"], 0x4}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000001a40)=[{{0x0, 0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000140), 0x1f6}], 0x3}}], 0x1, 0x0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYRES64, @ANYRESOCT, @ANYBLOB="4e13473b89fbc45cf6e43c476c0937d1f72e54cff2ab3e002db95212b9e7236a506d02d973b73c956991d30db9adc280ecc37d8563a314037854942c981f125c9b9cb8333854deac7366a73846ee3cd44315a2c92f4d9ec3f47367c8c650aceccc3e35cc45b1a9cc7e2778d9fed05451a5549dfc5d73bf", @ANYRES32, @ANYBLOB="afabe794fb8e7584e626469620602b523baf8406cb1af9c32be46a919c55d60b1a7a72af979e30fd0baaac5b48410d94d9e2e6294e6ab4210c9db1ef09a7f0f07e513f4e5e4b6ab619c17ab56f830db60a34ff3eb11704c9e5e33ea528847b5d71b442"], 0x0, 0xfd}, 0x20) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 12:38:45 executing program 2: syz_open_pts(0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r1, &(0x7f00000003c0)=ANY=[@ANYRESHEX], 0x12) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getresgid(0x0, 0x0, 0x0) getgroups(0x0, 0x0) fstat(0xffffffffffffffff, 0x0) unlink(&(0x7f0000000100)='./bus\x00') sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) mkdir(&(0x7f0000000480)='./file0\x00', 0x0) 12:38:45 executing program 4: perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x800000000000012, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) unshare(0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = semget$private(0x0, 0x3, 0x10) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0) semctl$IPC_SET(r1, 0x0, 0x1, &(0x7f0000000240)) 12:38:45 executing program 5: r0 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x401806e, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @mcast2}, 0x1c) sendto$inet6(r0, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e5d37149eb0f4a333726cf6d5b7647306559155f1c69d6bfd145b83576f2df4d85f271fd4119db923e2412c66dd954eb59dddc7e1fd286a83971b2ba1c63b4f99702cf91f3d1ecffb8ae189c79b403805e83650c251a564942896f205640c23b0cf51fe9bd931f54a343794710a9cd53cef20938edddb2bfa3c1f72f8e79e41e30fb8f9d314abd999ba396521b6c10bec7bc9d0745a80299342f5cf89eb9d94044258fbb18cec1cdbbc016a773d3ae41e3e30248e716fd0873d31454902cbe7dcf7d644dfadc255d99652b5ed5a5b1a75e3ad49cf80178678402e9d3a755d009889b2e6138f81dc02eedcc353aceb2f7781aea08aa91be7e1e2416ba3d555b1f2237f68c5d7dcfcb1b917c292a35d6d7e7cf2cb1dd6dba5a50ce55c4638d7d38cb7afd8da02f281ab69392bc6531eb03eb97c1d075e3342c244861d04bcad8991b8f588e48ad7fe218d2f5e604bb31c59241245b485210fe418af3d6377b59d5ab128497efeced38cc5036b1f34cb89674b5179219f34b9e8e1849695d7c23cce77eb8f038ef9f2cd69d1c9e2d6b46610adbadbdad857a77f59d38cb5120709716b87c52a48de249b231d7e39985b8b58094c0d7b4c6d1671a8ff9d2daaca94df2adcff6420077df0ddbc66d00b141ffc6e28bed09a19056e52a905a72c99a04af56b22da83135808ba2bfe87a39753447e78500d16bdad52d97df73d4852a79e7ec6910701b712cfd58c62b3ade86cf6ff0cd78719fa1ae81640381cb33f4f6b03c913e820cf9eb9b5cf7df9c878596c9ac9444cad118673fe339b4b7287b310ecff4742bfea2612d79d418293f0dfe14bc819c466473438ad71ea3b1386d17a9038b1f5a9285481500f84f4c7eabbf2eb071a101c69cce8e7495bda4c28a4e88f6a258abf58579c290eeb742b2678daab3ecc8c2bf97d89e89472901e254dd63ca7d918f8a7523161e29b28f64b285da7bb4a17d0ad734c321623e246bb0b5aaa08e8e7ac42b74ba83c70a8ca80068400be6adc3f4b01ba1050b54e6e4cf72fb567fbd27b74b2bfa7b7cabc6938851c13c6df7d5aaca79afd89b5e925379b959c7929ddfa3399695343f435772d70e5cfa3550377d23f50011ad5657e94c464cd43eb85496fd3b03bcb2d9278ceb432194d9893ffa747dfe85309f256c910e31e81dcd3cd8a13744fc2874737a2ff34bf8c89f15da7cc0853434117d744e30360b38ef1a063f9ee506f048e9980054e6c5c5688d04ece6067ac55bccc9a7773a2c4e21c039d153622130faff9fd675d64ad7284bd011b9b224713a721b4b731cf342357642a1a0bb846f5be443b7e72e9825b5f3a078c6ae09e", 0x48b, 0xc001, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000280)="3ce95c98b66a9cdea42aca63276ef1eca3ae3eebcc94bff038047504cdf7aa3a647b508b766deff9a2735edc11437a10c0e9f265c4d5ca1babf5738b4c3df116d964712d2c577d1181a2a242ab4ada0b6cd45c1f36c27a7453d75b3306d8f90eae5c942bab9af8f0e5a31701f721bc8a2e7a8767a9549b167eee0f9edd81390a901329cd44207b6b0aaaee0c14f9d85f29820dc0bf6a551ef820552ea00bcdf7f848d0e64ded3eeecd767a7c9bcce561f10240c0e3754953028600148c1b8b62ad4b2218de119ba676d92d511cd77e3dd7841c67318166455ae4987ac63628f0887f3f686d5e06ca5ed3c6384ab280baac816db5f3441a9f28034c64ab06d381be70bc573c7dba0d8a50c81c52bd4d716cc56c5909f22895da61c598176d46912a7d", 0x122, 0x400c020, 0x0, 0x0) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000200)=0x3, 0x4) setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000000580), 0x4) 12:38:45 executing program 1: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r0) close(r1) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000040)) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0xfffffc61) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg(r0, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x2000012e}], 0x1, 0x0, 0xd01}, 0x3f00) close(r1) ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0) [ 186.279728][T10599] ptrace attach of "/root/syz-executor.0"[10598] was attempted by "/root/syz-executor.0"[10599] 12:38:45 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ppoll(&(0x7f0000000180)=[{r1}, {r0}], 0x2, &(0x7f0000000200), 0x0, 0x0) 12:38:45 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000280)='net/route\x00') fstat(r0, &(0x7f0000000440)) syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaae53, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x5cf, 0x400}], 0x1, 0x0) 12:38:45 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000001a00)=[{{0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000200)="d443bc00c91579d3fa7928377d213d", 0xf}, {&(0x7f00000007c0)="ec998de43ada6f6ada42816f61a707e6586f32e00115064d7fb23af487a82ca5bcb451ccf663e6ef996d7ed0312223413b6b8a23b389bae4cf85db", 0x3b}, {&(0x7f00000003c0)="22d36c869429879eba3edc20e5b315d01bdf5aad8dbf6cf0d77d2766522be807117a921a4ba98e5e804a74b20c450922558bf935", 0x34}, {&(0x7f0000000c40)="356e3b63d975ddee9d722c11e08caa2bf386961d26be82b6f0479c0cd4cea3812abd91504c1981b617fae586ad842bff46eb0178d2345441b885eb9d2b42def78a87d42c3f1fcc66babae9", 0x4b}], 0x4}}, {{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000fc0)="35d379f4e49892da18ea7e60350163873e996eab8ed373a61b63fdb7f8e9e7b16d469d449c", 0x25}], 0x1}}, {{0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000001100)="8afaab572d4931aec1fb749da31cf0a8e58996d4e04bd3d5328b8d3fad2185f84ef77bd297dd3fb6cebc46ef125b90b6888a997a5dab85d363169bac5445f3536af6b25e1d5c4b51c8c40ae8c1f4", 0x4e}, {&(0x7f0000001180)="7526edeef60b85d7af233b7186c6ad015e66eaae707d07f5c606e6802f996389fad34d1d64bbad359c56395c5677e7b8843303c93af6a9d024774cb9c45b90bf430f98044458d04fdda2bb995d0b5681f2e3c7e338dd245508c7ad51bea84ecec80f121ff963843ca69f1b453ec8001cd54fa3cd1be79ff4d5f28f5b200bc8bbef18463458d651f3e03f6b6b9440ec970c490a316bd5df91203c2a88b9b1af8e96fb379541145a8773f7410c05d9632ca2409d5026a0f993907d6fa04c16ca5ac4aa03c5779715fca7962acb8c669804f21926fbd0ba4b739a4207728c6180d693caf6c78d9eef714e02cbbcf206529d64160a3de15785f9420bf0980b9140", 0xff}], 0x2}}, {{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000001400)="97e4ff42690f4d876c9ec8fb78f5ccc9dc6117333c91a0f10bb82efcebf25bf6a938", 0x22}], 0x1}}], 0x4, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)=' ', 0x1, 0x11, 0x0, 0x0) 12:38:45 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 186.577064][T10625] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 186.673895][T10626] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem [ 186.697314][T10625] FAT-fs (loop2): Filesystem has been set read-only [ 186.706078][T10632] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.4'. 12:38:46 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 186.716097][T10626] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 12:38:46 executing program 3: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000740)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0x13, 0x3, &(0x7f0000008000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x4c, 0x7}}, &(0x7f0000014ff5)='syzka\x00\x00\x00\x05\x00\xf3', 0x2, 0x1000, &(0x7f0000014000)=""/4096}, 0x48) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000540)='/dev/net/tun\x00', 0x10000, 0x0) ioctl$TUNGETFILTER(r1, 0x801054db, &(0x7f0000000880)=""/104) socket$kcm(0x11, 0x6, 0x0) r2 = openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x10, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x67}}, &(0x7f0000000340)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x70) r4 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socketpair(0x1a, 0x803, 0x8, &(0x7f0000000700)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x1ff) ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, 0x0) close(0xffffffffffffffff) close(r4) write$cgroup_int(r2, 0x0, 0x0) [ 186.754137][T10626] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 not in group (block 4026533582)! [ 186.834366][T10632] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 186.843293][T10626] EXT4-fs (loop5): group descriptors corrupted! [ 186.856595][T10613] FAT-fs (loop2): error, invalid access to FAT (entry 0x00006500) [ 186.874252][T10632] CPU: 0 PID: 10632 Comm: syz-executor.4 Not tainted 5.3.0-rc3-next-20190809 #63 [ 186.883425][T10632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.893661][T10632] Call Trace: [ 186.896964][T10632] dump_stack+0x172/0x1f0 [ 186.901303][T10632] dump_header+0x177/0x1152 [ 186.905835][T10632] ? ___ratelimit+0xf8/0x595 [ 186.910435][T10632] ? trace_hardirqs_on+0x67/0x240 [ 186.915465][T10632] ? mark_oom_victim.cold+0x18/0x18 [ 186.920693][T10632] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 186.926522][T10632] ? ___ratelimit+0x60/0x595 [ 186.931119][T10632] ? do_raw_spin_unlock+0x57/0x270 [ 186.936258][T10632] oom_kill_process.cold+0x10/0x15 [ 186.941403][T10632] out_of_memory+0x334/0x1340 [ 186.946097][T10632] ? __sched_text_start+0x8/0x8 [ 186.950967][T10632] ? oom_killer_disable+0x280/0x280 [ 186.956216][T10632] mem_cgroup_out_of_memory+0x1d8/0x240 [ 186.961848][T10632] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 186.967529][T10632] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 186.973368][T10632] ? cgroup_file_notify+0x140/0x1b0 [ 186.978598][T10632] memory_max_write+0x262/0x3a0 [ 186.983469][T10632] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 186.990246][T10632] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 186.995728][T10632] cgroup_file_write+0x241/0x790 [ 187.000688][T10632] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 187.007475][T10632] ? cgroup_migrate_add_task+0x890/0x890 [ 187.013113][T10632] ? kernfs_get_active+0x191/0x240 [ 187.018234][T10632] ? cgroup_migrate_add_task+0x890/0x890 [ 187.023876][T10632] kernfs_fop_write+0x2b8/0x480 [ 187.028863][T10632] __vfs_write+0x8a/0x110 [ 187.033197][T10632] ? kernfs_fop_open+0xd80/0xd80 [ 187.038148][T10632] vfs_write+0x268/0x5d0 [ 187.042407][T10632] ksys_write+0x14f/0x290 [ 187.046744][T10632] ? __ia32_sys_read+0xb0/0xb0 [ 187.051520][T10632] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 187.057600][T10632] __x64_sys_write+0x73/0xb0 [ 187.062194][T10632] do_syscall_64+0xfa/0x760 [ 187.066703][T10632] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.072635][T10632] RIP: 0033:0x459829 [ 187.076664][T10632] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 187.096272][T10632] RSP: 002b:00007f20aebb0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 187.104687][T10632] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 187.112657][T10632] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 187.120631][T10632] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 12:38:46 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 187.128612][T10632] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f20aebb16d4 [ 187.136604][T10632] R13: 00000000004c9970 R14: 00000000004e0fd8 R15: 00000000ffffffff [ 187.151863][T10613] FAT-fs (loop2): error, invalid access to FAT (entry 0x00006500) [ 187.160368][T10632] memory: usage 4144kB, limit 0kB, failcnt 0 [ 187.180665][T10625] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 187.219671][T10632] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 187.239829][T10632] Memory cgroup stats for /syz4: [ 187.240504][T10632] anon 2170880 [ 187.240504][T10632] file 0 [ 187.240504][T10632] kernel_stack 0 [ 187.240504][T10632] slab 1490944 [ 187.240504][T10632] sock 0 [ 187.240504][T10632] shmem 0 [ 187.240504][T10632] file_mapped 0 [ 187.240504][T10632] file_dirty 0 [ 187.240504][T10632] file_writeback 0 [ 187.240504][T10632] anon_thp 2097152 [ 187.240504][T10632] inactive_anon 0 [ 187.240504][T10632] active_anon 2170880 [ 187.240504][T10632] inactive_file 0 [ 187.240504][T10632] active_file 0 [ 187.240504][T10632] unevictable 0 [ 187.240504][T10632] slab_reclaimable 540672 [ 187.240504][T10632] slab_unreclaimable 950272 [ 187.240504][T10632] pgfault 1023 [ 187.240504][T10632] pgmajfault 0 [ 187.240504][T10632] workingset_refault 0 [ 187.240504][T10632] workingset_activate 0 12:38:46 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 187.240504][T10632] workingset_nodereclaim 0 [ 187.240504][T10632] pgrefill 0 [ 187.240504][T10632] pgscan 0 [ 187.240504][T10632] pgsteal 0 [ 187.240504][T10632] pgactivate 0 12:38:46 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000380)="11dca5055e0bcfe47bf070") r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000440)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000004680)=[{{&(0x7f0000000000)=@pppol2tp, 0x80, 0x0}}, {{0x0, 0x0, &(0x7f0000000a00)=[{0x0}], 0x1}}], 0x2, 0x0, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) 12:38:46 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") syz_emit_ethernet(0x1a8d03, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000008100000008060001080006040002aaaaaaaaaa0000000000000006aaaaaa00000000"], 0x0) 12:38:46 executing program 1: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r0) close(r1) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000040)) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0xfffffc61) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg(r0, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x2000012e}], 0x1, 0x0, 0xd01}, 0x3f00) close(r1) ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0) [ 187.361295][T10632] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=10631,uid=0 [ 187.378802][T10632] Memory cgroup out of memory: Killed process 10631 (syz-executor.4) total-vm:72576kB, anon-rss:2152kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 187.395623][ T1061] oom_reaper: reaped process 10631 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 12:38:46 executing program 3: ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x243b, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000740)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0x13, 0x3, &(0x7f0000008000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x4c, 0x7}}, &(0x7f0000014ff5)='syzka\x00\x00\x00\x05\x00\xf3', 0x2, 0x1000, &(0x7f0000014000)=""/4096}, 0x48) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000540)='/dev/net/tun\x00', 0x10000, 0x0) ioctl$TUNGETFILTER(r1, 0x801054db, &(0x7f0000000880)=""/104) socket$kcm(0x11, 0x6, 0x0) r2 = openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0), 0x4) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000600)={&(0x7f0000000580)='./file0\x00', r3}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000400)={0x0, 0x300000}, 0xc) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x10, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x67}}, &(0x7f0000000340)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x70) r4 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) socketpair(0x1a, 0x803, 0x8, &(0x7f0000000700)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x1ff) ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, 0x0) close(0xffffffffffffffff) close(r4) write$cgroup_int(r2, 0x0, 0x0) 12:38:46 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) 12:38:46 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x800000000040, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c) 12:38:47 executing program 3: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2b, 'pids'}]}, 0x6) write$cgroup_subtree(r2, &(0x7f0000000400)=ANY=[@ANYBLOB="2d70696473209fc39dfe7bb92b3c150d797cff8b11dec9854d3029f1aba3b5b4538c7092b58e80137ad3b6569ba3cc56fbf6dd890b7e7ba7a692ae0159cd3e5fd3685057a11c033d1e456f152e68fbb7399490ecd5a2a5bb1bfe0c3feae6fcdd97865af46ad815bf55fbfd7ea8dac9ea0710337e7259f6dc704f2cc48142759c8b8175089b337509f12b44f232d96ca373194104b317974fa11eb8e2c514f78f28a1bed9be7d1efff3e083b620330d8358f7efe728f6824dcc2c535e288d6622a5f6dd9cd7853443046b89e5bfcebe4b3209878ce16132e35d8078676eeb2bff62b76cc0d0b0e5a3daffe207efb58d0a58c5c6c6af5c93d6da904fed32843e0ce82218974529b1406c7f415cac63f2c62c6205a91be26de58a2d93c759501c750c99e311399d8ed4036318681433c84bd60e4cc5111fb4fc"], 0x6) 12:38:47 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:38:47 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 187.773626][T10254] syz-executor.4 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 187.833387][T10254] CPU: 0 PID: 10254 Comm: syz-executor.4 Not tainted 5.3.0-rc3-next-20190809 #63 [ 187.842539][T10254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 187.852603][T10254] Call Trace: [ 187.855897][T10254] dump_stack+0x172/0x1f0 [ 187.860252][T10254] dump_header+0x177/0x1152 [ 187.864761][T10254] ? ___ratelimit+0xf8/0x595 [ 187.864778][T10254] ? trace_hardirqs_on+0x67/0x240 [ 187.864791][T10254] ? mark_oom_victim.cold+0x18/0x18 12:38:47 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:38:47 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 187.864806][T10254] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 187.864826][T10254] ? ___ratelimit+0x60/0x595 [ 187.885427][T10254] ? do_raw_spin_unlock+0x57/0x270 [ 187.885445][T10254] oom_kill_process.cold+0x10/0x15 [ 187.885457][T10254] out_of_memory+0x334/0x1340 [ 187.885470][T10254] ? lock_downgrade+0x920/0x920 [ 187.885485][T10254] ? oom_killer_disable+0x280/0x280 [ 187.885504][T10254] mem_cgroup_out_of_memory+0x1d8/0x240 [ 187.885524][T10254] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 187.926151][T10254] ? do_raw_spin_unlock+0x57/0x270 [ 187.931286][T10254] ? _raw_spin_unlock+0x2d/0x50 [ 187.936152][T10254] try_charge+0xf4b/0x1440 [ 187.940580][T10254] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 187.946884][T10254] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 187.952459][T10254] ? __kasan_check_read+0x11/0x20 [ 187.957517][T10254] ? cache_grow_begin+0x122/0xd20 [ 187.962599][T10254] ? __kasan_check_read+0x11/0x20 [ 187.962616][T10254] __memcg_kmem_charge_memcg+0x71/0xf0 [ 187.962629][T10254] ? memcg_kmem_put_cache+0x50/0x50 [ 187.962639][T10254] ? cache_grow_begin+0x709/0xd20 12:38:47 executing program 3: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2b, 'pids'}]}, 0x6) write$cgroup_subtree(r2, &(0x7f0000000400)=ANY=[@ANYBLOB="2d70696473209fc39dfe7bb92b3c150d797cff8b11dec9854d3029f1aba3b5b4538c7092b58e80137ad3b6569ba3cc56fbf6dd890b7e7ba7a692ae0159cd3e5fd3685057a11c033d1e456f152e68fbb7399490ecd5a2a5bb1bfe0c3feae6fcdd97865af46ad815bf55fbfd7ea8dac9ea0710337e7259f6dc704f2cc48142759c8b8175089b337509f12b44f232d96ca373194104b317974fa11eb8e2c514f78f28a1bed9be7d1efff3e083b620330d8358f7efe728f6824dcc2c535e288d6622a5f6dd9cd7853443046b89e5bfcebe4b3209878ce16132e35d8078676eeb2bff62b76cc0d0b0e5a3daffe207efb58d0a58c5c6c6af5c93d6da904fed32843e0ce82218974529b1406c7f415cac63f2c62c6205a91be26de58a2d93c759501c750c99e311399d8ed4036318681433c84bd60e4cc5111fb4fc"], 0x6) [ 187.962663][T10254] cache_grow_begin+0x627/0xd20 [ 187.988786][T10254] ? __sanitizer_cov_trace_cmp1+0x11/0x20 [ 187.994541][T10254] ? mempolicy_slab_node+0x139/0x390 [ 187.999858][T10254] fallback_alloc+0x1fd/0x2d0 [ 188.004551][T10254] ____cache_alloc_node+0x1bc/0x1d0 [ 188.009766][T10254] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.016035][T10254] kmem_cache_alloc+0x1ef/0x710 [ 188.020896][T10254] ? lock_downgrade+0x920/0x920 [ 188.025746][T10254] ? rwlock_bug.part.0+0x90/0x90 [ 188.025765][T10254] ? ratelimit_state_init+0xb0/0xb0 [ 188.025779][T10254] ext4_alloc_inode+0x1f/0x640 [ 188.025794][T10254] ? ratelimit_state_init+0xb0/0xb0 [ 188.025807][T10254] alloc_inode+0x68/0x1e0 [ 188.025827][T10254] iget_locked+0x1a6/0x4b0 [ 188.054608][T10254] __ext4_iget+0x265/0x3d10 [ 188.059161][T10254] ? ext4_get_projid+0x190/0x190 [ 188.064111][T10254] ? trace_hardirqs_on+0x67/0x240 [ 188.069182][T10254] ? d_alloc_parallel+0xa78/0x1c30 [ 188.072198][T10691] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.5'. [ 188.074302][T10254] ext4_lookup+0x3b1/0x7a0 [ 188.074320][T10254] ? ext4_cross_rename+0x1430/0x1430 [ 188.074334][T10254] ? bpf_prog_kallsyms_find+0x50/0x2c0 [ 188.074362][T10254] ? lockdep_init_map+0x1be/0x6d0 [ 188.074381][T10254] __lookup_slow+0x279/0x500 [ 188.074396][T10254] ? vfs_unlink+0x620/0x620 [ 188.074425][T10254] lookup_slow+0x58/0x80 [ 188.074441][T10254] path_mountpoint+0x5d2/0x1e60 [ 188.074453][T10254] ? __isolate_free_page+0x4c0/0x4c0 [ 188.074464][T10254] ? save_stack+0x5c/0x90 [ 188.074475][T10254] ? save_stack+0x23/0x90 [ 188.074493][T10254] ? path_openat+0x4630/0x4630 [ 188.074507][T10254] ? __kasan_check_read+0x11/0x20 [ 188.074525][T10254] filename_mountpoint+0x190/0x3c0 [ 188.074550][T10254] ? rwlock_bug.part.0+0x90/0x90 [ 188.155816][T10254] ? filename_parentat.isra.0+0x410/0x410 [ 188.161562][T10254] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.167811][T10254] ? __phys_addr_symbol+0x30/0x70 [ 188.172890][T10254] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 188.178641][T10254] ? __check_object_size+0x3d/0x437 [ 188.183869][T10254] ? strncpy_from_user+0x2b4/0x400 [ 188.189000][T10254] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.195253][T10254] ? getname_flags+0x277/0x5b0 [ 188.200055][T10254] user_path_mountpoint_at+0x3a/0x50 [ 188.205388][T10254] ksys_umount+0x167/0xf00 [ 188.209831][T10254] ? __ia32_sys_rmdir+0x40/0x40 [ 188.214693][T10254] ? __detach_mounts+0x2a0/0x2a0 [ 188.219638][T10254] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.225995][T10254] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 188.232091][T10254] ? trace_hardirqs_off_caller+0x65/0x230 [ 188.237837][T10254] __x64_sys_umount+0x54/0x80 [ 188.242549][T10254] do_syscall_64+0xfa/0x760 [ 188.247070][T10254] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.253031][T10254] RIP: 0033:0x45c257 [ 188.256948][T10254] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.276566][T10254] RSP: 002b:00007ffc14965118 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 188.285090][T10254] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c257 [ 188.293071][T10254] RDX: 0000000000403520 RSI: 0000000000000002 RDI: 00007ffc149651c0 [ 188.301068][T10254] RBP: 0000000000000023 R08: 0000000000000000 R09: 000000000000000f [ 188.309047][T10254] R10: 000000000000000a R11: 0000000000000202 R12: 00007ffc14966250 [ 188.317019][T10254] R13: 000055555629b940 R14: 0000000000000000 R15: 00007ffc14966250 [ 188.365202][T10254] memory: usage 1796kB, limit 0kB, failcnt 12 [ 188.371317][T10254] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 188.378258][T10254] Memory cgroup stats for /syz4: [ 188.378386][T10254] anon 65536 [ 188.378386][T10254] file 0 [ 188.378386][T10254] kernel_stack 0 [ 188.378386][T10254] slab 1490944 [ 188.378386][T10254] sock 0 [ 188.378386][T10254] shmem 0 [ 188.378386][T10254] file_mapped 0 [ 188.378386][T10254] file_dirty 0 [ 188.378386][T10254] file_writeback 0 [ 188.378386][T10254] anon_thp 0 [ 188.378386][T10254] inactive_anon 0 [ 188.378386][T10254] active_anon 65536 [ 188.378386][T10254] inactive_file 0 [ 188.378386][T10254] active_file 0 [ 188.378386][T10254] unevictable 0 [ 188.378386][T10254] slab_reclaimable 540672 [ 188.378386][T10254] slab_unreclaimable 950272 [ 188.378386][T10254] pgfault 1023 [ 188.378386][T10254] pgmajfault 0 [ 188.378386][T10254] workingset_refault 0 [ 188.378386][T10254] workingset_activate 0 [ 188.378386][T10254] workingset_nodereclaim 0 [ 188.378386][T10254] pgrefill 0 [ 188.378386][T10254] pgscan 0 [ 188.378386][T10254] pgsteal 0 [ 188.378386][T10254] pgactivate 0 [ 188.378386][T10254] pgdeactivate 0 [ 188.478010][T10254] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=10254,uid=0 [ 188.493877][T10254] Memory cgroup out of memory: Killed process 10254 (syz-executor.4) total-vm:72444kB, anon-rss:104kB, file-rss:35776kB, shmem-rss:0kB, UID:0 [ 188.510397][ T1061] oom_reaper: reaped process 10254 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 188.522263][T10695] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 188.532782][T10695] CPU: 1 PID: 10695 Comm: syz-executor.5 Not tainted 5.3.0-rc3-next-20190809 #63 [ 188.541907][T10695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.552067][T10695] Call Trace: [ 188.556466][T10695] dump_stack+0x172/0x1f0 [ 188.560791][T10695] dump_header+0x177/0x1152 [ 188.565301][T10695] ? ___ratelimit+0xf8/0x595 [ 188.569923][T10695] ? trace_hardirqs_on+0x67/0x240 [ 188.574941][T10695] ? mark_oom_victim.cold+0x18/0x18 [ 188.580136][T10695] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 188.585923][T10695] ? ___ratelimit+0x60/0x595 [ 188.590524][T10695] ? do_raw_spin_unlock+0x57/0x270 [ 188.595621][T10695] oom_kill_process.cold+0x10/0x15 [ 188.600750][T10695] out_of_memory+0x334/0x1340 [ 188.605424][T10695] ? oom_killer_disable+0x280/0x280 [ 188.610621][T10695] mem_cgroup_out_of_memory+0x1d8/0x240 [ 188.616148][T10695] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 188.621790][T10695] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 188.628109][T10695] ? cgroup_file_notify+0x140/0x1b0 [ 188.633324][T10695] memory_max_write+0x262/0x3a0 [ 188.638174][T10695] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 188.644954][T10695] ? lock_acquire+0x190/0x410 [ 188.649649][T10695] ? kernfs_fop_write+0x227/0x480 [ 188.654672][T10695] cgroup_file_write+0x241/0x790 [ 188.659640][T10695] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 188.666401][T10695] ? cgroup_migrate_add_task+0x890/0x890 [ 188.672042][T10695] ? __might_fault+0x1a3/0x1e0 [ 188.676798][T10695] ? cgroup_migrate_add_task+0x890/0x890 [ 188.682421][T10695] kernfs_fop_write+0x2b8/0x480 [ 188.688788][T10695] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.695053][T10695] __vfs_write+0x8a/0x110 [ 188.699368][T10695] ? kernfs_fop_open+0xd80/0xd80 [ 188.704307][T10695] vfs_write+0x268/0x5d0 [ 188.709170][T10695] ksys_write+0x14f/0x290 [ 188.713508][T10695] ? __ia32_sys_read+0xb0/0xb0 [ 188.718266][T10695] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 188.724322][T10695] __x64_sys_write+0x73/0xb0 [ 188.728901][T10695] do_syscall_64+0xfa/0x760 [ 188.733418][T10695] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.739297][T10695] RIP: 0033:0x459829 [ 188.743180][T10695] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.762779][T10695] RSP: 002b:00007f98f6f50c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 188.771178][T10695] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 188.779131][T10695] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 188.787094][T10695] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 188.795063][T10695] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f98f6f516d4 [ 188.803050][T10695] R13: 00000000004c9970 R14: 00000000004e0fd8 R15: 00000000ffffffff [ 188.812709][T10695] memory: usage 4844kB, limit 0kB, failcnt 0 [ 188.826753][T10695] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 188.833832][T10695] Memory cgroup stats for /syz5: [ 188.833954][T10695] anon 2220032 [ 188.833954][T10695] file 0 [ 188.833954][T10695] kernel_stack 65536 [ 188.833954][T10695] slab 2162688 [ 188.833954][T10695] sock 0 [ 188.833954][T10695] shmem 0 [ 188.833954][T10695] file_mapped 0 [ 188.833954][T10695] file_dirty 0 [ 188.833954][T10695] file_writeback 0 [ 188.833954][T10695] anon_thp 2097152 [ 188.833954][T10695] inactive_anon 0 [ 188.833954][T10695] active_anon 2146304 [ 188.833954][T10695] inactive_file 0 [ 188.833954][T10695] active_file 0 [ 188.833954][T10695] unevictable 0 [ 188.833954][T10695] slab_reclaimable 675840 [ 188.833954][T10695] slab_unreclaimable 1486848 [ 188.833954][T10695] pgfault 1089 [ 188.833954][T10695] pgmajfault 0 [ 188.833954][T10695] workingset_refault 0 [ 188.833954][T10695] workingset_activate 0 [ 188.833954][T10695] workingset_nodereclaim 0 12:38:48 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x0) io_setup(0x1000000000001, &(0x7f0000000240)=0x0) io_submit(r1, 0x1, &(0x7f00000002c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x8, 0x0, 0x0, r0, 0x0, 0xfffffca0}]) 12:38:48 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) 12:38:48 executing program 3: clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x2, 0x2, 0x5) ioctl$TIOCLINUX5(0xffffffffffffffff, 0x541c, 0x0) sched_yield() 12:38:48 executing program 1: syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @remote, [], {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x0, @broadcast, @empty=0x8000000, @empty, @local}}}}, 0x0) [ 188.833954][T10695] pgrefill 0 [ 188.833954][T10695] pgscan 0 [ 188.833954][T10695] pgsteal 0 [ 188.833954][T10695] pgactivate 0 [ 188.929499][T10695] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10690,uid=0 12:38:48 executing program 1: [ 188.963334][T10695] Memory cgroup out of memory: Killed process 10690 (syz-executor.5) total-vm:72708kB, anon-rss:2156kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 188.994072][ T1061] oom_reaper: reaped process 10690 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 12:38:48 executing program 3: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) sendmsg(0xffffffffffffffff, 0x0, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0) 12:38:48 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 189.091803][T10257] syz-executor.5 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 189.126125][T10257] CPU: 0 PID: 10257 Comm: syz-executor.5 Not tainted 5.3.0-rc3-next-20190809 #63 [ 189.135305][T10257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.145650][T10257] Call Trace: [ 189.148949][T10257] dump_stack+0x172/0x1f0 [ 189.153292][T10257] dump_header+0x177/0x1152 [ 189.157832][T10257] ? ___ratelimit+0xf8/0x595 [ 189.162446][T10257] ? trace_hardirqs_on+0x67/0x240 [ 189.167482][T10257] ? mark_oom_victim.cold+0x18/0x18 [ 189.172723][T10257] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 189.178528][T10257] ? ___ratelimit+0x60/0x595 [ 189.183112][T10257] ? do_raw_spin_unlock+0x57/0x270 [ 189.188229][T10257] oom_kill_process.cold+0x10/0x15 [ 189.193334][T10257] out_of_memory+0x334/0x1340 [ 189.198006][T10257] ? lock_downgrade+0x920/0x920 [ 189.202841][T10257] ? oom_killer_disable+0x280/0x280 [ 189.208031][T10257] ? __kasan_check_read+0x11/0x20 [ 189.213044][T10257] mem_cgroup_out_of_memory+0x1d8/0x240 [ 189.218588][T10257] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 189.224392][T10257] ? do_raw_spin_unlock+0x57/0x270 [ 189.229485][T10257] ? _raw_spin_unlock+0x2d/0x50 [ 189.234337][T10257] try_charge+0xf4b/0x1440 [ 189.238754][T10257] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.244978][T10257] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 189.250516][T10257] ? __kasan_check_read+0x11/0x20 [ 189.255584][T10257] ? cache_grow_begin+0x122/0xd20 [ 189.260622][T10257] ? __kasan_check_read+0x11/0x20 [ 189.265647][T10257] __memcg_kmem_charge_memcg+0x71/0xf0 [ 189.271123][T10257] ? memcg_kmem_put_cache+0x50/0x50 [ 189.276327][T10257] ? cache_grow_begin+0x709/0xd20 [ 189.281416][T10257] cache_grow_begin+0x627/0xd20 [ 189.286281][T10257] ? __sanitizer_cov_trace_cmp1+0x11/0x20 [ 189.292202][T10257] ? mempolicy_slab_node+0x139/0x390 [ 189.297520][T10257] fallback_alloc+0x1fd/0x2d0 [ 189.302280][T10257] ____cache_alloc_node+0x1bc/0x1d0 [ 189.307472][T10257] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.313726][T10257] kmem_cache_alloc+0x1ef/0x710 [ 189.318569][T10257] ? stack_trace_save+0xac/0xe0 [ 189.323413][T10257] __alloc_file+0x27/0x340 [ 189.327845][T10257] alloc_empty_file+0x72/0x170 [ 189.332653][T10257] path_openat+0xef/0x4630 [ 189.337104][T10257] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 189.342924][T10257] ? kasan_slab_alloc+0xf/0x20 [ 189.347692][T10257] ? kmem_cache_alloc+0x121/0x710 [ 189.352725][T10257] ? getname_flags+0xd6/0x5b0 [ 189.357383][T10257] ? getname+0x1a/0x20 [ 189.361464][T10257] ? do_sys_open+0x2c9/0x5d0 [ 189.366101][T10257] ? __x64_sys_open+0x7e/0xc0 [ 189.371553][T10257] ? do_syscall_64+0xfa/0x760 [ 189.376229][T10257] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.382282][T10257] ? __isolate_free_page+0x4c0/0x4c0 [ 189.387560][T10257] ? __kasan_check_read+0x11/0x20 [ 189.392567][T10257] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 189.397933][T10257] ? __kasan_check_read+0x11/0x20 [ 189.403124][T10257] ? __alloc_pages_nodemask+0x578/0x900 [ 189.408701][T10257] ? cache_grow_end+0xa4/0x190 [ 189.413490][T10257] ? __kasan_check_read+0x11/0x20 [ 189.418502][T10257] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 189.424219][T10257] do_filp_open+0x1a1/0x280 [ 189.428719][T10257] ? may_open_dev+0x100/0x100 [ 189.433388][T10257] ? lock_downgrade+0x920/0x920 [ 189.438249][T10257] ? rwlock_bug.part.0+0x90/0x90 [ 189.443181][T10257] ? __alloc_fd+0x35/0x620 [ 189.447603][T10257] ? __kasan_check_read+0x11/0x20 [ 189.452628][T10257] ? do_raw_spin_unlock+0x57/0x270 [ 189.457736][T10257] ? _raw_spin_unlock+0x2d/0x50 [ 189.462600][T10257] ? __alloc_fd+0x487/0x620 [ 189.467094][T10257] do_sys_open+0x3fe/0x5d0 [ 189.471496][T10257] ? filp_open+0x80/0x80 [ 189.475738][T10257] ? __detach_mounts+0x2a0/0x2a0 [ 189.480694][T10257] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 189.486971][T10257] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 189.493041][T10257] __x64_sys_open+0x7e/0xc0 [ 189.497539][T10257] do_syscall_64+0xfa/0x760 [ 189.502030][T10257] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.507924][T10257] RIP: 0033:0x4577a0 [ 189.511830][T10257] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 189.531456][T10257] RSP: 002b:00007ffe440d4d30 EFLAGS: 00000206 ORIG_RAX: 0000000000000002 [ 189.539976][T10257] RAX: ffffffffffffffda RBX: 000000000002e213 RCX: 00000000004577a0 [ 189.548111][T10257] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007ffe440d5f10 [ 189.557411][T10257] RBP: 0000000000000027 R08: 0000000000000001 R09: 0000555555b65940 [ 189.565378][T10257] R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffe440d5f10 [ 189.573376][T10257] R13: 00007ffe440d5f00 R14: 0000000000000000 R15: 00007ffe440d5f10 [ 189.582668][T10257] memory: usage 2460kB, limit 0kB, failcnt 12 [ 189.596205][T10257] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 189.607204][T10257] Memory cgroup stats for /syz5: [ 189.607316][T10257] anon 16384 [ 189.607316][T10257] file 0 [ 189.607316][T10257] kernel_stack 0 [ 189.607316][T10257] slab 2162688 [ 189.607316][T10257] sock 0 [ 189.607316][T10257] shmem 0 [ 189.607316][T10257] file_mapped 0 [ 189.607316][T10257] file_dirty 0 [ 189.607316][T10257] file_writeback 0 [ 189.607316][T10257] anon_thp 0 [ 189.607316][T10257] inactive_anon 0 [ 189.607316][T10257] active_anon 16384 [ 189.607316][T10257] inactive_file 0 [ 189.607316][T10257] active_file 0 [ 189.607316][T10257] unevictable 0 [ 189.607316][T10257] slab_reclaimable 675840 [ 189.607316][T10257] slab_unreclaimable 1486848 [ 189.607316][T10257] pgfault 1089 [ 189.607316][T10257] pgmajfault 0 [ 189.607316][T10257] workingset_refault 0 [ 189.607316][T10257] workingset_activate 0 [ 189.607316][T10257] workingset_nodereclaim 0 [ 189.607316][T10257] pgrefill 0 [ 189.607316][T10257] pgscan 0 12:38:49 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:38:49 executing program 1: r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9afd) clone(0x140010b, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() mount$fuseblk(&(0x7f0000000300)='/dev/loop0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x2004, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x400000000001f) creat(&(0x7f0000000240)='./file0\x00', 0x0) 12:38:49 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b7000000a5517f5fbfa30000000000000703000028feffff720af0fff8ffffff71a4f0ff00000000b7060000000000013d400300000000006506000001ed000071185400000000003f640000000000006a0a00fe00000000850000002e000000b7000000000000009500000000000000023bc065b7a379d179fc9e94af69912435f1b6a693172e61917adef6ee1c8a2b4f8ef1e50beca090f32050e436fe275daf51efd601b6bf01c8e8b1b5e4fef3bef7054815ae98743d1ace4c46631256dd19aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb779c871a67316cb0a0d8fa30b2f5cd21712f68ce561f57cbec243d6088e53a015867cd2ebb148137cc307542c19966aaf5f87553bb632d48b3ccb0855cbaa3e371299856ee1c0e0a849f4601b1f8e"], &(0x7f00000001c0)='\x00\xf1)\r*\xbbzL\x8e7\x9e\xaa\xb3y\xb9\xfa!\xad!\xb4\xd4\x94\xa0\x86\xcf\x12#\xb4\xd3n$\x85\x06k\xb2\xf9\xd5\"\xfe\x86 \b\x7f\xe8\x8a\xcf\x89\x9b\xbaR]\xf5{J\x84\x15\xf9)\xf3\xc8\xd5`\xe6\xe6\x9eI\x02\xce\x1fI\xa8w\xc3#\xba\xf5\xe9\xea>\xc7\xab2,\xa0\x84t\xce\x04Tf\xc5\xfe`\'\x9b\xe2MH%\x93\x028\xcb\x0f\xdb\x16\xe2l\x80\xe6\xcd\xceW\x01SS-o`X\xf6\xa4\xc1|\xbe\xc4\xf0\xac1zp\xc9\x89\xef.\xa4\x91\xb4\xf3('}, 0x48) 12:38:49 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) 12:38:49 executing program 3: modify_ldt$write2(0x11, &(0x7f00000006c0)={0x8d3}, 0x10) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) clone(0x22086605, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$sock(0xffffffffffffffff, 0x0, 0x0) [ 189.607316][T10257] pgsteal 0 [ 189.607316][T10257] pgactivate 0 [ 189.607316][T10257] pgdeactivate 0 [ 189.720366][T10257] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10257,uid=0 12:38:49 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 189.809352][T10257] Memory cgroup out of memory: Killed process 10257 (syz-executor.5) total-vm:72444kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB, UID:0 12:38:49 executing program 2: socket$inet6(0xa, 0x3, 0xb) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo\x00') getdents(r0, &(0x7f0000000240)=""/4096, 0x1000) 12:38:49 executing program 3: [ 189.862929][T10742] ptrace attach of "/root/syz-executor.1"[10741] was attempted by "/root/syz-executor.1"[10742] [ 189.893326][ T1061] oom_reaper: reaped process 10257 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 12:38:49 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:38:49 executing program 3: 12:38:49 executing program 2: 12:38:50 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:38:50 executing program 2: 12:38:50 executing program 3: 12:38:50 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) 12:38:50 executing program 1: 12:38:50 executing program 3: 12:38:50 executing program 2: 12:38:50 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) 12:38:50 executing program 2: [ 191.433765][ T590] device bridge_slave_1 left promiscuous mode [ 191.440001][ T590] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.504250][ T590] device bridge_slave_0 left promiscuous mode [ 191.510448][ T590] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.263483][ T590] device hsr_slave_0 left promiscuous mode [ 192.313396][ T590] device hsr_slave_1 left promiscuous mode [ 192.359378][ T590] team0 (unregistering): Port device team_slave_1 removed [ 192.369356][ T590] team0 (unregistering): Port device team_slave_0 removed [ 192.380351][ T590] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 192.406121][ T590] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 192.485232][ T590] bond0 (unregistering): Released all slaves [ 192.591552][T10776] IPVS: ftp: loaded support on port[0] = 21 [ 192.591569][T10778] IPVS: ftp: loaded support on port[0] = 21 [ 192.725302][T10776] chnl_net:caif_netlink_parms(): no params data found [ 192.737173][T10778] chnl_net:caif_netlink_parms(): no params data found [ 192.779437][T10776] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.786776][T10776] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.794496][T10776] device bridge_slave_0 entered promiscuous mode [ 192.811609][T10776] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.819238][T10776] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.827306][T10776] device bridge_slave_1 entered promiscuous mode [ 192.834511][T10778] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.841568][T10778] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.850757][T10778] device bridge_slave_0 entered promiscuous mode [ 192.923390][T10778] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.930477][T10778] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.941587][T10778] device bridge_slave_1 entered promiscuous mode [ 192.951526][T10776] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 192.967584][T10776] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 192.998457][T10778] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 193.009112][T10776] team0: Port device team_slave_0 added [ 193.016231][T10778] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 193.030085][T10776] team0: Port device team_slave_1 added [ 193.057429][T10778] team0: Port device team_slave_0 added [ 193.105689][T10776] device hsr_slave_0 entered promiscuous mode [ 193.163521][T10776] device hsr_slave_1 entered promiscuous mode [ 193.223302][T10776] debugfs: Directory 'hsr0' with parent '/' already present! [ 193.232064][T10778] team0: Port device team_slave_1 added [ 193.286173][T10778] device hsr_slave_0 entered promiscuous mode [ 193.333532][T10778] device hsr_slave_1 entered promiscuous mode [ 193.373253][T10778] debugfs: Directory 'hsr0' with parent '/' already present! [ 193.381557][T10776] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.388644][T10776] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.396126][T10776] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.403208][T10776] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.426664][T10778] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.433770][T10778] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.441136][T10778] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.448540][T10778] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.521642][T10778] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.533002][T10776] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.550866][T10778] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.563882][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.575953][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.585927][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.594704][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.603571][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.625746][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.636411][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.645035][ T3490] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.653669][ T3490] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.661766][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 193.671897][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.681641][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.690889][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.701392][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.710632][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.719320][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.732516][T10776] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.757473][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.767283][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.778120][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.789122][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.797735][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.807908][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.816362][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.825733][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.834151][T10253] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.841191][T10253] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.848765][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.857539][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.865907][T10253] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.872955][T10253] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.880573][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 193.891625][T10778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.907500][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.922971][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.931819][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.941905][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.954325][T10778] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.962883][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.975852][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.993523][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 194.001917][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 194.011798][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 194.020652][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 194.029749][T10776] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 194.107732][T10776] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.200872][T10789] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.5'. [ 194.316914][T10795] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.4'. [ 194.341416][T10795] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 194.352524][T10795] CPU: 1 PID: 10795 Comm: syz-executor.4 Not tainted 5.3.0-rc3-next-20190809 #63 [ 194.361637][T10795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.371692][T10795] Call Trace: [ 194.374983][T10795] dump_stack+0x172/0x1f0 [ 194.379389][T10795] dump_header+0x177/0x1152 [ 194.383879][T10795] ? mark_oom_victim.cold+0x18/0x18 [ 194.389058][T10795] ? __sanitizer_cov_trace_pc+0x1/0x50 [ 194.394498][T10795] ? ___ratelimit+0x60/0x595 [ 194.399068][T10795] ? do_raw_spin_unlock+0x57/0x270 [ 194.404160][T10795] oom_kill_process.cold+0x10/0x15 [ 194.409271][T10795] out_of_memory+0x334/0x1340 [ 194.413970][T10795] ? __sched_text_start+0x8/0x8 [ 194.418827][T10795] ? oom_killer_disable+0x280/0x280 [ 194.424122][T10795] mem_cgroup_out_of_memory+0x1d8/0x240 [ 194.429661][T10795] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 194.435279][T10795] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 194.441086][T10795] ? cgroup_file_notify+0x140/0x1b0 [ 194.446269][T10795] memory_max_write+0x262/0x3a0 [ 194.451107][T10795] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 194.457871][T10795] ? lock_acquire+0x190/0x410 [ 194.462532][T10795] ? kernfs_fop_write+0x227/0x480 [ 194.467549][T10795] cgroup_file_write+0x241/0x790 [ 194.472501][T10795] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 194.479254][T10795] ? cgroup_migrate_add_task+0x890/0x890 [ 194.484879][T10795] ? __might_fault+0x1a3/0x1e0 [ 194.489644][T10795] ? cgroup_migrate_add_task+0x890/0x890 [ 194.495346][T10795] kernfs_fop_write+0x2b8/0x480 [ 194.500180][T10795] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.506413][T10795] __vfs_write+0x8a/0x110 [ 194.510724][T10795] ? kernfs_fop_open+0xd80/0xd80 [ 194.515651][T10795] vfs_write+0x268/0x5d0 [ 194.519874][T10795] ksys_write+0x14f/0x290 [ 194.524188][T10795] ? __ia32_sys_read+0xb0/0xb0 [ 194.528942][T10795] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 194.534995][T10795] __x64_sys_write+0x73/0xb0 [ 194.539583][T10795] do_syscall_64+0xfa/0x760 [ 194.544114][T10795] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.549994][T10795] RIP: 0033:0x459829 [ 194.553901][T10795] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.573492][T10795] RSP: 002b:00007eff6585bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 194.581890][T10795] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 194.589891][T10795] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 194.597870][T10795] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 194.605822][T10795] R10: 0000000000000000 R11: 0000000000000246 R12: 00007eff6585c6d4 [ 194.613783][T10795] R13: 00000000004c9970 R14: 00000000004e0fd8 R15: 00000000ffffffff [ 194.653268][T10795] memory: usage 4000kB, limit 0kB, failcnt 13 [ 194.659445][T10795] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 194.667698][T10795] Memory cgroup stats for /syz4: [ 194.668877][T10795] anon 2215936 [ 194.668877][T10795] file 0 [ 194.668877][T10795] kernel_stack 0 [ 194.668877][T10795] slab 1490944 [ 194.668877][T10795] sock 0 [ 194.668877][T10795] shmem 0 [ 194.668877][T10795] file_mapped 0 [ 194.668877][T10795] file_dirty 0 [ 194.668877][T10795] file_writeback 0 [ 194.668877][T10795] anon_thp 2097152 [ 194.668877][T10795] inactive_anon 0 [ 194.668877][T10795] active_anon 2215936 [ 194.668877][T10795] inactive_file 0 [ 194.668877][T10795] active_file 0 [ 194.668877][T10795] unevictable 0 [ 194.668877][T10795] slab_reclaimable 540672 [ 194.668877][T10795] slab_unreclaimable 950272 [ 194.668877][T10795] pgfault 1089 [ 194.668877][T10795] pgmajfault 0 [ 194.668877][T10795] workingset_refault 0 [ 194.668877][T10795] workingset_activate 0 [ 194.668877][T10795] workingset_nodereclaim 0 [ 194.668877][T10795] pgrefill 0 [ 194.668877][T10795] pgscan 0 [ 194.668877][T10795] pgsteal 0 [ 194.668877][T10795] pgactivate 0 [ 194.763214][T10795] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=10794,uid=0 [ 194.780184][T10795] Memory cgroup out of memory: Killed process 10794 (syz-executor.4) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 194.799203][ T1061] oom_reaper: reaped process 10794 (syz-executor.4), now anon-rss:0kB, file-rss:34868kB, shmem-rss:0kB 12:38:54 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) 12:38:54 executing program 1: 12:38:54 executing program 0: setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) 12:38:54 executing program 3: 12:38:54 executing program 2: 12:38:54 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) 12:38:54 executing program 2: [ 194.906375][T10776] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 194.976403][T10776] CPU: 0 PID: 10776 Comm: syz-executor.4 Not tainted 5.3.0-rc3-next-20190809 #63 [ 194.985582][T10776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.985588][T10776] Call Trace: [ 194.985612][T10776] dump_stack+0x172/0x1f0 [ 194.985626][T10776] dump_header+0x177/0x1152 [ 194.985640][T10776] ? ___ratelimit+0xf8/0x595 [ 194.985654][T10776] ? trace_hardirqs_on+0x67/0x240 [ 194.985674][T10776] ? mark_oom_victim.cold+0x18/0x18 [ 195.022786][T10776] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 195.028599][T10776] ? ___ratelimit+0x60/0x595 [ 195.033193][T10776] ? do_raw_spin_unlock+0x57/0x270 [ 195.038309][T10776] oom_kill_process.cold+0x10/0x15 [ 195.043434][T10776] out_of_memory+0x334/0x1340 [ 195.043448][T10776] ? lock_downgrade+0x920/0x920 [ 195.043463][T10776] ? oom_killer_disable+0x280/0x280 [ 195.043476][T10776] ? __kasan_check_read+0x11/0x20 [ 195.043492][T10776] mem_cgroup_out_of_memory+0x1d8/0x240 [ 195.043504][T10776] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 195.043519][T10776] ? do_raw_spin_unlock+0x57/0x270 [ 195.043540][T10776] ? _raw_spin_unlock+0x2d/0x50 [ 195.069145][T10776] try_charge+0xf4b/0x1440 [ 195.069167][T10776] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 195.094664][T10776] ? percpu_ref_tryget_live+0x111/0x290 [ 195.100211][T10776] ? get_mem_cgroup_from_mm+0x16/0x320 [ 195.100232][T10776] ? get_mem_cgroup_from_mm+0x156/0x320 [ 195.100250][T10776] mem_cgroup_try_charge+0x136/0x590 [ 195.116783][T10776] mem_cgroup_try_charge_delay+0x1f/0xa0 12:38:54 executing program 3: 12:38:54 executing program 2: 12:38:54 executing program 0: setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 195.122455][T10776] __handle_mm_fault+0x1e3a/0x3f20 [ 195.127597][T10776] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 195.133154][T10776] ? __kasan_check_read+0x11/0x20 [ 195.138199][T10776] ? trace_hardirqs_on+0x67/0x240 [ 195.143239][T10776] handle_mm_fault+0x1b5/0x6b0 [ 195.148012][T10776] __do_page_fault+0x536/0xdd0 [ 195.152863][T10776] do_page_fault+0x38/0x590 [ 195.157430][T10776] page_fault+0x39/0x40 [ 195.161590][T10776] RIP: 0033:0x4577c1 12:38:54 executing program 1: [ 195.165505][T10776] Code: 48 81 ec 98 00 00 00 0f 05 48 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 00 48 89 e2 89 de bf 01 00 00 00 ba 13 00 00 85 c0 0f 88 98 00 00 00 8b 44 24 18 25 00 f0 00 00 [ 195.165513][T10776] RSP: 002b:00007ffde9275fb0 EFLAGS: 00010206 [ 195.165522][T10776] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 00000000004577a0 [ 195.165528][T10776] RDX: 00007ffde9275fb0 RSI: 0000000000000003 RDI: 0000000000000001 [ 195.165534][T10776] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556325940 [ 195.165541][T10776] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffde9277190 12:38:54 executing program 1: [ 195.165547][T10776] R13: 00007ffde9277180 R14: 0000000000000000 R15: 00007ffde9277190 [ 195.250638][T10801] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.5'. [ 195.331606][T10776] memory: usage 1664kB, limit 0kB, failcnt 21 [ 195.347651][T10776] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 195.367424][T10776] Memory cgroup stats for /syz4: [ 195.367533][T10776] anon 0 [ 195.367533][T10776] file 0 [ 195.367533][T10776] kernel_stack 0 [ 195.367533][T10776] slab 1490944 [ 195.367533][T10776] sock 0 [ 195.367533][T10776] shmem 0 [ 195.367533][T10776] file_mapped 0 [ 195.367533][T10776] file_dirty 0 [ 195.367533][T10776] file_writeback 0 [ 195.367533][T10776] anon_thp 0 [ 195.367533][T10776] inactive_anon 0 [ 195.367533][T10776] active_anon 0 [ 195.367533][T10776] inactive_file 0 [ 195.367533][T10776] active_file 0 [ 195.367533][T10776] unevictable 0 [ 195.367533][T10776] slab_reclaimable 540672 [ 195.367533][T10776] slab_unreclaimable 950272 [ 195.367533][T10776] pgfault 1089 [ 195.367533][T10776] pgmajfault 0 [ 195.367533][T10776] workingset_refault 0 [ 195.367533][T10776] workingset_activate 0 [ 195.367533][T10776] workingset_nodereclaim 0 [ 195.367533][T10776] pgrefill 0 [ 195.367533][T10776] pgscan 0 [ 195.367533][T10776] pgsteal 0 [ 195.367533][T10776] pgactivate 0 [ 195.367533][T10776] pgdeactivate 0 [ 195.467573][T10776] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=10776,uid=0 [ 195.483131][T10776] Memory cgroup out of memory: Killed process 10776 (syz-executor.4) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 [ 195.501492][ T1061] oom_reaper: reaped process 10776 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 12:38:55 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) 12:38:55 executing program 2: 12:38:55 executing program 0: setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) 12:38:55 executing program 1: 12:38:55 executing program 3: 12:38:55 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) 12:38:55 executing program 1: 12:38:55 executing program 3: 12:38:55 executing program 2: 12:38:55 executing program 0: r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 195.783824][ T590] device bridge_slave_1 left promiscuous mode [ 195.802587][ T590] bridge0: port 2(bridge_slave_1) entered disabled state 12:38:55 executing program 1: 12:38:55 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) [ 195.899938][ T590] device bridge_slave_0 left promiscuous mode [ 195.906983][ T590] bridge0: port 1(bridge_slave_0) entered disabled state 12:38:55 executing program 3: 12:38:55 executing program 2: 12:38:55 executing program 0: r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) 12:38:55 executing program 1: 12:38:55 executing program 2: [ 197.183819][ T590] device hsr_slave_0 left promiscuous mode [ 197.233245][ T590] device hsr_slave_1 left promiscuous mode [ 197.298155][ T590] team0 (unregistering): Port device team_slave_1 removed [ 197.309374][ T590] team0 (unregistering): Port device team_slave_0 removed [ 197.319280][ T590] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 197.355937][ T590] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 197.425910][ T590] bond0 (unregistering): Released all slaves 12:38:56 executing program 1: 12:38:56 executing program 3: 12:38:56 executing program 0: r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) 12:38:56 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) write$cgroup_int(r4, 0x0, 0x0) 12:38:56 executing program 2: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x14e24}, 0x1c) recvmmsg(r0, &(0x7f0000000200), 0x2ab, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e24}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) [ 197.524076][T10828] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.5'. 12:38:56 executing program 1: mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) semget$private(0x0, 0x0, 0xfffffffffffffffd) chroot(0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x23, &(0x7f00000001c0), 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000480), &(0x7f00000004c0)=0xc) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000500)) getpgrp(0xffffffffffffffff) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000100)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) chdir(&(0x7f0000000200)='./file0\x00') io_getevents(0x0, 0x0, 0x0, 0x0, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0xffffffffffffffff) open(&(0x7f0000000080)='./file0\x00', 0x40002, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000000)={0x0, 0x5a67, 0xfffffffffffffffd, 0x7, 0x0, 0xfffffffffffff74f}) truncate(&(0x7f0000000240)='./file0\x00', 0x90002) lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='trusted.overlay.redirect\x00', &(0x7f0000000280)='./file0\x00', 0x8, 0x2) [ 197.680912][T10873] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.5'. [ 197.801461][T10873] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 197.845989][T10873] CPU: 1 PID: 10873 Comm: syz-executor.5 Not tainted 5.3.0-rc3-next-20190809 #63 [ 197.850712][T10884] IPVS: ftp: loaded support on port[0] = 21 [ 197.855135][T10873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.855141][T10873] Call Trace: [ 197.855167][T10873] dump_stack+0x172/0x1f0 [ 197.855196][T10873] dump_header+0x177/0x1152 [ 197.871144][T10873] ? ___ratelimit+0xf8/0x595 [ 197.878727][T10873] ? trace_hardirqs_on+0x67/0x240 [ 197.878743][T10873] ? mark_oom_victim.cold+0x18/0x18 [ 197.878766][T10873] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 197.887831][T10873] ? ___ratelimit+0x60/0x595 [ 197.887856][T10873] ? do_raw_spin_unlock+0x57/0x270 [ 197.898059][T10873] oom_kill_process.cold+0x10/0x15 [ 197.898073][T10873] out_of_memory+0x334/0x1340 [ 197.898088][T10873] ? __sched_text_start+0x8/0x8 [ 197.898102][T10873] ? oom_killer_disable+0x280/0x280 [ 197.898124][T10873] mem_cgroup_out_of_memory+0x1d8/0x240 [ 197.908521][T10873] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 197.908542][T10873] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 197.908564][T10873] ? cgroup_file_notify+0x140/0x1b0 [ 197.918784][T10873] memory_max_write+0x262/0x3a0 [ 197.918813][T10873] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 197.928317][T10873] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 197.928337][T10873] cgroup_file_write+0x241/0x790 [ 197.939069][T10873] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 197.939083][T10873] ? cgroup_migrate_add_task+0x890/0x890 [ 197.939103][T10873] ? kernfs_ops+0x9f/0x110 [ 197.950532][T10873] ? cgroup_migrate_add_task+0x890/0x890 [ 197.950547][T10873] kernfs_fop_write+0x2b8/0x480 [ 197.950569][T10873] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.960626][T10873] __vfs_write+0x8a/0x110 [ 197.960641][T10873] ? kernfs_fop_open+0xd80/0xd80 [ 197.960662][T10873] vfs_write+0x268/0x5d0 [ 197.972880][T10873] ksys_write+0x14f/0x290 [ 197.972900][T10873] ? __ia32_sys_read+0xb0/0xb0 [ 197.984679][T10873] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 197.984698][T10873] __x64_sys_write+0x73/0xb0 [ 197.984716][T10873] do_syscall_64+0xfa/0x760 [ 197.984738][T10873] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.994770][T10873] RIP: 0033:0x459829 [ 197.994786][T10873] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.994793][T10873] RSP: 002b:00007fe23d4f5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 197.994813][T10873] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 198.005272][T10873] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 198.005279][T10873] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 198.005287][T10873] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe23d4f66d4 [ 198.005294][T10873] R13: 00000000004c9970 R14: 00000000004e0fd8 R15: 00000000ffffffff [ 198.090102][T10873] memory: usage 4728kB, limit 0kB, failcnt 13 [ 198.141857][T10873] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 198.150195][T10873] Memory cgroup stats for /syz5: [ 198.159719][T10873] anon 2211840 [ 198.159719][T10873] file 0 [ 198.159719][T10873] kernel_stack 65536 [ 198.159719][T10873] slab 2162688 [ 198.159719][T10873] sock 0 [ 198.159719][T10873] shmem 0 [ 198.159719][T10873] file_mapped 0 [ 198.159719][T10873] file_dirty 0 [ 198.159719][T10873] file_writeback 0 [ 198.159719][T10873] anon_thp 2097152 [ 198.159719][T10873] inactive_anon 0 [ 198.159719][T10873] active_anon 2138112 [ 198.159719][T10873] inactive_file 0 [ 198.159719][T10873] active_file 0 [ 198.159719][T10873] unevictable 0 [ 198.159719][T10873] slab_reclaimable 675840 [ 198.159719][T10873] slab_unreclaimable 1486848 [ 198.159719][T10873] pgfault 1353 [ 198.159719][T10873] pgmajfault 0 [ 198.159719][T10873] workingset_refault 0 [ 198.159719][T10873] workingset_activate 0 [ 198.159719][T10873] workingset_nodereclaim 0 [ 198.159719][T10873] pgrefill 0 [ 198.159719][T10873] pgscan 0 [ 198.159719][T10873] pgsteal 0 [ 198.159719][T10873] pgactivate 0 [ 198.263277][T10873] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10871,uid=0 [ 198.282536][T10873] Memory cgroup out of memory: Killed process 10871 (syz-executor.5) total-vm:72708kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 198.304291][ T1061] oom_reaper: reaped process 10871 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 198.567807][T10884] chnl_net:caif_netlink_parms(): no params data found [ 198.602266][T10884] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.609644][T10884] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.618823][T10884] device bridge_slave_0 entered promiscuous mode [ 198.627100][T10884] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.634734][T10884] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.642333][T10884] device bridge_slave_1 entered promiscuous mode [ 198.663235][T10884] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.674273][T10884] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.691748][T10884] team0: Port device team_slave_0 added [ 198.698952][T10884] team0: Port device team_slave_1 added [ 198.755773][T10884] device hsr_slave_0 entered promiscuous mode [ 198.803537][T10884] device hsr_slave_1 entered promiscuous mode [ 198.853278][T10884] debugfs: Directory 'hsr0' with parent '/' already present! [ 198.869742][T10884] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.876838][T10884] bridge0: port 2(bridge_slave_1) entered forwarding state [ 198.884204][T10884] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.891265][T10884] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.926204][T10884] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.938334][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.947073][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.955747][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.963858][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 198.974993][T10884] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.984614][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 198.992926][ T3490] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.000023][ T3490] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.010292][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.019277][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.026375][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.045097][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 199.054219][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.062657][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 199.071704][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 199.084278][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 199.094203][T10884] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 199.108727][T10884] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 199.260620][T10899] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.4'. 12:38:58 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) write$cgroup_int(r4, 0x0, 0x0) 12:38:58 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") io_setup(0x6, &(0x7f0000000340)) 12:38:58 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x7ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00') exit(0x0) process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000002780)=[{&(0x7f0000001380)=""/33, 0x21}], 0x1, 0x0) preadv(r0, &(0x7f00000013c0), 0x1e3, 0x0) 12:38:58 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) 12:38:58 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, 0x0, 0x0) 12:38:58 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) write$cgroup_int(r4, 0x0, 0x0) [ 199.338992][T10778] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 199.356671][T10778] CPU: 1 PID: 10778 Comm: syz-executor.5 Not tainted 5.3.0-rc3-next-20190809 #63 [ 199.365793][T10778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.375851][T10778] Call Trace: [ 199.375876][T10778] dump_stack+0x172/0x1f0 [ 199.375891][T10778] dump_header+0x177/0x1152 12:38:58 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 199.375905][T10778] ? ___ratelimit+0xf8/0x595 [ 199.375929][T10778] ? trace_hardirqs_on+0x67/0x240 [ 199.397594][T10778] ? mark_oom_victim.cold+0x18/0x18 [ 199.402807][T10778] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 199.408630][T10778] ? ___ratelimit+0x60/0x595 [ 199.413307][T10778] ? do_raw_spin_unlock+0x57/0x270 [ 199.413325][T10778] oom_kill_process.cold+0x10/0x15 [ 199.413339][T10778] out_of_memory+0x334/0x1340 [ 199.413353][T10778] ? lock_downgrade+0x920/0x920 [ 199.413367][T10778] ? oom_killer_disable+0x280/0x280 [ 199.413386][T10778] mem_cgroup_out_of_memory+0x1d8/0x240 [ 199.413407][T10778] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 199.449432][T10778] ? do_raw_spin_unlock+0x57/0x270 [ 199.454542][T10778] ? _raw_spin_unlock+0x2d/0x50 [ 199.454557][T10778] try_charge+0xf4b/0x1440 [ 199.454576][T10778] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 199.454590][T10778] ? get_mem_cgroup_from_mm+0x139/0x320 [ 199.454603][T10778] ? __kasan_check_read+0x11/0x20 [ 199.454623][T10778] ? lock_downgrade+0x920/0x920 [ 199.484826][T10778] ? percpu_ref_tryget_live+0x111/0x290 [ 199.490384][T10778] __memcg_kmem_charge_memcg+0x71/0xf0 [ 199.495861][T10778] ? memcg_kmem_put_cache+0x50/0x50 [ 199.501070][T10778] ? get_mem_cgroup_from_mm+0x156/0x320 [ 199.506827][T10778] __memcg_kmem_charge+0x13a/0x3a0 [ 199.511991][T10778] __alloc_pages_nodemask+0x4f4/0x900 [ 199.517369][T10778] ? __alloc_pages_slowpath+0x2530/0x2530 [ 199.523094][T10778] ? percpu_ref_put_many+0xb6/0x190 [ 199.528305][T10778] ? trace_hardirqs_on+0x67/0x240 [ 199.533339][T10778] ? __kasan_check_read+0x11/0x20 [ 199.538378][T10778] copy_process+0x3f8/0x6b00 [ 199.542984][T10778] ? _raw_spin_unlock+0x2d/0x50 [ 199.547905][T10778] ? wp_page_reuse+0x1b5/0x240 [ 199.552681][T10778] ? __cleanup_sighand+0x60/0x60 [ 199.557634][T10778] ? finish_mkwrite_fault+0x570/0x570 [ 199.563030][T10778] _do_fork+0x146/0xfa0 [ 199.567193][T10778] ? copy_init_mm+0x20/0x20 [ 199.571708][T10778] ? __kasan_check_read+0x11/0x20 [ 199.576733][T10778] ? _copy_to_user+0x118/0x160 [ 199.581498][T10778] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 199.587746][T10778] ? put_timespec64+0xda/0x140 [ 199.592502][T10778] __x64_sys_clone+0x18d/0x250 [ 199.597250][T10778] ? __ia32_sys_vfork+0xc0/0xc0 [ 199.602178][T10778] ? trace_hardirqs_off_caller+0x65/0x230 [ 199.607885][T10778] ? trace_hardirqs_on+0x67/0x240 [ 199.612920][T10778] do_syscall_64+0xfa/0x760 [ 199.617444][T10778] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.623341][T10778] RIP: 0033:0x457dfa [ 199.627226][T10778] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 199.647142][T10778] RSP: 002b:00007ffc49eca1b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 199.655540][T10778] RAX: ffffffffffffffda RBX: 00007ffc49eca1b0 RCX: 0000000000457dfa [ 199.663951][T10778] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 199.671924][T10778] RBP: 00007ffc49eca1f0 R08: 0000000000000001 R09: 0000555555bf1940 [ 199.680008][T10778] R10: 0000555555bf1c10 R11: 0000000000000246 R12: 0000000000000001 12:38:59 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$bt_hci_HCI_FILTER(r1, 0x0, 0x2, &(0x7f0000000080), 0x10) [ 199.687979][T10778] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc49eca240 [ 199.710634][T10778] memory: usage 2324kB, limit 0kB, failcnt 21 [ 199.723173][T10778] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 199.732367][T10778] Memory cgroup stats for /syz5: [ 199.732479][T10778] anon 114688 [ 199.732479][T10778] file 0 [ 199.732479][T10778] kernel_stack 0 [ 199.732479][T10778] slab 2162688 [ 199.732479][T10778] sock 0 [ 199.732479][T10778] shmem 0 [ 199.732479][T10778] file_mapped 0 [ 199.732479][T10778] file_dirty 0 [ 199.732479][T10778] file_writeback 0 [ 199.732479][T10778] anon_thp 0 [ 199.732479][T10778] inactive_anon 0 [ 199.732479][T10778] active_anon 40960 [ 199.732479][T10778] inactive_file 0 [ 199.732479][T10778] active_file 0 [ 199.732479][T10778] unevictable 0 [ 199.732479][T10778] slab_reclaimable 675840 [ 199.732479][T10778] slab_unreclaimable 1486848 [ 199.732479][T10778] pgfault 1353 [ 199.732479][T10778] pgmajfault 0 [ 199.732479][T10778] workingset_refault 0 [ 199.732479][T10778] workingset_activate 0 [ 199.732479][T10778] workingset_nodereclaim 0 [ 199.732479][T10778] pgrefill 0 [ 199.732479][T10778] pgscan 0 [ 199.732479][T10778] pgsteal 0 [ 199.732479][T10778] pgactivate 0 [ 199.732479][T10778] pgdeactivate 0 12:38:59 executing program 2: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9afd) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() fsetxattr$system_posix_acl(r0, &(0x7f0000000040)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x6) ftruncate(r0, 0x0) [ 199.840981][T10778] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10778,uid=0 [ 199.856744][T10778] Memory cgroup out of memory: Killed process 10778 (syz-executor.5) total-vm:72444kB, anon-rss:96kB, file-rss:35776kB, shmem-rss:0kB, UID:0 [ 199.871856][ T1061] oom_reaper: reaped process 10778 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 199.883244][T10919] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 199.917032][T10916] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.4'. [ 199.937000][T10919] CPU: 0 PID: 10919 Comm: syz-executor.4 Not tainted 5.3.0-rc3-next-20190809 #63 [ 199.946145][T10919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.956208][T10919] Call Trace: [ 199.959518][T10919] dump_stack+0x172/0x1f0 [ 199.963873][T10919] dump_header+0x177/0x1152 [ 199.968385][T10919] ? ___ratelimit+0xf8/0x595 [ 199.973026][T10919] ? trace_hardirqs_on+0x67/0x240 [ 199.978066][T10919] ? mark_oom_victim.cold+0x18/0x18 [ 199.983281][T10919] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 199.989105][T10919] ? ___ratelimit+0x60/0x595 [ 199.993703][T10919] ? do_raw_spin_unlock+0x57/0x270 [ 199.998937][T10919] oom_kill_process.cold+0x10/0x15 [ 200.004059][T10919] out_of_memory+0x334/0x1340 [ 200.008766][T10919] ? oom_killer_disable+0x280/0x280 [ 200.013979][T10919] mem_cgroup_out_of_memory+0x1d8/0x240 [ 200.019535][T10919] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 200.025181][T10919] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 200.031001][T10919] ? cgroup_file_notify+0x140/0x1b0 [ 200.036210][T10919] memory_max_write+0x262/0x3a0 [ 200.041068][T10919] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 200.047838][T10919] ? lock_acquire+0x190/0x410 [ 200.052524][T10919] ? kernfs_fop_write+0x227/0x480 [ 200.057559][T10919] cgroup_file_write+0x241/0x790 12:38:59 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 200.062507][T10919] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 200.069369][T10919] ? cgroup_migrate_add_task+0x890/0x890 [ 200.075020][T10919] ? __might_fault+0x1a3/0x1e0 [ 200.079800][T10919] ? cgroup_migrate_add_task+0x890/0x890 [ 200.085445][T10919] kernfs_fop_write+0x2b8/0x480 [ 200.090311][T10919] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.096619][T10919] __vfs_write+0x8a/0x110 [ 200.100983][T10919] ? kernfs_fop_open+0xd80/0xd80 [ 200.105934][T10919] vfs_write+0x268/0x5d0 [ 200.110186][T10919] ksys_write+0x14f/0x290 [ 200.114527][T10919] ? __ia32_sys_read+0xb0/0xb0 [ 200.119302][T10919] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 200.125412][T10919] __x64_sys_write+0x73/0xb0 [ 200.130030][T10919] do_syscall_64+0xfa/0x760 [ 200.134546][T10919] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.140438][T10919] RIP: 0033:0x459829 [ 200.144348][T10919] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 12:38:59 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, 0x0, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 200.163961][T10919] RSP: 002b:00007fc61e567c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 200.172386][T10919] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 200.180368][T10919] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 200.188351][T10919] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 200.196350][T10919] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc61e5686d4 [ 200.204505][T10919] R13: 00000000004c9970 R14: 00000000004e0fd8 R15: 00000000ffffffff [ 200.240439][T10919] memory: usage 3964kB, limit 0kB, failcnt 22 [ 200.246741][T10919] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 200.253850][T10919] Memory cgroup stats for /syz4: [ 200.253956][T10919] anon 2158592 [ 200.253956][T10919] file 0 [ 200.253956][T10919] kernel_stack 131072 [ 200.253956][T10919] slab 1490944 [ 200.253956][T10919] sock 0 [ 200.253956][T10919] shmem 0 [ 200.253956][T10919] file_mapped 0 [ 200.253956][T10919] file_dirty 0 [ 200.253956][T10919] file_writeback 0 [ 200.253956][T10919] anon_thp 2097152 [ 200.253956][T10919] inactive_anon 0 [ 200.253956][T10919] active_anon 2158592 [ 200.253956][T10919] inactive_file 0 [ 200.253956][T10919] active_file 0 [ 200.253956][T10919] unevictable 0 [ 200.253956][T10919] slab_reclaimable 540672 [ 200.253956][T10919] slab_unreclaimable 950272 [ 200.253956][T10919] pgfault 1254 [ 200.253956][T10919] pgmajfault 0 [ 200.253956][T10919] workingset_refault 0 [ 200.253956][T10919] workingset_activate 0 [ 200.253956][T10919] workingset_nodereclaim 0 [ 200.253956][T10919] pgrefill 0 12:38:59 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) r1 = syz_open_pts(r0, 0x0) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x35b) ioctl$TCSETA(r1, 0x5406, &(0x7f0000000080)={0xfffffffffffffffd, 0x0, 0x0, 0x100000009b4b62b}) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x17}) [ 200.253956][T10919] pgscan 0 [ 200.253956][T10919] pgsteal 0 [ 200.253956][T10919] pgactivate 0 [ 200.380250][T10919] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=10909,uid=0 12:38:59 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10) sendmmsg(r0, &(0x7f00000038c0), 0x4000000000000a8, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") 12:38:59 executing program 2: ioctl$sock_ifreq(0xffffffffffffffff, 0x8914, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000240)=ANY=[], 0xfffffe04) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) 12:38:59 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) write$cgroup_int(r4, 0x0, 0x0) 12:38:59 executing program 1: r0 = msgget$private(0x0, 0x0) msgsnd(r0, &(0x7f0000000140)=ANY=[@ANYBLOB='@'], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) msgctl$IPC_RMID(r0, 0x0) [ 200.490370][T10919] Memory cgroup out of memory: Killed process 10919 (syz-executor.4) total-vm:72708kB, anon-rss:2196kB, file-rss:35800kB, shmem-rss:0kB, UID:0 [ 200.518108][ T1061] oom_reaper: reaped process 10919 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 200.635023][T10884] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 200.658203][T10884] CPU: 0 PID: 10884 Comm: syz-executor.4 Not tainted 5.3.0-rc3-next-20190809 #63 [ 200.667912][T10884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.677960][T10884] Call Trace: [ 200.681250][T10884] dump_stack+0x172/0x1f0 [ 200.685576][T10884] dump_header+0x177/0x1152 [ 200.690076][T10884] ? ___ratelimit+0xf8/0x595 [ 200.694660][T10884] ? trace_hardirqs_on+0x67/0x240 [ 200.699680][T10884] ? mark_oom_victim.cold+0x18/0x18 [ 200.704884][T10884] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 200.710682][T10884] ? ___ratelimit+0x60/0x595 [ 200.715286][T10884] ? do_raw_spin_unlock+0x57/0x270 [ 200.720392][T10884] oom_kill_process.cold+0x10/0x15 [ 200.725487][T10884] out_of_memory+0x334/0x1340 [ 200.730149][T10884] ? lock_downgrade+0x920/0x920 [ 200.735003][T10884] ? oom_killer_disable+0x280/0x280 [ 200.740195][T10884] mem_cgroup_out_of_memory+0x1d8/0x240 [ 200.745736][T10884] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 200.751358][T10884] ? do_raw_spin_unlock+0x57/0x270 [ 200.756453][T10884] ? _raw_spin_unlock+0x2d/0x50 [ 200.763121][T10884] try_charge+0xf4b/0x1440 [ 200.767536][T10884] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 200.773076][T10884] ? get_mem_cgroup_from_mm+0x139/0x320 [ 200.778614][T10884] ? __kasan_check_read+0x11/0x20 [ 200.783620][T10884] ? lock_downgrade+0x920/0x920 [ 200.788470][T10884] ? percpu_ref_tryget_live+0x111/0x290 [ 200.794004][T10884] __memcg_kmem_charge_memcg+0x71/0xf0 [ 200.799621][T10884] ? memcg_kmem_put_cache+0x50/0x50 [ 200.804815][T10884] ? get_mem_cgroup_from_mm+0x156/0x320 [ 200.810349][T10884] __memcg_kmem_charge+0x13a/0x3a0 [ 200.815447][T10884] __alloc_pages_nodemask+0x4f4/0x900 [ 200.820836][T10884] ? __alloc_pages_slowpath+0x2530/0x2530 [ 200.826572][T10884] ? percpu_ref_put_many+0xb6/0x190 [ 200.831760][T10884] ? trace_hardirqs_on+0x67/0x240 [ 200.836776][T10884] ? __kasan_check_read+0x11/0x20 [ 200.841784][T10884] copy_process+0x3f8/0x6b00 [ 200.846395][T10884] ? _raw_spin_unlock+0x2d/0x50 [ 200.851244][T10884] ? wp_page_reuse+0x1b5/0x240 [ 200.855995][T10884] ? __cleanup_sighand+0x60/0x60 [ 200.860934][T10884] ? finish_mkwrite_fault+0x570/0x570 [ 200.866321][T10884] _do_fork+0x146/0xfa0 [ 200.870480][T10884] ? copy_init_mm+0x20/0x20 [ 200.874983][T10884] ? __kasan_check_read+0x11/0x20 [ 200.879988][T10884] ? _copy_to_user+0x118/0x160 [ 200.884743][T10884] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.890962][T10884] ? put_timespec64+0xda/0x140 [ 200.895741][T10884] __x64_sys_clone+0x18d/0x250 [ 200.900811][T10884] ? __ia32_sys_vfork+0xc0/0xc0 [ 200.905657][T10884] ? trace_hardirqs_off_caller+0x65/0x230 [ 200.911416][T10884] ? trace_hardirqs_on+0x67/0x240 [ 200.916477][T10884] do_syscall_64+0xfa/0x760 [ 200.921004][T10884] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.926887][T10884] RIP: 0033:0x457dfa [ 200.930794][T10884] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 200.950577][T10884] RSP: 002b:00007ffcce821680 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 200.958970][T10884] RAX: ffffffffffffffda RBX: 00007ffcce821680 RCX: 0000000000457dfa [ 200.966921][T10884] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 200.974890][T10884] RBP: 00007ffcce8216c0 R08: 0000000000000001 R09: 000055555728b940 [ 200.982931][T10884] R10: 000055555728bc10 R11: 0000000000000246 R12: 0000000000000001 [ 200.990886][T10884] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffcce821710 [ 201.000628][T10884] memory: usage 1576kB, limit 0kB, failcnt 30 [ 201.007052][T10884] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 201.014275][T10884] Memory cgroup stats for /syz4: [ 201.014391][T10884] anon 77824 [ 201.014391][T10884] file 0 [ 201.014391][T10884] kernel_stack 65536 [ 201.014391][T10884] slab 1490944 [ 201.014391][T10884] sock 0 [ 201.014391][T10884] shmem 0 [ 201.014391][T10884] file_mapped 0 [ 201.014391][T10884] file_dirty 0 [ 201.014391][T10884] file_writeback 0 [ 201.014391][T10884] anon_thp 0 [ 201.014391][T10884] inactive_anon 0 [ 201.014391][T10884] active_anon 77824 [ 201.014391][T10884] inactive_file 0 [ 201.014391][T10884] active_file 0 [ 201.014391][T10884] unevictable 0 [ 201.014391][T10884] slab_reclaimable 540672 [ 201.014391][T10884] slab_unreclaimable 950272 [ 201.014391][T10884] pgfault 1254 [ 201.014391][T10884] pgmajfault 0 [ 201.014391][T10884] workingset_refault 0 [ 201.014391][T10884] workingset_activate 0 [ 201.014391][T10884] workingset_nodereclaim 0 [ 201.014391][T10884] pgrefill 0 [ 201.014391][T10884] pgscan 0 [ 201.014391][T10884] pgsteal 0 [ 201.014391][T10884] pgactivate 0 [ 201.014391][T10884] pgdeactivate 0 [ 201.111388][T10884] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=10884,uid=0 [ 201.111467][T10884] Memory cgroup out of memory: Killed process 10884 (syz-executor.4) total-vm:72444kB, anon-rss:96kB, file-rss:35776kB, shmem-rss:0kB, UID:0 [ 201.142697][ T1061] oom_reaper: reaped process 10884 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 12:39:00 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, 0x0, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) 12:39:00 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) write$cgroup_int(r4, 0x0, 0x0) 12:39:00 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:00 executing program 2: ioctl$sock_ifreq(0xffffffffffffffff, 0x8914, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000240)=ANY=[], 0xfffffe04) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) 12:39:00 executing program 3: mkdir(&(0x7f0000000380)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cgroup\x00', 0x0, 0x0) chdir(&(0x7f0000000300)='./file0\x00') chdir(&(0x7f00000002c0)='./file0\x00') r0 = openat$cgroup_procs(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r0, &(0x7f0000000140), 0x12) 12:39:00 executing program 1: 12:39:00 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) write$cgroup_int(r4, 0x0, 0x0) 12:39:01 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, 0x0, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) 12:39:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x6}, 0x1c) setsockopt$inet6_MCAST_LEAVE_GROUP(r1, 0x29, 0x2d, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x88) 12:39:01 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet_tcp_int(r1, 0x6, 0x2000000000000013, &(0x7f0000000180)=0x1, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000380)=0x1, 0x4) write$9p(r1, 0x0, 0x0) 12:39:01 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:01 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 201.902226][T10982] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 12:39:01 executing program 2: ioctl$sock_ifreq(0xffffffffffffffff, 0x8914, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000240)=ANY=[], 0xfffffe04) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) 12:39:01 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e00000027000503d25a80648c63940d0300fc00100003400a000000053582c137153e370900018004001700d1bd", 0x2e}], 0x1}, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 202.171485][ T590] device bridge_slave_1 left promiscuous mode [ 202.178743][ T590] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.243860][ T590] device bridge_slave_0 left promiscuous mode [ 202.252394][ T590] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.173471][ T590] device hsr_slave_0 left promiscuous mode [ 203.223294][ T590] device hsr_slave_1 left promiscuous mode [ 203.289154][ T590] team0 (unregistering): Port device team_slave_1 removed [ 203.299217][ T590] team0 (unregistering): Port device team_slave_0 removed [ 203.310011][ T590] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 203.336121][ T590] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 203.424672][ T590] bond0 (unregistering): Released all slaves [ 203.581674][T11003] IPVS: ftp: loaded support on port[0] = 21 [ 203.581960][T11005] IPVS: ftp: loaded support on port[0] = 21 [ 203.691489][T11003] chnl_net:caif_netlink_parms(): no params data found [ 203.810337][T11003] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.822165][T11003] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.830440][T11003] device bridge_slave_0 entered promiscuous mode [ 203.855281][T11003] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.864871][T11003] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.872893][T11003] device bridge_slave_1 entered promiscuous mode [ 203.886295][T11005] chnl_net:caif_netlink_parms(): no params data found [ 203.918615][T11003] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 203.948319][T11003] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 203.958494][T11005] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.965973][T11005] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.974299][T11005] device bridge_slave_0 entered promiscuous mode [ 203.982716][T11005] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.990995][T11005] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.999380][T11005] device bridge_slave_1 entered promiscuous mode [ 204.031817][T11005] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 204.043510][T11003] team0: Port device team_slave_0 added [ 204.050734][T11005] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 204.061240][T11003] team0: Port device team_slave_1 added [ 204.154886][T11003] device hsr_slave_0 entered promiscuous mode [ 204.223535][T11003] device hsr_slave_1 entered promiscuous mode [ 204.263243][T11003] debugfs: Directory 'hsr0' with parent '/' already present! [ 204.276557][T11005] team0: Port device team_slave_0 added [ 204.287725][T11005] team0: Port device team_slave_1 added [ 204.301082][T11003] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.308182][T11003] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.315524][T11003] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.322572][T11003] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.365994][T11005] device hsr_slave_0 entered promiscuous mode [ 204.414025][T11005] device hsr_slave_1 entered promiscuous mode [ 204.453371][T11005] debugfs: Directory 'hsr0' with parent '/' already present! [ 204.478287][T11005] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.485360][T11005] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.492628][T11005] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.499745][T11005] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.534906][T11003] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.569893][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 204.578212][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.586144][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.594668][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.602092][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.615011][T11003] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.626947][T11005] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.635927][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.644597][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 204.652905][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.660009][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.678036][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.686567][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 204.695342][T10253] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.702393][T10253] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.710426][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 204.719447][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 204.727191][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 204.739219][T11005] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.746924][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 204.764292][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 204.772779][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 204.781853][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 204.790729][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 204.799814][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 204.808173][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 204.816597][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 204.824929][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 204.833300][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 204.842944][T11003] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 204.956512][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.965550][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 204.974680][T10253] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.981816][T10253] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.000101][T11005] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 205.012800][T11005] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 205.028836][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.037646][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.048421][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.055528][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.065107][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 205.073757][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 205.082238][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 205.091044][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 205.099527][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 205.108237][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 205.116926][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 205.125503][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 205.134239][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 205.142516][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 205.150879][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 205.159184][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 205.225606][T11003] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 205.242362][T11005] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 205.431137][T11021] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.5'. [ 205.484610][T11021] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 205.503500][T11021] CPU: 1 PID: 11021 Comm: syz-executor.5 Not tainted 5.3.0-rc3-next-20190809 #63 [ 205.512654][T11021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.522723][T11021] Call Trace: [ 205.526027][T11021] dump_stack+0x172/0x1f0 [ 205.530406][T11021] dump_header+0x177/0x1152 [ 205.534936][T11021] ? mark_oom_victim.cold+0x18/0x18 [ 205.540143][T11021] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 205.545969][T11021] ? ___ratelimit+0x60/0x595 [ 205.550741][T11021] ? do_raw_spin_unlock+0x57/0x270 [ 205.555864][T11021] oom_kill_process.cold+0x10/0x15 [ 205.560993][T11021] out_of_memory+0x334/0x1340 [ 205.565673][T11021] ? __sched_text_start+0x8/0x8 [ 205.570707][T11021] ? oom_killer_disable+0x280/0x280 [ 205.575919][T11021] mem_cgroup_out_of_memory+0x1d8/0x240 [ 205.581494][T11021] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 205.587146][T11021] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 205.592970][T11021] ? cgroup_file_notify+0x140/0x1b0 [ 205.598170][T11021] memory_max_write+0x262/0x3a0 [ 205.603028][T11021] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 205.609784][T11021] ? lock_acquire+0x190/0x410 [ 205.614509][T11021] ? kernfs_fop_write+0x227/0x480 [ 205.619541][T11021] cgroup_file_write+0x241/0x790 [ 205.624488][T11021] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 205.631331][T11021] ? cgroup_migrate_add_task+0x890/0x890 [ 205.636960][T11021] ? __might_fault+0x1a3/0x1e0 [ 205.641815][T11021] ? cgroup_migrate_add_task+0x890/0x890 [ 205.647482][T11021] kernfs_fop_write+0x2b8/0x480 [ 205.652339][T11021] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.658610][T11021] __vfs_write+0x8a/0x110 [ 205.662925][T11021] ? kernfs_fop_open+0xd80/0xd80 [ 205.667874][T11021] vfs_write+0x268/0x5d0 [ 205.672353][T11021] ksys_write+0x14f/0x290 [ 205.676682][T11021] ? __ia32_sys_read+0xb0/0xb0 [ 205.681446][T11021] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 205.687505][T11021] __x64_sys_write+0x73/0xb0 [ 205.692109][T11021] do_syscall_64+0xfa/0x760 [ 205.696617][T11021] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.702523][T11021] RIP: 0033:0x459829 [ 205.706447][T11021] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.726124][T11021] RSP: 002b:00007f566f540c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 205.734532][T11021] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 205.742497][T11021] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 205.750455][T11021] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 205.758428][T11021] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f566f5416d4 [ 205.766409][T11021] R13: 00000000004c9970 R14: 00000000004e0fd8 R15: 00000000ffffffff [ 205.784704][T11021] memory: usage 3996kB, limit 0kB, failcnt 24 [ 205.790934][T11021] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 205.797888][T11021] Memory cgroup stats for /syz5: [ 205.798752][T11021] anon 2187264 [ 205.798752][T11021] file 0 [ 205.798752][T11021] kernel_stack 65536 [ 205.798752][T11021] slab 1740800 [ 205.798752][T11021] sock 0 [ 205.798752][T11021] shmem 0 [ 205.798752][T11021] file_mapped 0 [ 205.798752][T11021] file_dirty 0 [ 205.798752][T11021] file_writeback 0 [ 205.798752][T11021] anon_thp 2097152 [ 205.798752][T11021] inactive_anon 0 [ 205.798752][T11021] active_anon 2113536 [ 205.798752][T11021] inactive_file 0 [ 205.798752][T11021] active_file 0 [ 205.798752][T11021] unevictable 0 [ 205.798752][T11021] slab_reclaimable 675840 [ 205.798752][T11021] slab_unreclaimable 1064960 [ 205.798752][T11021] pgfault 1419 [ 205.798752][T11021] pgmajfault 0 [ 205.798752][T11021] workingset_refault 0 [ 205.798752][T11021] workingset_activate 0 [ 205.798752][T11021] workingset_nodereclaim 0 [ 205.798752][T11021] pgrefill 0 [ 205.798752][T11021] pgscan 0 [ 205.798752][T11021] pgsteal 0 [ 205.798752][T11021] pgactivate 0 [ 205.803830][T11021] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=11020,uid=0 [ 205.909012][T11021] Memory cgroup out of memory: Killed process 11020 (syz-executor.5) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 205.910045][T11025] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 205.935227][ T1061] oom_reaper: reaped process 11020 (syz-executor.5), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 205.952753][T11025] CPU: 0 PID: 11025 Comm: syz-executor.4 Not tainted 5.3.0-rc3-next-20190809 #63 [ 205.961895][T11025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.971964][T11025] Call Trace: [ 205.975270][T11025] dump_stack+0x172/0x1f0 [ 205.979642][T11025] dump_header+0x177/0x1152 [ 205.984177][T11025] ? ___ratelimit+0xf8/0x595 [ 205.988786][T11025] ? trace_hardirqs_on+0x67/0x240 [ 205.993943][T11025] ? mark_oom_victim.cold+0x18/0x18 [ 205.999155][T11025] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 206.004964][T11025] ? ___ratelimit+0x60/0x595 [ 206.009560][T11025] ? do_raw_spin_unlock+0x57/0x270 [ 206.014707][T11025] oom_kill_process.cold+0x10/0x15 [ 206.019827][T11025] out_of_memory+0x334/0x1340 [ 206.024517][T11025] ? oom_killer_disable+0x280/0x280 [ 206.029830][T11025] mem_cgroup_out_of_memory+0x1d8/0x240 [ 206.035389][T11025] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 206.041030][T11025] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 206.046856][T11025] ? cgroup_file_notify+0x140/0x1b0 [ 206.052518][T11025] memory_max_write+0x262/0x3a0 [ 206.057394][T11025] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 206.064160][T11025] ? lock_acquire+0x190/0x410 [ 206.068820][T11025] ? kernfs_fop_write+0x227/0x480 [ 206.073840][T11025] cgroup_file_write+0x241/0x790 [ 206.078783][T11025] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 206.085539][T11025] ? cgroup_migrate_add_task+0x890/0x890 [ 206.091162][T11025] ? __might_fault+0x1a3/0x1e0 [ 206.095940][T11025] ? cgroup_migrate_add_task+0x890/0x890 [ 206.101563][T11025] kernfs_fop_write+0x2b8/0x480 [ 206.106419][T11025] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 206.112657][T11025] __vfs_write+0x8a/0x110 [ 206.116966][T11025] ? kernfs_fop_open+0xd80/0xd80 [ 206.121889][T11025] vfs_write+0x268/0x5d0 [ 206.126118][T11025] ksys_write+0x14f/0x290 [ 206.130456][T11025] ? __ia32_sys_read+0xb0/0xb0 [ 206.135209][T11025] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 206.141392][T11025] __x64_sys_write+0x73/0xb0 [ 206.146001][T11025] do_syscall_64+0xfa/0x760 [ 206.150513][T11025] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.156388][T11025] RIP: 0033:0x459829 [ 206.160274][T11025] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 12:39:05 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:05 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r0) close(r1) openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000040)) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0xfffffc61) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg(r0, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x2000012e}], 0x1, 0x0, 0xd01}, 0x3f00) close(r1) r2 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$int_in(r2, 0x40000000af01, 0x0) 12:39:05 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 206.179885][T11025] RSP: 002b:00007f28b45d6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 206.188499][T11025] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 206.196467][T11025] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 206.204630][T11025] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 206.212591][T11025] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f28b45d76d4 [ 206.220550][T11025] R13: 00000000004c9970 R14: 00000000004e0fd8 R15: 00000000ffffffff [ 206.230290][T11025] memory: usage 3692kB, limit 0kB, failcnt 33 12:39:05 executing program 3: r0 = socket(0x11, 0x3, 0x0) bind(r0, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r1, 0x88001) r2 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000140)=0x102, 0x4) sendfile(r0, r2, 0x0, 0x4e68d5f8) 12:39:05 executing program 2: ioctl$sock_ifreq(0xffffffffffffffff, 0x8914, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000240)=ANY=[], 0xfffffe04) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) [ 206.248651][T11025] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 206.256291][T11025] Memory cgroup stats for /syz4: [ 206.256402][T11025] anon 2191360 [ 206.256402][T11025] file 0 [ 206.256402][T11025] kernel_stack 65536 [ 206.256402][T11025] slab 1490944 [ 206.256402][T11025] sock 0 [ 206.256402][T11025] shmem 0 [ 206.256402][T11025] file_mapped 0 [ 206.256402][T11025] file_dirty 0 [ 206.256402][T11025] file_writeback 0 [ 206.256402][T11025] anon_thp 2097152 [ 206.256402][T11025] inactive_anon 0 [ 206.256402][T11025] active_anon 2191360 [ 206.256402][T11025] inactive_file 0 [ 206.256402][T11025] active_file 0 [ 206.256402][T11025] unevictable 0 [ 206.256402][T11025] slab_reclaimable 540672 [ 206.256402][T11025] slab_unreclaimable 950272 [ 206.256402][T11025] pgfault 1320 [ 206.256402][T11025] pgmajfault 0 [ 206.256402][T11025] workingset_refault 0 [ 206.256402][T11025] workingset_activate 0 [ 206.256402][T11025] workingset_nodereclaim 0 [ 206.256402][T11025] pgrefill 0 [ 206.256402][T11025] pgscan 0 [ 206.256402][T11025] pgsteal 0 12:39:05 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 206.256402][T11025] pgactivate 0 [ 206.356656][T11023] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.4'. [ 206.378680][ T27] audit: type=1804 audit(1565613545.668:34): pid=11031 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir170613976/syzkaller.HExoMh/43/bus" dev="sda1" ino=16697 res=1 [ 206.403195][T11025] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11022,uid=0 [ 206.403279][T11025] Memory cgroup out of memory: Killed process 11022 (syz-executor.4) total-vm:72712kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 206.458204][ T27] audit: type=1804 audit(1565613545.748:35): pid=11038 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir170613976/syzkaller.HExoMh/43/bus" dev="sda1" ino=16697 res=1 [ 206.516619][ T1061] oom_reaper: reaped process 11022 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 206.527867][T11003] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 206.543511][T11003] CPU: 1 PID: 11003 Comm: syz-executor.5 Not tainted 5.3.0-rc3-next-20190809 #63 [ 206.552657][T11003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.564033][T11003] Call Trace: [ 206.564060][T11003] dump_stack+0x172/0x1f0 [ 206.564074][T11003] dump_header+0x177/0x1152 [ 206.564088][T11003] ? ___ratelimit+0xf8/0x595 [ 206.564104][T11003] ? trace_hardirqs_on+0x67/0x240 [ 206.564115][T11003] ? mark_oom_victim.cold+0x18/0x18 [ 206.564130][T11003] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 206.564151][T11003] ? ___ratelimit+0x60/0x595 [ 206.601672][T11003] ? do_raw_spin_unlock+0x57/0x270 [ 206.606800][T11003] oom_kill_process.cold+0x10/0x15 [ 206.606824][T11003] out_of_memory+0x334/0x1340 [ 206.617813][T11003] ? lock_downgrade+0x920/0x920 [ 206.622737][T11003] ? oom_killer_disable+0x280/0x280 [ 206.627957][T11003] ? __kasan_check_read+0x11/0x20 [ 206.633006][T11003] mem_cgroup_out_of_memory+0x1d8/0x240 [ 206.638571][T11003] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 206.644221][T11003] ? do_raw_spin_unlock+0x57/0x270 [ 206.649349][T11003] ? _raw_spin_unlock+0x2d/0x50 [ 206.654606][T11003] try_charge+0xf4b/0x1440 [ 206.659048][T11003] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 206.666057][T11003] ? percpu_ref_tryget_live+0x111/0x290 [ 206.671624][T11003] ? get_mem_cgroup_from_mm+0x16/0x320 [ 206.677100][T11003] ? get_mem_cgroup_from_mm+0x156/0x320 [ 206.682657][T11003] mem_cgroup_try_charge+0x136/0x590 [ 206.687953][T11003] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 206.693602][T11003] __handle_mm_fault+0x1e3a/0x3f20 [ 206.698741][T11003] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 206.704312][T11003] ? __kasan_check_read+0x11/0x20 [ 206.709357][T11003] ? trace_hardirqs_on+0x67/0x240 [ 206.714391][T11003] handle_mm_fault+0x1b5/0x6b0 [ 206.719173][T11003] __do_page_fault+0x536/0xdd0 [ 206.723974][T11003] do_page_fault+0x38/0x590 [ 206.728504][T11003] page_fault+0x39/0x40 [ 206.732667][T11003] RIP: 0033:0x4034f2 [ 206.736572][T11003] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48 [ 206.756267][T11003] RSP: 002b:00007ffd38605f70 EFLAGS: 00010246 12:39:05 executing program 3: r0 = mq_open(&(0x7f0000000540)='\\\xf7\xa0\xcc\x16H-o^7\xe6\xb3\x1a\x8eiz\xdd06P\xd4\x88\x00s\xefu\xdfa\x01y\xde\xc26\xaa\x04\xe9F\x87y\xba\a\x00\x00\x00\x00\x00\x00\x005\x98U\xb4\x9b\x88\x9b\xb5\xf5\x9b5\x8ey:oz\xf5\'f\xd6\xfe\x93\xca\x06r\xac\x1b\x8a\x87\xcafw\xd5\"\x0f\xb7|\xb6\x13\xb3\xdb\x91\x04\xd1j\xa1\xcal\xc7jt\xe7\xbdK\xdcR&u{\x03\xf8[\x01\x03$Wl@\xc1\xc8e\\s\x9f\xc1\xa6\x8d\xf5\xe2\xbc\xb6\xe5\xedF\xc8(\x9eH\xeau\xe7\x85\xeb]d^\x91C\xec\xcc\x1d\xa6\xe26\x92\x80x\x97\xcd#;\x10\xb9\x182\xcf^1v|\x1cA\x9dFF\xcd\x88?%', 0x0, 0x0, 0x0) mq_getsetattr(r0, &(0x7f0000738fc0), 0x0) 12:39:06 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:06 executing program 3: syz_emit_ethernet(0xfe19, &(0x7f0000000180)={@local, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0xfde3, 0x0, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x140]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x7000000]}, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 206.762611][T11003] RAX: 0000000000000000 RBX: 000000000003227c RCX: 0000000000413430 [ 206.770600][T11003] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd386070a0 [ 206.778579][T11003] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556f91940 [ 206.786568][T11003] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd386070a0 [ 206.794546][T11003] R13: 00007ffd38607090 R14: 0000000000000000 R15: 00007ffd386070a0 [ 206.851485][T11003] memory: usage 1660kB, limit 0kB, failcnt 36 [ 206.863343][T11003] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 206.876966][T11003] Memory cgroup stats for /syz5: [ 206.877469][T11003] anon 0 [ 206.877469][T11003] file 0 [ 206.877469][T11003] kernel_stack 0 [ 206.877469][T11003] slab 1740800 [ 206.877469][T11003] sock 0 [ 206.877469][T11003] shmem 0 [ 206.877469][T11003] file_mapped 0 [ 206.877469][T11003] file_dirty 0 [ 206.877469][T11003] file_writeback 0 [ 206.877469][T11003] anon_thp 0 [ 206.877469][T11003] inactive_anon 0 [ 206.877469][T11003] active_anon 0 [ 206.877469][T11003] inactive_file 0 [ 206.877469][T11003] active_file 0 [ 206.877469][T11003] unevictable 0 [ 206.877469][T11003] slab_reclaimable 675840 [ 206.877469][T11003] slab_unreclaimable 1064960 [ 206.877469][T11003] pgfault 1419 [ 206.877469][T11003] pgmajfault 0 [ 206.877469][T11003] workingset_refault 0 [ 206.877469][T11003] workingset_activate 0 [ 206.877469][T11003] workingset_nodereclaim 0 [ 206.877469][T11003] pgrefill 0 [ 206.877469][T11003] pgscan 0 [ 206.877469][T11003] pgsteal 0 [ 206.877469][T11003] pgactivate 0 [ 206.877469][T11003] pgdeactivate 0 [ 206.973394][T11003] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=11003,uid=0 [ 206.989290][T11003] Memory cgroup out of memory: Killed process 11003 (syz-executor.5) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 [ 207.004177][T11005] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 207.004625][ T1061] oom_reaper: reaped process 11003 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 207.014421][T11005] CPU: 1 PID: 11005 Comm: syz-executor.4 Not tainted 5.3.0-rc3-next-20190809 #63 [ 207.034610][T11005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.044714][T11005] Call Trace: [ 207.048016][T11005] dump_stack+0x172/0x1f0 [ 207.052361][T11005] dump_header+0x177/0x1152 [ 207.056888][T11005] ? ___ratelimit+0xf8/0x595 [ 207.061496][T11005] ? trace_hardirqs_on+0x67/0x240 [ 207.066539][T11005] ? mark_oom_victim.cold+0x18/0x18 [ 207.071756][T11005] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 207.077578][T11005] ? ___ratelimit+0x60/0x595 [ 207.077592][T11005] ? do_raw_spin_unlock+0x57/0x270 [ 207.077606][T11005] oom_kill_process.cold+0x10/0x15 [ 207.077619][T11005] out_of_memory+0x334/0x1340 [ 207.077633][T11005] ? lock_downgrade+0x920/0x920 12:39:06 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@gettaction={0x14, 0x30, 0x1}, 0x14}}, 0x0) [ 207.077648][T11005] ? oom_killer_disable+0x280/0x280 [ 207.077661][T11005] ? __kasan_check_read+0x11/0x20 [ 207.077685][T11005] mem_cgroup_out_of_memory+0x1d8/0x240 [ 207.107185][T11005] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 207.107200][T11005] ? do_raw_spin_unlock+0x57/0x270 [ 207.107215][T11005] ? _raw_spin_unlock+0x2d/0x50 [ 207.107231][T11005] try_charge+0xf4b/0x1440 [ 207.107249][T11005] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 207.107261][T11005] ? percpu_ref_tryget_live+0x111/0x290 12:39:06 executing program 2: ioctl$sock_ifreq(0xffffffffffffffff, 0x8914, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x20000000003, 0x0) [ 207.107275][T11005] ? get_mem_cgroup_from_mm+0x16/0x320 [ 207.107295][T11005] ? get_mem_cgroup_from_mm+0x156/0x320 [ 207.107308][T11005] mem_cgroup_try_charge+0x136/0x590 [ 207.107323][T11005] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 207.107339][T11005] __handle_mm_fault+0x1e3a/0x3f20 [ 207.107354][T11005] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 207.107365][T11005] ? __kasan_check_read+0x11/0x20 [ 207.107386][T11005] ? trace_hardirqs_on+0x67/0x240 [ 207.107401][T11005] handle_mm_fault+0x1b5/0x6b0 [ 207.107418][T11005] __do_page_fault+0x536/0xdd0 [ 207.107436][T11005] do_page_fault+0x38/0x590 [ 207.107454][T11005] page_fault+0x39/0x40 [ 207.107464][T11005] RIP: 0033:0x42fd7c [ 207.107478][T11005] Code: 83 c0 17 41 55 41 54 55 53 48 89 c5 48 83 e5 f0 48 89 fb 48 81 ec 98 00 00 00 48 83 f8 20 b8 20 00 00 00 48 0f 42 e8 48 85 ff <48> 89 74 24 08 0f 84 3a 08 00 00 48 3b 2d ea 51 64 00 77 70 89 ef [ 207.107485][T11005] RSP: 002b:00007ffe651a9fd0 EFLAGS: 00010202 [ 207.107495][T11005] RAX: 0000000000000020 RBX: 0000000000715640 RCX: 0000000000458b94 [ 207.107503][T11005] RDX: 00007ffe651aa0c0 RSI: 0000000000008030 RDI: 0000000000715640 [ 207.107510][T11005] RBP: 0000000000008040 R08: 0000000000000001 R09: 0000555556474940 [ 207.107517][T11005] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe651ab2a0 [ 207.107525][T11005] R13: 00007ffe651ab290 R14: 0000000000000000 R15: 00007ffe651ab2a0 [ 207.134925][T11005] memory: usage 1312kB, limit 0kB, failcnt 41 [ 207.162299][T11005] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 207.243967][T11005] Memory cgroup stats for /syz4: [ 207.244064][T11005] anon 86016 [ 207.244064][T11005] file 0 [ 207.244064][T11005] kernel_stack 0 [ 207.244064][T11005] slab 1490944 [ 207.244064][T11005] sock 0 [ 207.244064][T11005] shmem 0 [ 207.244064][T11005] file_mapped 0 [ 207.244064][T11005] file_dirty 0 [ 207.244064][T11005] file_writeback 0 [ 207.244064][T11005] anon_thp 0 [ 207.244064][T11005] inactive_anon 0 [ 207.244064][T11005] active_anon 86016 [ 207.244064][T11005] inactive_file 0 [ 207.244064][T11005] active_file 0 [ 207.244064][T11005] unevictable 0 [ 207.244064][T11005] slab_reclaimable 540672 [ 207.244064][T11005] slab_unreclaimable 950272 [ 207.244064][T11005] pgfault 1320 [ 207.244064][T11005] pgmajfault 0 [ 207.244064][T11005] workingset_refault 0 [ 207.244064][T11005] workingset_activate 0 [ 207.244064][T11005] workingset_nodereclaim 0 [ 207.244064][T11005] pgrefill 0 [ 207.244064][T11005] pgscan 0 [ 207.244064][T11005] pgsteal 0 [ 207.244064][T11005] pgactivate 0 [ 207.244064][T11005] pgdeactivate 0 12:39:06 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r0) close(r1) openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000040)) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0xfffffc61) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg(r0, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x2000012e}], 0x1, 0x0, 0xd01}, 0x3f00) close(r1) r2 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$int_in(r2, 0x40000000af01, 0x0) [ 207.311353][T11005] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11005,uid=0 [ 207.418562][T11005] Memory cgroup out of memory: Killed process 11005 (syz-executor.4) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 [ 207.434294][ T1061] oom_reaper: reaped process 11005 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 12:39:07 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:07 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) 12:39:07 executing program 3: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x1b3, &(0x7f0000000000)=[{&(0x7f0000000080)="230000002000ffae00060c00000f000a0a000000810000018701546fabca1b4e7d06a4", 0x23}], 0x1}, 0x0) recvmsg(r1, &(0x7f0000002340)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0) 12:39:07 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 12:39:07 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:07 executing program 1: socketpair(0x0, 0x0, 0x3, 0x0) syz_emit_ethernet(0x1de, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc9700088800fe80000000000000000000000000000000000000000100000000000890780000000000000000"], 0x0) 12:39:07 executing program 2: ioctl$sock_ifreq(0xffffffffffffffff, 0x8914, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x20000000003, 0x0) 12:39:07 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:07 executing program 1: r0 = syz_open_dev$radio(&(0x7f0000000100)='/dev/radio#\x00', 0x3, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0) 12:39:07 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 208.143403][T11074] netlink: 7 bytes leftover after parsing attributes in process `syz-executor.3'. 12:39:07 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 208.291803][T11089] vivid-003: ================= START STATUS ================= [ 208.322515][T11089] v4l2-ctrls: vivid-003: RDS Tx I/O Mode: Controls [ 208.340886][T11089] v4l2-ctrls: vivid-003: RDS Program ID: 32904 [ 208.356091][T11089] v4l2-ctrls: vivid-003: RDS Program Type: 3 [ 208.371345][T11089] v4l2-ctrls: vivid-003: RDS PS Name: VIVID-TX [ 208.386988][T11089] v4l2-ctrls: vivid-003: RDS Radio Text: This is a VIVID default Radio Text template text, change at will [ 208.412744][T11089] v4l2-ctrls: vivid-003: RDS Stereo: true [ 208.425139][T11074] netlink: 7 bytes leftover after parsing attributes in process `syz-executor.3'. 12:39:07 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 208.434673][T11089] v4l2-ctrls: vivid-003: RDS Artificial Head: false [ 208.458894][T11089] v4l2-ctrls: vivid-003: RDS Compressed: false [ 208.467677][ T590] device bridge_slave_1 left promiscuous mode [ 208.476272][ T590] bridge0: port 2(bridge_slave_1) entered disabled state 12:39:07 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000001840)={{0x80}, 'port0\x00', 0xffffffffffdfffff, 0x2}) ioctl(0xffffffffffffffff, 0x0, 0x0) read(0xffffffffffffffff, 0x0, 0x0) [ 208.497529][T11089] v4l2-ctrls: vivid-003: RDS Dynamic PTY: false [ 208.540977][T11089] v4l2-ctrls: vivid-003: RDS Traffic Announcement: false [ 208.558819][ T590] device bridge_slave_0 left promiscuous mode [ 208.567523][ T590] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.583278][T11089] v4l2-ctrls: vivid-003: RDS Traffic Program: true 12:39:07 executing program 3: creat(0x0, 0x0) mlockall(0x3) clone(0x1080000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000240)={@mcast1, 0x8}, 0x20) mlockall(0x3) [ 208.611720][T11089] v4l2-ctrls: vivid-003: RDS Music: true [ 208.621109][T11089] vivid-003: ================== END STATUS ================== [ 208.636049][ T590] device bridge_slave_1 left promiscuous mode [ 208.654575][ T590] bridge0: port 2(bridge_slave_1) entered disabled state 12:39:08 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000400)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-blowfish-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000013c0)="ab553fec94248c32", 0x8) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r1, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f0000003580)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, &(0x7f0000008000)={0x0, 0x989680}) [ 208.726408][ T590] device bridge_slave_0 left promiscuous mode [ 208.737237][ T590] bridge0: port 1(bridge_slave_0) entered disabled state 12:39:08 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) accept4(r2, 0x0, 0x0, 0x0) [ 209.060673][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 209.840972][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 210.763630][ T590] device hsr_slave_0 left promiscuous mode [ 210.805446][ T590] device hsr_slave_1 left promiscuous mode [ 210.848228][ T590] team0 (unregistering): Port device team_slave_1 removed [ 210.860633][ T590] team0 (unregistering): Port device team_slave_0 removed [ 210.870649][ T590] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 210.916546][ T590] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 210.976524][ T590] bond0 (unregistering): Released all slaves [ 211.113655][ T590] device hsr_slave_0 left promiscuous mode [ 211.173169][ T590] device hsr_slave_1 left promiscuous mode [ 211.249644][ T590] team0 (unregistering): Port device team_slave_1 removed [ 211.260245][ T590] team0 (unregistering): Port device team_slave_0 removed [ 211.270188][ T590] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 211.305802][ T590] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 211.377328][ T590] bond0 (unregistering): Released all slaves [ 211.489329][T11119] IPVS: ftp: loaded support on port[0] = 21 [ 211.528260][T11123] IPVS: ftp: loaded support on port[0] = 21 [ 211.788387][T11119] chnl_net:caif_netlink_parms(): no params data found [ 211.836169][T11123] chnl_net:caif_netlink_parms(): no params data found [ 211.887717][T11119] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.895537][T11119] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.906780][T11119] device bridge_slave_0 entered promiscuous mode [ 211.928242][T11119] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.935918][T11119] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.944177][T11119] device bridge_slave_1 entered promiscuous mode [ 211.951156][T11123] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.958324][T11123] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.970030][T11123] device bridge_slave_0 entered promiscuous mode [ 211.982617][T11123] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.995261][T11123] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.005596][T11123] device bridge_slave_1 entered promiscuous mode [ 212.029242][T11119] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 212.047338][T11123] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 212.059335][T11119] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 212.070834][T11123] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 212.107831][T11123] team0: Port device team_slave_0 added [ 212.115819][T11123] team0: Port device team_slave_1 added [ 212.122412][T11119] team0: Port device team_slave_0 added [ 212.130015][T11119] team0: Port device team_slave_1 added [ 212.199611][T11123] device hsr_slave_0 entered promiscuous mode [ 212.257298][T11123] device hsr_slave_1 entered promiscuous mode [ 212.303236][T11123] debugfs: Directory 'hsr0' with parent '/' already present! [ 212.375934][T11119] device hsr_slave_0 entered promiscuous mode [ 212.433660][T11119] device hsr_slave_1 entered promiscuous mode [ 212.483293][T11119] debugfs: Directory 'hsr0' with parent '/' already present! [ 212.501186][T11123] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.508289][T11123] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.515706][T11123] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.522779][T11123] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.543579][T11119] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.550657][T11119] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.559119][T11119] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.566230][T11119] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.579310][T10259] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.587196][T10259] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.595516][T10259] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.602855][T10259] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.657851][T11123] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.675432][T11119] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.684829][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.692582][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 212.703241][T11123] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.715984][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.724502][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.732751][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.739829][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.748186][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.756274][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 212.775264][T11123] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 212.786288][T11123] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 212.799702][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.808552][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.817002][T11008] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.824076][T11008] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.832207][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.840941][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 212.849473][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 212.857966][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 212.866372][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.875016][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 212.883662][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 212.891823][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 212.900434][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 212.908668][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 212.917473][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 212.925364][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 213.046421][T11119] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.061205][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.069771][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.078318][ T2991] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.085424][ T2991] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.097997][T11123] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.197864][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 213.207312][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 213.216231][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.223347][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.288915][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 213.297404][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 213.309279][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 213.318357][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 213.327322][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 213.354174][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 213.362882][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.372155][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 213.382364][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 213.391538][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 213.400103][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 213.445016][T11136] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 213.455290][T11136] CPU: 1 PID: 11136 Comm: syz-executor.4 Not tainted 5.3.0-rc3-next-20190809 #63 [ 213.464407][T11136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.474463][T11136] Call Trace: [ 213.477768][T11136] dump_stack+0x172/0x1f0 [ 213.482106][T11136] dump_header+0x177/0x1152 [ 213.486699][T11136] ? ___ratelimit+0xf8/0x595 [ 213.491285][T11136] ? trace_hardirqs_on+0x67/0x240 [ 213.496301][T11136] ? mark_oom_victim.cold+0x18/0x18 [ 213.501499][T11136] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 213.507298][T11136] ? ___ratelimit+0x60/0x595 [ 213.513459][T11136] ? do_raw_spin_unlock+0x57/0x270 [ 213.523518][T11136] oom_kill_process.cold+0x10/0x15 [ 213.528649][T11136] out_of_memory+0x334/0x1340 [ 213.533342][T11136] ? kernfs_notify+0x131/0x1f0 [ 213.538098][T11136] ? __kasan_check_read+0x11/0x20 [ 213.543115][T11136] ? oom_killer_disable+0x280/0x280 [ 213.548338][T11136] ? lock_downgrade+0x920/0x920 [ 213.553222][T11136] mem_cgroup_out_of_memory+0x1d8/0x240 [ 213.558761][T11136] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 213.564430][T11136] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 213.570236][T11136] ? cgroup_file_notify+0x140/0x1b0 [ 213.575440][T11136] memory_max_write+0x262/0x3a0 [ 213.580311][T11136] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 213.587067][T11136] ? lock_acquire+0x190/0x410 [ 213.591757][T11136] ? kernfs_fop_write+0x227/0x480 [ 213.596766][T11136] cgroup_file_write+0x241/0x790 [ 213.601727][T11136] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 213.608515][T11136] ? cgroup_migrate_add_task+0x890/0x890 [ 213.614168][T11136] ? __might_fault+0x1a3/0x1e0 [ 213.618921][T11136] ? cgroup_migrate_add_task+0x890/0x890 [ 213.624538][T11136] kernfs_fop_write+0x2b8/0x480 [ 213.629381][T11136] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.635611][T11136] __vfs_write+0x8a/0x110 [ 213.639934][T11136] ? kernfs_fop_open+0xd80/0xd80 [ 213.644870][T11136] vfs_write+0x268/0x5d0 [ 213.649140][T11136] ksys_write+0x14f/0x290 [ 213.653453][T11136] ? __ia32_sys_read+0xb0/0xb0 [ 213.658230][T11136] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 213.664296][T11136] __x64_sys_write+0x73/0xb0 [ 213.668895][T11136] do_syscall_64+0xfa/0x760 [ 213.673386][T11136] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 213.679266][T11136] RIP: 0033:0x459829 [ 213.683148][T11136] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 213.702748][T11136] RSP: 002b:00007f4411780c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 213.711156][T11136] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 213.719202][T11136] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 213.727160][T11136] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 213.735115][T11136] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f44117816d4 [ 213.743083][T11136] R13: 00000000004c9970 R14: 00000000004e0fd8 R15: 00000000ffffffff [ 213.753381][T11136] memory: usage 3532kB, limit 0kB, failcnt 42 [ 213.759542][T11136] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 213.766436][T11136] Memory cgroup stats for /syz4: [ 213.766539][T11136] anon 2158592 [ 213.766539][T11136] file 0 [ 213.766539][T11136] kernel_stack 65536 [ 213.766539][T11136] slab 1216512 [ 213.766539][T11136] sock 0 [ 213.766539][T11136] shmem 0 [ 213.766539][T11136] file_mapped 0 [ 213.766539][T11136] file_dirty 0 [ 213.766539][T11136] file_writeback 0 [ 213.766539][T11136] anon_thp 2097152 [ 213.766539][T11136] inactive_anon 0 [ 213.766539][T11136] active_anon 2158592 [ 213.766539][T11136] inactive_file 0 [ 213.766539][T11136] active_file 0 [ 213.766539][T11136] unevictable 0 [ 213.766539][T11136] slab_reclaimable 405504 [ 213.766539][T11136] slab_unreclaimable 811008 [ 213.766539][T11136] pgfault 1419 [ 213.766539][T11136] pgmajfault 0 [ 213.766539][T11136] workingset_refault 0 [ 213.766539][T11136] workingset_activate 0 [ 213.766539][T11136] workingset_nodereclaim 0 [ 213.766539][T11136] pgrefill 0 [ 213.766539][T11136] pgscan 0 [ 213.766539][T11136] pgsteal 0 [ 213.766539][T11136] pgactivate 0 [ 213.860931][T11136] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11133,uid=0 [ 213.876949][T11136] Memory cgroup out of memory: Killed process 11133 (syz-executor.4) total-vm:72712kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 213.892898][ T1061] oom_reaper: reaped process 11133 (syz-executor.4), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 213.907852][T11135] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.4'. [ 213.920080][T11119] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 214.010261][T11123] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 214.020700][T11123] CPU: 0 PID: 11123 Comm: syz-executor.4 Not tainted 5.3.0-rc3-next-20190809 #63 [ 214.029814][T11123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 214.040025][T11123] Call Trace: [ 214.043321][T11123] dump_stack+0x172/0x1f0 [ 214.047664][T11123] dump_header+0x177/0x1152 [ 214.052272][T11123] ? ___ratelimit+0xf8/0x595 [ 214.056872][T11123] ? trace_hardirqs_on+0x67/0x240 [ 214.061919][T11123] ? mark_oom_victim.cold+0x18/0x18 [ 214.067124][T11123] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 214.072915][T11123] ? ___ratelimit+0x60/0x595 [ 214.077489][T11123] ? do_raw_spin_unlock+0x57/0x270 [ 214.082578][T11123] oom_kill_process.cold+0x10/0x15 [ 214.087672][T11123] out_of_memory+0x334/0x1340 [ 214.092340][T11123] ? lock_downgrade+0x920/0x920 [ 214.097173][T11123] ? oom_killer_disable+0x280/0x280 [ 214.102364][T11123] mem_cgroup_out_of_memory+0x1d8/0x240 [ 214.107895][T11123] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 214.113617][T11123] ? do_raw_spin_unlock+0x57/0x270 [ 214.118754][T11123] ? _raw_spin_unlock+0x2d/0x50 [ 214.123591][T11123] try_charge+0xf4b/0x1440 [ 214.127989][T11123] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 214.133523][T11123] ? percpu_ref_tryget_live+0x111/0x290 [ 214.139074][T11123] ? get_mem_cgroup_from_mm+0x16/0x320 [ 214.144517][T11123] ? get_mem_cgroup_from_mm+0x156/0x320 [ 214.150039][T11123] mem_cgroup_try_charge+0x136/0x590 [ 214.155325][T11123] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 214.160964][T11123] wp_page_copy+0x421/0x15e0 [ 214.165536][T11123] ? page_trans_huge_mapcount+0x166/0x450 [ 214.171262][T11123] ? pmd_pfn+0x1d0/0x1d0 [ 214.175496][T11123] ? lock_downgrade+0x920/0x920 [ 214.180383][T11123] ? swp_swapcount+0x540/0x540 [ 214.185126][T11123] ? do_raw_spin_unlock+0x57/0x270 [ 214.190226][T11123] ? __kasan_check_read+0x11/0x20 [ 214.195241][T11123] ? do_raw_spin_unlock+0x57/0x270 [ 214.200348][T11123] do_wp_page+0x499/0x14d0 [ 214.204752][T11123] ? finish_mkwrite_fault+0x570/0x570 [ 214.210109][T11123] __handle_mm_fault+0x22f7/0x3f20 [ 214.215222][T11123] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 214.220785][T11123] ? __kasan_check_read+0x11/0x20 [ 214.225806][T11123] ? trace_hardirqs_on+0x67/0x240 [ 214.230821][T11123] handle_mm_fault+0x1b5/0x6b0 [ 214.235588][T11123] __do_page_fault+0x536/0xdd0 [ 214.240363][T11123] do_page_fault+0x38/0x590 [ 214.244880][T11123] page_fault+0x39/0x40 [ 214.249016][T11123] RIP: 0033:0x430906 [ 214.252888][T11123] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 214.272568][T11123] RSP: 002b:00007ffc685ef330 EFLAGS: 00010206 [ 214.278619][T11123] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 214.286578][T11123] RDX: 0000555556cc8930 RSI: 0000555556cd0970 RDI: 0000000000000003 [ 214.294540][T11123] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556cc7940 [ 214.302512][T11123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 214.310478][T11123] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 [ 214.319208][T11123] memory: usage 1156kB, limit 0kB, failcnt 54 [ 214.325472][T11123] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 214.332319][T11123] Memory cgroup stats for [ 214.332333][T11123] /syz4: [ 214.332455][T11123] anon 57344 [ 214.332455][T11123] file 0 [ 214.332455][T11123] kernel_stack 0 [ 214.332455][T11123] slab 1216512 [ 214.332455][T11123] sock 0 [ 214.332455][T11123] shmem 0 [ 214.332455][T11123] file_mapped 0 [ 214.332455][T11123] file_dirty 0 [ 214.332455][T11123] file_writeback 0 [ 214.332455][T11123] anon_thp 0 [ 214.332455][T11123] inactive_anon 0 [ 214.332455][T11123] active_anon 57344 [ 214.332455][T11123] inactive_file 0 [ 214.332455][T11123] active_file 0 [ 214.332455][T11123] unevictable 0 [ 214.332455][T11123] slab_reclaimable 405504 [ 214.332455][T11123] slab_unreclaimable 811008 [ 214.332455][T11123] pgfault 1419 [ 214.332455][T11123] pgmajfault 0 [ 214.332455][T11123] workingset_refault 0 [ 214.332455][T11123] workingset_activate 0 [ 214.332455][T11123] workingset_nodereclaim 0 [ 214.332455][T11123] pgrefill 0 [ 214.332455][T11123] pgscan 0 [ 214.332455][T11123] pgsteal 0 [ 214.332455][T11123] pgactivate 0 [ 214.332455][T11123] pgdeactivate 0 [ 214.431781][T11123] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11123,uid=0 [ 214.447659][T11123] Memory cgroup out of memory: Killed process 11123 (syz-executor.4) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 [ 214.462757][ T1061] oom_reaper: reaped process 11123 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 214.496230][T11119] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 214.668424][T11144] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 214.678748][T11144] CPU: 0 PID: 11144 Comm: syz-executor.5 Not tainted 5.3.0-rc3-next-20190809 #63 [ 214.687877][T11144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 214.697950][T11144] Call Trace: [ 214.701260][T11144] dump_stack+0x172/0x1f0 [ 214.705608][T11144] dump_header+0x177/0x1152 [ 214.710126][T11144] ? ___ratelimit+0xf8/0x595 [ 214.714733][T11144] ? trace_hardirqs_on+0x67/0x240 [ 214.719762][T11144] ? mark_oom_victim.cold+0x18/0x18 [ 214.724973][T11144] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 214.730835][T11144] ? ___ratelimit+0x60/0x595 [ 214.735952][T11144] ? do_raw_spin_unlock+0x57/0x270 [ 214.741059][T11144] oom_kill_process.cold+0x10/0x15 [ 214.746287][T11144] out_of_memory+0x334/0x1340 [ 214.750967][T11144] ? kernfs_notify+0x131/0x1f0 [ 214.755727][T11144] ? __kasan_check_read+0x11/0x20 [ 214.760741][T11144] ? oom_killer_disable+0x280/0x280 [ 214.765961][T11144] ? lock_downgrade+0x920/0x920 [ 214.770810][T11144] mem_cgroup_out_of_memory+0x1d8/0x240 [ 214.776421][T11144] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 214.782067][T11144] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 214.787876][T11144] ? cgroup_file_notify+0x140/0x1b0 [ 214.793091][T11144] memory_max_write+0x262/0x3a0 [ 214.797959][T11144] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 214.804738][T11144] ? lock_acquire+0x190/0x410 [ 214.809416][T11144] ? kernfs_fop_write+0x227/0x480 [ 214.814482][T11144] cgroup_file_write+0x241/0x790 [ 214.819437][T11144] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 214.826208][T11144] ? cgroup_migrate_add_task+0x890/0x890 [ 214.831839][T11144] ? __might_fault+0x1a3/0x1e0 [ 214.836587][T11144] ? cgroup_migrate_add_task+0x890/0x890 [ 214.842208][T11144] kernfs_fop_write+0x2b8/0x480 [ 214.847043][T11144] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.853296][T11144] __vfs_write+0x8a/0x110 [ 214.857643][T11144] ? kernfs_fop_open+0xd80/0xd80 [ 214.862593][T11144] vfs_write+0x268/0x5d0 [ 214.866844][T11144] ksys_write+0x14f/0x290 [ 214.871169][T11144] ? __ia32_sys_read+0xb0/0xb0 [ 214.875936][T11144] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 214.881999][T11144] __x64_sys_write+0x73/0xb0 [ 214.886584][T11144] do_syscall_64+0xfa/0x760 [ 214.891093][T11144] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 214.896967][T11144] RIP: 0033:0x459829 [ 214.900866][T11144] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 214.920560][T11144] RSP: 002b:00007f0966f41c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 214.928956][T11144] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 214.936910][T11144] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 214.944881][T11144] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 214.952856][T11144] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0966f426d4 [ 214.960810][T11144] R13: 00000000004c9970 R14: 00000000004e0fd8 R15: 00000000ffffffff [ 214.973587][T11144] memory: usage 3632kB, limit 0kB, failcnt 37 [ 214.980302][T11144] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 214.988690][T11144] Memory cgroup stats for /syz5: [ 214.988805][T11144] anon 2101248 [ 214.988805][T11144] file 0 [ 214.988805][T11144] kernel_stack 65536 [ 214.988805][T11144] slab 1470464 [ 214.988805][T11144] sock 0 [ 214.988805][T11144] shmem 0 [ 214.988805][T11144] file_mapped 0 [ 214.988805][T11144] file_dirty 0 [ 214.988805][T11144] file_writeback 0 [ 214.988805][T11144] anon_thp 2097152 [ 214.988805][T11144] inactive_anon 0 [ 214.988805][T11144] active_anon 2101248 [ 214.988805][T11144] inactive_file 0 [ 214.988805][T11144] active_file 0 [ 214.988805][T11144] unevictable 0 [ 214.988805][T11144] slab_reclaimable 540672 [ 214.988805][T11144] slab_unreclaimable 929792 [ 214.988805][T11144] pgfault 1485 [ 214.988805][T11144] pgmajfault 0 [ 214.988805][T11144] workingset_refault 0 [ 214.988805][T11144] workingset_activate 0 [ 214.988805][T11144] workingset_nodereclaim 0 [ 214.988805][T11144] pgrefill 0 [ 214.988805][T11144] pgscan 0 [ 214.988805][T11144] pgsteal 0 [ 214.988805][T11144] pgactivate 0 [ 214.994472][T11144] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=11142,uid=0 [ 215.098506][T11143] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.5'. [ 215.098669][T11144] Memory cgroup out of memory: Killed process 11142 (syz-executor.5) total-vm:72712kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 215.123971][ T1061] oom_reaper: reaped process 11142 (syz-executor.5), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 12:39:14 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:14 executing program 2: ioctl$sock_ifreq(0xffffffffffffffff, 0x8914, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x20000000003, 0x0) 12:39:14 executing program 3: creat(0x0, 0x0) mlockall(0x3) clone(0x1080000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000240)={@mcast1, 0x8}, 0x20) mlockall(0x3) 12:39:14 executing program 1: syz_emit_ethernet(0x7e, &(0x7f0000000200)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @remote={0xac, 0x223}, @dev}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x3, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001, 0x0, @local={0xac, 0x223}, @dev, {[@timestamp={0x32002, 0x40, 0x0, 0x0, 0x0, [{[@rand_addr]}, {[@multicast2]}, {[@multicast1]}, {}, {[@loopback]}, {[@broadcast]}, {[@multicast1]}, {[@dev]}]}]}}}}}}}, 0x0) 12:39:14 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) 12:39:14 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:14 executing program 1: syz_open_dev$sndseq(&(0x7f0000000640)='/dev/snd/seq\x00', 0x0, 0x0) r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r2 = syz_open_dev$sndseq(0x0, 0x0, 0x1) dup2(r2, r0) ppoll(&(0x7f0000000140)=[{r0}], 0x1, &(0x7f0000000180)={0x0, 0x989680}, 0x0, 0x0) [ 215.383248][T11119] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 215.423350][T11119] CPU: 0 PID: 11119 Comm: syz-executor.5 Not tainted 5.3.0-rc3-next-20190809 #63 [ 215.432589][T11119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 215.442647][T11119] Call Trace: [ 215.445974][T11119] dump_stack+0x172/0x1f0 [ 215.450313][T11119] dump_header+0x177/0x1152 [ 215.454831][T11119] ? ___ratelimit+0xf8/0x595 [ 215.459433][T11119] ? trace_hardirqs_on+0x67/0x240 [ 215.464476][T11119] ? mark_oom_victim.cold+0x18/0x18 [ 215.469710][T11119] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 215.475524][T11119] ? ___ratelimit+0x60/0x595 [ 215.480121][T11119] ? do_raw_spin_unlock+0x57/0x270 [ 215.485247][T11119] oom_kill_process.cold+0x10/0x15 [ 215.490488][T11119] out_of_memory+0x334/0x1340 [ 215.495178][T11119] ? lock_downgrade+0x920/0x920 [ 215.500033][T11119] ? oom_killer_disable+0x280/0x280 [ 215.505232][T11119] ? __kasan_check_read+0x11/0x20 [ 215.510273][T11119] mem_cgroup_out_of_memory+0x1d8/0x240 [ 215.515830][T11119] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 215.521481][T11119] ? do_raw_spin_unlock+0x57/0x270 [ 215.526596][T11119] ? _raw_spin_unlock+0x2d/0x50 [ 215.542158][T11119] try_charge+0xf4b/0x1440 [ 215.546602][T11119] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 215.552168][T11119] ? percpu_ref_tryget_live+0x111/0x290 [ 215.557726][T11119] ? get_mem_cgroup_from_mm+0x16/0x320 [ 215.563204][T11119] ? get_mem_cgroup_from_mm+0x156/0x320 [ 215.568792][T11119] mem_cgroup_try_charge+0x136/0x590 [ 215.574097][T11119] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 215.579754][T11119] __handle_mm_fault+0x1e3a/0x3f20 [ 215.584885][T11119] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 215.590439][T11119] ? __kasan_check_read+0x11/0x20 [ 215.595537][T11119] ? trace_hardirqs_on+0x67/0x240 [ 215.601278][T11119] handle_mm_fault+0x1b5/0x6b0 [ 215.606056][T11119] __do_page_fault+0x536/0xdd0 [ 215.610846][T11119] do_page_fault+0x38/0x590 [ 215.615372][T11119] page_fault+0x39/0x40 [ 215.619541][T11119] RIP: 0033:0x4577c1 [ 215.623446][T11119] Code: 48 81 ec 98 00 00 00 0f 05 48 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 00 48 89 e2 89 de bf 01 00 00 00 ba 13 00 00 85 c0 0f 88 98 00 00 00 8b 44 24 18 25 00 f0 00 00 [ 215.643080][T11119] RSP: 002b:00007ffda3124fd0 EFLAGS: 00010206 [ 215.649156][T11119] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 00000000004577a0 [ 215.657136][T11119] RDX: 00007ffda3124fd0 RSI: 0000000000000003 RDI: 0000000000000001 [ 215.665110][T11119] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555557032940 [ 215.673115][T11119] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffda31261b0 [ 215.681098][T11119] R13: 00007ffda31261a0 R14: 0000000000000000 R15: 00007ffda31261b0 12:39:15 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 215.933584][T11119] memory: usage 1252kB, limit 0kB, failcnt 45 [ 215.940927][T11119] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 215.969385][T11119] Memory cgroup stats for /syz5: [ 215.969508][T11119] anon 0 [ 215.969508][T11119] file 0 [ 215.969508][T11119] kernel_stack 0 [ 215.969508][T11119] slab 1470464 [ 215.969508][T11119] sock 0 [ 215.969508][T11119] shmem 0 [ 215.969508][T11119] file_mapped 0 [ 215.969508][T11119] file_dirty 0 [ 215.969508][T11119] file_writeback 0 [ 215.969508][T11119] anon_thp 0 [ 215.969508][T11119] inactive_anon 0 [ 215.969508][T11119] active_anon 0 [ 215.969508][T11119] inactive_file 0 [ 215.969508][T11119] active_file 0 [ 215.969508][T11119] unevictable 0 [ 215.969508][T11119] slab_reclaimable 540672 [ 215.969508][T11119] slab_unreclaimable 929792 [ 215.969508][T11119] pgfault 1485 [ 215.969508][T11119] pgmajfault 0 [ 215.969508][T11119] workingset_refault 0 [ 215.969508][T11119] workingset_activate 0 [ 215.969508][T11119] workingset_nodereclaim 0 [ 215.969508][T11119] pgrefill 0 [ 215.969508][T11119] pgscan 0 [ 215.969508][T11119] pgsteal 0 [ 215.969508][T11119] pgactivate 0 [ 215.969508][T11119] pgdeactivate 0 [ 216.092656][T11119] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=11119,uid=0 [ 216.117565][T11119] Memory cgroup out of memory: Killed process 11119 (syz-executor.5) total-vm:72448kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 [ 216.134466][ T590] device bridge_slave_1 left promiscuous mode [ 216.140708][ T590] bridge0: port 2(bridge_slave_1) entered disabled state 12:39:15 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) 12:39:15 executing program 1: r0 = syz_open_dev$radio(&(0x7f0000000240)='/dev/radio#\x00', 0x3, 0x2) getrusage(0x0, 0x0) socket$tipc(0x1e, 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) ioctl$RTC_WKALM_SET(0xffffffffffffffff, 0x4028700f, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$ARPT_SO_GET_INFO(r2, 0x0, 0x60, 0x0, 0x0) ioctl$TIOCGPTLCK(0xffffffffffffffff, 0x80045439, &(0x7f0000000500)) write(r2, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0) ioctl$VIDIOC_ENUMINPUT(0xffffffffffffffff, 0xc050561a, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000003c0)) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40086409, 0x0) [ 216.169442][ T1061] oom_reaper: reaped process 11119 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 12:39:15 executing program 2: ioctl$sock_ifreq(0xffffffffffffffff, 0x8914, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) write$binfmt_script(r1, &(0x7f0000000240)=ANY=[], 0xfffffe04) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x20000000003, 0x0) [ 216.213891][ T590] device bridge_slave_0 left promiscuous mode [ 216.220100][ T590] bridge0: port 1(bridge_slave_0) entered disabled state 12:39:15 executing program 3: creat(0x0, 0x0) mlockall(0x3) clone(0x1080000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000240)={@mcast1, 0x8}, 0x20) mlockall(0x3) [ 216.315272][ T590] device bridge_slave_1 left promiscuous mode [ 216.321590][ T590] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.384368][ T590] device bridge_slave_0 left promiscuous mode [ 216.390619][ T590] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.193594][ T590] device hsr_slave_0 left promiscuous mode [ 218.233198][ T590] device hsr_slave_1 left promiscuous mode [ 218.278095][ T590] team0 (unregistering): Port device team_slave_1 removed [ 218.289189][ T590] team0 (unregistering): Port device team_slave_0 removed [ 218.299551][ T590] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 218.335706][ T590] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 218.419405][ T590] bond0 (unregistering): Released all slaves [ 218.553910][ T590] device hsr_slave_0 left promiscuous mode [ 218.613219][ T590] device hsr_slave_1 left promiscuous mode [ 218.659573][ T590] team0 (unregistering): Port device team_slave_1 removed [ 218.669286][ T590] team0 (unregistering): Port device team_slave_0 removed [ 218.679995][ T590] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 218.737862][ T590] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 218.814286][ T590] bond0 (unregistering): Released all slaves 12:39:18 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:18 executing program 3: creat(0x0, 0x0) mlockall(0x3) clone(0x1080000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000240)={@mcast1, 0x8}, 0x20) mlockall(0x3) 12:39:18 executing program 1: r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_CLEAR_SOCK(r0, 0xab04) 12:39:18 executing program 2: ioctl$sock_ifreq(0xffffffffffffffff, 0x8914, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) write$binfmt_script(r1, &(0x7f0000000240)=ANY=[], 0xfffffe04) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x20000000003, 0x0) 12:39:18 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, 0x0, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 219.025322][T11184] IPVS: ftp: loaded support on port[0] = 21 [ 219.100233][T11192] block nbd1: shutting down sockets [ 219.148991][T11184] chnl_net:caif_netlink_parms(): no params data found [ 219.159987][T11188] block nbd1: shutting down sockets [ 219.226762][T11184] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.241804][T11184] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.261732][T11184] device bridge_slave_0 entered promiscuous mode [ 219.298144][T11184] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.321013][T11184] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.329669][T11184] device bridge_slave_1 entered promiscuous mode [ 219.353493][T11184] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.486506][T11184] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.533628][T11184] team0: Port device team_slave_0 added [ 219.540960][T11184] team0: Port device team_slave_1 added [ 219.645690][T11184] device hsr_slave_0 entered promiscuous mode [ 219.687219][T11184] device hsr_slave_1 entered promiscuous mode [ 219.743544][T11184] debugfs: Directory 'hsr0' with parent '/' already present! [ 219.761262][T11184] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.768389][T11184] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.775770][T11184] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.782929][T11184] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.821139][T11184] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.834174][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 219.842441][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.850618][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.862860][T11184] 8021q: adding VLAN 0 to HW filter on device team0 [ 219.875531][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 219.884414][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.891472][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.935301][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 219.950648][ T2991] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.957750][ T2991] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.970907][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 219.987726][T11184] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 219.998342][T11184] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 220.010708][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 220.019014][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 220.027716][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 220.037342][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 220.045684][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 220.054245][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 220.062368][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 220.070945][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 220.087883][T11184] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 220.172443][T11209] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.4'. [ 220.209586][T11209] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 220.220663][T11209] CPU: 1 PID: 11209 Comm: syz-executor.4 Not tainted 5.3.0-rc3-next-20190809 #63 [ 220.229760][T11209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.239903][T11209] Call Trace: [ 220.243224][T11209] dump_stack+0x172/0x1f0 [ 220.247747][T11209] dump_header+0x177/0x1152 [ 220.252236][T11209] ? mark_oom_victim.cold+0x18/0x18 [ 220.257420][T11209] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 220.263390][T11209] ? ___ratelimit+0x60/0x595 [ 220.268005][T11209] ? do_raw_spin_unlock+0x57/0x270 [ 220.273114][T11209] oom_kill_process.cold+0x10/0x15 [ 220.278305][T11209] out_of_memory+0x334/0x1340 [ 220.282977][T11209] ? __sched_text_start+0x8/0x8 [ 220.287824][T11209] ? oom_killer_disable+0x280/0x280 [ 220.293026][T11209] mem_cgroup_out_of_memory+0x1d8/0x240 [ 220.298556][T11209] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 220.304181][T11209] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 220.310084][T11209] ? cgroup_file_notify+0x140/0x1b0 [ 220.315307][T11209] memory_max_write+0x262/0x3a0 [ 220.320235][T11209] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 220.326983][T11209] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 220.332443][T11209] cgroup_file_write+0x241/0x790 [ 220.337388][T11209] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 220.344133][T11209] ? cgroup_migrate_add_task+0x890/0x890 [ 220.349765][T11209] ? kernfs_ops+0x9f/0x110 [ 220.354163][T11209] ? cgroup_migrate_add_task+0x890/0x890 [ 220.359786][T11209] kernfs_fop_write+0x2b8/0x480 [ 220.364641][T11209] __vfs_write+0x8a/0x110 [ 220.368972][T11209] ? kernfs_fop_open+0xd80/0xd80 [ 220.373893][T11209] vfs_write+0x268/0x5d0 [ 220.378208][T11209] ksys_write+0x14f/0x290 [ 220.382521][T11209] ? __ia32_sys_read+0xb0/0xb0 [ 220.387269][T11209] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 220.393317][T11209] __x64_sys_write+0x73/0xb0 [ 220.397890][T11209] do_syscall_64+0xfa/0x760 [ 220.402377][T11209] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.408248][T11209] RIP: 0033:0x459829 [ 220.412130][T11209] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 220.431724][T11209] RSP: 002b:00007fbe12695c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 220.440238][T11209] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 220.448281][T11209] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 220.456331][T11209] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 220.464292][T11209] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbe126966d4 [ 220.472606][T11209] R13: 00000000004c9970 R14: 00000000004e0fd8 R15: 00000000ffffffff [ 220.489357][T11209] memory: usage 3404kB, limit 0kB, failcnt 55 [ 220.495707][T11209] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 220.502686][T11209] Memory cgroup stats for /syz4: [ 220.503042][T11209] anon 2211840 [ 220.503042][T11209] file 0 [ 220.503042][T11209] kernel_stack 65536 [ 220.503042][T11209] slab 1216512 [ 220.503042][T11209] sock 0 [ 220.503042][T11209] shmem 0 [ 220.503042][T11209] file_mapped 0 [ 220.503042][T11209] file_dirty 0 [ 220.503042][T11209] file_writeback 0 [ 220.503042][T11209] anon_thp 2097152 [ 220.503042][T11209] inactive_anon 0 [ 220.503042][T11209] active_anon 2211840 [ 220.503042][T11209] inactive_file 0 [ 220.503042][T11209] active_file 0 [ 220.503042][T11209] unevictable 0 [ 220.503042][T11209] slab_reclaimable 405504 [ 220.503042][T11209] slab_unreclaimable 811008 [ 220.503042][T11209] pgfault 1485 [ 220.503042][T11209] pgmajfault 0 [ 220.503042][T11209] workingset_refault 0 [ 220.503042][T11209] workingset_activate 0 [ 220.503042][T11209] workingset_nodereclaim 0 [ 220.503042][T11209] pgrefill 0 [ 220.503042][T11209] pgscan 0 [ 220.503042][T11209] pgsteal 0 [ 220.503042][T11209] pgactivate 0 [ 220.601806][T11209] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11207,uid=0 [ 220.618280][T11209] Memory cgroup out of memory: Killed process 11207 (syz-executor.4) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 220.634515][ T1061] oom_reaper: reaped process 11207 (syz-executor.4), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 12:39:19 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:19 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, 0x0, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) 12:39:19 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) socket$kcm(0x10, 0x2, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:19 executing program 3: creat(0x0, 0x0) mlockall(0x3) clone(0x1080000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:39:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") syz_mount_image$gfs2(&(0x7f0000000040)='gfs2\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={[{@nobarrier='nobarrier'}, {@noloccookie='noloccookie'}, {@barrier='barrier'}], [{@uid_gt={'uid>'}}]}) 12:39:19 executing program 2: ioctl$sock_ifreq(0xffffffffffffffff, 0x8914, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) write$binfmt_script(r1, &(0x7f0000000240)=ANY=[], 0xfffffe04) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x20000000003, 0x0) [ 220.685757][T11184] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 220.705469][T11184] CPU: 1 PID: 11184 Comm: syz-executor.4 Not tainted 5.3.0-rc3-next-20190809 #63 [ 220.714618][T11184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.724771][T11184] Call Trace: [ 220.728091][T11184] dump_stack+0x172/0x1f0 [ 220.732532][T11184] dump_header+0x177/0x1152 [ 220.737195][T11184] ? ___ratelimit+0xf8/0x595 [ 220.741849][T11184] ? trace_hardirqs_on+0x67/0x240 [ 220.746886][T11184] ? mark_oom_victim.cold+0x18/0x18 [ 220.746904][T11184] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 220.746929][T11184] ? ___ratelimit+0x60/0x595 [ 220.758113][T11184] ? do_raw_spin_unlock+0x57/0x270 [ 220.758130][T11184] oom_kill_process.cold+0x10/0x15 [ 220.758158][T11184] out_of_memory+0x334/0x1340 [ 220.778129][T11184] ? lock_downgrade+0x920/0x920 [ 220.782980][T11184] ? oom_killer_disable+0x280/0x280 [ 220.788190][T11184] mem_cgroup_out_of_memory+0x1d8/0x240 [ 220.792737][T11213] gfs2: Unknown parameter 'uid>00000000000000000000' [ 220.793767][T11184] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 220.793783][T11184] ? do_raw_spin_unlock+0x57/0x270 [ 220.793799][T11184] ? _raw_spin_unlock+0x2d/0x50 [ 220.793817][T11184] try_charge+0xf4b/0x1440 [ 220.793851][T11184] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 220.826042][T11184] ? percpu_ref_tryget_live+0x111/0x290 [ 220.831615][T11184] ? get_mem_cgroup_from_mm+0x16/0x320 [ 220.837141][T11184] ? get_mem_cgroup_from_mm+0x156/0x320 [ 220.842693][T11184] mem_cgroup_try_charge+0x136/0x590 [ 220.847983][T11184] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 220.853627][T11184] wp_page_copy+0x421/0x15e0 [ 220.858583][T11184] ? page_trans_huge_mapcount+0x166/0x450 [ 220.864398][T11184] ? pmd_pfn+0x1d0/0x1d0 [ 220.868641][T11184] ? lock_downgrade+0x920/0x920 [ 220.873521][T11184] ? swp_swapcount+0x540/0x540 [ 220.878284][T11184] ? __sb_end_write+0x11e/0x1f0 [ 220.883220][T11184] ? __kasan_check_read+0x11/0x20 [ 220.888247][T11184] ? do_raw_spin_unlock+0x57/0x270 [ 220.893570][T11184] do_wp_page+0x499/0x14d0 [ 220.898003][T11184] ? finish_mkwrite_fault+0x570/0x570 [ 220.903588][T11184] __handle_mm_fault+0x22f7/0x3f20 [ 220.909602][T11184] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 220.915782][T11184] ? __kasan_check_read+0x11/0x20 [ 220.921109][T11184] ? trace_hardirqs_on+0x67/0x240 [ 220.926166][T11184] handle_mm_fault+0x1b5/0x6b0 [ 220.930945][T11184] __do_page_fault+0x536/0xdd0 [ 220.935747][T11184] do_page_fault+0x38/0x590 [ 220.940266][T11184] page_fault+0x39/0x40 [ 220.944526][T11184] RIP: 0033:0x4034f2 [ 220.948425][T11184] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48 [ 220.968118][T11184] RSP: 002b:00007fffa9359b90 EFLAGS: 00010246 [ 220.974190][T11184] RAX: 0000000000000000 RBX: 0000000000035c08 RCX: 0000000000413430 [ 220.982165][T11184] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fffa935acc0 [ 220.990142][T11184] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555555ec2940 [ 220.998110][T11184] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffa935acc0 [ 221.006085][T11184] R13: 00007fffa935acb0 R14: 0000000000000000 R15: 00007fffa935acc0 12:39:20 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, 0x0, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 221.031508][T11184] memory: usage 1080kB, limit 0kB, failcnt 63 [ 221.049839][T11184] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 221.091166][T11184] Memory cgroup stats for /syz4: [ 221.091268][T11184] anon 131072 [ 221.091268][T11184] file 0 [ 221.091268][T11184] kernel_stack 0 [ 221.091268][T11184] slab 1216512 [ 221.091268][T11184] sock 0 [ 221.091268][T11184] shmem 0 [ 221.091268][T11184] file_mapped 0 [ 221.091268][T11184] file_dirty 0 [ 221.091268][T11184] file_writeback 0 [ 221.091268][T11184] anon_thp 0 [ 221.091268][T11184] inactive_anon 0 [ 221.091268][T11184] active_anon 131072 [ 221.091268][T11184] inactive_file 0 [ 221.091268][T11184] active_file 0 [ 221.091268][T11184] unevictable 0 [ 221.091268][T11184] slab_reclaimable 405504 [ 221.091268][T11184] slab_unreclaimable 811008 [ 221.091268][T11184] pgfault 1485 [ 221.091268][T11184] pgmajfault 0 [ 221.091268][T11184] workingset_refault 0 [ 221.091268][T11184] workingset_activate 0 [ 221.091268][T11184] workingset_nodereclaim 0 [ 221.091268][T11184] pgrefill 0 [ 221.091268][T11184] pgscan 0 [ 221.091268][T11184] pgsteal 0 [ 221.091268][T11184] pgactivate 0 [ 221.091268][T11184] pgdeactivate 0 12:39:20 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000080)={[{0x0, '\x03\x8a\xa1t\x03n\xd7\xe0\x8f\x93\xdd\x86\xdd'}]}, 0xfdef) 12:39:20 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 221.299326][T11184] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11184,uid=0 [ 221.319543][T11184] Memory cgroup out of memory: Killed process 11184 (syz-executor.4) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 [ 221.348106][ T1061] oom_reaper: reaped process 11184 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 12:39:21 executing program 3: creat(0x0, 0x0) mlockall(0x3) clone(0x1080000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:39:21 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) 12:39:21 executing program 2: ioctl$sock_ifreq(0xffffffffffffffff, 0x8914, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000240)=ANY=[], 0xfffffe04) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) 12:39:21 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:21 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 222.414900][T11260] IPVS: ftp: loaded support on port[0] = 21 [ 222.521844][T11260] chnl_net:caif_netlink_parms(): no params data found [ 222.548301][T11260] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.557007][T11260] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.565165][T11260] device bridge_slave_0 entered promiscuous mode [ 222.625879][T11260] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.633023][T11260] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.640961][T11260] device bridge_slave_1 entered promiscuous mode [ 222.658813][T11260] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 222.669711][T11260] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 222.740926][T11260] team0: Port device team_slave_0 added [ 222.748792][T11260] team0: Port device team_slave_1 added [ 222.875592][T11260] device hsr_slave_0 entered promiscuous mode [ 222.913511][T11260] device hsr_slave_1 entered promiscuous mode [ 222.953227][T11260] debugfs: Directory 'hsr0' with parent '/' already present! [ 223.039195][T11260] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.049380][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 223.059368][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 223.069756][T11260] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.077016][ T590] device bridge_slave_1 left promiscuous mode [ 223.083673][ T590] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.144397][ T590] device bridge_slave_0 left promiscuous mode [ 223.150548][ T590] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.204587][ T590] device bridge_slave_1 left promiscuous mode [ 223.210775][ T590] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.263973][ T590] device bridge_slave_0 left promiscuous mode [ 223.270133][ T590] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.683635][ T590] device hsr_slave_0 left promiscuous mode [ 224.713222][ T590] device hsr_slave_1 left promiscuous mode [ 224.797821][ T590] team0 (unregistering): Port device team_slave_1 removed [ 224.809148][ T590] team0 (unregistering): Port device team_slave_0 removed [ 224.819314][ T590] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 224.867313][ T590] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 224.945640][ T590] bond0 (unregistering): Released all slaves [ 225.073847][ T590] device hsr_slave_0 left promiscuous mode [ 225.123509][ T590] device hsr_slave_1 left promiscuous mode [ 225.198321][ T590] team0 (unregistering): Port device team_slave_1 removed [ 225.209622][ T590] team0 (unregistering): Port device team_slave_0 removed [ 225.219569][ T590] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 225.257449][ T590] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 225.335040][ T590] bond0 (unregistering): Released all slaves [ 225.444951][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 225.455524][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 225.464015][ T3490] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.471095][ T3490] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.479238][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 225.487773][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 225.496174][ T3490] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.503268][ T3490] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.510775][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 225.519468][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 225.527906][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 225.536779][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 225.545131][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 225.553832][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 225.562676][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 225.570695][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 225.584630][T11260] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 225.595426][T11260] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 225.616696][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 225.625128][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 225.633722][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 225.641945][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 225.650267][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 225.670266][T11260] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 225.800139][T11268] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 225.810478][T11268] CPU: 1 PID: 11268 Comm: syz-executor.5 Not tainted 5.3.0-rc3-next-20190809 #63 [ 225.819625][T11268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 225.829668][T11268] Call Trace: [ 225.832944][T11268] dump_stack+0x172/0x1f0 [ 225.837258][T11268] dump_header+0x177/0x1152 [ 225.841782][T11268] ? mark_oom_victim.cold+0x18/0x18 [ 225.847140][T11268] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 225.852942][T11268] ? ___ratelimit+0x60/0x595 [ 225.857516][T11268] ? do_raw_spin_unlock+0x57/0x270 [ 225.862628][T11268] oom_kill_process.cold+0x10/0x15 [ 225.867750][T11268] out_of_memory+0x334/0x1340 [ 225.872409][T11268] ? __sched_text_start+0x8/0x8 [ 225.877266][T11268] ? oom_killer_disable+0x280/0x280 [ 225.882487][T11268] mem_cgroup_out_of_memory+0x1d8/0x240 [ 225.888055][T11268] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 225.893735][T11268] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 225.899705][T11268] ? cgroup_file_notify+0x140/0x1b0 [ 225.905167][T11268] memory_max_write+0x262/0x3a0 [ 225.910028][T11268] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 225.916802][T11268] cgroup_file_write+0x241/0x790 [ 225.921734][T11268] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 225.928486][T11268] ? cgroup_migrate_add_task+0x890/0x890 [ 225.934131][T11268] ? __might_fault+0x1a3/0x1e0 [ 225.938890][T11268] ? cgroup_migrate_add_task+0x890/0x890 [ 225.944514][T11268] kernfs_fop_write+0x2b8/0x480 [ 225.949353][T11268] __vfs_write+0x8a/0x110 [ 225.953684][T11268] ? kernfs_fop_open+0xd80/0xd80 [ 225.958608][T11268] vfs_write+0x268/0x5d0 [ 225.962876][T11268] ksys_write+0x14f/0x290 [ 225.967210][T11268] ? __ia32_sys_read+0xb0/0xb0 [ 225.971961][T11268] __x64_sys_write+0x73/0xb0 [ 225.976543][T11268] do_syscall_64+0xfa/0x760 [ 225.981053][T11268] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 225.986963][T11268] RIP: 0033:0x459829 [ 225.990856][T11268] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 226.010476][T11268] RSP: 002b:00007fc1a09bdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 226.018888][T11268] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 226.026852][T11268] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 226.035132][T11268] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 226.043098][T11268] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc1a09be6d4 [ 226.051074][T11268] R13: 00000000004c9970 R14: 00000000004e0fd8 R15: 00000000ffffffff [ 226.066472][T11268] memory: usage 3320kB, limit 0kB, failcnt 46 [ 226.072881][T11268] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 226.084185][T11268] Memory cgroup stats for /syz5: [ 226.085253][T11268] anon 2109440 [ 226.085253][T11268] file 0 [ 226.085253][T11268] kernel_stack 65536 [ 226.085253][T11268] slab 1200128 [ 226.085253][T11268] sock 0 [ 226.085253][T11268] shmem 0 [ 226.085253][T11268] file_mapped 0 [ 226.085253][T11268] file_dirty 0 [ 226.085253][T11268] file_writeback 0 [ 226.085253][T11268] anon_thp 2097152 [ 226.085253][T11268] inactive_anon 0 [ 226.085253][T11268] active_anon 2109440 [ 226.085253][T11268] inactive_file 0 [ 226.085253][T11268] active_file 0 [ 226.085253][T11268] unevictable 0 [ 226.085253][T11268] slab_reclaimable 405504 [ 226.085253][T11268] slab_unreclaimable 794624 [ 226.085253][T11268] pgfault 1551 [ 226.085253][T11268] pgmajfault 0 [ 226.085253][T11268] workingset_refault 0 [ 226.085253][T11268] workingset_activate 0 [ 226.085253][T11268] workingset_nodereclaim 0 [ 226.085253][T11268] pgrefill 0 [ 226.085253][T11268] pgscan 0 [ 226.085253][T11268] pgsteal 0 [ 226.085253][T11268] pgactivate 0 [ 226.189363][T11268] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=11267,uid=0 [ 226.208427][T11268] Memory cgroup out of memory: Killed process 11267 (syz-executor.5) total-vm:72580kB, anon-rss:2184kB, file-rss:35792kB, shmem-rss:0kB, UID:0 [ 226.228357][ T1061] oom_reaper: reaped process 11267 (syz-executor.5), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 12:39:25 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) socket$kcm(0x10, 0x2, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:25 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) close(r0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ptmx\x00', 0x0, 0x0) r2 = dup2(r0, r0) read(r1, &(0x7f0000000bc0)=""/11, 0xb) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000200)) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$EVIOCGABS2F(r2, 0x8018456f, 0x0) 12:39:25 executing program 3: creat(0x0, 0x0) mlockall(0x3) clone(0x1080000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) 12:39:25 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) 12:39:25 executing program 2: ioctl$sock_ifreq(0xffffffffffffffff, 0x8914, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000240)=ANY=[], 0xfffffe04) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) [ 226.328809][T11260] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 226.384048][T11260] CPU: 0 PID: 11260 Comm: syz-executor.5 Not tainted 5.3.0-rc3-next-20190809 #63 [ 226.393392][T11260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 226.403461][T11260] Call Trace: [ 226.406778][T11260] dump_stack+0x172/0x1f0 [ 226.411134][T11260] dump_header+0x177/0x1152 [ 226.415740][T11260] ? ___ratelimit+0xf8/0x595 [ 226.420370][T11260] ? trace_hardirqs_on+0x67/0x240 [ 226.425417][T11260] ? mark_oom_victim.cold+0x18/0x18 [ 226.430624][T11260] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 226.436454][T11260] ? ___ratelimit+0x60/0x595 [ 226.441046][T11260] ? do_raw_spin_unlock+0x57/0x270 [ 226.446163][T11260] oom_kill_process.cold+0x10/0x15 [ 226.451404][T11260] out_of_memory+0x334/0x1340 [ 226.456098][T11260] ? lock_downgrade+0x920/0x920 [ 226.460957][T11260] ? oom_killer_disable+0x280/0x280 [ 226.466163][T11260] mem_cgroup_out_of_memory+0x1d8/0x240 [ 226.471707][T11260] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 226.477347][T11260] ? do_raw_spin_unlock+0x57/0x270 [ 226.482465][T11260] ? _raw_spin_unlock+0x2d/0x50 [ 226.487330][T11260] try_charge+0xf4b/0x1440 [ 226.491766][T11260] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 226.497317][T11260] ? percpu_ref_tryget_live+0x111/0x290 [ 226.502863][T11260] ? get_mem_cgroup_from_mm+0x16/0x320 [ 226.508412][T11260] ? get_mem_cgroup_from_mm+0x156/0x320 [ 226.513963][T11260] mem_cgroup_try_charge+0x136/0x590 [ 226.519277][T11260] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 226.524947][T11260] wp_page_copy+0x421/0x15e0 [ 226.529573][T11260] ? page_trans_huge_mapcount+0x166/0x450 [ 226.535293][T11260] ? pmd_pfn+0x1d0/0x1d0 [ 226.539535][T11260] ? lock_downgrade+0x920/0x920 [ 226.544399][T11260] ? swp_swapcount+0x540/0x540 [ 226.549159][T11260] ? do_raw_spin_unlock+0x57/0x270 [ 226.555779][T11260] ? __kasan_check_read+0x11/0x20 [ 226.560826][T11260] ? do_raw_spin_unlock+0x57/0x270 [ 226.565944][T11260] do_wp_page+0x499/0x14d0 [ 226.570450][T11260] ? finish_mkwrite_fault+0x570/0x570 [ 226.575828][T11260] __handle_mm_fault+0x22f7/0x3f20 [ 226.580956][T11260] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 226.586501][T11260] ? __kasan_check_read+0x11/0x20 [ 226.591544][T11260] ? trace_hardirqs_on+0x67/0x240 [ 226.596588][T11260] handle_mm_fault+0x1b5/0x6b0 [ 226.601371][T11260] __do_page_fault+0x536/0xdd0 [ 226.606146][T11260] do_page_fault+0x38/0x590 [ 226.610651][T11260] page_fault+0x39/0x40 [ 226.614801][T11260] RIP: 0033:0x430906 [ 226.618785][T11260] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 226.638407][T11260] RSP: 002b:00007ffd676f0100 EFLAGS: 00010206 [ 226.644475][T11260] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 226.653064][T11260] RDX: 00005555562d3930 RSI: 00005555562db970 RDI: 0000000000000003 [ 226.661039][T11260] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555562d2940 [ 226.669848][T11260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 226.677825][T11260] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 12:39:26 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) 12:39:26 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='overlay\x00', 0x0, &(0x7f0000000540)={[{@xino_off='xino=off'}], [], 0xf603000000000000}) 12:39:26 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f00000017c0)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}}}, {{0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x0, 0x0, 0x0, 0x1a0ffffffff, 0x2000000]}}}}, 0x108) [ 226.863184][T11260] memory: usage 968kB, limit 0kB, failcnt 54 [ 226.869265][T11260] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 226.942138][T11288] overlayfs: missing 'lowerdir' [ 226.973931][T11260] Memory cgroup stats for /syz5: [ 226.974023][T11260] anon 0 [ 226.974023][T11260] file 0 [ 226.974023][T11260] kernel_stack 0 [ 226.974023][T11260] slab 1064960 [ 226.974023][T11260] sock 0 [ 226.974023][T11260] shmem 0 [ 226.974023][T11260] file_mapped 0 [ 226.974023][T11260] file_dirty 0 [ 226.974023][T11260] file_writeback 0 [ 226.974023][T11260] anon_thp 0 [ 226.974023][T11260] inactive_anon 0 [ 226.974023][T11260] active_anon 0 [ 226.974023][T11260] inactive_file 0 [ 226.974023][T11260] active_file 0 12:39:26 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) [ 226.974023][T11260] unevictable 0 [ 226.974023][T11260] slab_reclaimable 405504 [ 226.974023][T11260] slab_unreclaimable 659456 [ 226.974023][T11260] pgfault 1551 [ 226.974023][T11260] pgmajfault 0 [ 226.974023][T11260] workingset_refault 0 [ 226.974023][T11260] workingset_activate 0 [ 226.974023][T11260] workingset_nodereclaim 0 [ 226.974023][T11260] pgrefill 0 [ 226.974023][T11260] pgscan 0 [ 226.974023][T11260] pgsteal 0 [ 226.974023][T11260] pgactivate 0 [ 226.974023][T11260] pgdeactivate 0 12:39:26 executing program 1: syz_open_dev$sndpcmc(0x0, 0x0, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0xffffffffffffffff}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 12:39:26 executing program 2: ioctl$sock_ifreq(0xffffffffffffffff, 0x8914, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000240)=ANY=[], 0xfffffe04) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) [ 227.301284][T11260] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=11260,uid=0 [ 227.350524][T11260] Memory cgroup out of memory: Killed process 11260 (syz-executor.5) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 [ 227.382749][ T1061] oom_reaper: reaped process 11260 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 12:39:26 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) socket$kcm(0x10, 0x2, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 228.346647][T11311] IPVS: ftp: loaded support on port[0] = 21 [ 228.451481][T11311] chnl_net:caif_netlink_parms(): no params data found [ 228.526873][T11311] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.534409][T11311] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.541986][T11311] device bridge_slave_0 entered promiscuous mode [ 228.550638][T11311] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.558078][T11311] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.566418][T11311] device bridge_slave_1 entered promiscuous mode [ 228.585269][T11311] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 228.597133][T11311] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 228.664698][T11311] team0: Port device team_slave_0 added [ 228.672611][T11311] team0: Port device team_slave_1 added [ 228.724748][T11311] device hsr_slave_0 entered promiscuous mode [ 228.763528][T11311] device hsr_slave_1 entered promiscuous mode [ 228.813250][T11311] debugfs: Directory 'hsr0' with parent '/' already present! [ 228.895246][T11311] 8021q: adding VLAN 0 to HW filter on device bond0 [ 228.960181][T11311] 8021q: adding VLAN 0 to HW filter on device team0 [ 228.967845][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 228.978481][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 228.986888][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.003588][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 229.012451][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 229.022342][ T2991] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.034848][ T2991] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.042925][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 229.052189][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 229.061115][ T2991] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.068386][ T2991] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.076417][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 229.085272][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 229.094261][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 229.163813][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 229.172617][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 229.181813][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 229.194864][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 229.211783][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 229.285662][T11311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 229.308911][T11311] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 229.327755][ T590] device bridge_slave_1 left promiscuous mode [ 229.335714][ T590] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.374156][ T590] device bridge_slave_0 left promiscuous mode [ 229.380653][ T590] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.434682][ T590] device bridge_slave_1 left promiscuous mode [ 229.445709][ T590] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.503960][ T590] device bridge_slave_0 left promiscuous mode [ 229.511697][ T590] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.873640][ T590] device hsr_slave_0 left promiscuous mode [ 230.923224][ T590] device hsr_slave_1 left promiscuous mode [ 231.008194][ T590] team0 (unregistering): Port device team_slave_1 removed [ 231.022273][ T590] team0 (unregistering): Port device team_slave_0 removed [ 231.034858][ T590] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 231.077329][ T590] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 231.163663][ T590] bond0 (unregistering): Released all slaves [ 231.334017][ T590] device hsr_slave_0 left promiscuous mode [ 231.373306][ T590] device hsr_slave_1 left promiscuous mode [ 231.428014][ T590] team0 (unregistering): Port device team_slave_1 removed [ 231.439856][ T590] team0 (unregistering): Port device team_slave_0 removed [ 231.449872][ T590] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 231.496900][ T590] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 231.574266][ T590] bond0 (unregistering): Released all slaves [ 231.787986][T11319] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 231.799719][T11319] CPU: 0 PID: 11319 Comm: syz-executor.4 Not tainted 5.3.0-rc3-next-20190809 #63 [ 231.799744][T11319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 231.818901][T11319] Call Trace: [ 231.818925][T11319] dump_stack+0x172/0x1f0 [ 231.818940][T11319] dump_header+0x177/0x1152 [ 231.818956][T11319] ? ___ratelimit+0xf8/0x595 [ 231.818972][T11319] ? trace_hardirqs_on+0x67/0x240 [ 231.818985][T11319] ? mark_oom_victim.cold+0x18/0x18 [ 231.819000][T11319] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 231.819014][T11319] ? ___ratelimit+0x60/0x595 [ 231.819035][T11319] oom_kill_process.cold+0x10/0x15 [ 231.826673][T11319] out_of_memory+0x334/0x1340 [ 231.826695][T11319] ? __sched_text_start+0x8/0x8 [ 231.835764][T11319] ? oom_killer_disable+0x280/0x280 [ 231.835784][T11319] mem_cgroup_out_of_memory+0x1d8/0x240 [ 231.835799][T11319] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 231.835819][T11319] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 231.835840][T11319] ? cgroup_file_notify+0x140/0x1b0 [ 231.846044][T11319] memory_max_write+0x262/0x3a0 [ 231.846064][T11319] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 231.846083][T11319] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 231.846098][T11319] cgroup_file_write+0x241/0x790 [ 231.846116][T11319] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 231.846135][T11319] ? cgroup_migrate_add_task+0x890/0x890 [ 231.856521][T11319] ? cgroup_migrate_add_task+0x890/0x890 [ 231.866287][T11319] kernfs_fop_write+0x2b8/0x480 [ 231.866302][T11319] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 231.866316][T11319] __vfs_write+0x8a/0x110 [ 231.866326][T11319] ? kernfs_fop_open+0xd80/0xd80 [ 231.866346][T11319] vfs_write+0x268/0x5d0 [ 231.866362][T11319] ksys_write+0x14f/0x290 [ 231.866384][T11319] ? __ia32_sys_read+0xb0/0xb0 [ 231.876433][T11319] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 231.876450][T11319] __x64_sys_write+0x73/0xb0 [ 231.876468][T11319] do_syscall_64+0xfa/0x760 [ 231.876484][T11319] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 231.876495][T11319] RIP: 0033:0x459829 [ 231.876510][T11319] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 231.876524][T11319] RSP: 002b:00007fe0a84fcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 231.887702][T11319] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 231.887710][T11319] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 231.887718][T11319] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 231.887725][T11319] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe0a84fd6d4 [ 231.887742][T11319] R13: 00000000004c9970 R14: 00000000004e0fd8 R15: 00000000ffffffff [ 231.904225][T11319] memory: usage 3180kB, limit 0kB, failcnt 64 [ 231.917067][T11319] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 231.928542][T11319] Memory cgroup stats for /syz4: [ 231.929496][T11319] anon 2150400 [ 231.929496][T11319] file 0 [ 231.929496][T11319] kernel_stack 0 [ 231.929496][T11319] slab 1077248 [ 231.929496][T11319] sock 0 [ 231.929496][T11319] shmem 0 [ 231.929496][T11319] file_mapped 0 [ 231.929496][T11319] file_dirty 0 [ 231.929496][T11319] file_writeback 0 [ 231.929496][T11319] anon_thp 2097152 [ 231.929496][T11319] inactive_anon 0 [ 231.929496][T11319] active_anon 2150400 [ 231.929496][T11319] inactive_file 0 [ 231.929496][T11319] active_file 0 [ 231.929496][T11319] unevictable 0 [ 231.929496][T11319] slab_reclaimable 405504 [ 231.929496][T11319] slab_unreclaimable 671744 [ 231.929496][T11319] pgfault 1518 [ 231.929496][T11319] pgmajfault 0 [ 231.929496][T11319] workingset_refault 0 [ 231.929496][T11319] workingset_activate 0 [ 231.929496][T11319] workingset_nodereclaim 0 [ 231.929496][T11319] pgrefill 0 [ 231.929496][T11319] pgscan 0 [ 231.929496][T11319] pgsteal 0 [ 231.929496][T11319] pgactivate 0 [ 231.940224][T11319] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11318,uid=0 12:39:31 executing program 3: creat(0x0, 0x0) mlockall(0x3) clone(0x1080000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) 12:39:31 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) 12:39:31 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:31 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:31 executing program 1: syz_open_dev$sndpcmc(0x0, 0x0, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0xffffffffffffffff}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 12:39:31 executing program 2: ioctl$sock_ifreq(0xffffffffffffffff, 0x8914, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000240)=ANY=[], 0xfffffe04) splice(r0, 0x0, r2, 0x0, 0x20000000003, 0x0) [ 231.951259][T11319] Memory cgroup out of memory: Killed process 11318 (syz-executor.4) total-vm:72580kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 231.962420][ T1061] oom_reaper: reaped process 11318 (syz-executor.4), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 232.268439][T11311] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 232.281975][T11311] CPU: 1 PID: 11311 Comm: syz-executor.4 Not tainted 5.3.0-rc3-next-20190809 #63 [ 232.291284][T11311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 232.301341][T11311] Call Trace: [ 232.304637][T11311] dump_stack+0x172/0x1f0 [ 232.308966][T11311] dump_header+0x177/0x1152 [ 232.313472][T11311] ? ___ratelimit+0xf8/0x595 [ 232.318076][T11311] ? trace_hardirqs_on+0x67/0x240 [ 232.323107][T11311] ? mark_oom_victim.cold+0x18/0x18 [ 232.328411][T11311] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 232.334255][T11311] ? ___ratelimit+0x60/0x595 [ 232.338861][T11311] ? do_raw_spin_unlock+0x57/0x270 [ 232.343978][T11311] oom_kill_process.cold+0x10/0x15 [ 232.349093][T11311] out_of_memory+0x334/0x1340 [ 232.353777][T11311] ? lock_downgrade+0x920/0x920 [ 232.358638][T11311] ? oom_killer_disable+0x280/0x280 [ 232.363951][T11311] mem_cgroup_out_of_memory+0x1d8/0x240 [ 232.369526][T11311] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 232.375172][T11311] ? do_raw_spin_unlock+0x57/0x270 [ 232.380295][T11311] ? _raw_spin_unlock+0x2d/0x50 [ 232.385151][T11311] try_charge+0xf4b/0x1440 [ 232.389598][T11311] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 232.395148][T11311] ? percpu_ref_tryget_live+0x111/0x290 [ 232.400702][T11311] ? get_mem_cgroup_from_mm+0x16/0x320 [ 232.406184][T11311] ? get_mem_cgroup_from_mm+0x156/0x320 [ 232.411737][T11311] mem_cgroup_try_charge+0x136/0x590 [ 232.417154][T11311] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 232.422794][T11311] wp_page_copy+0x421/0x15e0 [ 232.427562][T11311] ? page_trans_huge_mapcount+0x166/0x450 [ 232.433284][T11311] ? pmd_pfn+0x1d0/0x1d0 [ 232.437536][T11311] ? lock_downgrade+0x920/0x920 [ 232.442390][T11311] ? swp_swapcount+0x540/0x540 [ 232.447150][T11311] ? do_raw_spin_unlock+0x57/0x270 [ 232.452268][T11311] ? __kasan_check_read+0x11/0x20 [ 232.457299][T11311] ? do_raw_spin_unlock+0x57/0x270 [ 232.462418][T11311] do_wp_page+0x499/0x14d0 [ 232.466860][T11311] ? finish_mkwrite_fault+0x570/0x570 [ 232.472339][T11311] __handle_mm_fault+0x22f7/0x3f20 [ 232.477470][T11311] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 232.483026][T11311] ? __kasan_check_read+0x11/0x20 [ 232.488075][T11311] ? trace_hardirqs_on+0x67/0x240 [ 232.493115][T11311] handle_mm_fault+0x1b5/0x6b0 [ 232.497905][T11311] __do_page_fault+0x536/0xdd0 [ 232.502672][T11311] do_page_fault+0x38/0x590 [ 232.507183][T11311] page_fault+0x39/0x40 [ 232.511343][T11311] RIP: 0033:0x430906 [ 232.515240][T11311] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 232.534868][T11311] RSP: 002b:00007ffc0b1574c0 EFLAGS: 00010206 [ 232.540943][T11311] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 232.548942][T11311] RDX: 00005555569f9930 RSI: 0000555556a01970 RDI: 0000000000000003 [ 232.558590][T11311] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555569f8940 [ 232.567887][T11311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 232.575877][T11311] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 12:39:31 executing program 0: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) 12:39:32 executing program 1: syz_open_dev$sndpcmc(0x0, 0x0, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0xffffffffffffffff}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 12:39:32 executing program 0: [ 232.793239][T11311] memory: usage 844kB, limit 0kB, failcnt 72 [ 232.804944][T11311] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 232.836908][T11311] Memory cgroup stats for /syz4: [ 232.837003][T11311] anon 0 [ 232.837003][T11311] file 0 [ 232.837003][T11311] kernel_stack 0 [ 232.837003][T11311] slab 1077248 [ 232.837003][T11311] sock 0 [ 232.837003][T11311] shmem 0 [ 232.837003][T11311] file_mapped 0 [ 232.837003][T11311] file_dirty 0 [ 232.837003][T11311] file_writeback 0 [ 232.837003][T11311] anon_thp 0 [ 232.837003][T11311] inactive_anon 0 [ 232.837003][T11311] active_anon 0 [ 232.837003][T11311] inactive_file 0 [ 232.837003][T11311] active_file 0 [ 232.837003][T11311] unevictable 0 [ 232.837003][T11311] slab_reclaimable 405504 [ 232.837003][T11311] slab_unreclaimable 671744 [ 232.837003][T11311] pgfault 1518 [ 232.837003][T11311] pgmajfault 0 [ 232.837003][T11311] workingset_refault 0 [ 232.837003][T11311] workingset_activate 0 [ 232.837003][T11311] workingset_nodereclaim 0 [ 232.837003][T11311] pgrefill 0 [ 232.837003][T11311] pgscan 0 [ 232.837003][T11311] pgsteal 0 [ 232.837003][T11311] pgactivate 0 [ 232.837003][T11311] pgdeactivate 0 12:39:32 executing program 0: 12:39:32 executing program 3: creat(0x0, 0x0) mlockall(0x3) clone(0x1080000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) 12:39:32 executing program 0: socket$kcm(0x29, 0x7, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x2, 0x1, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000140)='notify_on_release\x00') r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x1, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup/syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f00000005c0)='cquse\x01\x00\xf8,\x80\xc1\x1c\xa2Wpr\xb7\xffH\xe3\x1a>\xab\x0f\xe0\xdd\xaa\x82LfY\x1f\x10P\xff\xff', 0x0, 0x0) r5 = gettid() write$cgroup_pid(r4, &(0x7f00000004c0)=r5, 0x12) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000400)={r3, 0x7, 0x1, 0x400, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9}, 0x20) openat$cgroup_int(0xffffffffffffff9c, &(0x7f00000000c0)='notify_on_release\x00', 0x2, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='memory.swap.current\x00', 0x0, 0x0) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpuset.effective_mems\x00', 0x0, 0x0) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cpuacct.usage_percpu\x00', 0x0, 0x0) openat$cgroup_ro(r8, 0x0, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000100)={r6}) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x9) socket$kcm(0x29, 0x5, 0x0) mkdir(&(0x7f0000000440)='./file0\x00', 0x100000026) openat$cgroup_ro(r7, &(0x7f0000000580)='cpu.stat\x00', 0x0, 0x0) r9 = gettid() perf_event_open(&(0x7f0000000240)={0x3, 0x70, 0x7, 0x3, 0x3, 0x1000, 0x0, 0xffffffffffffffff, 0x9000, 0x0, 0x10001, 0x3, 0x5, 0x93ec, 0x400, 0x8, 0xf0, 0x3a, 0x0, 0x9, 0x100000001, 0x6, 0x400000, 0x0, 0x10000, 0xc31b, 0xffffffff, 0x8001, 0x0, 0x2, 0x37, 0xcf8, 0x0, 0x7, 0xfff, 0x4, 0x1677, 0xfffffffffffffffc, 0x0, 0x3, 0x4, @perf_config_ext={0x800, 0xff}, 0x4004, 0xd3, 0x8000, 0x0, 0x0, 0x10000}, r9, 0xa, r2, 0x2) openat$cgroup_ro(r8, &(0x7f0000000200)='pids.events\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000780)=ANY=[@ANYBLOB="030008170002000000000000004000000000001abd8005fe31e249fb3d7a7aa9290ef7bc9dec456cde302b68c58519ff012ceb3ed0c5fd6acfbd26868e10bcc4d8b0ecd8a841078c6dc33d91ac631624bd5c6d2975ee820b8696a8438ed69b15305531055a98719692b9be3b198d465aede5e2878a521fab181caabcd7c70b5a4d0ba9b3057b937194ac2ad6a9e8550297f88b30647c92046c1d87d1183748ee84d4cda2e7ca2f8d3620859fa2ced874d9bfdfdacd7c9b944ef15e309448306b829f47f2cbe35ceb756a583f"]) ioctl$TUNGETSNDBUF(r8, 0x800454d3, &(0x7f0000000740)) ioctl$PERF_EVENT_IOC_ID(r2, 0x80082407, &(0x7f0000000080)) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@nfc_llcp={0x27, 0x0, 0x2, 0x0, 0x0, 0x0, "b6bc8fda04ae1bf1a1e4431ff3e4e210a9ad83a2709b87b524875076871471eb7b6e745475d5febe321ff3eb7a90f27b92d384bf15cacfa784201efd3d604b"}, 0x80, 0x0}, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x890b, &(0x7f0000000000)) 12:39:32 executing program 2: ioctl$sock_ifreq(0xffffffffffffffff, 0x8914, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000240)=ANY=[], 0xfffffe04) splice(r0, 0x0, r2, 0x0, 0x20000000003, 0x0) [ 233.041504][T11311] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11311,uid=0 [ 233.065902][T11311] Memory cgroup out of memory: Killed process 11311 (syz-executor.4) total-vm:72448kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 [ 233.120155][ T1061] oom_reaper: reaped process 11311 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 12:39:32 executing program 1: r0 = socket$kcm(0x29, 0x2, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0), 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f00000001c0)='wlan1:') r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000100)="1700000016008100a00f80ecdb4cb9040a4865160b0001", 0x17}], 0x1}, 0x0) recvmsg$kcm(r1, &(0x7f0000000240)={&(0x7f0000000000)=@alg, 0x80, 0x0}, 0x0) [ 234.069800][T11375] IPVS: ftp: loaded support on port[0] = 21 [ 234.120738][T11375] chnl_net:caif_netlink_parms(): no params data found [ 234.144976][T11375] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.152087][T11375] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.159815][T11375] device bridge_slave_0 entered promiscuous mode [ 234.167595][T11375] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.174785][T11375] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.182408][T11375] device bridge_slave_1 entered promiscuous mode [ 234.198275][T11375] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 234.209564][T11375] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 234.231598][T11375] team0: Port device team_slave_0 added [ 234.246328][T11375] team0: Port device team_slave_1 added [ 234.285205][T11375] device hsr_slave_0 entered promiscuous mode [ 234.324122][T11375] device hsr_slave_1 entered promiscuous mode [ 234.373527][T11375] debugfs: Directory 'hsr0' with parent '/' already present! [ 234.433009][T11375] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.440231][T11375] bridge0: port 2(bridge_slave_1) entered forwarding state [ 234.447616][T11375] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.454689][T11375] bridge0: port 1(bridge_slave_0) entered forwarding state [ 234.516921][T11375] 8021q: adding VLAN 0 to HW filter on device bond0 [ 234.528704][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 234.536921][ T3490] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.546167][ T3490] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.556614][T11375] 8021q: adding VLAN 0 to HW filter on device team0 [ 234.594370][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 234.602683][T11008] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.609793][T11008] bridge0: port 1(bridge_slave_0) entered forwarding state [ 234.624460][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 234.633301][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 234.641877][ T2991] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.649006][ T2991] bridge0: port 2(bridge_slave_1) entered forwarding state [ 234.656715][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 234.665551][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 234.674250][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 234.682617][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 234.691146][ T2991] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 234.727451][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 234.736424][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 234.748272][T11375] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 234.758877][T11375] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 234.770749][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 234.779112][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 234.787477][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 234.795857][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 234.804166][T11008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 234.844619][T11375] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 234.978647][T11383] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 234.988997][T11383] CPU: 0 PID: 11383 Comm: syz-executor.5 Not tainted 5.3.0-rc3-next-20190809 #63 [ 234.998100][T11383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 235.008154][T11383] Call Trace: [ 235.011449][T11383] dump_stack+0x172/0x1f0 [ 235.015786][T11383] dump_header+0x177/0x1152 [ 235.021150][T11383] ? mark_oom_victim.cold+0x18/0x18 [ 235.026423][T11383] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 235.032238][T11383] ? ___ratelimit+0x60/0x595 [ 235.036830][T11383] ? do_raw_spin_unlock+0x57/0x270 [ 235.041948][T11383] oom_kill_process.cold+0x10/0x15 [ 235.047063][T11383] out_of_memory+0x334/0x1340 [ 235.051725][T11383] ? __sched_text_start+0x8/0x8 [ 235.056563][T11383] ? oom_killer_disable+0x280/0x280 [ 235.061759][T11383] mem_cgroup_out_of_memory+0x1d8/0x240 [ 235.067290][T11383] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 235.072909][T11383] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 235.078696][T11383] ? cgroup_file_notify+0x140/0x1b0 [ 235.083888][T11383] memory_max_write+0x262/0x3a0 [ 235.088735][T11383] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 235.095489][T11383] ? cgroup_file_write+0x86/0x790 [ 235.100497][T11383] cgroup_file_write+0x241/0x790 [ 235.105431][T11383] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 235.112197][T11383] ? cgroup_migrate_add_task+0x890/0x890 [ 235.117832][T11383] ? __might_fault+0x1a3/0x1e0 [ 235.122585][T11383] ? cgroup_migrate_add_task+0x890/0x890 [ 235.128223][T11383] kernfs_fop_write+0x2b8/0x480 [ 235.133064][T11383] __vfs_write+0x8a/0x110 [ 235.137394][T11383] ? kernfs_fop_open+0xd80/0xd80 [ 235.142318][T11383] vfs_write+0x268/0x5d0 [ 235.146577][T11383] ksys_write+0x14f/0x290 [ 235.150890][T11383] ? __ia32_sys_read+0xb0/0xb0 [ 235.155674][T11383] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 235.161748][T11383] __x64_sys_write+0x73/0xb0 [ 235.166344][T11383] do_syscall_64+0xfa/0x760 [ 235.170848][T11383] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 235.176723][T11383] RIP: 0033:0x459829 [ 235.180603][T11383] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 235.200502][T11383] RSP: 002b:00007fe78616dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 235.208962][T11383] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 235.216930][T11383] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 235.224924][T11383] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 235.232904][T11383] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe78616e6d4 [ 235.240875][T11383] R13: 00000000004c9970 R14: 00000000004e0fd8 R15: 00000000ffffffff [ 235.256442][T11383] memory: usage 3072kB, limit 0kB, failcnt 55 [ 235.262701][T11383] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 235.283286][T11383] Memory cgroup stats for /syz5: [ 235.284381][T11383] anon 2129920 [ 235.284381][T11383] file 0 [ 235.284381][T11383] kernel_stack 65536 [ 235.284381][T11383] slab 929792 [ 235.284381][T11383] sock 0 [ 235.284381][T11383] shmem 0 [ 235.284381][T11383] file_mapped 0 [ 235.284381][T11383] file_dirty 0 [ 235.284381][T11383] file_writeback 0 [ 235.284381][T11383] anon_thp 2097152 [ 235.284381][T11383] inactive_anon 0 [ 235.284381][T11383] active_anon 2129920 [ 235.284381][T11383] inactive_file 0 [ 235.284381][T11383] active_file 0 [ 235.284381][T11383] unevictable 0 [ 235.284381][T11383] slab_reclaimable 405504 [ 235.284381][T11383] slab_unreclaimable 524288 [ 235.284381][T11383] pgfault 1617 [ 235.284381][T11383] pgmajfault 0 [ 235.284381][T11383] workingset_refault 0 [ 235.284381][T11383] workingset_activate 0 [ 235.284381][T11383] workingset_nodereclaim 0 [ 235.284381][T11383] pgrefill 0 [ 235.284381][T11383] pgscan 0 [ 235.284381][T11383] pgsteal 0 [ 235.284381][T11383] pgactivate 0 [ 235.380676][T11383] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=11382,uid=0 [ 235.398343][T11383] Memory cgroup out of memory: Killed process 11382 (syz-executor.5) total-vm:72580kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 235.416821][ T1061] oom_reaper: reaped process 11382 (syz-executor.5), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 12:39:34 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:34 executing program 0: socket$kcm(0x29, 0x7, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x2, 0x1, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000140)='notify_on_release\x00') r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x1, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup/syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f00000005c0)='cquse\x01\x00\xf8,\x80\xc1\x1c\xa2Wpr\xb7\xffH\xe3\x1a>\xab\x0f\xe0\xdd\xaa\x82LfY\x1f\x10P\xff\xff', 0x0, 0x0) r5 = gettid() write$cgroup_pid(r4, &(0x7f00000004c0)=r5, 0x12) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000400)={r3, 0x7, 0x1, 0x400, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9}, 0x20) openat$cgroup_int(0xffffffffffffff9c, &(0x7f00000000c0)='notify_on_release\x00', 0x2, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='memory.swap.current\x00', 0x0, 0x0) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpuset.effective_mems\x00', 0x0, 0x0) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cpuacct.usage_percpu\x00', 0x0, 0x0) openat$cgroup_ro(r8, 0x0, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000100)={r6}) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x9) socket$kcm(0x29, 0x5, 0x0) mkdir(&(0x7f0000000440)='./file0\x00', 0x100000026) openat$cgroup_ro(r7, &(0x7f0000000580)='cpu.stat\x00', 0x0, 0x0) r9 = gettid() perf_event_open(&(0x7f0000000240)={0x3, 0x70, 0x7, 0x3, 0x3, 0x1000, 0x0, 0xffffffffffffffff, 0x9000, 0x0, 0x10001, 0x3, 0x5, 0x93ec, 0x400, 0x8, 0xf0, 0x3a, 0x0, 0x9, 0x100000001, 0x6, 0x400000, 0x0, 0x10000, 0xc31b, 0xffffffff, 0x8001, 0x0, 0x2, 0x37, 0xcf8, 0x0, 0x7, 0xfff, 0x4, 0x1677, 0xfffffffffffffffc, 0x0, 0x3, 0x4, @perf_config_ext={0x800, 0xff}, 0x4004, 0xd3, 0x8000, 0x0, 0x0, 0x10000}, r9, 0xa, r2, 0x2) openat$cgroup_ro(r8, &(0x7f0000000200)='pids.events\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000780)=ANY=[@ANYBLOB="030008170002000000000000004000000000001abd8005fe31e249fb3d7a7aa9290ef7bc9dec456cde302b68c58519ff012ceb3ed0c5fd6acfbd26868e10bcc4d8b0ecd8a841078c6dc33d91ac631624bd5c6d2975ee820b8696a8438ed69b15305531055a98719692b9be3b198d465aede5e2878a521fab181caabcd7c70b5a4d0ba9b3057b937194ac2ad6a9e8550297f88b30647c92046c1d87d1183748ee84d4cda2e7ca2f8d3620859fa2ced874d9bfdfdacd7c9b944ef15e309448306b829f47f2cbe35ceb756a583f"]) ioctl$TUNGETSNDBUF(r8, 0x800454d3, &(0x7f0000000740)) ioctl$PERF_EVENT_IOC_ID(r2, 0x80082407, &(0x7f0000000080)) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@nfc_llcp={0x27, 0x0, 0x2, 0x0, 0x0, 0x0, "b6bc8fda04ae1bf1a1e4431ff3e4e210a9ad83a2709b87b524875076871471eb7b6e745475d5febe321ff3eb7a90f27b92d384bf15cacfa784201efd3d604b"}, 0x80, 0x0}, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x890b, &(0x7f0000000000)) 12:39:34 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:34 executing program 3: creat(0x0, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:39:34 executing program 1: 12:39:34 executing program 2: ioctl$sock_ifreq(0xffffffffffffffff, 0x8914, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000240)=ANY=[], 0xfffffe04) splice(r0, 0x0, r2, 0x0, 0x20000000003, 0x0) [ 235.495405][T11375] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 235.561466][T11375] CPU: 0 PID: 11375 Comm: syz-executor.5 Not tainted 5.3.0-rc3-next-20190809 #63 [ 235.570632][T11375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 235.580696][T11375] Call Trace: [ 235.584175][T11375] dump_stack+0x172/0x1f0 [ 235.588518][T11375] dump_header+0x177/0x1152 [ 235.593032][T11375] ? ___ratelimit+0xf8/0x595 [ 235.597667][T11375] ? trace_hardirqs_on+0x67/0x240 [ 235.602717][T11375] ? mark_oom_victim.cold+0x18/0x18 [ 235.607956][T11375] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 235.614415][T11375] ? ___ratelimit+0x60/0x595 [ 235.619028][T11375] ? do_raw_spin_unlock+0x57/0x270 [ 235.624158][T11375] oom_kill_process.cold+0x10/0x15 [ 235.629276][T11375] out_of_memory+0x334/0x1340 [ 235.633969][T11375] ? lock_downgrade+0x920/0x920 [ 235.638846][T11375] ? oom_killer_disable+0x280/0x280 [ 235.644060][T11375] mem_cgroup_out_of_memory+0x1d8/0x240 [ 235.649636][T11375] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 235.655291][T11375] ? do_raw_spin_unlock+0x57/0x270 [ 235.660430][T11375] ? _raw_spin_unlock+0x2d/0x50 [ 235.665298][T11375] try_charge+0xf4b/0x1440 [ 235.669753][T11375] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 235.675319][T11375] ? percpu_ref_tryget_live+0x111/0x290 [ 235.680897][T11375] ? get_mem_cgroup_from_mm+0x16/0x320 [ 235.686401][T11375] ? get_mem_cgroup_from_mm+0x156/0x320 [ 235.691967][T11375] mem_cgroup_try_charge+0x136/0x590 [ 235.697268][T11375] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 235.702964][T11375] wp_page_copy+0x421/0x15e0 [ 235.707568][T11375] ? page_trans_huge_mapcount+0x166/0x450 [ 235.713307][T11375] ? pmd_pfn+0x1d0/0x1d0 [ 235.717565][T11375] ? lock_downgrade+0x920/0x920 [ 235.722454][T11375] ? swp_swapcount+0x540/0x540 [ 235.727258][T11375] ? do_raw_spin_unlock+0x57/0x270 [ 235.732385][T11375] ? __kasan_check_read+0x11/0x20 [ 235.737413][T11375] ? do_raw_spin_unlock+0x57/0x270 [ 235.742531][T11375] do_wp_page+0x499/0x14d0 [ 235.746958][T11375] ? finish_mkwrite_fault+0x570/0x570 [ 235.752354][T11375] __handle_mm_fault+0x22f7/0x3f20 [ 235.757499][T11375] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 235.763048][T11375] ? __kasan_check_read+0x11/0x20 [ 235.768087][T11375] ? trace_hardirqs_on+0x67/0x240 [ 235.773118][T11375] handle_mm_fault+0x1b5/0x6b0 [ 235.777901][T11375] __do_page_fault+0x536/0xdd0 [ 235.782684][T11375] do_page_fault+0x38/0x590 [ 235.787207][T11375] page_fault+0x39/0x40 [ 235.791395][T11375] RIP: 0033:0x430906 [ 235.795290][T11375] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 5c 46 64 00 85 c0 0f 84 [ 235.814901][T11375] RSP: 002b:00007fff5d2b17e0 EFLAGS: 00010206 [ 235.821069][T11375] RAX: 0000000000019691 RBX: 0000000000715640 RCX: 0000000000008041 [ 235.829045][T11375] RDX: 000055555609b930 RSI: 00005555560a3970 RDI: 0000000000000003 [ 235.837028][T11375] RBP: 0000000000008041 R08: 0000000000000001 R09: 000055555609a940 [ 235.845003][T11375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 235.852976][T11375] R13: 0000000000715698 R14: 0000000000000000 R15: 0000000000002710 12:39:35 executing program 1: 12:39:35 executing program 2: ioctl$sock_ifreq(0xffffffffffffffff, 0x8914, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000240)=ANY=[], 0xfffffe04) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x20000000003, 0x0) [ 235.875646][T11375] memory: usage 740kB, limit 0kB, failcnt 63 [ 235.897261][T11375] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 235.905031][ T590] device bridge_slave_1 left promiscuous mode [ 235.917068][ T590] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.956206][T11375] Memory cgroup stats for /syz5: [ 235.956309][T11375] anon 8192 [ 235.956309][T11375] file 0 [ 235.956309][T11375] kernel_stack 0 [ 235.956309][T11375] slab 929792 [ 235.956309][T11375] sock 0 [ 235.956309][T11375] shmem 0 [ 235.956309][T11375] file_mapped 0 [ 235.956309][T11375] file_dirty 0 [ 235.956309][T11375] file_writeback 0 [ 235.956309][T11375] anon_thp 0 [ 235.956309][T11375] inactive_anon 0 [ 235.956309][T11375] active_anon 8192 [ 235.956309][T11375] inactive_file 0 [ 235.956309][T11375] active_file 0 12:39:35 executing program 0: socket$kcm(0x29, 0x7, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x2, 0x1, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000140)='notify_on_release\x00') r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x1, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup/syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f00000005c0)='cquse\x01\x00\xf8,\x80\xc1\x1c\xa2Wpr\xb7\xffH\xe3\x1a>\xab\x0f\xe0\xdd\xaa\x82LfY\x1f\x10P\xff\xff', 0x0, 0x0) r5 = gettid() write$cgroup_pid(r4, &(0x7f00000004c0)=r5, 0x12) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000400)={r3, 0x7, 0x1, 0x400, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9}, 0x20) openat$cgroup_int(0xffffffffffffff9c, &(0x7f00000000c0)='notify_on_release\x00', 0x2, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='memory.swap.current\x00', 0x0, 0x0) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpuset.effective_mems\x00', 0x0, 0x0) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cpuacct.usage_percpu\x00', 0x0, 0x0) openat$cgroup_ro(r8, 0x0, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000100)={r6}) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x9) socket$kcm(0x29, 0x5, 0x0) mkdir(&(0x7f0000000440)='./file0\x00', 0x100000026) openat$cgroup_ro(r7, &(0x7f0000000580)='cpu.stat\x00', 0x0, 0x0) r9 = gettid() perf_event_open(&(0x7f0000000240)={0x3, 0x70, 0x7, 0x3, 0x3, 0x1000, 0x0, 0xffffffffffffffff, 0x9000, 0x0, 0x10001, 0x3, 0x5, 0x93ec, 0x400, 0x8, 0xf0, 0x3a, 0x0, 0x9, 0x100000001, 0x6, 0x400000, 0x0, 0x10000, 0xc31b, 0xffffffff, 0x8001, 0x0, 0x2, 0x37, 0xcf8, 0x0, 0x7, 0xfff, 0x4, 0x1677, 0xfffffffffffffffc, 0x0, 0x3, 0x4, @perf_config_ext={0x800, 0xff}, 0x4004, 0xd3, 0x8000, 0x0, 0x0, 0x10000}, r9, 0xa, r2, 0x2) openat$cgroup_ro(r8, &(0x7f0000000200)='pids.events\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000780)=ANY=[@ANYBLOB="030008170002000000000000004000000000001abd8005fe31e249fb3d7a7aa9290ef7bc9dec456cde302b68c58519ff012ceb3ed0c5fd6acfbd26868e10bcc4d8b0ecd8a841078c6dc33d91ac631624bd5c6d2975ee820b8696a8438ed69b15305531055a98719692b9be3b198d465aede5e2878a521fab181caabcd7c70b5a4d0ba9b3057b937194ac2ad6a9e8550297f88b30647c92046c1d87d1183748ee84d4cda2e7ca2f8d3620859fa2ced874d9bfdfdacd7c9b944ef15e309448306b829f47f2cbe35ceb756a583f"]) ioctl$TUNGETSNDBUF(r8, 0x800454d3, &(0x7f0000000740)) ioctl$PERF_EVENT_IOC_ID(r2, 0x80082407, &(0x7f0000000080)) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@nfc_llcp={0x27, 0x0, 0x2, 0x0, 0x0, 0x0, "b6bc8fda04ae1bf1a1e4431ff3e4e210a9ad83a2709b87b524875076871471eb7b6e745475d5febe321ff3eb7a90f27b92d384bf15cacfa784201efd3d604b"}, 0x80, 0x0}, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x890b, &(0x7f0000000000)) [ 235.956309][T11375] unevictable 0 [ 235.956309][T11375] slab_reclaimable 405504 [ 235.956309][T11375] slab_unreclaimable 524288 [ 235.956309][T11375] pgfault 1650 [ 235.956309][T11375] pgmajfault 0 [ 235.956309][T11375] workingset_refault 0 [ 235.956309][T11375] workingset_activate 0 [ 235.956309][T11375] workingset_nodereclaim 0 [ 235.956309][T11375] pgrefill 0 [ 235.956309][T11375] pgscan 0 [ 235.956309][T11375] pgsteal 0 [ 235.956309][T11375] pgactivate 0 [ 235.956309][T11375] pgdeactivate 0 12:39:35 executing program 1: [ 236.084776][ T590] device bridge_slave_0 left promiscuous mode [ 236.094509][ T590] bridge0: port 1(bridge_slave_0) entered disabled state 12:39:35 executing program 3: creat(0x0, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:39:35 executing program 2: ioctl$sock_ifreq(0xffffffffffffffff, 0x8914, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000240)=ANY=[], 0xfffffe04) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x20000000003, 0x0) [ 236.243017][T11375] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=11375,uid=0 [ 236.377905][T11375] Memory cgroup out of memory: Killed process 11375 (syz-executor.5) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 [ 236.452720][ T1061] oom_reaper: reaped process 11375 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 237.233452][ T590] device hsr_slave_0 left promiscuous mode [ 237.283314][ T590] device hsr_slave_1 left promiscuous mode [ 237.329144][ T590] team0 (unregistering): Port device team_slave_1 removed [ 237.338952][ T590] team0 (unregistering): Port device team_slave_0 removed [ 237.349680][ T590] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 237.416871][ T590] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 237.505910][ T590] bond0 (unregistering): Released all slaves 12:39:37 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f0000000180)}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:37 executing program 1: [ 237.721542][T11416] IPVS: ftp: loaded support on port[0] = 21 [ 237.842163][T11416] chnl_net:caif_netlink_parms(): no params data found [ 237.882304][T11416] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.892599][T11416] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.901238][T11416] device bridge_slave_0 entered promiscuous mode [ 237.912200][T11416] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.920183][T11416] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.930668][T11416] device bridge_slave_1 entered promiscuous mode [ 237.955881][T11416] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 237.969228][T11416] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 237.994912][T11416] team0: Port device team_slave_0 added [ 238.001945][T11416] team0: Port device team_slave_1 added [ 238.065940][T11416] device hsr_slave_0 entered promiscuous mode [ 238.103550][T11416] device hsr_slave_1 entered promiscuous mode [ 238.145045][T11416] debugfs: Directory 'hsr0' with parent '/' already present! [ 238.166996][T11416] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.174174][T11416] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.181569][T11416] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.188699][T11416] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.222620][T11416] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.238806][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 238.247469][T10253] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.256671][T10253] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.271722][T11416] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.283161][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 238.291594][T10253] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.298727][T10253] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.324135][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 238.332557][T10253] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.339689][T10253] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.348977][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 238.357688][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 238.366199][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 238.374717][T10253] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 238.384819][ T3490] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 238.394973][T11416] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 238.410736][T11416] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 238.510109][T11427] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.4'. [ 238.530548][T11427] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 238.544312][T11427] CPU: 1 PID: 11427 Comm: syz-executor.4 Not tainted 5.3.0-rc3-next-20190809 #63 [ 238.553501][T11427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 238.565136][T11427] Call Trace: [ 238.568958][T11427] dump_stack+0x172/0x1f0 [ 238.573622][T11427] dump_header+0x177/0x1152 [ 238.578224][T11427] ? mark_oom_victim.cold+0x18/0x18 [ 238.583732][T11427] ? ___ratelimit+0x60/0x595 [ 238.588326][T11427] ? do_raw_spin_unlock+0x57/0x270 [ 238.595375][T11427] oom_kill_process.cold+0x10/0x15 [ 238.600585][T11427] out_of_memory+0x334/0x1340 [ 238.606036][T11427] ? __sched_text_start+0x8/0x8 [ 238.610900][T11427] ? oom_killer_disable+0x280/0x280 [ 238.616143][T11427] mem_cgroup_out_of_memory+0x1d8/0x240 [ 238.622104][T11427] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 238.635884][T11427] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 238.641746][T11427] ? cgroup_file_notify+0x140/0x1b0 [ 238.646946][T11427] memory_max_write+0x262/0x3a0 [ 238.652760][T11427] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 238.659616][T11427] ? cgroup_file_write+0x86/0x790 [ 238.664666][T11427] cgroup_file_write+0x241/0x790 [ 238.669615][T11427] ? mem_cgroup_count_precharge_pte_range+0x5a0/0x5a0 [ 238.686178][T11427] ? cgroup_migrate_add_task+0x890/0x890 [ 238.691966][T11427] ? __might_fault+0x1a3/0x1e0 [ 238.696732][T11427] ? cgroup_migrate_add_task+0x890/0x890 [ 238.702442][T11427] kernfs_fop_write+0x2b8/0x480 [ 238.707330][T11427] __vfs_write+0x8a/0x110 [ 238.711689][T11427] ? kernfs_fop_open+0xd80/0xd80 [ 238.722465][T11427] vfs_write+0x268/0x5d0 [ 238.726714][T11427] ksys_write+0x14f/0x290 [ 238.731133][T11427] ? __ia32_sys_read+0xb0/0xb0 [ 238.735907][T11427] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 238.742807][T11427] __x64_sys_write+0x73/0xb0 [ 238.747638][T11427] do_syscall_64+0xfa/0x760 [ 238.752180][T11427] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 238.758160][T11427] RIP: 0033:0x459829 [ 238.762061][T11427] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 238.789370][T11427] RSP: 002b:00007f3fff107c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 238.803285][T11427] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 238.812333][T11427] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 238.820347][T11427] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 238.828909][T11427] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3fff1086d4 [ 238.837379][T11427] R13: 00000000004c9970 R14: 00000000004e0fd8 R15: 00000000ffffffff [ 238.861085][T11427] memory: usage 3144kB, limit 0kB, failcnt 73 [ 238.868382][T11427] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 238.876058][T11427] Memory cgroup stats for /syz4: [ 238.877087][T11427] anon 2093056 [ 238.877087][T11427] file 0 [ 238.877087][T11427] kernel_stack 0 [ 238.877087][T11427] slab 937984 [ 238.877087][T11427] sock 0 [ 238.877087][T11427] shmem 0 [ 238.877087][T11427] file_mapped 0 [ 238.877087][T11427] file_dirty 0 [ 238.877087][T11427] file_writeback 0 [ 238.877087][T11427] anon_thp 2097152 [ 238.877087][T11427] inactive_anon 0 [ 238.877087][T11427] active_anon 2093056 [ 238.877087][T11427] inactive_file 0 [ 238.877087][T11427] active_file 0 [ 238.877087][T11427] unevictable 0 [ 238.877087][T11427] slab_reclaimable 405504 [ 238.877087][T11427] slab_unreclaimable 532480 [ 238.877087][T11427] pgfault 1584 [ 238.877087][T11427] pgmajfault 0 [ 238.877087][T11427] workingset_refault 0 [ 238.877087][T11427] workingset_activate 0 [ 238.877087][T11427] workingset_nodereclaim 0 [ 238.877087][T11427] pgrefill 0 [ 238.877087][T11427] pgscan 0 [ 238.877087][T11427] pgsteal 0 [ 238.877087][T11427] pgactivate 0 [ 238.997610][T11427] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11426,uid=0 [ 239.014792][T11427] Memory cgroup out of memory: Killed process 11426 (syz-executor.4) total-vm:72580kB, anon-rss:2188kB, file-rss:35796kB, shmem-rss:0kB, UID:0 [ 239.033430][ T1061] oom_reaper: reaped process 11426 (syz-executor.4), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 12:39:38 executing program 3: creat(0x0, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:39:38 executing program 2: ioctl$sock_ifreq(0xffffffffffffffff, 0x8914, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000240)=ANY=[], 0xfffffe04) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x20000000003, 0x0) 12:39:38 executing program 0: socket$kcm(0x29, 0x7, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x2, 0x1, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000140)='notify_on_release\x00') r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x1, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup/syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f00000005c0)='cquse\x01\x00\xf8,\x80\xc1\x1c\xa2Wpr\xb7\xffH\xe3\x1a>\xab\x0f\xe0\xdd\xaa\x82LfY\x1f\x10P\xff\xff', 0x0, 0x0) r5 = gettid() write$cgroup_pid(r4, &(0x7f00000004c0)=r5, 0x12) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000400)={r3, 0x7, 0x1, 0x400, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9}, 0x20) openat$cgroup_int(0xffffffffffffff9c, &(0x7f00000000c0)='notify_on_release\x00', 0x2, 0x0) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='memory.swap.current\x00', 0x0, 0x0) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cpuset.effective_mems\x00', 0x0, 0x0) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cpuacct.usage_percpu\x00', 0x0, 0x0) openat$cgroup_ro(r8, 0x0, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000100)={r6}) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x9) socket$kcm(0x29, 0x5, 0x0) mkdir(&(0x7f0000000440)='./file0\x00', 0x100000026) openat$cgroup_ro(r7, &(0x7f0000000580)='cpu.stat\x00', 0x0, 0x0) r9 = gettid() perf_event_open(&(0x7f0000000240)={0x3, 0x70, 0x7, 0x3, 0x3, 0x1000, 0x0, 0xffffffffffffffff, 0x9000, 0x0, 0x10001, 0x3, 0x5, 0x93ec, 0x400, 0x8, 0xf0, 0x3a, 0x0, 0x9, 0x100000001, 0x6, 0x400000, 0x0, 0x10000, 0xc31b, 0xffffffff, 0x8001, 0x0, 0x2, 0x37, 0xcf8, 0x0, 0x7, 0xfff, 0x4, 0x1677, 0xfffffffffffffffc, 0x0, 0x3, 0x4, @perf_config_ext={0x800, 0xff}, 0x4004, 0xd3, 0x8000, 0x0, 0x0, 0x10000}, r9, 0xa, r2, 0x2) openat$cgroup_ro(r8, &(0x7f0000000200)='pids.events\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000780)=ANY=[@ANYBLOB="030008170002000000000000004000000000001abd8005fe31e249fb3d7a7aa9290ef7bc9dec456cde302b68c58519ff012ceb3ed0c5fd6acfbd26868e10bcc4d8b0ecd8a841078c6dc33d91ac631624bd5c6d2975ee820b8696a8438ed69b15305531055a98719692b9be3b198d465aede5e2878a521fab181caabcd7c70b5a4d0ba9b3057b937194ac2ad6a9e8550297f88b30647c92046c1d87d1183748ee84d4cda2e7ca2f8d3620859fa2ced874d9bfdfdacd7c9b944ef15e309448306b829f47f2cbe35ceb756a583f"]) ioctl$TUNGETSNDBUF(r8, 0x800454d3, &(0x7f0000000740)) ioctl$PERF_EVENT_IOC_ID(r2, 0x80082407, &(0x7f0000000080)) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@nfc_llcp={0x27, 0x0, 0x2, 0x0, 0x0, 0x0, "b6bc8fda04ae1bf1a1e4431ff3e4e210a9ad83a2709b87b524875076871471eb7b6e745475d5febe321ff3eb7a90f27b92d384bf15cacfa784201efd3d604b"}, 0x80, 0x0}, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x890b, &(0x7f0000000000)) 12:39:38 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) 12:39:38 executing program 1: 12:39:38 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x44) r2 = gettid() r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, 0x0) socket$kcm(0x11, 0x3, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb140419b80008100254588a8", 0x12}], 0x1}, 0x0) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) gettid() bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x1, 0x0, 0x0}, 0x20) openat$cgroup_ro(r0, &(0x7f0000000800)='cpuacct.usage_all\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)}, 0xfc00) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x1, 0x81, 0x1, 0x40, 0x0, 0x5, 0x40, 0x8, 0x7, 0x8, 0x7, 0x0, 0x0, 0x3, 0x1, 0x4, 0x80, 0x40, 0x0, 0x4, 0x0, 0x6, 0x5, 0x6, 0x4, 0x0, 0x3, 0x2000, 0x7, 0x6, 0xffffffffffffffc1, 0x1, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x2, @perf_config_ext={0x1, 0x3}, 0x1a20, 0x6, 0x8001, 0x0, 0x0, 0x8}, r2, 0x7, r0, 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="2e0000001c008105e00f80ecdb4cb9f207c804a01a000000880367fb0a000200030ada1b40d805000300c50083b8", 0x2e}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0xcc539d13aa130b24, 0x0) write$cgroup_int(r4, 0x0, 0x0) [ 239.154934][T11416] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 239.194220][T11416] CPU: 0 PID: 11416 Comm: syz-executor.4 Not tainted 5.3.0-rc3-next-20190809 #63 [ 239.203386][T11416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 239.213472][T11416] Call Trace: [ 239.216772][T11416] dump_stack+0x172/0x1f0 [ 239.221120][T11416] dump_header+0x177/0x1152 [ 239.225650][T11416] ? ___ratelimit+0xf8/0x595 [ 239.230251][T11416] ? trace_hardirqs_on+0x67/0x240 [ 239.235284][T11416] ? mark_oom_victim.cold+0x18/0x18 [ 239.240495][T11416] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 239.246327][T11416] ? ___ratelimit+0x60/0x595 [ 239.250943][T11416] ? do_raw_spin_unlock+0x57/0x270 [ 239.257288][T11416] oom_kill_process.cold+0x10/0x15 [ 239.262419][T11416] out_of_memory+0x334/0x1340 [ 239.267108][T11416] ? lock_downgrade+0x920/0x920 [ 239.272081][T11416] ? oom_killer_disable+0x280/0x280 [ 239.277303][T11416] mem_cgroup_out_of_memory+0x1d8/0x240 [ 239.282867][T11416] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 239.288526][T11416] ? do_raw_spin_unlock+0x57/0x270 [ 239.293654][T11416] ? _raw_spin_unlock+0x2d/0x50 [ 239.298541][T11416] try_charge+0xf4b/0x1440 [ 239.303021][T11416] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 239.308585][T11416] ? percpu_ref_tryget_live+0x111/0x290 [ 239.314154][T11416] ? get_mem_cgroup_from_mm+0x16/0x320 [ 239.319637][T11416] ? get_mem_cgroup_from_mm+0x156/0x320 [ 239.325193][T11416] mem_cgroup_try_charge+0x136/0x590 [ 239.330535][T11416] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 239.336185][T11416] wp_page_copy+0x421/0x15e0 [ 239.340777][T11416] ? page_trans_huge_mapcount+0x166/0x450 [ 239.346506][T11416] ? pmd_pfn+0x1d0/0x1d0 [ 239.350765][T11416] ? lock_downgrade+0x920/0x920 [ 239.355629][T11416] ? swp_swapcount+0x540/0x540 [ 239.360402][T11416] ? __sb_end_write+0x11e/0x1f0 [ 239.365253][T11416] ? __kasan_check_read+0x11/0x20 [ 239.370281][T11416] ? do_raw_spin_unlock+0x57/0x270 [ 239.375401][T11416] do_wp_page+0x499/0x14d0 [ 239.379827][T11416] ? finish_mkwrite_fault+0x570/0x570 [ 239.385208][T11416] __handle_mm_fault+0x22f7/0x3f20 [ 239.390411][T11416] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 239.395969][T11416] ? __kasan_check_read+0x11/0x20 [ 239.401002][T11416] ? trace_hardirqs_on+0x67/0x240 [ 239.406030][T11416] handle_mm_fault+0x1b5/0x6b0 [ 239.410803][T11416] __do_page_fault+0x536/0xdd0 [ 239.415598][T11416] do_page_fault+0x38/0x590 [ 239.420114][T11416] page_fault+0x39/0x40 [ 239.424268][T11416] RIP: 0033:0x4034f2 [ 239.428163][T11416] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8d 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 42 05 00 48 [ 239.447771][T11416] RSP: 002b:00007ffc222bcbc0 EFLAGS: 00010246 12:39:38 executing program 2: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000240)=ANY=[], 0xfffffe04) splice(r0, 0x0, r3, 0x0, 0x20000000003, 0x0) [ 239.453883][T11416] RAX: 0000000000000000 RBX: 000000000003a3a8 RCX: 0000000000413430 [ 239.461957][T11416] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffc222bdcf0 [ 239.469934][T11416] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556f90940 [ 239.477914][T11416] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc222bdcf0 [ 239.485927][T11416] R13: 00007ffc222bdce0 R14: 0000000000000000 R15: 00007ffc222bdcf0 12:39:38 executing program 1: [ 239.513185][T11416] memory: usage 808kB, limit 0kB, failcnt 81 [ 239.528918][T11416] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 239.571139][T11416] Memory cgroup stats for /syz4: [ 239.571242][T11416] anon 0 [ 239.571242][T11416] file 0 [ 239.571242][T11416] kernel_stack 0 [ 239.571242][T11416] slab 937984 [ 239.571242][T11416] sock 0 [ 239.571242][T11416] shmem 0 [ 239.571242][T11416] file_mapped 0 [ 239.571242][T11416] file_dirty 0 [ 239.571242][T11416] file_writeback 0 [ 239.571242][T11416] anon_thp 0 [ 239.571242][T11416] inactive_anon 0 [ 239.571242][T11416] active_anon 0 [ 239.571242][T11416] inactive_file 0 [ 239.571242][T11416] active_file 0 [ 239.571242][T11416] unevictable 0 [ 239.571242][T11416] slab_reclaimable 405504 [ 239.571242][T11416] slab_unreclaimable 532480 [ 239.571242][T11416] pgfault 1584 [ 239.571242][T11416] pgmajfault 0 [ 239.571242][T11416] workingset_refault 0 [ 239.571242][T11416] workingset_activate 0 [ 239.571242][T11416] workingset_nodereclaim 0 [ 239.571242][T11416] pgrefill 0 [ 239.571242][T11416] pgscan 0 [ 239.571242][T11416] pgsteal 0 [ 239.571242][T11416] pgactivate 0 [ 239.571242][T11416] pgdeactivate 0 12:39:39 executing program 1: r0 = dup(0xffffffffffffffff) r1 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x100082) r2 = memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) link(0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x0, &(0x7f0000000040), 0x4) syz_open_dev$sg(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff8, 0x0, 0x3, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) syz_emit_ethernet(0x1, &(0x7f0000000400)=ANY=[@ANYBLOB="ffffffffff00300000000000009078ac2314bbac1414000304907800003ff707"], 0x0) ioctl$TIOCSISO7816(r0, 0xc0285443, &(0x7f0000000000)={0x3, 0x6f83, 0x0, 0x0, 0xc80d0}) ioctl$KVM_DEASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x4040ae72, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000140), 0x1c) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_NODES(r0, 0x0, 0x24000000) getsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, &(0x7f0000000040)) pwritev(r2, 0x0, 0x0, 0x81806) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000840)={{{@in6=@initdev, @in=@loopback}}, {{@in6}, 0x0, @in6}}, &(0x7f0000000940)=0xe8) ioctl$VIDIOC_G_MODULATOR(0xffffffffffffffff, 0xc0445636, &(0x7f0000000280)={0x0, "e57b9bd719813aa69f48e25ba4e90312f22a2801258a4daf96ac2847d0540648", 0x0, 0x5, 0x1, 0x10, 0x3}) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) sendfile(r1, r1, 0x0, 0x40fdf) 12:39:39 executing program 2: pipe(0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000240)=ANY=[], 0xfffffe04) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x20000000003, 0x0) 12:39:39 executing program 3: creat(0x0, 0x0) clone(0x1080000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 239.931487][T11416] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11416,uid=0 [ 239.956532][T11416] Memory cgroup out of memory: Killed process 11416 (syz-executor.4) total-vm:72448kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 12:39:39 executing program 2: pipe(0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000240)=ANY=[], 0xfffffe04) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x20000000003, 0x0) 12:39:39 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) [ 239.978863][ T1061] oom_reaper: reaped process 11416 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 12:39:39 executing program 1: perf_event_open(&(0x7f0000000440)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4005}) write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd'}]}, 0xfdef) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, &(0x7f0000000dc0)) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180)='/dev/zero\x00', 0x220801, 0x0) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(0xffffffffffffffff, 0x800443d3, &(0x7f00000001c0)={{0x3, 0x9, 0xffff, 0x0, 0x1f, 0x8}, 0x100000000, 0x8001, 0x3}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000540)={0x3, r1}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000640), 0x2) [ 240.115736][T10243] WARNING: CPU: 0 PID: 10243 at fs/block_dev.c:1899 __blkdev_put+0x6ba/0x810 [ 240.124640][T10243] Kernel panic - not syncing: panic_on_warn set ... [ 240.131317][T10243] CPU: 0 PID: 10243 Comm: syz-executor.0 Not tainted 5.3.0-rc3-next-20190809 #63 [ 240.140430][T10243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 240.150496][T10243] Call Trace: [ 240.153795][T10243] dump_stack+0x172/0x1f0 [ 240.158134][T10243] ? __blkdev_put+0x5d0/0x810 [ 240.162830][T10243] panic+0x2dc/0x755 [ 240.166731][T10243] ? add_taint.cold+0x16/0x16 [ 240.171427][T10243] ? __kasan_check_write+0x14/0x20 [ 240.176817][T10243] ? __warn.cold+0x5/0x4c [ 240.181163][T10243] ? __warn+0xe7/0x1e0 [ 240.185259][T10243] ? __blkdev_put+0x6ba/0x810 [ 240.189949][T10243] __warn.cold+0x20/0x4c [ 240.194199][T10243] ? __blkdev_put+0x6ba/0x810 [ 240.199145][T10243] report_bug+0x263/0x2b0 [ 240.201758][ T3880] kobject: 'loop2' (0000000098109294): kobject_uevent_env [ 240.203479][T10243] do_error_trap+0x11b/0x200 [ 240.203494][T10243] do_invalid_op+0x37/0x50 [ 240.203506][T10243] ? __blkdev_put+0x6ba/0x810 [ 240.203521][T10243] invalid_op+0x23/0x30 [ 240.203541][T10243] RIP: 0010:__blkdev_put+0x6ba/0x810 [ 240.228849][ T3880] kobject: 'loop2' (0000000098109294): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 240.233685][T10243] Code: 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 84 24 fd ff ff 48 8b bd 50 ff ff ff e8 90 5d e6 ff e9 13 fd ff ff e8 46 6f ab ff <0f> 0b e9 dc fa ff ff 48 89 cf e8 57 5d e6 ff e9 6a fa ff ff 48 8b [ 240.233693][T10243] RSP: 0018:ffff88809864fc90 EFLAGS: 00010293 [ 240.233703][T10243] RAX: ffff88809c1fe040 RBX: ffff8880aa005040 RCX: ffffffff81c6a4c4 [ 240.233710][T10243] RDX: 0000000000000000 RSI: ffffffff81c6a9ea RDI: 0000000000000005 [ 240.233717][T10243] RBP: ffff88809864fd88 R08: ffff88809c1fe040 R09: ffffed1015400a0c [ 240.233724][T10243] R10: ffff88809864fc80 R11: ffff8880aa00505f R12: 0000000000000002 [ 240.233731][T10243] R13: dffffc0000000000 R14: ffff8880aa005058 R15: ffff8880aa005058 [ 240.233754][T10243] ? __blkdev_put+0x194/0x810 [ 240.233766][T10243] ? __blkdev_put+0x6ba/0x810 [ 240.233784][T10243] ? bd_set_size+0xb0/0xb0 [ 240.233799][T10243] ? wait_for_completion+0x440/0x440 [ 240.233815][T10243] blkdev_put+0x98/0x560 [ 240.233827][T10243] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 240.233840][T10243] blkdev_close+0x8b/0xb0 [ 240.233852][T10243] __fput+0x2ff/0x890 [ 240.233864][T10243] ? blkdev_put+0x560/0x560 [ 240.233876][T10243] ____fput+0x16/0x20 [ 240.233890][T10243] task_work_run+0x145/0x1c0 [ 240.233908][T10243] exit_to_usermode_loop+0x316/0x380 [ 240.233924][T10243] do_syscall_64+0x65f/0x760 [ 240.233946][T10243] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 240.320844][ T3880] kobject: 'loop1' (00000000ee213a6f): kobject_uevent_env [ 240.323273][T10243] RIP: 0033:0x4134f0 [ 240.323288][T10243] Code: 01 f0 ff ff 0f 83 30 1b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 9d 2d 66 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff [ 240.323294][T10243] RSP: 002b:00007ffc56f68b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 240.323305][T10243] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00000000004134f0 [ 240.323312][T10243] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000003 [ 240.323318][T10243] RBP: 00000000000000ab R08: 0000000000000000 R09: 000000000000000a [ 240.323325][T10243] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 240.323339][T10243] R13: 00007ffc56f68b80 R14: 000000000003a619 R15: 00007ffc56f68b90 [ 240.329759][T10243] Kernel Offset: disabled [ 240.460445][T10243] Rebooting in 86400 seconds..