0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={0xffffffffffffffff, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) 16:21:21 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2703.196547][T22863] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2703.315834][T22832] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2703.344012][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2703.386124][T22832] CPU: 0 PID: 22832 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2703.393716][T22832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2703.403909][T22832] Call Trace: [ 2703.407208][T22832] dump_stack+0x172/0x1f0 [ 2703.411566][T22832] dump_header+0x10b/0x82d [ 2703.416075][T22832] ? oom_kill_process+0x94/0x3f0 [ 2703.421021][T22832] oom_kill_process.cold+0x10/0x15 [ 2703.426142][T22832] out_of_memory+0x334/0x1340 [ 2703.430940][T22832] ? lock_downgrade+0x920/0x920 [ 2703.435105][T22861] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2703.435790][T22832] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2703.451897][T22832] ? oom_killer_disable+0x280/0x280 [ 2703.457127][T22832] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2703.462678][T22832] ? memcg_stat_show+0xc40/0xc40 [ 2703.467623][T22832] ? do_raw_spin_unlock+0x57/0x270 [ 2703.470562][T22861] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2703.472736][T22832] ? _raw_spin_unlock+0x2d/0x50 [ 2703.487892][T22832] try_charge+0xf4b/0x1440 [ 2703.492328][T22832] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2703.497876][T22832] ? percpu_ref_tryget_live+0x111/0x290 [ 2703.503429][T22832] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2703.509672][T22832] ? __kasan_check_read+0x11/0x20 [ 2703.514793][T22832] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2703.520350][T22832] mem_cgroup_try_charge+0x136/0x590 [ 2703.525655][T22832] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2703.531312][T22832] wp_page_copy+0x407/0x1860 [ 2703.535911][T22832] ? find_held_lock+0x35/0x130 [ 2703.540676][T22832] ? do_wp_page+0x53b/0x15c0 [ 2703.545272][T22832] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2703.551341][T22832] ? lock_downgrade+0x920/0x920 [ 2703.556192][T22832] ? swp_swapcount+0x540/0x540 [ 2703.556954][T22861] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2703.560953][T22832] ? __kasan_check_read+0x11/0x20 [ 2703.560968][T22832] ? do_raw_spin_unlock+0x57/0x270 [ 2703.560985][T22832] do_wp_page+0x543/0x15c0 [ 2703.561005][T22832] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2703.561033][T22832] __handle_mm_fault+0x23ec/0x4040 [ 2703.561056][T22832] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2703.561069][T22832] ? handle_mm_fault+0x292/0xaa0 [ 2703.561097][T22832] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2703.592856][T22832] ? __kasan_check_read+0x11/0x20 [ 2703.614667][T22832] handle_mm_fault+0x3b7/0xaa0 [ 2703.619450][T22832] __do_page_fault+0x536/0xdd0 [ 2703.624243][T22832] do_page_fault+0x38/0x590 [ 2703.628752][T22832] page_fault+0x39/0x40 [ 2703.632907][T22832] RIP: 0033:0x430b36 [ 2703.636804][T22832] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2703.657460][T22832] RSP: 002b:00007fff17c217a0 EFLAGS: 00010206 [ 2703.663536][T22832] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2703.671506][T22832] RDX: 00000000016a4930 RSI: 00000000016ac970 RDI: 0000000000000003 [ 2703.679492][T22832] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000016a3940 [ 2703.687471][T22832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2703.695564][T22832] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2703.711501][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2703.748598][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2703.771085][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2703.791833][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2703.811297][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2703.830790][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2703.851103][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2703.860592][T22832] memory: usage 784kB, limit 0kB, failcnt 956 [ 2703.866693][T22832] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2703.869964][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2703.874232][T22832] Memory cgroup stats for /syz2: [ 2703.874337][T22832] anon 61440 [ 2703.874337][T22832] file 86016 [ 2703.874337][T22832] kernel_stack 0 [ 2703.874337][T22832] slab 671744 [ 2703.874337][T22832] sock 0 [ 2703.874337][T22832] shmem 0 [ 2703.874337][T22832] file_mapped 0 [ 2703.874337][T22832] file_dirty 0 [ 2703.874337][T22832] file_writeback 0 [ 2703.874337][T22832] anon_thp 0 [ 2703.874337][T22832] inactive_anon 0 [ 2703.874337][T22832] active_anon 61440 [ 2703.874337][T22832] inactive_file 0 [ 2703.874337][T22832] active_file 0 [ 2703.874337][T22832] unevictable 0 [ 2703.874337][T22832] slab_reclaimable 135168 [ 2703.874337][T22832] slab_unreclaimable 536576 [ 2703.874337][T22832] pgfault 35178 [ 2703.874337][T22832] pgmajfault 0 [ 2703.874337][T22832] workingset_refault 0 [ 2703.874337][T22832] workingset_activate 0 [ 2703.874337][T22832] workingset_nodereclaim 0 [ 2703.874337][T22832] pgrefill 166 [ 2703.874337][T22832] pgscan 167 [ 2703.874337][T22832] pgsteal 0 [ 2703.874337][T22832] pgactivate 99 [ 2703.980738][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2703.990439][T22832] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=22832,uid=0 [ 2703.998661][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2704.006688][T22832] Memory cgroup out of memory: Killed process 22832 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2704.031832][ T1065] oom_reaper: reaped process 22832 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2704.043639][T22880] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2704.062536][T22880] CPU: 0 PID: 22880 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2704.070122][T22880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2704.080179][T22880] Call Trace: [ 2704.080207][T22880] dump_stack+0x172/0x1f0 [ 2704.080234][T22880] dump_header+0x10b/0x82d [ 2704.080258][T22880] oom_kill_process.cold+0x10/0x15 [ 2704.080280][T22880] out_of_memory+0x334/0x1340 [ 2704.080303][T22880] ? cgroup_file_notify+0x140/0x1b0 [ 2704.080332][T22880] ? oom_killer_disable+0x280/0x280 [ 2704.080372][T22880] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2704.080394][T22880] ? memcg_stat_show+0xc40/0xc40 [ 2704.080427][T22880] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2704.080445][T22880] ? cgroup_file_notify+0x140/0x1b0 [ 2704.080472][T22880] memory_max_write+0x262/0x3a0 [ 2704.080497][T22880] ? mem_cgroup_write+0x370/0x370 [ 2704.080514][T22880] ? lock_acquire+0x190/0x410 [ 2704.080534][T22880] ? kernfs_fop_write+0x227/0x480 [ 2704.080566][T22880] cgroup_file_write+0x241/0x790 [ 2704.080588][T22880] ? mem_cgroup_write+0x370/0x370 [ 2704.080609][T22880] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2704.080647][T22880] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2704.080666][T22880] kernfs_fop_write+0x2b8/0x480 [ 2704.080686][T22880] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2704.080714][T22880] __vfs_write+0x8a/0x110 [ 2704.080730][T22880] ? kernfs_fop_open+0xd80/0xd80 [ 2704.080755][T22880] vfs_write+0x268/0x5d0 [ 2704.080784][T22880] ksys_write+0x14f/0x290 [ 2704.080807][T22880] ? __ia32_sys_read+0xb0/0xb0 [ 2704.080830][T22880] ? do_syscall_64+0x26/0x760 [ 2704.080848][T22880] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2704.080864][T22880] ? do_syscall_64+0x26/0x760 [ 2704.080893][T22880] __x64_sys_write+0x73/0xb0 [ 2704.080916][T22880] do_syscall_64+0xfa/0x760 [ 2704.080944][T22880] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2704.080960][T22880] RIP: 0033:0x459a59 [ 2704.080978][T22880] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2704.080989][T22880] RSP: 002b:00007fa267317c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2704.081007][T22880] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2704.081016][T22880] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2704.081027][T22880] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2704.081039][T22880] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa2673186d4 [ 2704.081050][T22880] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2704.086028][T22880] memory: usage 5184kB, limit 0kB, failcnt 814 [ 2704.106675][T22863] 8021q: adding VLAN 0 to HW filter on device team0 [ 2704.109071][T22880] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2704.131209][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2704.137219][T22880] Memory cgroup stats for /syz3: [ 2704.137340][T22880] anon 4329472 [ 2704.137340][T22880] file 16384 [ 2704.137340][T22880] kernel_stack 65536 [ 2704.137340][T22880] slab 679936 [ 2704.137340][T22880] sock 0 [ 2704.137340][T22880] shmem 0 [ 2704.137340][T22880] file_mapped 0 [ 2704.137340][T22880] file_dirty 0 [ 2704.137340][T22880] file_writeback 0 [ 2704.137340][T22880] anon_thp 4194304 [ 2704.137340][T22880] inactive_anon 0 [ 2704.137340][T22880] active_anon 4329472 [ 2704.137340][T22880] inactive_file 0 [ 2704.137340][T22880] active_file 0 [ 2704.137340][T22880] unevictable 0 [ 2704.137340][T22880] slab_reclaimable 135168 [ 2704.137340][T22880] slab_unreclaimable 544768 [ 2704.137340][T22880] pgfault 30954 [ 2704.137340][T22880] pgmajfault 0 [ 2704.137340][T22880] workingset_refault 0 [ 2704.137340][T22880] workingset_activate 0 [ 2704.137340][T22880] workingset_nodereclaim 0 [ 2704.137340][T22880] pgrefill 100 [ 2704.137340][T22880] pgscan 99 [ 2704.137340][T22880] pgsteal 0 [ 2704.137340][T22880] pgactivate 66 [ 2704.154107][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2704.190454][T22880] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=22879,uid=0 [ 2704.461855][T22880] Memory cgroup out of memory: Killed process 22879 (syz-executor.3) total-vm:72708kB, anon-rss:4184kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2704.484992][ T1065] oom_reaper: reaped process 22879 (syz-executor.3), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 16:21:22 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, 0x0}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2704.519215][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2704.529536][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2704.533937][T22842] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2704.544270][T20744] bridge0: port 1(bridge_slave_0) entered blocking state [ 2704.554569][T20744] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2704.560384][T22842] CPU: 0 PID: 22842 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2704.569765][T22842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2704.579861][T22842] Call Trace: [ 2704.580121][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2704.583158][T22842] dump_stack+0x172/0x1f0 [ 2704.583178][T22842] dump_header+0x10b/0x82d [ 2704.583190][T22842] ? oom_kill_process+0x94/0x3f0 [ 2704.583207][T22842] oom_kill_process.cold+0x10/0x15 [ 2704.583224][T22842] out_of_memory+0x334/0x1340 [ 2704.583240][T22842] ? lock_downgrade+0x920/0x920 [ 2704.583259][T22842] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2704.583276][T22842] ? oom_killer_disable+0x280/0x280 [ 2704.583299][T22842] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2704.607292][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2704.610240][T22842] ? memcg_stat_show+0xc40/0xc40 [ 2704.621431][T20744] bridge0: port 2(bridge_slave_1) entered blocking state [ 2704.625684][T22842] ? do_raw_spin_unlock+0x57/0x270 [ 2704.630960][T20744] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2704.636392][T22842] ? _raw_spin_unlock+0x2d/0x50 [ 2704.673497][T22842] try_charge+0xf4b/0x1440 [ 2704.673569][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2704.677916][T22842] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2704.677929][T22842] ? percpu_ref_tryget_live+0x111/0x290 [ 2704.677949][T22842] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2704.702642][T22842] ? __kasan_check_read+0x11/0x20 [ 2704.707770][T22842] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2704.713329][T22842] mem_cgroup_try_charge+0x136/0x590 [ 2704.718628][T22842] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2704.724265][T22842] __handle_mm_fault+0x1f0d/0x4040 [ 2704.729411][T22842] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2704.735053][T22842] ? handle_mm_fault+0x292/0xaa0 [ 2704.740010][T22842] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2704.746256][T22842] ? __kasan_check_read+0x11/0x20 [ 2704.751288][T22842] handle_mm_fault+0x3b7/0xaa0 [ 2704.756102][T22842] __do_page_fault+0x536/0xdd0 [ 2704.760879][T22842] do_page_fault+0x38/0x590 [ 2704.765385][T22842] page_fault+0x39/0x40 [ 2704.769539][T22842] RIP: 0033:0x4579f1 [ 2704.773435][T22842] Code: 48 81 ec 98 00 00 00 0f 05 48 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 00 48 89 e2 89 de bf 01 00 00 00 ba 13 00 00 85 c0 0f 88 98 00 00 00 8b 44 24 18 25 00 f0 00 00 [ 2704.793045][T22842] RSP: 002b:00007ffd2c2b0000 EFLAGS: 00010206 [ 2704.799112][T22842] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 00000000004579d0 [ 2704.807088][T22842] RDX: 00007ffd2c2b0000 RSI: 0000000000000003 RDI: 0000000000000001 [ 2704.815062][T22842] RBP: 0000000000000002 R08: 0000000000000001 R09: 000000000110e940 [ 2704.823032][T22842] R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffd2c2b11e0 [ 2704.831005][T22842] R13: 00007ffd2c2b11d0 R14: 0000000000000000 R15: 00007ffd2c2b11e0 [ 2704.846019][T22842] memory: usage 768kB, limit 0kB, failcnt 826 [ 2704.852644][T22842] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2704.859582][T22842] Memory cgroup stats for /syz3: [ 2704.859699][T22842] anon 77824 [ 2704.859699][T22842] file 16384 [ 2704.859699][T22842] kernel_stack 0 [ 2704.859699][T22842] slab 679936 [ 2704.859699][T22842] sock 0 [ 2704.859699][T22842] shmem 0 [ 2704.859699][T22842] file_mapped 0 [ 2704.859699][T22842] file_dirty 0 [ 2704.859699][T22842] file_writeback 0 [ 2704.859699][T22842] anon_thp 0 [ 2704.859699][T22842] inactive_anon 0 [ 2704.859699][T22842] active_anon 77824 [ 2704.859699][T22842] inactive_file 0 [ 2704.859699][T22842] active_file 0 [ 2704.859699][T22842] unevictable 0 [ 2704.859699][T22842] slab_reclaimable 135168 [ 2704.859699][T22842] slab_unreclaimable 544768 [ 2704.859699][T22842] pgfault 30954 [ 2704.859699][T22842] pgmajfault 0 [ 2704.859699][T22842] workingset_refault 0 [ 2704.859699][T22842] workingset_activate 0 [ 2704.859699][T22842] workingset_nodereclaim 0 [ 2704.859699][T22842] pgrefill 100 [ 2704.859699][T22842] pgscan 99 [ 2704.859699][T22842] pgsteal 0 [ 2704.859699][T22842] pgactivate 66 [ 2704.954350][T22842] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=22842,uid=0 [ 2705.002700][T22842] Memory cgroup out of memory: Killed process 22842 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2705.131247][ T1065] oom_reaper: reaped process 22842 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2705.171063][T22888] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2705.480773][T22888] CPU: 0 PID: 22888 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 2705.488402][T22888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2705.498496][T22888] Call Trace: [ 2705.501838][T22888] dump_stack+0x172/0x1f0 [ 2705.506215][T22888] dump_header+0x10b/0x82d [ 2705.510666][T22888] oom_kill_process.cold+0x10/0x15 [ 2705.515872][T22888] out_of_memory+0x334/0x1340 [ 2705.520556][T22888] ? __sched_text_start+0x8/0x8 [ 2705.525411][T22888] ? oom_killer_disable+0x280/0x280 [ 2705.530652][T22888] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2705.536213][T22888] ? memcg_stat_show+0xc40/0xc40 [ 2705.541354][T22888] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2705.547180][T22888] ? cgroup_file_notify+0x140/0x1b0 [ 2705.552393][T22888] memory_max_write+0x262/0x3a0 [ 2705.558206][T22888] ? mem_cgroup_write+0x370/0x370 [ 2705.563256][T22888] ? lock_acquire+0x20b/0x410 [ 2705.567958][T22888] cgroup_file_write+0x241/0x790 [ 2705.572897][T22888] ? mem_cgroup_write+0x370/0x370 [ 2705.578011][T22888] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2705.583661][T22888] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2705.589468][T22888] kernfs_fop_write+0x2b8/0x480 [ 2705.594319][T22888] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2705.600572][T22888] __vfs_write+0x8a/0x110 [ 2705.604993][T22888] ? kernfs_fop_open+0xd80/0xd80 [ 2705.609937][T22888] vfs_write+0x268/0x5d0 [ 2705.614192][T22888] ksys_write+0x14f/0x290 [ 2705.618541][T22888] ? __ia32_sys_read+0xb0/0xb0 [ 2705.623306][T22888] ? do_syscall_64+0x26/0x760 [ 2705.627985][T22888] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2705.634059][T22888] ? do_syscall_64+0x26/0x760 [ 2705.638742][T22888] __x64_sys_write+0x73/0xb0 [ 2705.643511][T22888] do_syscall_64+0xfa/0x760 [ 2705.648027][T22888] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2705.653915][T22888] RIP: 0033:0x459a59 [ 2705.657894][T22888] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2705.677856][T22888] RSP: 002b:00007f5ece9adc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2705.686279][T22888] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2705.694259][T22888] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000d [ 2705.702231][T22888] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2705.710209][T22888] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5ece9ae6d4 [ 2705.718190][T22888] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2705.800618][T22888] memory: usage 5376kB, limit 0kB, failcnt 1078 [ 2705.817262][T22888] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2705.900922][T22888] Memory cgroup stats for /syz4: [ 2705.902726][T22888] anon 4268032 [ 2705.902726][T22888] file 0 [ 2705.902726][T22888] kernel_stack 65536 [ 2705.902726][T22888] slab 1081344 [ 2705.902726][T22888] sock 0 [ 2705.902726][T22888] shmem 0 [ 2705.902726][T22888] file_mapped 0 [ 2705.902726][T22888] file_dirty 135168 [ 2705.902726][T22888] file_writeback 0 [ 2705.902726][T22888] anon_thp 4194304 [ 2705.902726][T22888] inactive_anon 0 [ 2705.902726][T22888] active_anon 4268032 [ 2705.902726][T22888] inactive_file 0 [ 2705.902726][T22888] active_file 0 [ 2705.902726][T22888] unevictable 0 [ 2705.902726][T22888] slab_reclaimable 405504 [ 2705.902726][T22888] slab_unreclaimable 675840 [ 2705.902726][T22888] pgfault 20229 [ 2705.902726][T22888] pgmajfault 0 [ 2705.902726][T22888] workingset_refault 0 [ 2705.902726][T22888] workingset_activate 0 [ 2705.902726][T22888] workingset_nodereclaim 0 [ 2705.902726][T22888] pgrefill 132 [ 2705.902726][T22888] pgscan 216 [ 2705.902726][T22888] pgsteal 105 [ 2705.902726][T22888] pgactivate 99 [ 2706.010917][T22888] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=22887,uid=0 [ 2706.028676][T22888] Memory cgroup out of memory: Killed process 22888 (syz-executor.4) total-vm:72576kB, anon-rss:4232kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2706.048193][ T1065] oom_reaper: reaped process 22888 (syz-executor.4), now anon-rss:0kB, file-rss:34872kB, shmem-rss:0kB 16:21:23 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, 0x0, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2706.099596][T22861] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2706.110046][T22861] CPU: 1 PID: 22861 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 2706.117589][T22861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2706.127717][T22861] Call Trace: [ 2706.131027][T22861] dump_stack+0x172/0x1f0 [ 2706.135361][T22861] dump_header+0x10b/0x82d [ 2706.139771][T22861] ? oom_kill_process+0x94/0x3f0 [ 2706.144714][T22861] oom_kill_process.cold+0x10/0x15 [ 2706.149829][T22861] out_of_memory+0x334/0x1340 [ 2706.154525][T22861] ? lock_downgrade+0x920/0x920 [ 2706.159376][T22861] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2706.165182][T22861] ? oom_killer_disable+0x280/0x280 [ 2706.170511][T22861] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2706.176051][T22861] ? memcg_stat_show+0xc40/0xc40 [ 2706.180997][T22861] ? do_raw_spin_unlock+0x57/0x270 [ 2706.181021][T22861] ? _raw_spin_unlock+0x2d/0x50 [ 2706.181037][T22861] try_charge+0xf4b/0x1440 [ 2706.181060][T22861] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2706.181078][T22861] ? percpu_ref_tryget_live+0x111/0x290 [ 2706.191023][T22861] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2706.191039][T22861] ? __kasan_check_read+0x11/0x20 [ 2706.191059][T22861] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2706.200966][T22861] mem_cgroup_try_charge+0x136/0x590 [ 2706.200986][T22861] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2706.201004][T22861] wp_page_copy+0x407/0x1860 [ 2706.212738][T22861] ? find_held_lock+0x35/0x130 [ 2706.212754][T22861] ? do_wp_page+0x53b/0x15c0 [ 2706.212770][T22861] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2706.212788][T22861] ? lock_downgrade+0x920/0x920 [ 2706.223312][T22861] ? swp_swapcount+0x540/0x540 [ 2706.223329][T22861] ? __kasan_check_read+0x11/0x20 [ 2706.223342][T22861] ? do_raw_spin_unlock+0x57/0x270 [ 2706.223359][T22861] do_wp_page+0x543/0x15c0 [ 2706.234229][T22861] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2706.234255][T22861] __handle_mm_fault+0x23ec/0x4040 [ 2706.243563][T22861] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2706.243578][T22861] ? handle_mm_fault+0x292/0xaa0 [ 2706.243609][T22861] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2706.253943][T22861] ? __kasan_check_read+0x11/0x20 [ 2706.253963][T22861] handle_mm_fault+0x3b7/0xaa0 [ 2706.253989][T22861] __do_page_fault+0x536/0xdd0 [ 2706.263575][T22861] do_page_fault+0x38/0x590 [ 2706.263598][T22861] page_fault+0x39/0x40 [ 2706.263614][T22861] RIP: 0033:0x430b36 [ 2706.273720][T22861] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2706.273728][T22861] RSP: 002b:00007fffaff56290 EFLAGS: 00010206 [ 2706.273738][T22861] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2706.273750][T22861] RDX: 00000000020b1930 RSI: 00000000020b9970 RDI: 0000000000000003 [ 2706.283473][T22861] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000020b0940 [ 2706.283481][T22861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2706.283489][T22861] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2706.284841][T22861] memory: usage 988kB, limit 0kB, failcnt 1086 [ 2706.315682][T22861] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2706.333341][T22861] Memory cgroup stats for /syz4: [ 2706.333455][T22861] anon 61440 [ 2706.333455][T22861] file 0 [ 2706.333455][T22861] kernel_stack 0 [ 2706.333455][T22861] slab 1081344 [ 2706.333455][T22861] sock 0 [ 2706.333455][T22861] shmem 0 [ 2706.333455][T22861] file_mapped 0 [ 2706.333455][T22861] file_dirty 135168 [ 2706.333455][T22861] file_writeback 0 [ 2706.333455][T22861] anon_thp 0 [ 2706.333455][T22861] inactive_anon 0 [ 2706.333455][T22861] active_anon 61440 [ 2706.333455][T22861] inactive_file 0 [ 2706.333455][T22861] active_file 0 [ 2706.333455][T22861] unevictable 0 [ 2706.333455][T22861] slab_reclaimable 405504 [ 2706.333455][T22861] slab_unreclaimable 675840 [ 2706.333455][T22861] pgfault 20229 [ 2706.333455][T22861] pgmajfault 0 [ 2706.333455][T22861] workingset_refault 0 [ 2706.333455][T22861] workingset_activate 0 [ 2706.333455][T22861] workingset_nodereclaim 0 [ 2706.333455][T22861] pgrefill 132 [ 2706.333455][T22861] pgscan 216 [ 2706.333455][T22861] pgsteal 105 [ 2706.333455][T22861] pgactivate 99 [ 2706.370397][T22861] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=22861,uid=0 [ 2706.390404][T22861] Memory cgroup out of memory: Killed process 22861 (syz-executor.4) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2706.551398][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 16:21:24 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2706.846090][T22892] IPVS: ftp: loaded support on port[0] = 21 [ 2706.872415][T22890] IPVS: ftp: loaded support on port[0] = 21 16:21:24 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:21:25 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, 0x0}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2707.362763][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2707.405469][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2707.415735][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2707.513185][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2707.522904][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2707.532595][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2707.542495][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2707.551770][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2707.632562][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2707.651710][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2707.695068][T22863] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2707.907640][T22863] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2708.198792][T22890] chnl_net:caif_netlink_parms(): no params data found [ 2708.227275][T22892] chnl_net:caif_netlink_parms(): no params data found [ 2708.364913][T22900] IPVS: ftp: loaded support on port[0] = 21 [ 2708.470001][T22892] bridge0: port 1(bridge_slave_0) entered blocking state [ 2708.485060][T22892] bridge0: port 1(bridge_slave_0) entered disabled state [ 2708.503619][T22892] device bridge_slave_0 entered promiscuous mode [ 2708.522957][T22892] bridge0: port 2(bridge_slave_1) entered blocking state [ 2708.537891][T22892] bridge0: port 2(bridge_slave_1) entered disabled state [ 2708.558237][T22892] device bridge_slave_1 entered promiscuous mode [ 2708.658775][T22903] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2708.671641][T22903] CPU: 0 PID: 22903 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2708.679202][T22903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2708.679216][T22903] Call Trace: [ 2708.692572][T22903] dump_stack+0x172/0x1f0 [ 2708.696930][T22903] dump_header+0x10b/0x82d [ 2708.701377][T22903] oom_kill_process.cold+0x10/0x15 [ 2708.706501][T22903] out_of_memory+0x334/0x1340 [ 2708.706529][T22903] ? __sched_text_start+0x8/0x8 [ 2708.716052][T22903] ? oom_killer_disable+0x280/0x280 [ 2708.721301][T22903] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2708.726854][T22903] ? memcg_stat_show+0xc40/0xc40 [ 2708.726890][T22903] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2708.737644][T22903] ? cgroup_file_notify+0x140/0x1b0 [ 2708.742886][T22903] memory_max_write+0x262/0x3a0 [ 2708.747753][T22903] ? mem_cgroup_write+0x370/0x370 [ 2708.747782][T22903] ? lock_acquire+0x190/0x410 [ 2708.757474][T22903] ? kernfs_fop_write+0x227/0x480 [ 2708.762534][T22903] cgroup_file_write+0x241/0x790 [ 2708.767483][T22903] ? mem_cgroup_write+0x370/0x370 [ 2708.767506][T22903] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2708.778191][T22903] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2708.783879][T22903] kernfs_fop_write+0x2b8/0x480 [ 2708.783907][T22903] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2708.795088][T22903] __vfs_write+0x8a/0x110 [ 2708.799428][T22903] ? kernfs_fop_open+0xd80/0xd80 [ 2708.804382][T22903] vfs_write+0x268/0x5d0 [ 2708.808652][T22903] ksys_write+0x14f/0x290 [ 2708.812998][T22903] ? __ia32_sys_read+0xb0/0xb0 [ 2708.813021][T22903] ? do_syscall_64+0x26/0x760 [ 2708.813040][T22903] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2708.813055][T22903] ? do_syscall_64+0x26/0x760 [ 2708.813084][T22903] __x64_sys_write+0x73/0xb0 [ 2708.813108][T22903] do_syscall_64+0xfa/0x760 [ 2708.813135][T22903] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2708.813151][T22903] RIP: 0033:0x459a59 [ 2708.813168][T22903] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2708.813177][T22903] RSP: 002b:00007f3f8c901c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2708.813193][T22903] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2708.813203][T22903] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2708.813215][T22903] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2708.813225][T22903] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3f8c9026d4 [ 2708.813235][T22903] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2708.900678][T22903] memory: usage 33636kB, limit 0kB, failcnt 139 [ 2708.930279][T22903] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2708.939164][T22903] Memory cgroup stats for /syz0: [ 2708.940308][T22903] anon 4292608 [ 2708.940308][T22903] file 0 [ 2708.940308][T22903] kernel_stack 65536 [ 2708.940308][T22903] slab 30126080 [ 2708.940308][T22903] sock 0 [ 2708.940308][T22903] shmem 0 [ 2708.940308][T22903] file_mapped 0 [ 2708.940308][T22903] file_dirty 0 [ 2708.940308][T22903] file_writeback 0 [ 2708.940308][T22903] anon_thp 4194304 [ 2708.940308][T22903] inactive_anon 0 [ 2708.940308][T22903] active_anon 4292608 [ 2708.940308][T22903] inactive_file 0 [ 2708.940308][T22903] active_file 0 [ 2708.940308][T22903] unevictable 0 [ 2708.940308][T22903] slab_reclaimable 29331456 [ 2708.940308][T22903] slab_unreclaimable 794624 [ 2708.940308][T22903] pgfault 44781 [ 2708.940308][T22903] pgmajfault 0 [ 2708.940308][T22903] workingset_refault 0 [ 2708.940308][T22903] workingset_activate 0 [ 2708.940308][T22903] workingset_nodereclaim 0 [ 2708.940308][T22903] pgrefill 249 [ 2708.940308][T22903] pgscan 231 [ 2708.940308][T22903] pgsteal 34 [ 2708.940308][T22903] pgactivate 198 [ 2709.040559][T22903] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0 [ 2709.041848][T22903] ,task=syz-executor.0,pid=22902,uid=0 [ 2709.064567][T22903] Memory cgroup out of memory: Killed process 22902 (syz-executor.0) total-vm:72708kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2709.118539][ T1065] oom_reaper: reaped process 22902 (syz-executor.0), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 2709.183574][T22890] bridge0: port 1(bridge_slave_0) entered blocking state [ 2709.200442][T22890] bridge0: port 1(bridge_slave_0) entered disabled state [ 2709.209361][T22890] device bridge_slave_0 entered promiscuous mode [ 2709.233421][T22890] bridge0: port 2(bridge_slave_1) entered blocking state [ 2709.250399][T22890] bridge0: port 2(bridge_slave_1) entered disabled state [ 2709.270869][T22890] device bridge_slave_1 entered promiscuous mode [ 2709.289259][T22892] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2709.384720][T22892] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2709.494885][T22892] team0: Port device team_slave_0 added [ 2709.516131][T22890] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2709.541795][T22892] team0: Port device team_slave_1 added [ 2709.583127][T22890] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2709.844817][T22892] device hsr_slave_0 entered promiscuous mode [ 2709.891422][T22892] device hsr_slave_1 entered promiscuous mode 16:21:27 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) 16:21:27 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x0, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) 16:21:27 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, 0x0, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2709.950642][T22892] debugfs: Directory 'hsr0' with parent '/' already present! [ 2709.954962][T22863] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2709.968222][T22863] CPU: 0 PID: 22863 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2709.975802][T22863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2709.978523][T22890] team0: Port device team_slave_0 added [ 2709.985955][T22863] Call Trace: [ 2709.985976][T22863] dump_stack+0x172/0x1f0 [ 2709.985995][T22863] dump_header+0x10b/0x82d [ 2709.986006][T22863] ? oom_kill_process+0x94/0x3f0 [ 2709.986021][T22863] oom_kill_process.cold+0x10/0x15 [ 2709.986037][T22863] out_of_memory+0x334/0x1340 [ 2709.986052][T22863] ? lock_downgrade+0x920/0x920 [ 2709.986071][T22863] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2709.986087][T22863] ? oom_killer_disable+0x280/0x280 [ 2709.986116][T22863] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2709.986128][T22863] ? memcg_stat_show+0xc40/0xc40 [ 2709.986145][T22863] ? do_raw_spin_unlock+0x57/0x270 [ 2709.986162][T22863] ? _raw_spin_unlock+0x2d/0x50 [ 2709.986178][T22863] try_charge+0xf4b/0x1440 [ 2709.986205][T22863] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2709.986216][T22863] ? percpu_ref_tryget_live+0x111/0x290 [ 2709.986235][T22863] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2709.986253][T22863] ? __kasan_check_read+0x11/0x20 [ 2709.986274][T22863] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2709.986293][T22863] mem_cgroup_try_charge+0x136/0x590 [ 2709.986315][T22863] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2709.986331][T22863] wp_page_copy+0x407/0x1860 [ 2709.986347][T22863] ? find_held_lock+0x35/0x130 [ 2709.986362][T22863] ? do_wp_page+0x53b/0x15c0 [ 2709.986380][T22863] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2709.986396][T22863] ? lock_downgrade+0x920/0x920 [ 2709.986417][T22863] ? swp_swapcount+0x540/0x540 [ 2709.986432][T22863] ? __kasan_check_read+0x11/0x20 [ 2709.986445][T22863] ? do_raw_spin_unlock+0x57/0x270 [ 2709.986462][T22863] do_wp_page+0x543/0x15c0 [ 2709.986482][T22863] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2709.986508][T22863] __handle_mm_fault+0x23ec/0x4040 [ 2709.986529][T22863] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2709.986545][T22863] ? handle_mm_fault+0x292/0xaa0 [ 2709.986574][T22863] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2709.986590][T22863] ? __kasan_check_read+0x11/0x20 [ 2709.986609][T22863] handle_mm_fault+0x3b7/0xaa0 [ 2709.986632][T22863] __do_page_fault+0x536/0xdd0 [ 2709.986656][T22863] do_page_fault+0x38/0x590 [ 2709.986673][T22863] page_fault+0x39/0x40 [ 2709.986684][T22863] RIP: 0033:0x430b36 [ 2709.986700][T22863] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2709.986707][T22863] RSP: 002b:00007ffccaaf18d0 EFLAGS: 00010206 [ 2709.986718][T22863] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2709.986726][T22863] RDX: 000000000149c930 RSI: 00000000014a4970 RDI: 0000000000000003 [ 2709.986734][T22863] RBP: 0000000000008041 R08: 0000000000000001 R09: 000000000149b940 [ 2709.986742][T22863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2709.986750][T22863] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2710.040543][T22863] memory: usage 29088kB, limit 0kB, failcnt 147 [ 2710.241452][T22863] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2710.272915][T22863] Memory cgroup stats for /syz0: [ 2710.273069][T22863] anon 49152 [ 2710.273069][T22863] file 0 [ 2710.273069][T22863] kernel_stack 0 [ 2710.273069][T22863] slab 29855744 [ 2710.273069][T22863] sock 0 [ 2710.273069][T22863] shmem 0 [ 2710.273069][T22863] file_mapped 0 [ 2710.273069][T22863] file_dirty 0 [ 2710.273069][T22863] file_writeback 0 [ 2710.273069][T22863] anon_thp 0 [ 2710.273069][T22863] inactive_anon 0 [ 2710.273069][T22863] active_anon 49152 [ 2710.273069][T22863] inactive_file 0 [ 2710.273069][T22863] active_file 0 [ 2710.273069][T22863] unevictable 0 [ 2710.273069][T22863] slab_reclaimable 29061120 [ 2710.273069][T22863] slab_unreclaimable 794624 [ 2710.273069][T22863] pgfault 44781 [ 2710.273069][T22863] pgmajfault 0 [ 2710.273069][T22863] workingset_refault 0 [ 2710.273069][T22863] workingset_activate 0 [ 2710.273069][T22863] workingset_nodereclaim 0 [ 2710.273069][T22863] pgrefill 249 [ 2710.273069][T22863] pgscan 231 [ 2710.273069][T22863] pgsteal 34 [ 2710.273069][T22863] pgactivate 198 [ 2710.273090][T22863] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=22863,uid=0 [ 2710.273188][T22863] Memory cgroup out of memory: Killed process 22863 (syz-executor.0) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2710.273953][ T1065] oom_reaper: reaped process 22863 (syz-executor.0), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2710.455944][T22890] team0: Port device team_slave_1 added [ 2710.986100][T22890] device hsr_slave_0 entered promiscuous mode [ 2711.041431][T22890] device hsr_slave_1 entered promiscuous mode 16:21:29 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) [ 2711.181773][T22890] debugfs: Directory 'hsr0' with parent '/' already present! [ 2711.201943][T22900] chnl_net:caif_netlink_parms(): no params data found 16:21:29 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) [ 2711.551734][T22900] bridge0: port 1(bridge_slave_0) entered blocking state [ 2711.558985][T22900] bridge0: port 1(bridge_slave_0) entered disabled state [ 2711.584798][T22900] device bridge_slave_0 entered promiscuous mode [ 2711.706997][T22900] bridge0: port 2(bridge_slave_1) entered blocking state [ 2711.717136][T22900] bridge0: port 2(bridge_slave_1) entered disabled state [ 2711.726444][T22900] device bridge_slave_1 entered promiscuous mode [ 2711.754113][T22908] IPVS: ftp: loaded support on port[0] = 21 [ 2711.779380][T22909] IPVS: ftp: loaded support on port[0] = 21 [ 2711.857188][T22900] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2711.873352][T22900] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2711.967160][T22892] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2712.007431][T22890] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2712.093804][T22900] team0: Port device team_slave_0 added [ 2712.137307][T22900] team0: Port device team_slave_1 added [ 2712.158783][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2712.168208][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2712.244789][T22892] 8021q: adding VLAN 0 to HW filter on device team0 [ 2712.269559][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2712.281160][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2712.295677][T22890] 8021q: adding VLAN 0 to HW filter on device team0 [ 2712.327047][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2712.341309][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2712.350021][T11398] bridge0: port 1(bridge_slave_0) entered blocking state [ 2712.357515][T11398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2712.477458][T22900] device hsr_slave_0 entered promiscuous mode [ 2712.511883][T22900] device hsr_slave_1 entered promiscuous mode [ 2712.570811][T22900] debugfs: Directory 'hsr0' with parent '/' already present! [ 2712.605273][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2712.622491][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2712.652596][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2712.671086][T20744] bridge0: port 2(bridge_slave_1) entered blocking state [ 2712.678551][T20744] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2712.701859][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2712.721683][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2712.740853][T20744] bridge0: port 1(bridge_slave_0) entered blocking state [ 2712.747968][T20744] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2712.907301][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2712.948909][T22908] chnl_net:caif_netlink_parms(): no params data found [ 2712.987739][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2712.998284][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2713.022318][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2713.031170][T20744] bridge0: port 2(bridge_slave_1) entered blocking state [ 2713.038255][T20744] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2713.123102][T22909] chnl_net:caif_netlink_parms(): no params data found [ 2713.162551][T22912] IPVS: ftp: loaded support on port[0] = 21 [ 2713.189540][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2713.200089][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2713.354417][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2713.366929][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2713.431132][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2713.439595][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2713.451296][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2713.461926][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2713.472127][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2713.482473][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2713.594552][T22909] bridge0: port 1(bridge_slave_0) entered blocking state [ 2713.602896][T22909] bridge0: port 1(bridge_slave_0) entered disabled state [ 2713.612447][T22909] device bridge_slave_0 entered promiscuous mode [ 2713.621607][T22908] bridge0: port 1(bridge_slave_0) entered blocking state [ 2713.630250][T22908] bridge0: port 1(bridge_slave_0) entered disabled state [ 2713.641838][T22908] device bridge_slave_0 entered promiscuous mode [ 2713.651360][T22908] bridge0: port 2(bridge_slave_1) entered blocking state [ 2713.658423][T22908] bridge0: port 2(bridge_slave_1) entered disabled state [ 2713.667655][T22908] device bridge_slave_1 entered promiscuous mode [ 2713.683548][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2713.701656][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2713.713710][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2713.723293][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2713.741287][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2713.750141][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2713.760777][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2713.786934][T22892] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2713.847085][T22909] bridge0: port 2(bridge_slave_1) entered blocking state [ 2713.856788][T22909] bridge0: port 2(bridge_slave_1) entered disabled state [ 2713.866235][T22909] device bridge_slave_1 entered promiscuous mode [ 2713.934464][T21816] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2713.943915][T21816] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2714.040861][T21816] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2714.049777][T21816] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2714.066754][T22890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2714.087498][T22909] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2714.104177][T22908] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2714.116608][T22892] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2714.199986][T22900] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2714.212392][T22909] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2714.227093][T22908] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2714.369350][T22908] team0: Port device team_slave_0 added [ 2714.393243][T22900] 8021q: adding VLAN 0 to HW filter on device team0 [ 2714.413463][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2714.442439][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2714.474420][T22908] team0: Port device team_slave_1 added [ 2714.499589][T22909] team0: Port device team_slave_0 added [ 2714.596037][T22909] team0: Port device team_slave_1 added [ 2714.665551][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2714.732358][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2714.812313][T21272] bridge0: port 1(bridge_slave_0) entered blocking state [ 2714.819469][T21272] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2714.922419][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2714.982040][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2715.019588][T22920] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2715.049613][T21272] bridge0: port 2(bridge_slave_1) entered blocking state [ 2715.056774][T21272] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2715.069970][T22920] CPU: 0 PID: 22920 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 2715.079830][T22920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2715.090053][T22920] Call Trace: [ 2715.093551][T22920] dump_stack+0x172/0x1f0 [ 2715.097917][T22920] dump_header+0x10b/0x82d [ 2715.102362][T22920] oom_kill_process.cold+0x10/0x15 [ 2715.107586][T22920] out_of_memory+0x334/0x1340 [ 2715.112305][T22920] ? cgroup_file_notify+0x140/0x1b0 [ 2715.117555][T22920] ? oom_killer_disable+0x280/0x280 [ 2715.122802][T22920] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2715.128367][T22920] ? memcg_stat_show+0xc40/0xc40 [ 2715.133347][T22920] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2715.139196][T22920] ? cgroup_file_notify+0x140/0x1b0 [ 2715.144430][T22920] memory_max_write+0x262/0x3a0 [ 2715.149311][T22920] ? mem_cgroup_write+0x370/0x370 [ 2715.154373][T22920] ? lock_acquire+0x190/0x410 [ 2715.159067][T22920] ? kernfs_fop_write+0x227/0x480 [ 2715.164136][T22920] cgroup_file_write+0x241/0x790 [ 2715.169097][T22920] ? mem_cgroup_write+0x370/0x370 [ 2715.174151][T22920] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2715.179821][T22920] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2715.185494][T22920] kernfs_fop_write+0x2b8/0x480 [ 2715.190463][T22920] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2715.196734][T22920] __vfs_write+0x8a/0x110 [ 2715.201082][T22920] ? kernfs_fop_open+0xd80/0xd80 [ 2715.206307][T22920] vfs_write+0x268/0x5d0 [ 2715.210577][T22920] ksys_write+0x14f/0x290 [ 2715.214929][T22920] ? __ia32_sys_read+0xb0/0xb0 [ 2715.223193][T22920] ? do_syscall_64+0x26/0x760 [ 2715.227883][T22920] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2715.233976][T22920] ? do_syscall_64+0x26/0x760 [ 2715.238948][T22920] __x64_sys_write+0x73/0xb0 [ 2715.243568][T22920] do_syscall_64+0xfa/0x760 [ 2715.248098][T22920] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2715.254004][T22920] RIP: 0033:0x459a59 [ 2715.257918][T22920] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2715.277552][T22920] RSP: 002b:00007f3b6a3a7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2715.286001][T22920] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2715.293993][T22920] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2715.301980][T22920] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2715.309988][T22920] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3b6a3a86d4 [ 2715.317997][T22920] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2715.368253][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2715.391145][T22920] memory: usage 5228kB, limit 0kB, failcnt 1044 [ 2715.401938][T22920] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2715.409271][T22920] Memory cgroup stats for /syz5: [ 2715.410615][T22920] anon 4304896 [ 2715.410615][T22920] file 90112 [ 2715.410615][T22920] kernel_stack 65536 [ 2715.410615][T22920] slab 827392 [ 2715.410615][T22920] sock 0 [ 2715.410615][T22920] shmem 0 [ 2715.410615][T22920] file_mapped 0 [ 2715.410615][T22920] file_dirty 0 [ 2715.410615][T22920] file_writeback 0 [ 2715.410615][T22920] anon_thp 4194304 [ 2715.410615][T22920] inactive_anon 0 [ 2715.410615][T22920] active_anon 4304896 [ 2715.410615][T22920] inactive_file 135168 [ 2715.410615][T22920] active_file 0 [ 2715.410615][T22920] unevictable 0 [ 2715.410615][T22920] slab_reclaimable 270336 [ 2715.410615][T22920] slab_unreclaimable 557056 [ 2715.410615][T22920] pgfault 19503 [ 2715.410615][T22920] pgmajfault 0 [ 2715.410615][T22920] workingset_refault 0 [ 2715.410615][T22920] workingset_activate 0 [ 2715.410615][T22920] workingset_nodereclaim 0 [ 2715.410615][T22920] pgrefill 166 [ 2715.410615][T22920] pgscan 165 [ 2715.410615][T22920] pgsteal 35 [ 2715.410615][T22920] pgactivate 132 [ 2715.416038][T22920] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=22919,uid=0 [ 2715.717060][T22920] Memory cgroup out of memory: Killed process 22919 (syz-executor.5) total-vm:72708kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2715.743269][ T1065] oom_reaper: reaped process 22919 (syz-executor.5), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 2715.852773][T22890] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2715.894207][T22908] device hsr_slave_0 entered promiscuous mode [ 2715.932152][T22908] device hsr_slave_1 entered promiscuous mode [ 2715.955137][T22892] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2715.965244][T22892] CPU: 0 PID: 22892 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 2715.970701][T22908] debugfs: Directory 'hsr0' with parent '/' already present! [ 2715.972811][T22892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2715.990274][T22892] Call Trace: [ 2715.993594][T22892] dump_stack+0x172/0x1f0 [ 2715.997949][T22892] dump_header+0x10b/0x82d [ 2716.002383][T22892] ? oom_kill_process+0x94/0x3f0 [ 2716.002399][T22892] oom_kill_process.cold+0x10/0x15 [ 2716.002413][T22892] out_of_memory+0x334/0x1340 [ 2716.002427][T22892] ? lock_downgrade+0x920/0x920 [ 2716.002448][T22892] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2716.002462][T22892] ? oom_killer_disable+0x280/0x280 [ 2716.002484][T22892] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2716.002495][T22892] ? memcg_stat_show+0xc40/0xc40 [ 2716.002512][T22892] ? do_raw_spin_unlock+0x57/0x270 [ 2716.002532][T22892] ? _raw_spin_unlock+0x2d/0x50 [ 2716.002549][T22892] try_charge+0xf4b/0x1440 [ 2716.002574][T22892] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2716.002586][T22892] ? percpu_ref_tryget_live+0x111/0x290 [ 2716.002605][T22892] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2716.002621][T22892] ? __kasan_check_read+0x11/0x20 [ 2716.002640][T22892] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2716.002658][T22892] mem_cgroup_try_charge+0x136/0x590 [ 2716.017483][T22892] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2716.033318][T22892] wp_page_copy+0x407/0x1860 [ 2716.043766][T22892] ? find_held_lock+0x35/0x130 [ 2716.043781][T22892] ? do_wp_page+0x53b/0x15c0 [ 2716.043796][T22892] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2716.043810][T22892] ? lock_downgrade+0x920/0x920 [ 2716.043827][T22892] ? swp_swapcount+0x540/0x540 [ 2716.043842][T22892] ? __kasan_check_read+0x11/0x20 [ 2716.043853][T22892] ? do_raw_spin_unlock+0x57/0x270 [ 2716.043867][T22892] do_wp_page+0x543/0x15c0 [ 2716.043887][T22892] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2716.043912][T22892] __handle_mm_fault+0x23ec/0x4040 [ 2716.043932][T22892] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2716.043946][T22892] ? handle_mm_fault+0x292/0xaa0 [ 2716.043977][T22892] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2716.043991][T22892] ? __kasan_check_read+0x11/0x20 [ 2716.044008][T22892] handle_mm_fault+0x3b7/0xaa0 [ 2716.044028][T22892] __do_page_fault+0x536/0xdd0 [ 2716.044054][T22892] do_page_fault+0x38/0x590 [ 2716.044074][T22892] page_fault+0x39/0x40 [ 2716.044086][T22892] RIP: 0033:0x430b36 [ 2716.044102][T22892] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2716.044108][T22892] RSP: 002b:00007fff721315a0 EFLAGS: 00010206 [ 2716.044117][T22892] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2716.044124][T22892] RDX: 0000000000e80930 RSI: 0000000000e88970 RDI: 0000000000000003 [ 2716.044130][T22892] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000000e7f940 [ 2716.044137][T22892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2716.044143][T22892] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2716.045749][T22892] memory: usage 808kB, limit 0kB, failcnt 1056 [ 2716.084272][T22892] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2716.094371][T22892] Memory cgroup stats for /syz5: [ 2716.094491][T22892] anon 90112 [ 2716.094491][T22892] file 90112 [ 2716.094491][T22892] kernel_stack 0 [ 2716.094491][T22892] slab 827392 [ 2716.094491][T22892] sock 0 [ 2716.094491][T22892] shmem 0 [ 2716.094491][T22892] file_mapped 0 [ 2716.094491][T22892] file_dirty 0 [ 2716.094491][T22892] file_writeback 0 [ 2716.094491][T22892] anon_thp 0 [ 2716.094491][T22892] inactive_anon 0 [ 2716.094491][T22892] active_anon 90112 [ 2716.094491][T22892] inactive_file 135168 [ 2716.094491][T22892] active_file 0 [ 2716.094491][T22892] unevictable 0 [ 2716.094491][T22892] slab_reclaimable 270336 [ 2716.094491][T22892] slab_unreclaimable 557056 [ 2716.094491][T22892] pgfault 19503 [ 2716.094491][T22892] pgmajfault 0 [ 2716.094491][T22892] workingset_refault 0 [ 2716.094491][T22892] workingset_activate 0 [ 2716.094491][T22892] workingset_nodereclaim 0 [ 2716.094491][T22892] pgrefill 166 [ 2716.094491][T22892] pgscan 165 [ 2716.094491][T22892] pgsteal 35 [ 2716.094491][T22892] pgactivate 132 [ 2716.114210][T22892] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=22892,uid=0 [ 2716.124660][T22892] Memory cgroup out of memory: Killed process 22892 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2716.157081][ T1065] oom_reaper: reaped process 22892 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2716.518266][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2716.605714][T22909] device hsr_slave_0 entered promiscuous mode [ 2716.661971][T22909] device hsr_slave_1 entered promiscuous mode [ 2716.710579][T22909] debugfs: Directory 'hsr0' with parent '/' already present! [ 2717.023926][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2717.042594][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2717.053647][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2717.141753][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2717.151423][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2717.161871][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2717.312986][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2717.332534][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2717.362085][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2717.381504][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2717.391640][T22912] chnl_net:caif_netlink_parms(): no params data found [ 2717.408265][T22900] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2717.476587][T22929] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2717.490258][T22929] CPU: 0 PID: 22929 Comm: syz-executor.1 Not tainted 5.3.0+ #0 [ 2717.497846][T22929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2717.507905][T22929] Call Trace: [ 2717.507934][T22929] dump_stack+0x172/0x1f0 [ 2717.515552][T22929] dump_header+0x10b/0x82d [ 2717.520015][T22929] oom_kill_process.cold+0x10/0x15 [ 2717.525141][T22929] out_of_memory+0x334/0x1340 [ 2717.529827][T22929] ? __sched_text_start+0x8/0x8 [ 2717.534677][T22929] ? oom_killer_disable+0x280/0x280 [ 2717.534718][T22929] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2717.534736][T22929] ? memcg_stat_show+0xc40/0xc40 [ 2717.534773][T22929] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2717.534798][T22929] ? cgroup_file_notify+0x140/0x1b0 [ 2717.534825][T22929] memory_max_write+0x262/0x3a0 [ 2717.534854][T22929] ? mem_cgroup_write+0x370/0x370 [ 2717.534875][T22929] ? lock_acquire+0x190/0x410 [ 2717.534895][T22929] ? kernfs_fop_write+0x227/0x480 [ 2717.534925][T22929] cgroup_file_write+0x241/0x790 [ 2717.534946][T22929] ? mem_cgroup_write+0x370/0x370 [ 2717.534965][T22929] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2717.534999][T22929] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2717.535019][T22929] kernfs_fop_write+0x2b8/0x480 [ 2717.561664][T22929] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2717.571509][T22929] __vfs_write+0x8a/0x110 [ 2717.571528][T22929] ? kernfs_fop_open+0xd80/0xd80 [ 2717.571551][T22929] vfs_write+0x268/0x5d0 [ 2717.571581][T22929] ksys_write+0x14f/0x290 [ 2717.571605][T22929] ? __ia32_sys_read+0xb0/0xb0 [ 2717.571628][T22929] ? do_syscall_64+0x26/0x760 [ 2717.571647][T22929] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2717.571662][T22929] ? do_syscall_64+0x26/0x760 [ 2717.571691][T22929] __x64_sys_write+0x73/0xb0 [ 2717.571713][T22929] do_syscall_64+0xfa/0x760 [ 2717.571740][T22929] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2717.571756][T22929] RIP: 0033:0x459a59 [ 2717.571773][T22929] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2717.571788][T22929] RSP: 002b:00007f3fd5250c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2717.591388][T22929] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2717.602615][T22929] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2717.602626][T22929] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2717.602636][T22929] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3fd52516d4 [ 2717.602646][T22929] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2717.620917][T22929] memory: usage 5132kB, limit 0kB, failcnt 852 [ 2717.652602][T22929] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2717.667567][T22929] Memory cgroup stats for /syz1: [ 2717.669453][T22929] anon 4317184 [ 2717.669453][T22929] file 40960 [ 2717.669453][T22929] kernel_stack 65536 [ 2717.669453][T22929] slab 557056 [ 2717.669453][T22929] sock 0 [ 2717.669453][T22929] shmem 0 [ 2717.669453][T22929] file_mapped 0 [ 2717.669453][T22929] file_dirty 0 [ 2717.669453][T22929] file_writeback 0 [ 2717.669453][T22929] anon_thp 4194304 [ 2717.669453][T22929] inactive_anon 0 [ 2717.669453][T22929] active_anon 4317184 [ 2717.669453][T22929] inactive_file 135168 [ 2717.669453][T22929] active_file 0 [ 2717.669453][T22929] unevictable 0 [ 2717.669453][T22929] slab_reclaimable 135168 [ 2717.669453][T22929] slab_unreclaimable 421888 [ 2717.669453][T22929] pgfault 29040 [ 2717.669453][T22929] pgmajfault 0 [ 2717.669453][T22929] workingset_refault 0 [ 2717.669453][T22929] workingset_activate 0 [ 2717.669453][T22929] workingset_nodereclaim 0 [ 2717.669453][T22929] pgrefill 100 [ 2717.669453][T22929] pgscan 100 [ 2717.669453][T22929] pgsteal 0 [ 2717.669453][T22929] pgactivate 66 [ 2717.691164][T22929] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=22928,uid=0 [ 2717.901919][T22929] Memory cgroup out of memory: Killed process 22928 (syz-executor.1) total-vm:72576kB, anon-rss:4236kB, file-rss:35836kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2717.932950][ T1065] oom_reaper: reaped process 22928 (syz-executor.1), now anon-rss:0kB, file-rss:34876kB, shmem-rss:0kB 16:21:35 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={0xffffffffffffffff, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) 16:21:35 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2718.035517][T22890] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2718.054046][T22890] CPU: 0 PID: 22890 Comm: syz-executor.1 Not tainted 5.3.0+ #0 [ 2718.061632][T22890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2718.071689][T22890] Call Trace: [ 2718.074995][T22890] dump_stack+0x172/0x1f0 [ 2718.079332][T22890] dump_header+0x10b/0x82d [ 2718.083757][T22890] ? oom_kill_process+0x94/0x3f0 [ 2718.088703][T22890] oom_kill_process.cold+0x10/0x15 [ 2718.093827][T22890] out_of_memory+0x334/0x1340 [ 2718.098602][T22890] ? lock_downgrade+0x920/0x920 [ 2718.103469][T22890] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2718.109294][T22890] ? oom_killer_disable+0x280/0x280 [ 2718.114509][T22890] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2718.120052][T22890] ? memcg_stat_show+0xc40/0xc40 [ 2718.125453][T22890] ? do_raw_spin_unlock+0x57/0x270 [ 2718.130581][T22890] ? _raw_spin_unlock+0x2d/0x50 [ 2718.135869][T22890] try_charge+0xf4b/0x1440 [ 2718.140293][T22890] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2718.145836][T22890] ? percpu_ref_tryget_live+0x111/0x290 [ 2718.151390][T22890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2718.157629][T22890] ? __kasan_check_read+0x11/0x20 [ 2718.162660][T22890] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2718.168209][T22890] mem_cgroup_try_charge+0x136/0x590 [ 2718.173510][T22890] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2718.179149][T22890] wp_page_copy+0x407/0x1860 [ 2718.183744][T22890] ? find_held_lock+0x35/0x130 [ 2718.188605][T22890] ? do_wp_page+0x53b/0x15c0 [ 2718.193211][T22890] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2718.199027][T22890] ? lock_downgrade+0x920/0x920 [ 2718.203902][T22890] ? swp_swapcount+0x540/0x540 [ 2718.208699][T22890] ? __kasan_check_read+0x11/0x20 [ 2718.213752][T22890] ? do_raw_spin_unlock+0x57/0x270 [ 2718.218962][T22890] do_wp_page+0x543/0x15c0 [ 2718.223395][T22890] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2718.228784][T22890] __handle_mm_fault+0x23ec/0x4040 [ 2718.233911][T22890] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2718.239459][T22890] ? handle_mm_fault+0x292/0xaa0 [ 2718.244412][T22890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2718.250663][T22890] ? __kasan_check_read+0x11/0x20 [ 2718.255698][T22890] handle_mm_fault+0x3b7/0xaa0 [ 2718.260465][T22890] __do_page_fault+0x536/0xdd0 [ 2718.265239][T22890] do_page_fault+0x38/0x590 [ 2718.269748][T22890] page_fault+0x39/0x40 [ 2718.273898][T22890] RIP: 0033:0x403522 [ 2718.277791][T22890] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2718.297397][T22890] RSP: 002b:00007ffcd234acc0 EFLAGS: 00010246 [ 2718.303466][T22890] RAX: 0000000000000000 RBX: 0000000000297696 RCX: 0000000000413660 [ 2718.311441][T22890] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffcd234bdf0 [ 2718.319606][T22890] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001457940 [ 2718.327591][T22890] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcd234bdf0 [ 2718.335569][T22890] R13: 00007ffcd234bde0 R14: 0000000000000000 R15: 00007ffcd234bdf0 [ 2718.349762][T22890] memory: usage 760kB, limit 0kB, failcnt 864 [ 2718.356298][T22890] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2718.364299][T22890] Memory cgroup stats for /syz1: [ 2718.364402][T22890] anon 57344 [ 2718.364402][T22890] file 40960 [ 2718.364402][T22890] kernel_stack 0 [ 2718.364402][T22890] slab 557056 [ 2718.364402][T22890] sock 0 [ 2718.364402][T22890] shmem 0 [ 2718.364402][T22890] file_mapped 0 [ 2718.364402][T22890] file_dirty 0 [ 2718.364402][T22890] file_writeback 0 [ 2718.364402][T22890] anon_thp 0 [ 2718.364402][T22890] inactive_anon 0 [ 2718.364402][T22890] active_anon 57344 [ 2718.364402][T22890] inactive_file 135168 [ 2718.364402][T22890] active_file 0 [ 2718.364402][T22890] unevictable 0 [ 2718.364402][T22890] slab_reclaimable 135168 [ 2718.364402][T22890] slab_unreclaimable 421888 [ 2718.364402][T22890] pgfault 29040 [ 2718.364402][T22890] pgmajfault 0 [ 2718.364402][T22890] workingset_refault 0 [ 2718.364402][T22890] workingset_activate 0 [ 2718.364402][T22890] workingset_nodereclaim 0 [ 2718.364402][T22890] pgrefill 100 [ 2718.364402][T22890] pgscan 100 [ 2718.364402][T22890] pgsteal 0 [ 2718.364402][T22890] pgactivate 66 [ 2718.461507][T22890] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=22890,uid=0 [ 2718.478436][T22890] Memory cgroup out of memory: Killed process 22890 (syz-executor.1) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2718.497190][ T1065] oom_reaper: reaped process 22890 (syz-executor.1), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2718.555588][T22900] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2718.919695][T22912] bridge0: port 1(bridge_slave_0) entered blocking state [ 2718.930775][T22912] bridge0: port 1(bridge_slave_0) entered disabled state [ 2718.939602][T22912] device bridge_slave_0 entered promiscuous mode 16:21:36 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, 0xffffffffffffffff, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2719.050292][T22912] bridge0: port 2(bridge_slave_1) entered blocking state [ 2719.057467][T22912] bridge0: port 2(bridge_slave_1) entered disabled state [ 2719.069256][T22912] device bridge_slave_1 entered promiscuous mode 16:21:36 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, 0xffffffffffffffff, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2719.161288][T22909] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2719.252060][T22912] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2719.344979][T22908] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2719.381181][T22909] 8021q: adding VLAN 0 to HW filter on device team0 [ 2719.441596][T22912] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2719.460648][T22936] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2719.477014][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2719.485296][T22936] CPU: 1 PID: 22936 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2719.492862][T22936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2719.503007][T22936] Call Trace: [ 2719.506308][T22936] dump_stack+0x172/0x1f0 [ 2719.510665][T22936] dump_header+0x10b/0x82d [ 2719.515092][T22936] oom_kill_process.cold+0x10/0x15 [ 2719.520211][T22936] out_of_memory+0x334/0x1340 [ 2719.524897][T22936] ? retint_kernel+0x2b/0x2b [ 2719.529493][T22936] ? oom_killer_disable+0x280/0x280 [ 2719.534712][T22936] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 2719.540444][T22936] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2719.545996][T22936] ? memcg_stat_show+0xc40/0xc40 [ 2719.550955][T22936] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2719.556765][T22936] ? cgroup_file_notify+0x140/0x1b0 [ 2719.561972][T22936] memory_max_write+0x262/0x3a0 [ 2719.566830][T22936] ? mem_cgroup_write+0x370/0x370 [ 2719.571857][T22936] ? mem_cgroup_write+0x370/0x370 [ 2719.576902][T22936] cgroup_file_write+0x241/0x790 [ 2719.581851][T22936] ? mem_cgroup_write+0x370/0x370 [ 2719.586888][T22936] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2719.592537][T22936] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2719.598177][T22936] kernfs_fop_write+0x2b8/0x480 [ 2719.603034][T22936] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2719.609380][T22936] __vfs_write+0x8a/0x110 [ 2719.613725][T22936] ? kernfs_fop_open+0xd80/0xd80 [ 2719.618671][T22936] vfs_write+0x268/0x5d0 [ 2719.622930][T22936] ksys_write+0x14f/0x290 [ 2719.627273][T22936] ? __ia32_sys_read+0xb0/0xb0 [ 2719.632045][T22936] ? do_syscall_64+0x26/0x760 [ 2719.636725][T22936] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2719.642796][T22936] ? do_syscall_64+0x26/0x760 [ 2719.647490][T22936] __x64_sys_write+0x73/0xb0 [ 2719.652210][T22936] do_syscall_64+0xfa/0x760 [ 2719.656707][T22936] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2719.662580][T22936] RIP: 0033:0x459a59 [ 2719.666499][T22936] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2719.686321][T22936] RSP: 002b:00007fe8be847c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2719.694802][T22936] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2719.702805][T22936] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2719.710757][T22936] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2719.718714][T22936] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe8be8486d4 [ 2719.726677][T22936] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2719.749502][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2719.774972][T22936] memory: usage 5220kB, limit 0kB, failcnt 957 [ 2719.783190][T22936] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2719.790183][T22936] Memory cgroup stats for /syz2: [ 2719.791538][T22936] anon 4280320 [ 2719.791538][T22936] file 86016 [ 2719.791538][T22936] kernel_stack 65536 [ 2719.791538][T22936] slab 671744 [ 2719.791538][T22936] sock 0 [ 2719.791538][T22936] shmem 0 [ 2719.791538][T22936] file_mapped 0 [ 2719.791538][T22936] file_dirty 0 [ 2719.791538][T22936] file_writeback 0 [ 2719.791538][T22936] anon_thp 4194304 [ 2719.791538][T22936] inactive_anon 0 [ 2719.791538][T22936] active_anon 4280320 [ 2719.791538][T22936] inactive_file 0 [ 2719.791538][T22936] active_file 0 [ 2719.791538][T22936] unevictable 0 [ 2719.791538][T22936] slab_reclaimable 135168 [ 2719.791538][T22936] slab_unreclaimable 536576 [ 2719.791538][T22936] pgfault 35244 [ 2719.791538][T22936] pgmajfault 0 [ 2719.791538][T22936] workingset_refault 0 [ 2719.791538][T22936] workingset_activate 0 [ 2719.791538][T22936] workingset_nodereclaim 0 [ 2719.791538][T22936] pgrefill 166 [ 2719.791538][T22936] pgscan 167 [ 2719.791538][T22936] pgsteal 0 [ 2719.791538][T22936] pgactivate 99 [ 2719.889881][T22936] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=22935,uid=0 [ 2719.932030][T22936] Memory cgroup out of memory: Killed process 22935 (syz-executor.2) total-vm:72708kB, anon-rss:4240kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2719.980053][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2719.989659][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2720.006082][ T1065] oom_reaper: reaped process 22935 (syz-executor.2), now anon-rss:0kB, file-rss:34876kB, shmem-rss:0kB [ 2720.007635][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2720.026921][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2720.064900][T20744] bridge0: port 1(bridge_slave_0) entered blocking state [ 2720.072066][T20744] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2720.152336][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2720.191716][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2720.200357][T20744] bridge0: port 2(bridge_slave_1) entered blocking state [ 2720.207436][T20744] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2720.243941][T22908] 8021q: adding VLAN 0 to HW filter on device team0 [ 2720.269811][T22939] IPVS: ftp: loaded support on port[0] = 21 [ 2720.278008][T22912] team0: Port device team_slave_0 added 16:21:38 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2720.294789][T22900] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2720.305917][T22900] CPU: 0 PID: 22900 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2720.313468][T22900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2720.323520][T22900] Call Trace: [ 2720.326818][T22900] dump_stack+0x172/0x1f0 [ 2720.331154][T22900] dump_header+0x10b/0x82d [ 2720.335564][T22900] ? oom_kill_process+0x94/0x3f0 [ 2720.340506][T22900] oom_kill_process.cold+0x10/0x15 [ 2720.345626][T22900] out_of_memory+0x334/0x1340 [ 2720.350299][T22900] ? lock_downgrade+0x920/0x920 [ 2720.355173][T22900] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2720.361006][T22900] ? oom_killer_disable+0x280/0x280 [ 2720.366211][T22900] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2720.371760][T22900] ? memcg_stat_show+0xc40/0xc40 [ 2720.376704][T22900] ? do_raw_spin_unlock+0x57/0x270 [ 2720.381950][T22900] ? _raw_spin_unlock+0x2d/0x50 [ 2720.386810][T22900] try_charge+0xf4b/0x1440 [ 2720.391242][T22900] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2720.396792][T22900] ? percpu_ref_tryget_live+0x111/0x290 [ 2720.402358][T22900] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2720.408603][T22900] ? __kasan_check_read+0x11/0x20 [ 2720.413638][T22900] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2720.419186][T22900] mem_cgroup_try_charge+0x136/0x590 [ 2720.424479][T22900] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2720.430111][T22900] __handle_mm_fault+0x1f0d/0x4040 [ 2720.435231][T22900] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2720.440778][T22900] ? handle_mm_fault+0x292/0xaa0 [ 2720.445751][T22900] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2720.451993][T22900] ? __kasan_check_read+0x11/0x20 [ 2720.457023][T22900] handle_mm_fault+0x3b7/0xaa0 [ 2720.461879][T22900] __do_page_fault+0x536/0xdd0 [ 2720.466648][T22900] do_page_fault+0x38/0x590 [ 2720.471162][T22900] page_fault+0x39/0x40 [ 2720.475318][T22900] RIP: 0033:0x403522 [ 2720.479218][T22900] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2720.498837][T22900] RSP: 002b:00007ffcd9304ff0 EFLAGS: 00010246 [ 2720.506642][T22900] RAX: 0000000000000000 RBX: 0000000000297e9b RCX: 0000000000413660 [ 2720.514612][T22900] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffcd9306120 [ 2720.523358][T22900] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000022a8940 [ 2720.531331][T22900] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcd9306120 [ 2720.539304][T22900] R13: 00007ffcd9306110 R14: 0000000000000000 R15: 00007ffcd9306120 [ 2720.552477][T22900] memory: usage 796kB, limit 0kB, failcnt 965 [ 2720.558589][T22900] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2720.565940][T22900] Memory cgroup stats for /syz2: [ 2720.566044][T22900] anon 61440 [ 2720.566044][T22900] file 86016 [ 2720.566044][T22900] kernel_stack 65536 [ 2720.566044][T22900] slab 671744 [ 2720.566044][T22900] sock 0 [ 2720.566044][T22900] shmem 0 [ 2720.566044][T22900] file_mapped 0 [ 2720.566044][T22900] file_dirty 0 [ 2720.566044][T22900] file_writeback 0 [ 2720.566044][T22900] anon_thp 0 [ 2720.566044][T22900] inactive_anon 0 [ 2720.566044][T22900] active_anon 61440 [ 2720.566044][T22900] inactive_file 0 [ 2720.566044][T22900] active_file 0 [ 2720.566044][T22900] unevictable 0 [ 2720.566044][T22900] slab_reclaimable 135168 [ 2720.566044][T22900] slab_unreclaimable 536576 [ 2720.566044][T22900] pgfault 35244 [ 2720.566044][T22900] pgmajfault 0 [ 2720.566044][T22900] workingset_refault 0 [ 2720.566044][T22900] workingset_activate 0 [ 2720.566044][T22900] workingset_nodereclaim 0 [ 2720.566044][T22900] pgrefill 166 [ 2720.566044][T22900] pgscan 167 [ 2720.566044][T22900] pgsteal 0 [ 2720.566044][T22900] pgactivate 99 [ 2720.661233][T22900] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=22900,uid=0 [ 2720.661341][T22900] Memory cgroup out of memory: Killed process 22900 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2720.662088][ T1065] oom_reaper: reaped process 22900 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2720.783695][T21816] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2720.792704][T21816] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2720.820268][T22912] team0: Port device team_slave_1 added [ 2721.107335][T22941] IPVS: ftp: loaded support on port[0] = 21 [ 2721.209682][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2721.219512][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2721.228237][T11398] bridge0: port 1(bridge_slave_0) entered blocking state [ 2721.235370][T11398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2721.245863][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 16:21:39 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2721.323327][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2721.334979][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2721.355371][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2721.381458][T11398] bridge0: port 2(bridge_slave_1) entered blocking state [ 2721.388701][T11398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2721.411529][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready 16:21:39 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2721.424380][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2721.434351][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2721.531363][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2721.549768][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2721.571353][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2721.591798][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2721.655169][T22912] device hsr_slave_0 entered promiscuous mode [ 2721.761866][T22912] device hsr_slave_1 entered promiscuous mode [ 2721.810572][T22912] debugfs: Directory 'hsr0' with parent '/' already present! [ 2721.865519][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2721.882642][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2721.919317][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2721.929536][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2721.940897][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2721.950904][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2721.960993][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2722.077025][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2722.088270][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2722.098046][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2722.107756][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2722.117942][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2722.127636][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2722.208723][T22909] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2722.557107][T22909] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2722.701289][T22908] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2722.849340][T22939] chnl_net:caif_netlink_parms(): no params data found [ 2722.936220][T22941] chnl_net:caif_netlink_parms(): no params data found [ 2723.098677][T22956] IPVS: ftp: loaded support on port[0] = 21 16:21:41 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x0, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2723.306384][T22912] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2723.383137][T22941] bridge0: port 1(bridge_slave_0) entered blocking state [ 2723.394203][T22941] bridge0: port 1(bridge_slave_0) entered disabled state [ 2723.417018][T22941] device bridge_slave_0 entered promiscuous mode [ 2723.493862][T22960] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2723.545107][T22941] bridge0: port 2(bridge_slave_1) entered blocking state [ 2723.553509][T22941] bridge0: port 2(bridge_slave_1) entered disabled state [ 2723.564162][T22960] CPU: 1 PID: 22960 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 2723.571763][T22960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2723.581857][T22960] Call Trace: [ 2723.585206][T22960] dump_stack+0x172/0x1f0 [ 2723.589581][T22960] dump_header+0x10b/0x82d [ 2723.594036][T22960] oom_kill_process.cold+0x10/0x15 [ 2723.599181][T22960] out_of_memory+0x334/0x1340 [ 2723.603918][T22960] ? trace_hardirqs_on_caller+0x6a/0x240 [ 2723.609587][T22960] ? cgroup_file_notify+0x140/0x1b0 [ 2723.614821][T22960] ? oom_killer_disable+0x280/0x280 [ 2723.620284][T22960] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2723.626141][T22960] ? memcg_stat_show+0xc40/0xc40 [ 2723.631125][T22960] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2723.636988][T22960] ? cgroup_file_notify+0x140/0x1b0 [ 2723.642228][T22960] memory_max_write+0x262/0x3a0 [ 2723.647110][T22960] ? mem_cgroup_write+0x370/0x370 [ 2723.652171][T22960] ? cgroup_file_write+0x86/0x790 [ 2723.657250][T22960] cgroup_file_write+0x241/0x790 [ 2723.662278][T22960] ? mem_cgroup_write+0x370/0x370 [ 2723.667339][T22960] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2723.673022][T22960] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2723.678684][T22960] kernfs_fop_write+0x2b8/0x480 [ 2723.683560][T22960] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2723.690070][T22960] __vfs_write+0x8a/0x110 [ 2723.694431][T22960] ? kernfs_fop_open+0xd80/0xd80 [ 2723.699404][T22960] vfs_write+0x268/0x5d0 [ 2723.703671][T22960] ksys_write+0x14f/0x290 [ 2723.708021][T22960] ? __ia32_sys_read+0xb0/0xb0 [ 2723.712810][T22960] __x64_sys_write+0x73/0xb0 [ 2723.717417][T22960] ? do_syscall_64+0x5b/0x760 [ 2723.722208][T22960] do_syscall_64+0xfa/0x760 [ 2723.726750][T22960] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2723.732663][T22960] RIP: 0033:0x459a59 [ 2723.736569][T22960] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2723.756212][T22960] RSP: 002b:00007f8d12198c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2723.764656][T22960] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2723.772601][T22941] device bridge_slave_1 entered promiscuous mode [ 2723.772665][T22960] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000d [ 2723.786956][T22960] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2723.786966][T22960] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d121996d4 [ 2723.786975][T22960] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2723.863199][T22960] memory: usage 5268kB, limit 0kB, failcnt 1087 [ 2723.869725][T22960] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2723.877663][T22960] Memory cgroup stats for /syz4: [ 2723.878408][T22960] anon 4300800 [ 2723.878408][T22960] file 0 [ 2723.878408][T22960] kernel_stack 0 [ 2723.878408][T22960] slab 811008 [ 2723.878408][T22960] sock 0 [ 2723.878408][T22960] shmem 0 [ 2723.878408][T22960] file_mapped 0 [ 2723.878408][T22960] file_dirty 135168 [ 2723.878408][T22960] file_writeback 0 [ 2723.878408][T22960] anon_thp 4194304 [ 2723.878408][T22960] inactive_anon 0 [ 2723.878408][T22960] active_anon 4300800 [ 2723.878408][T22960] inactive_file 0 [ 2723.878408][T22960] active_file 0 [ 2723.878408][T22960] unevictable 0 [ 2723.878408][T22960] slab_reclaimable 270336 [ 2723.878408][T22960] slab_unreclaimable 540672 [ 2723.878408][T22960] pgfault 20295 [ 2723.878408][T22960] pgmajfault 0 [ 2723.878408][T22960] workingset_refault 0 [ 2723.878408][T22960] workingset_activate 0 [ 2723.878408][T22960] workingset_nodereclaim 0 [ 2723.878408][T22960] pgrefill 132 [ 2723.878408][T22960] pgscan 216 [ 2723.878408][T22960] pgsteal 105 [ 2723.878408][T22960] pgactivate 99 [ 2723.888063][T22960] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=22959,uid=0 [ 2723.993063][T22960] Memory cgroup out of memory: Killed process 22959 (syz-executor.4) total-vm:72576kB, anon-rss:4232kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2724.016616][T22962] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2724.028797][ T1065] oom_reaper: reaped process 22959 (syz-executor.4), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 2724.050795][T22962] CPU: 0 PID: 22962 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2724.058482][T22962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2724.068667][T22962] Call Trace: [ 2724.068696][T22962] dump_stack+0x172/0x1f0 [ 2724.068723][T22962] dump_header+0x10b/0x82d [ 2724.068745][T22962] oom_kill_process.cold+0x10/0x15 [ 2724.068767][T22962] out_of_memory+0x334/0x1340 [ 2724.068792][T22962] ? retint_kernel+0x2b/0x2b [ 2724.068813][T22962] ? oom_killer_disable+0x280/0x280 [ 2724.068854][T22962] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2724.068871][T22962] ? memcg_stat_show+0xc40/0xc40 [ 2724.068901][T22962] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2724.068922][T22962] ? cgroup_file_notify+0x140/0x1b0 [ 2724.068945][T22962] memory_max_write+0x262/0x3a0 [ 2724.068971][T22962] ? mem_cgroup_write+0x370/0x370 [ 2724.068990][T22962] ? mem_cgroup_write+0x370/0x370 [ 2724.069020][T22962] cgroup_file_write+0x241/0x790 [ 2724.069044][T22962] ? mem_cgroup_write+0x370/0x370 [ 2724.069064][T22962] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2724.069103][T22962] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2724.069124][T22962] kernfs_fop_write+0x2b8/0x480 [ 2724.069143][T22962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2724.069170][T22962] __vfs_write+0x8a/0x110 [ 2724.069186][T22962] ? kernfs_fop_open+0xd80/0xd80 [ 2724.069209][T22962] vfs_write+0x268/0x5d0 [ 2724.069238][T22962] ksys_write+0x14f/0x290 [ 2724.069260][T22962] ? __ia32_sys_read+0xb0/0xb0 [ 2724.069297][T22962] __x64_sys_write+0x73/0xb0 [ 2724.069323][T22962] do_syscall_64+0xfa/0x760 [ 2724.069350][T22962] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2724.069365][T22962] RIP: 0033:0x459a59 [ 2724.069384][T22962] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2724.069395][T22962] RSP: 002b:00007fa902860c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2724.069412][T22962] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2724.069422][T22962] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2724.069433][T22962] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 16:21:42 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2724.069443][T22962] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa9028616d4 [ 2724.069454][T22962] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2724.103534][T22962] memory: usage 5180kB, limit 0kB, failcnt 827 [ 2724.180622][T22962] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2724.180628][T22962] Memory cgroup stats for /syz3: [ 2724.180765][T22962] anon 4354048 [ 2724.180765][T22962] file 16384 [ 2724.180765][T22962] kernel_stack 0 [ 2724.180765][T22962] slab 815104 [ 2724.180765][T22962] sock 0 [ 2724.180765][T22962] shmem 0 [ 2724.180765][T22962] file_mapped 0 [ 2724.180765][T22962] file_dirty 0 [ 2724.180765][T22962] file_writeback 0 [ 2724.180765][T22962] anon_thp 4194304 [ 2724.180765][T22962] inactive_anon 0 [ 2724.180765][T22962] active_anon 4354048 [ 2724.180765][T22962] inactive_file 0 [ 2724.180765][T22962] active_file 0 [ 2724.180765][T22962] unevictable 0 [ 2724.180765][T22962] slab_reclaimable 135168 [ 2724.180765][T22962] slab_unreclaimable 679936 [ 2724.180765][T22962] pgfault 31119 [ 2724.180765][T22962] pgmajfault 0 [ 2724.180765][T22962] workingset_refault 0 [ 2724.180765][T22962] workingset_activate 0 [ 2724.180765][T22962] workingset_nodereclaim 0 [ 2724.180765][T22962] pgrefill 100 [ 2724.180765][T22962] pgscan 99 [ 2724.180765][T22962] pgsteal 0 [ 2724.180765][T22962] pgactivate 66 [ 2724.200521][T22962] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=22961,uid=0 [ 2724.209431][T22962] Memory cgroup out of memory: Killed process 22962 (syz-executor.3) total-vm:72704kB, anon-rss:4244kB, file-rss:35828kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2724.263855][ T1065] oom_reaper: reaped process 22962 (syz-executor.3), now anon-rss:0kB, file-rss:34868kB, shmem-rss:0kB [ 2724.278268][T22908] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2724.300548][T22908] CPU: 0 PID: 22908 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 2724.390106][T22908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2724.390115][T22908] Call Trace: 16:21:42 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x0, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2724.390168][T22908] dump_stack+0x172/0x1f0 [ 2724.390188][T22908] dump_header+0x10b/0x82d [ 2724.390198][T22908] ? oom_kill_process+0x94/0x3f0 [ 2724.390212][T22908] oom_kill_process.cold+0x10/0x15 [ 2724.390227][T22908] out_of_memory+0x334/0x1340 [ 2724.390241][T22908] ? lock_downgrade+0x920/0x920 [ 2724.390258][T22908] ? oom_killer_disable+0x280/0x280 [ 2724.390281][T22908] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2724.390296][T22908] ? memcg_stat_show+0xc40/0xc40 [ 2724.390314][T22908] ? do_raw_spin_unlock+0x57/0x270 [ 2724.390333][T22908] ? _raw_spin_unlock+0x2d/0x50 [ 2724.390352][T22908] try_charge+0xf4b/0x1440 [ 2724.390373][T22908] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2724.390387][T22908] ? percpu_ref_tryget_live+0x111/0x290 [ 2724.390405][T22908] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2724.390419][T22908] ? __kasan_check_read+0x11/0x20 [ 2724.390436][T22908] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2724.390454][T22908] mem_cgroup_try_charge+0x136/0x590 [ 2724.390476][T22908] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2724.390492][T22908] wp_page_copy+0x407/0x1860 [ 2724.390505][T22908] ? find_held_lock+0x35/0x130 [ 2724.390517][T22908] ? do_wp_page+0x53b/0x15c0 [ 2724.390530][T22908] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2724.390544][T22908] ? lock_downgrade+0x920/0x920 [ 2724.390562][T22908] ? swp_swapcount+0x540/0x540 [ 2724.390577][T22908] ? __kasan_check_read+0x11/0x20 [ 2724.390588][T22908] ? do_raw_spin_unlock+0x57/0x270 [ 2724.390603][T22908] do_wp_page+0x543/0x15c0 [ 2724.390621][T22908] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2724.390648][T22908] __handle_mm_fault+0x23ec/0x4040 [ 2724.390669][T22908] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2724.390682][T22908] ? handle_mm_fault+0x292/0xaa0 [ 2724.390708][T22908] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2724.390724][T22908] ? __kasan_check_read+0x11/0x20 [ 2724.390742][T22908] handle_mm_fault+0x3b7/0xaa0 [ 2724.390764][T22908] __do_page_fault+0x536/0xdd0 [ 2724.390787][T22908] do_page_fault+0x38/0x590 [ 2724.390806][T22908] page_fault+0x39/0x40 [ 2724.390818][T22908] RIP: 0033:0x403522 [ 2724.390834][T22908] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2724.390840][T22908] RSP: 002b:00007ffc29a90c20 EFLAGS: 00010246 [ 2724.390852][T22908] RAX: 0000000000000000 RBX: 0000000000298e53 RCX: 0000000000413660 [ 2724.390859][T22908] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffc29a91d50 [ 2724.390865][T22908] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000002041940 [ 2724.390873][T22908] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc29a91d50 [ 2724.390880][T22908] R13: 00007ffc29a91d40 R14: 0000000000000000 R15: 00007ffc29a91d50 [ 2724.520500][T22908] memory: usage 896kB, limit 0kB, failcnt 1095 [ 2724.525852][T22908] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2724.550671][T22908] Memory cgroup stats for /syz4: [ 2724.552868][T22908] anon 49152 [ 2724.552868][T22908] file 0 [ 2724.552868][T22908] kernel_stack 0 [ 2724.552868][T22908] slab 811008 [ 2724.552868][T22908] sock 0 [ 2724.552868][T22908] shmem 0 [ 2724.552868][T22908] file_mapped 0 [ 2724.552868][T22908] file_dirty 135168 [ 2724.552868][T22908] file_writeback 0 [ 2724.552868][T22908] anon_thp 0 [ 2724.552868][T22908] inactive_anon 0 [ 2724.552868][T22908] active_anon 49152 [ 2724.552868][T22908] inactive_file 0 [ 2724.552868][T22908] active_file 0 [ 2724.552868][T22908] unevictable 0 [ 2724.552868][T22908] slab_reclaimable 270336 [ 2724.552868][T22908] slab_unreclaimable 540672 [ 2724.552868][T22908] pgfault 20295 [ 2724.552868][T22908] pgmajfault 0 [ 2724.552868][T22908] workingset_refault 0 [ 2724.552868][T22908] workingset_activate 0 [ 2724.552868][T22908] workingset_nodereclaim 0 [ 2724.552868][T22908] pgrefill 132 [ 2724.552868][T22908] pgscan 216 [ 2724.552868][T22908] pgsteal 105 [ 2724.552868][T22908] pgactivate 99 [ 2724.560272][T22908] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=22908,uid=0 [ 2724.570840][T22908] Memory cgroup out of memory: Killed process 22908 (syz-executor.4) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2724.571700][ T1065] oom_reaper: reaped process 22908 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2724.580585][T22909] syz-executor.3 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 2724.610391][T22909] CPU: 0 PID: 22909 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2724.615888][T22909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2724.615905][T22909] Call Trace: [ 2724.631866][T22909] dump_stack+0x172/0x1f0 [ 2724.631886][T22909] dump_header+0x10b/0x82d [ 2724.631896][T22909] ? oom_kill_process+0x94/0x3f0 [ 2724.631910][T22909] oom_kill_process.cold+0x10/0x15 [ 2724.631924][T22909] out_of_memory+0x334/0x1340 [ 2724.631938][T22909] ? lock_downgrade+0x920/0x920 [ 2724.631956][T22909] ? oom_killer_disable+0x280/0x280 [ 2724.631987][T22909] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2724.643303][T22909] ? memcg_stat_show+0xc40/0xc40 [ 2724.643330][T22909] ? do_raw_spin_unlock+0x57/0x270 [ 2724.643353][T22909] ? _raw_spin_unlock+0x2d/0x50 [ 2724.643369][T22909] try_charge+0xf4b/0x1440 [ 2724.643392][T22909] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2724.652981][T22909] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2724.653006][T22909] ? cache_grow_begin+0x122/0xd20 [ 2724.653020][T22909] ? find_held_lock+0x35/0x130 [ 2724.653033][T22909] ? cache_grow_begin+0x122/0xd20 [ 2724.653054][T22909] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2724.653066][T22909] ? lock_downgrade+0x920/0x920 [ 2724.653084][T22909] ? memcg_kmem_put_cache+0x50/0x50 [ 2724.665631][T22909] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2724.691325][T22909] ? __kasan_check_read+0x11/0x20 [ 2724.691348][T22909] cache_grow_begin+0x629/0xd20 [ 2724.691365][T22909] ? write_comp_data+0x61/0x70 [ 2724.691379][T22909] ? mempolicy_slab_node+0x139/0x390 [ 2724.691411][T22909] fallback_alloc+0x1fd/0x2d0 [ 2724.691430][T22909] ____cache_alloc_node+0x1bc/0x1d0 [ 2724.691449][T22909] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2724.707515][T22909] kmem_cache_alloc+0x1ef/0x710 [ 2724.707534][T22909] ? lock_downgrade+0x920/0x920 [ 2724.707545][T22909] ? rwlock_bug.part.0+0x90/0x90 [ 2724.707562][T22909] ? ratelimit_state_init+0xb0/0xb0 [ 2724.707575][T22909] ext4_alloc_inode+0x1f/0x640 [ 2724.707587][T22909] ? ratelimit_state_init+0xb0/0xb0 [ 2724.707601][T22909] alloc_inode+0x68/0x1e0 [ 2724.707618][T22909] iget_locked+0x1a6/0x4b0 [ 2724.707637][T22909] __ext4_iget+0x265/0x3e20 [ 2724.707656][T22909] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2724.707677][T22909] ? ext4_get_projid+0x190/0x190 [ 2724.707694][T22909] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2724.707708][T22909] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2724.707721][T22909] ? d_alloc_parallel+0xa78/0x1c30 [ 2724.707742][T22909] ext4_lookup+0x3b1/0x7a0 [ 2724.707758][T22909] ? ext4_cross_rename+0x1430/0x1430 [ 2724.707775][T22909] ? __lock_acquire+0x16f2/0x4a00 [ 2724.707787][T22909] ? __kasan_check_read+0x11/0x20 [ 2724.707809][T22909] ? lockdep_init_map+0x1be/0x6d0 [ 2724.707833][T22909] __lookup_slow+0x279/0x500 [ 2724.707849][T22909] ? vfs_unlink+0x620/0x620 [ 2724.707895][T22909] lookup_slow+0x58/0x80 [ 2724.707911][T22909] path_mountpoint+0x5d2/0x1e60 [ 2724.707926][T22909] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2724.707941][T22909] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2724.707962][T22909] ? path_openat+0x46d0/0x46d0 [ 2724.707989][T22909] filename_mountpoint+0x18e/0x390 [ 2724.708006][T22909] ? filename_parentat.isra.0+0x410/0x410 [ 2724.708022][T22909] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2724.708046][T22909] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2724.708060][T22909] ? __phys_addr_symbol+0x30/0x70 [ 2724.708074][T22909] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2724.708090][T22909] ? __check_object_size+0x3d/0x437 [ 2724.708115][T22909] ? strncpy_from_user+0x2b4/0x400 [ 2724.708134][T22909] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2724.708147][T22909] ? getname_flags+0x277/0x5b0 [ 2724.708166][T22909] user_path_mountpoint_at+0x3a/0x50 [ 2724.708182][T22909] ksys_umount+0x164/0xf00 [ 2724.708198][T22909] ? __ia32_sys_rmdir+0x40/0x40 [ 2724.708216][T22909] ? __detach_mounts+0x2a0/0x2a0 [ 2724.708230][T22909] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2724.708246][T22909] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2724.708260][T22909] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2724.708274][T22909] ? do_syscall_64+0x26/0x760 [ 2724.708300][T22909] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2724.708314][T22909] ? do_syscall_64+0x26/0x760 [ 2724.708328][T22909] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2724.708346][T22909] __x64_sys_umount+0x54/0x80 [ 2724.708361][T22909] do_syscall_64+0xfa/0x760 [ 2724.708380][T22909] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2724.708392][T22909] RIP: 0033:0x45c487 [ 2724.708409][T22909] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2724.708416][T22909] RSP: 002b:00007fff14be3308 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 2724.708429][T22909] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c487 [ 2724.708437][T22909] RDX: 0000000000403550 RSI: 0000000000000002 RDI: 00007fff14be33b0 [ 2724.708444][T22909] RBP: 0000000000000005 R08: 0000000000000000 R09: 000000000000000e [ 2724.708453][T22909] R10: 000000000000000a R11: 0000000000000202 R12: 00007fff14be4440 [ 2724.708461][T22909] R13: 000000000279b940 R14: 0000000000000000 R15: 00007fff14be4440 [ 2724.810393][T22909] memory: usage 812kB, limit 0kB, failcnt 839 [ 2725.001549][T22909] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2725.015550][T22909] Memory cgroup stats for /syz3: [ 2725.015656][T22909] anon 94208 [ 2725.015656][T22909] file 16384 [ 2725.015656][T22909] kernel_stack 0 [ 2725.015656][T22909] slab 815104 [ 2725.015656][T22909] sock 0 [ 2725.015656][T22909] shmem 0 [ 2725.015656][T22909] file_mapped 0 [ 2725.015656][T22909] file_dirty 0 [ 2725.015656][T22909] file_writeback 0 [ 2725.015656][T22909] anon_thp 0 [ 2725.015656][T22909] inactive_anon 0 [ 2725.015656][T22909] active_anon 94208 [ 2725.015656][T22909] inactive_file 0 [ 2725.015656][T22909] active_file 0 [ 2725.015656][T22909] unevictable 0 [ 2725.015656][T22909] slab_reclaimable 135168 [ 2725.015656][T22909] slab_unreclaimable 679936 [ 2725.015656][T22909] pgfault 31119 [ 2725.015656][T22909] pgmajfault 0 [ 2725.015656][T22909] workingset_refault 0 [ 2725.015656][T22909] workingset_activate 0 [ 2725.015656][T22909] workingset_nodereclaim 0 [ 2725.015656][T22909] pgrefill 100 [ 2725.015656][T22909] pgscan 99 [ 2725.015656][T22909] pgsteal 0 [ 2725.015656][T22909] pgactivate 66 [ 2725.047261][T22909] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=22909,uid=0 [ 2725.066476][T22909] Memory cgroup out of memory: Killed process 22909 (syz-executor.3) total-vm:72440kB, anon-rss:96kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2725.121312][ T1065] oom_reaper: reaped process 22909 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2725.607029][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2725.616934][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2725.898392][T22939] bridge0: port 1(bridge_slave_0) entered blocking state [ 2725.907054][T22939] bridge0: port 1(bridge_slave_0) entered disabled state [ 2725.916452][T22939] device bridge_slave_0 entered promiscuous mode [ 2725.933713][T22912] 8021q: adding VLAN 0 to HW filter on device team0 [ 2726.215709][T22941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link 16:21:44 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2726.298547][T22939] bridge0: port 2(bridge_slave_1) entered blocking state [ 2726.315026][T22939] bridge0: port 2(bridge_slave_1) entered disabled state [ 2726.325854][T22939] device bridge_slave_1 entered promiscuous mode [ 2726.344921][T22941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2726.443734][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2726.454915][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2726.470880][ T3335] bridge0: port 1(bridge_slave_0) entered blocking state [ 2726.477966][ T3335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2726.517022][T22939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2726.555722][T22941] team0: Port device team_slave_0 added [ 2726.568074][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2726.579499][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2726.588989][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2726.599031][T11398] bridge0: port 2(bridge_slave_1) entered blocking state [ 2726.606337][T11398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2726.616095][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2726.634993][T22939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2726.648768][T22941] team0: Port device team_slave_1 added [ 2726.746309][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2726.783478][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2726.794643][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2726.905707][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2726.916458][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2726.926431][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2726.938380][T22939] team0: Port device team_slave_0 added [ 2727.014368][T22941] device hsr_slave_0 entered promiscuous mode [ 2727.071581][T22941] device hsr_slave_1 entered promiscuous mode [ 2727.110845][T22941] debugfs: Directory 'hsr0' with parent '/' already present! [ 2727.121741][T22939] team0: Port device team_slave_1 added [ 2727.130544][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2727.139416][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2727.158195][T22912] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2727.171678][T22912] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2727.316541][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2727.326349][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2727.544923][T22939] device hsr_slave_0 entered promiscuous mode [ 2727.601725][T22939] device hsr_slave_1 entered promiscuous mode [ 2727.650699][T22939] debugfs: Directory 'hsr0' with parent '/' already present! [ 2727.816527][T22956] chnl_net:caif_netlink_parms(): no params data found [ 2727.835726][T22912] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2728.081947][T22956] bridge0: port 1(bridge_slave_0) entered blocking state [ 2728.089108][T22956] bridge0: port 1(bridge_slave_0) entered disabled state [ 2728.097958][T22956] device bridge_slave_0 entered promiscuous mode [ 2728.107965][T22956] bridge0: port 2(bridge_slave_1) entered blocking state [ 2728.115187][T22956] bridge0: port 2(bridge_slave_1) entered disabled state [ 2728.132853][T22956] device bridge_slave_1 entered promiscuous mode [ 2728.306657][T22941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2728.332128][T22956] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2728.333677][T22972] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2728.353175][T22972] CPU: 1 PID: 22972 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2728.360738][T22972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2728.370788][T22972] Call Trace: [ 2728.370814][T22972] dump_stack+0x172/0x1f0 [ 2728.370835][T22972] dump_header+0x10b/0x82d [ 2728.370859][T22972] oom_kill_process.cold+0x10/0x15 [ 2728.388012][T22972] out_of_memory+0x334/0x1340 [ 2728.391149][T22956] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2728.392698][T22972] ? __sched_text_start+0x8/0x8 [ 2728.409771][T22972] ? oom_killer_disable+0x280/0x280 [ 2728.414987][T22972] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2728.420537][T22972] ? memcg_stat_show+0xc40/0xc40 [ 2728.425496][T22972] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2728.431313][T22972] ? cgroup_file_notify+0x140/0x1b0 [ 2728.436526][T22972] memory_max_write+0x262/0x3a0 [ 2728.441386][T22972] ? mem_cgroup_write+0x370/0x370 [ 2728.446413][T22972] ? lock_acquire+0x190/0x410 [ 2728.451094][T22972] ? kernfs_fop_write+0x227/0x480 [ 2728.456132][T22972] cgroup_file_write+0x241/0x790 [ 2728.461076][T22972] ? mem_cgroup_write+0x370/0x370 [ 2728.466105][T22972] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2728.471726][T22972] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2728.477340][T22972] kernfs_fop_write+0x2b8/0x480 [ 2728.482179][T22972] __vfs_write+0x8a/0x110 [ 2728.486497][T22972] ? kernfs_fop_open+0xd80/0xd80 [ 2728.491428][T22972] vfs_write+0x268/0x5d0 [ 2728.495668][T22972] ksys_write+0x14f/0x290 [ 2728.499984][T22972] ? __ia32_sys_read+0xb0/0xb0 [ 2728.504816][T22972] ? do_syscall_64+0x26/0x760 [ 2728.509579][T22972] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2728.515633][T22972] ? do_syscall_64+0x26/0x760 [ 2728.520305][T22972] __x64_sys_write+0x73/0xb0 [ 2728.524886][T22972] do_syscall_64+0xfa/0x760 [ 2728.529372][T22972] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2728.535242][T22972] RIP: 0033:0x459a59 [ 2728.539120][T22972] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2728.558794][T22972] RSP: 002b:00007f8d30e63c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2728.567187][T22972] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2728.575138][T22972] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2728.583092][T22972] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2728.591051][T22972] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d30e646d4 [ 2728.599006][T22972] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2728.621002][T22972] memory: usage 30660kB, limit 0kB, failcnt 148 [ 2728.629116][T22972] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2728.639812][T22972] Memory cgroup stats for /syz0: [ 2728.641212][T22972] anon 4333568 [ 2728.641212][T22972] file 0 [ 2728.641212][T22972] kernel_stack 65536 [ 2728.641212][T22972] slab 27152384 [ 2728.641212][T22972] sock 0 [ 2728.641212][T22972] shmem 0 [ 2728.641212][T22972] file_mapped 0 [ 2728.641212][T22972] file_dirty 0 [ 2728.641212][T22972] file_writeback 0 [ 2728.641212][T22972] anon_thp 4194304 [ 2728.641212][T22972] inactive_anon 0 [ 2728.641212][T22972] active_anon 4333568 [ 2728.641212][T22972] inactive_file 0 [ 2728.641212][T22972] active_file 0 [ 2728.641212][T22972] unevictable 0 [ 2728.641212][T22972] slab_reclaimable 26357760 [ 2728.641212][T22972] slab_unreclaimable 794624 [ 2728.641212][T22972] pgfault 44847 [ 2728.641212][T22972] pgmajfault 0 [ 2728.641212][T22972] workingset_refault 0 [ 2728.641212][T22972] workingset_activate 0 [ 2728.641212][T22972] workingset_nodereclaim 0 [ 2728.641212][T22972] pgrefill 249 [ 2728.641212][T22972] pgscan 231 [ 2728.641212][T22972] pgsteal 34 [ 2728.641212][T22972] pgactivate 198 [ 2728.738706][T22972] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=22970,uid=0 [ 2728.762049][T22972] Memory cgroup out of memory: Killed process 22970 (syz-executor.0) total-vm:72576kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2728.793006][ T1065] oom_reaper: reaped process 22970 (syz-executor.0), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 2728.902031][T22939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2728.945234][T22939] 8021q: adding VLAN 0 to HW filter on device team0 [ 2729.028137][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2729.041583][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2729.063281][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2729.081599][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2729.101114][ T3335] bridge0: port 1(bridge_slave_0) entered blocking state [ 2729.108217][ T3335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2729.131318][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2729.151463][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2729.170768][ T3335] bridge0: port 2(bridge_slave_1) entered blocking state [ 2729.177873][ T3335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2729.201260][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2729.221835][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2729.262099][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2729.291824][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2729.323439][T22956] team0: Port device team_slave_0 added [ 2729.348465][T22941] 8021q: adding VLAN 0 to HW filter on device team0 16:21:47 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) 16:21:47 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x0, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2729.406069][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2729.421947][T22912] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2729.433282][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2729.442546][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2729.450958][T22912] CPU: 1 PID: 22912 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2729.458512][T22912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2729.468565][T22912] Call Trace: [ 2729.471874][T22912] dump_stack+0x172/0x1f0 [ 2729.476213][T22912] dump_header+0x10b/0x82d [ 2729.480624][T22912] ? oom_kill_process+0x94/0x3f0 [ 2729.485563][T22912] oom_kill_process.cold+0x10/0x15 [ 2729.490680][T22912] out_of_memory+0x334/0x1340 [ 2729.495366][T22912] ? lock_downgrade+0x920/0x920 [ 2729.500221][T22912] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2729.506031][T22912] ? oom_killer_disable+0x280/0x280 [ 2729.511244][T22912] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2729.516798][T22912] ? memcg_stat_show+0xc40/0xc40 [ 2729.521747][T22912] ? do_raw_spin_unlock+0x57/0x270 [ 2729.526872][T22912] ? _raw_spin_unlock+0x2d/0x50 [ 2729.531728][T22912] try_charge+0xf4b/0x1440 [ 2729.536160][T22912] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2729.541710][T22912] ? percpu_ref_tryget_live+0x111/0x290 [ 2729.547264][T22912] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2729.553514][T22912] ? __kasan_check_read+0x11/0x20 [ 2729.558552][T22912] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2729.564103][T22912] mem_cgroup_try_charge+0x136/0x590 [ 2729.569404][T22912] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2729.575146][T22912] wp_page_copy+0x407/0x1860 [ 2729.579740][T22912] ? find_held_lock+0x35/0x130 [ 2729.584506][T22912] ? do_wp_page+0x53b/0x15c0 [ 2729.589107][T22912] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2729.594922][T22912] ? lock_downgrade+0x920/0x920 [ 2729.599806][T22912] ? swp_swapcount+0x540/0x540 [ 2729.604595][T22912] ? __kasan_check_read+0x11/0x20 [ 2729.609618][T22912] ? do_raw_spin_unlock+0x57/0x270 [ 2729.614736][T22912] do_wp_page+0x543/0x15c0 [ 2729.619189][T22912] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2729.624749][T22912] __handle_mm_fault+0x23ec/0x4040 [ 2729.629904][T22912] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2729.635578][T22912] ? handle_mm_fault+0x292/0xaa0 [ 2729.641247][T22912] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2729.647643][T22912] ? __kasan_check_read+0x11/0x20 [ 2729.652683][T22912] handle_mm_fault+0x3b7/0xaa0 [ 2729.657550][T22912] __do_page_fault+0x536/0xdd0 [ 2729.663280][T22912] do_page_fault+0x38/0x590 [ 2729.667793][T22912] page_fault+0x39/0x40 [ 2729.671967][T22912] RIP: 0033:0x430b36 [ 2729.675964][T22912] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2729.697211][T22912] RSP: 002b:00007ffdaccf3230 EFLAGS: 00010206 [ 2729.703438][T22912] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2729.711477][T22912] RDX: 00000000015bf930 RSI: 00000000015c7970 RDI: 0000000000000003 [ 2729.720077][T22912] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000015be940 [ 2729.728419][T22912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2729.736831][T22912] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2729.748079][T22912] memory: usage 26256kB, limit 0kB, failcnt 156 [ 2729.751144][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2729.763770][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2729.772169][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2729.779671][T22912] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2729.782460][T22956] team0: Port device team_slave_1 added [ 2729.792349][T22912] Memory cgroup stats for /syz0: [ 2729.792451][T22912] anon 49152 [ 2729.792451][T22912] file 0 [ 2729.792451][T22912] kernel_stack 0 [ 2729.792451][T22912] slab 27152384 [ 2729.792451][T22912] sock 0 [ 2729.792451][T22912] shmem 0 [ 2729.792451][T22912] file_mapped 0 [ 2729.792451][T22912] file_dirty 0 [ 2729.792451][T22912] file_writeback 0 [ 2729.792451][T22912] anon_thp 0 [ 2729.792451][T22912] inactive_anon 0 [ 2729.792451][T22912] active_anon 49152 [ 2729.792451][T22912] inactive_file 0 [ 2729.792451][T22912] active_file 0 [ 2729.792451][T22912] unevictable 0 [ 2729.792451][T22912] slab_reclaimable 26357760 [ 2729.792451][T22912] slab_unreclaimable 794624 [ 2729.792451][T22912] pgfault 44847 [ 2729.792451][T22912] pgmajfault 0 [ 2729.792451][T22912] workingset_refault 0 [ 2729.792451][T22912] workingset_activate 0 [ 2729.792451][T22912] workingset_nodereclaim 0 [ 2729.792451][T22912] pgrefill 249 [ 2729.792451][T22912] pgscan 231 [ 2729.792451][T22912] pgsteal 34 [ 2729.792451][T22912] pgactivate 198 [ 2729.801329][T22912] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=22912,uid=0 [ 2729.904753][T22912] Memory cgroup out of memory: Killed process 22912 (syz-executor.0) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2729.924030][ T1065] oom_reaper: reaped process 22912 (syz-executor.0), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2730.055775][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2730.065449][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2730.074571][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2730.083406][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2730.393599][T22939] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2730.403930][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2730.414041][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2730.423061][T16115] bridge0: port 1(bridge_slave_0) entered blocking state [ 2730.430179][T16115] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2730.584309][T22956] device hsr_slave_0 entered promiscuous mode [ 2730.701655][T22956] device hsr_slave_1 entered promiscuous mode [ 2730.760528][T22956] debugfs: Directory 'hsr0' with parent '/' already present! [ 2730.784902][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2730.801669][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2730.818193][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2730.827525][T16115] bridge0: port 2(bridge_slave_1) entered blocking state [ 2730.834658][T16115] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2730.844465][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2730.953099][T22974] IPVS: ftp: loaded support on port[0] = 21 [ 2730.961848][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2730.981447][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2730.991524][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2731.001122][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2731.012774][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2731.023759][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2731.118966][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2731.128197][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2731.137559][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2731.147125][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2731.237745][T22941] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2731.255026][T22939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2731.498996][T22941] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2731.620283][T22956] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2731.769421][T22974] chnl_net:caif_netlink_parms(): no params data found [ 2731.910611][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2731.918958][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2732.118758][T22956] 8021q: adding VLAN 0 to HW filter on device team0 [ 2732.165282][T22990] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2732.169714][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2732.198865][T22990] CPU: 1 PID: 22990 Comm: syz-executor.1 Not tainted 5.3.0+ #0 [ 2732.199678][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2732.206531][T22990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2732.206539][T22990] Call Trace: [ 2732.206573][T22990] dump_stack+0x172/0x1f0 [ 2732.206599][T22990] dump_header+0x10b/0x82d [ 2732.206622][T22990] oom_kill_process.cold+0x10/0x15 [ 2732.206644][T22990] out_of_memory+0x334/0x1340 [ 2732.206663][T22990] ? __sched_text_start+0x8/0x8 [ 2732.206679][T22990] ? oom_killer_disable+0x280/0x280 [ 2732.206706][T22990] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2732.206721][T22990] ? memcg_stat_show+0xc40/0xc40 [ 2732.206742][T22990] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2732.206758][T22990] ? cgroup_file_notify+0x140/0x1b0 [ 2732.206779][T22990] memory_max_write+0x262/0x3a0 [ 2732.206799][T22990] ? mem_cgroup_write+0x370/0x370 [ 2732.206813][T22990] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2732.206842][T22990] cgroup_file_write+0x241/0x790 [ 2732.206859][T22990] ? mem_cgroup_write+0x370/0x370 [ 2732.206876][T22990] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2732.206900][T22990] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2732.206917][T22990] kernfs_fop_write+0x2b8/0x480 [ 2732.206939][T22990] __vfs_write+0x8a/0x110 [ 2732.206954][T22990] ? kernfs_fop_open+0xd80/0xd80 [ 2732.206972][T22990] vfs_write+0x268/0x5d0 [ 2732.206991][T22990] ksys_write+0x14f/0x290 [ 2732.207008][T22990] ? __ia32_sys_read+0xb0/0xb0 [ 2732.215716][T16115] bridge0: port 1(bridge_slave_0) entered blocking state [ 2732.225062][T22990] ? do_syscall_64+0x26/0x760 [ 2732.225080][T22990] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2732.225094][T22990] ? do_syscall_64+0x26/0x760 [ 2732.225114][T22990] __x64_sys_write+0x73/0xb0 [ 2732.225131][T22990] do_syscall_64+0xfa/0x760 [ 2732.225153][T22990] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2732.228455][T16115] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2732.232738][T22990] RIP: 0033:0x459a59 [ 2732.232753][T22990] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2732.232761][T22990] RSP: 002b:00007f5c1d929c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2732.232779][T22990] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2732.238361][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2732.242271][T22990] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2732.242280][T22990] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2732.242289][T22990] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5c1d92a6d4 [ 2732.242298][T22990] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2732.330771][T22990] memory: usage 5180kB, limit 0kB, failcnt 865 [ 2732.490983][T22990] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2732.500827][T22990] Memory cgroup stats for /syz1: [ 2732.501500][T22990] anon 4325376 [ 2732.501500][T22990] file 40960 [ 2732.501500][T22990] kernel_stack 0 [ 2732.501500][T22990] slab 557056 [ 2732.501500][T22990] sock 0 [ 2732.501500][T22990] shmem 0 [ 2732.501500][T22990] file_mapped 0 [ 2732.501500][T22990] file_dirty 0 [ 2732.501500][T22990] file_writeback 0 [ 2732.501500][T22990] anon_thp 4194304 [ 2732.501500][T22990] inactive_anon 0 [ 2732.501500][T22990] active_anon 4325376 [ 2732.501500][T22990] inactive_file 135168 [ 2732.501500][T22990] active_file 0 [ 2732.501500][T22990] unevictable 0 [ 2732.501500][T22990] slab_reclaimable 135168 [ 2732.501500][T22990] slab_unreclaimable 421888 16:21:50 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) 16:21:50 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2732.501500][T22990] pgfault 29106 [ 2732.501500][T22990] pgmajfault 0 [ 2732.501500][T22990] workingset_refault 0 [ 2732.501500][T22990] workingset_activate 0 [ 2732.501500][T22990] workingset_nodereclaim 0 [ 2732.501500][T22990] pgrefill 100 [ 2732.501500][T22990] pgscan 100 [ 2732.501500][T22990] pgsteal 0 [ 2732.501500][T22990] pgactivate 66 [ 2732.603534][T22990] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=22989,uid=0 [ 2732.627771][T22990] Memory cgroup out of memory: Killed process 22989 (syz-executor.1) total-vm:72576kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2732.652588][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2732.662823][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2732.671719][T11398] bridge0: port 2(bridge_slave_1) entered blocking state [ 2732.678793][T11398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2732.690547][T22939] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2732.691496][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2732.712422][ T1065] oom_reaper: reaped process 22989 (syz-executor.1), now anon-rss:0kB, file-rss:34872kB, shmem-rss:0kB [ 2732.717372][T22939] CPU: 0 PID: 22939 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 2732.731041][T22939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2732.732205][T22974] bridge0: port 1(bridge_slave_0) entered blocking state [ 2732.741087][T22939] Call Trace: [ 2732.741109][T22939] dump_stack+0x172/0x1f0 [ 2732.741129][T22939] dump_header+0x10b/0x82d [ 2732.741141][T22939] ? oom_kill_process+0x94/0x3f0 [ 2732.741157][T22939] oom_kill_process.cold+0x10/0x15 [ 2732.741178][T22939] out_of_memory+0x334/0x1340 [ 2732.775996][T22939] ? lock_downgrade+0x920/0x920 [ 2732.781214][T22939] ? oom_killer_disable+0x280/0x280 [ 2732.786431][T22939] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2732.791990][T22939] ? memcg_stat_show+0xc40/0xc40 [ 2732.796940][T22939] ? do_raw_spin_unlock+0x57/0x270 [ 2732.802065][T22939] ? _raw_spin_unlock+0x2d/0x50 [ 2732.803720][T22974] bridge0: port 1(bridge_slave_0) entered disabled state [ 2732.806919][T22939] try_charge+0xf4b/0x1440 [ 2732.818466][T22939] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2732.824012][T22939] ? percpu_ref_tryget_live+0x111/0x290 [ 2732.829700][T22939] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2732.835947][T22939] ? __kasan_check_read+0x11/0x20 [ 2732.840980][T22939] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2732.846530][T22939] mem_cgroup_try_charge+0x136/0x590 [ 2732.851835][T22939] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2732.857484][T22939] wp_page_copy+0x407/0x1860 [ 2732.862108][T22939] ? find_held_lock+0x35/0x130 [ 2732.866898][T22939] ? do_wp_page+0x53b/0x15c0 [ 2732.871497][T22939] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2732.871799][T22974] device bridge_slave_0 entered promiscuous mode [ 2732.877670][T22939] ? lock_downgrade+0x920/0x920 [ 2732.888825][T22939] ? swp_swapcount+0x540/0x540 [ 2732.893591][T22939] ? __kasan_check_read+0x11/0x20 [ 2732.898616][T22939] ? do_raw_spin_unlock+0x57/0x270 [ 2732.903733][T22939] do_wp_page+0x543/0x15c0 [ 2732.908158][T22939] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2732.913549][T22939] __handle_mm_fault+0x23ec/0x4040 [ 2732.918698][T22939] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2732.924377][T22939] ? handle_mm_fault+0x292/0xaa0 [ 2732.929780][T22939] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2732.936229][T22939] ? __kasan_check_read+0x11/0x20 [ 2732.941270][T22939] handle_mm_fault+0x3b7/0xaa0 [ 2732.946047][T22939] __do_page_fault+0x536/0xdd0 [ 2732.946071][T22939] do_page_fault+0x38/0x590 [ 2732.955699][T22939] page_fault+0x39/0x40 [ 2732.961514][T22939] RIP: 0033:0x430b36 [ 2732.965937][T22939] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2732.989059][T22939] RSP: 002b:00007ffc35efe8a0 EFLAGS: 00010206 [ 2732.991005][T22974] bridge0: port 2(bridge_slave_1) entered blocking state [ 2732.995959][T22939] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2732.995972][T22939] RDX: 0000000000df4930 RSI: 0000000000dfc970 RDI: 0000000000000003 [ 2733.022617][T22939] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000000df3940 [ 2733.032281][T22939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2733.040987][T22939] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2733.060404][T22974] bridge0: port 2(bridge_slave_1) entered disabled state [ 2733.084691][T22974] device bridge_slave_1 entered promiscuous mode 16:21:50 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, 0xffffffffffffffff, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:21:50 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) [ 2733.151917][T22939] memory: usage 812kB, limit 0kB, failcnt 1065 [ 2733.158267][T22939] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2733.194141][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2733.201855][T22939] Memory cgroup stats for /syz5: [ 2733.201957][T22939] anon 163840 [ 2733.201957][T22939] file 90112 [ 2733.201957][T22939] kernel_stack 0 [ 2733.201957][T22939] slab 827392 [ 2733.201957][T22939] sock 0 [ 2733.201957][T22939] shmem 0 [ 2733.201957][T22939] file_mapped 0 [ 2733.201957][T22939] file_dirty 0 [ 2733.201957][T22939] file_writeback 0 [ 2733.201957][T22939] anon_thp 0 [ 2733.201957][T22939] inactive_anon 0 [ 2733.201957][T22939] active_anon 90112 [ 2733.201957][T22939] inactive_file 135168 [ 2733.201957][T22939] active_file 0 [ 2733.201957][T22939] unevictable 0 [ 2733.201957][T22939] slab_reclaimable 270336 [ 2733.201957][T22939] slab_unreclaimable 557056 [ 2733.201957][T22939] pgfault 19602 [ 2733.201957][T22939] pgmajfault 0 [ 2733.201957][T22939] workingset_refault 0 [ 2733.201957][T22939] workingset_activate 0 [ 2733.201957][T22939] workingset_nodereclaim 0 [ 2733.201957][T22939] pgrefill 166 [ 2733.201957][T22939] pgscan 165 [ 2733.201957][T22939] pgsteal 35 [ 2733.201957][T22939] pgactivate 132 [ 2733.361390][T22974] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2733.442264][T22939] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=22939,uid=0 [ 2733.467446][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2733.477363][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2733.485988][T22939] Memory cgroup out of memory: Killed process 22939 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2733.506303][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2733.516317][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2733.527872][T22974] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2733.537401][T22941] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2733.548505][T22941] CPU: 1 PID: 22941 Comm: syz-executor.1 Not tainted 5.3.0+ #0 [ 2733.556085][T22941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2733.566318][T22941] Call Trace: [ 2733.569626][T22941] dump_stack+0x172/0x1f0 [ 2733.574497][T22941] dump_header+0x10b/0x82d [ 2733.579008][T22941] ? oom_kill_process+0x94/0x3f0 [ 2733.583957][T22941] oom_kill_process.cold+0x10/0x15 [ 2733.589077][T22941] out_of_memory+0x334/0x1340 [ 2733.593892][T22941] ? lock_downgrade+0x920/0x920 [ 2733.598839][T22941] ? oom_killer_disable+0x280/0x280 [ 2733.604136][T22941] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2733.609686][T22941] ? memcg_stat_show+0xc40/0xc40 [ 2733.614629][T22941] ? do_raw_spin_unlock+0x57/0x270 [ 2733.619740][T22941] ? _raw_spin_unlock+0x2d/0x50 [ 2733.624608][T22941] try_charge+0xf4b/0x1440 [ 2733.629034][T22941] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2733.634578][T22941] ? percpu_ref_tryget_live+0x111/0x290 [ 2733.640133][T22941] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2733.646382][T22941] ? __kasan_check_read+0x11/0x20 [ 2733.651450][T22941] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2733.652569][T22956] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2733.657004][T22941] mem_cgroup_try_charge+0x136/0x590 [ 2733.667356][T22956] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2733.672579][T22941] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2733.672598][T22941] wp_page_copy+0x407/0x1860 [ 2733.693123][T22941] ? find_held_lock+0x35/0x130 [ 2733.697895][T22941] ? do_wp_page+0x53b/0x15c0 [ 2733.702497][T22941] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2733.708313][T22941] ? lock_downgrade+0x920/0x920 [ 2733.709382][T22956] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2733.713168][T22941] ? swp_swapcount+0x540/0x540 [ 2733.713184][T22941] ? __kasan_check_read+0x11/0x20 [ 2733.713197][T22941] ? do_raw_spin_unlock+0x57/0x270 [ 2733.713215][T22941] do_wp_page+0x543/0x15c0 [ 2733.724721][T22941] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2733.724749][T22941] __handle_mm_fault+0x23ec/0x4040 [ 2733.749745][T22941] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2733.755311][T22941] ? handle_mm_fault+0x292/0xaa0 [ 2733.760286][T22941] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2733.766540][T22941] ? __kasan_check_read+0x11/0x20 [ 2733.771574][T22941] handle_mm_fault+0x3b7/0xaa0 [ 2733.776862][T22941] __do_page_fault+0x536/0xdd0 [ 2733.784256][T22941] do_page_fault+0x38/0x590 [ 2733.788900][T22941] page_fault+0x39/0x40 [ 2733.793064][T22941] RIP: 0033:0x430b36 [ 2733.796948][T22941] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2733.816547][T22941] RSP: 002b:00007ffcc7f4e400 EFLAGS: 00010206 [ 2733.822617][T22941] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2733.830569][T22941] RDX: 000000000168b930 RSI: 0000000001693970 RDI: 0000000000000003 [ 2733.838616][T22941] RBP: 0000000000008041 R08: 0000000000000001 R09: 000000000168a940 [ 2733.846565][T22941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2733.854518][T22941] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2733.870678][T22941] memory: usage 796kB, limit 0kB, failcnt 873 [ 2733.876796][T22941] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2733.883817][T22941] Memory cgroup stats for /syz1: [ 2733.883917][T22941] anon 49152 [ 2733.883917][T22941] file 40960 [ 2733.883917][T22941] kernel_stack 0 [ 2733.883917][T22941] slab 557056 [ 2733.883917][T22941] sock 0 [ 2733.883917][T22941] shmem 0 [ 2733.883917][T22941] file_mapped 0 [ 2733.883917][T22941] file_dirty 0 [ 2733.883917][T22941] file_writeback 0 [ 2733.883917][T22941] anon_thp 0 [ 2733.883917][T22941] inactive_anon 0 [ 2733.883917][T22941] active_anon 49152 [ 2733.883917][T22941] inactive_file 135168 [ 2733.883917][T22941] active_file 0 [ 2733.883917][T22941] unevictable 0 [ 2733.883917][T22941] slab_reclaimable 135168 [ 2733.883917][T22941] slab_unreclaimable 421888 [ 2733.883917][T22941] pgfault 29106 [ 2733.883917][T22941] pgmajfault 0 [ 2733.883917][T22941] workingset_refault 0 [ 2733.883917][T22941] workingset_activate 0 [ 2733.883917][T22941] workingset_nodereclaim 0 [ 2733.883917][T22941] pgrefill 100 [ 2733.883917][T22941] pgscan 100 [ 2733.883917][T22941] pgsteal 0 [ 2733.883917][T22941] pgactivate 66 [ 2733.977890][T22941] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=22941,uid=0 [ 2734.016959][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2734.018856][T22941] Memory cgroup out of memory: Killed process 22941 (syz-executor.1) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2734.039516][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2734.060793][ T1065] oom_reaper: reaped process 22941 (syz-executor.1), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2734.069918][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2734.096101][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2734.115819][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2734.177886][T22996] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2734.189331][T22996] CPU: 1 PID: 22996 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2734.197076][T22996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2734.207144][T22996] Call Trace: [ 2734.210447][T22996] dump_stack+0x172/0x1f0 [ 2734.214808][T22996] dump_header+0x10b/0x82d [ 2734.219245][T22996] oom_kill_process.cold+0x10/0x15 [ 2734.224382][T22996] out_of_memory+0x334/0x1340 [ 2734.229079][T22996] ? __sched_text_start+0x8/0x8 [ 2734.233961][T22996] ? oom_killer_disable+0x280/0x280 [ 2734.239181][T22996] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2734.244991][T22996] ? memcg_stat_show+0xc40/0xc40 [ 2734.249970][T22996] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2734.255790][T22996] ? cgroup_file_notify+0x140/0x1b0 [ 2734.261007][T22996] memory_max_write+0x262/0x3a0 [ 2734.265865][T22996] ? mem_cgroup_write+0x370/0x370 [ 2734.270905][T22996] ? lock_acquire+0x190/0x410 [ 2734.275585][T22996] ? kernfs_fop_write+0x227/0x480 [ 2734.280618][T22996] cgroup_file_write+0x241/0x790 [ 2734.285564][T22996] ? mem_cgroup_write+0x370/0x370 [ 2734.290603][T22996] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2734.296281][T22996] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2734.301920][T22996] kernfs_fop_write+0x2b8/0x480 [ 2734.306794][T22996] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2734.313048][T22996] __vfs_write+0x8a/0x110 [ 2734.317680][T22996] ? kernfs_fop_open+0xd80/0xd80 [ 2734.322660][T22996] vfs_write+0x268/0x5d0 [ 2734.326920][T22996] ksys_write+0x14f/0x290 [ 2734.331914][T22996] ? __ia32_sys_read+0xb0/0xb0 [ 2734.336868][T22996] ? do_syscall_64+0x26/0x760 [ 2734.341681][T22996] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2734.347767][T22996] ? do_syscall_64+0x26/0x760 [ 2734.352464][T22996] __x64_sys_write+0x73/0xb0 [ 2734.357880][T22996] do_syscall_64+0xfa/0x760 [ 2734.362399][T22996] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2734.368306][T22996] RIP: 0033:0x459a59 [ 2734.372466][T22996] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2734.392176][T22996] RSP: 002b:00007fda682cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2734.400694][T22996] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2734.408858][T22996] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2734.417193][T22996] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2734.425362][T22996] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fda682cc6d4 [ 2734.433431][T22996] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2734.454614][T22996] memory: usage 5196kB, limit 0kB, failcnt 966 [ 2734.463325][T22996] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2734.490561][T22996] Memory cgroup stats for /syz2: [ 2734.492627][T22996] anon 4333568 [ 2734.492627][T22996] file 86016 [ 2734.492627][T22996] kernel_stack 65536 [ 2734.492627][T22996] slab 671744 [ 2734.492627][T22996] sock 0 [ 2734.492627][T22996] shmem 0 [ 2734.492627][T22996] file_mapped 0 [ 2734.492627][T22996] file_dirty 0 [ 2734.492627][T22996] file_writeback 0 [ 2734.492627][T22996] anon_thp 4194304 [ 2734.492627][T22996] inactive_anon 0 [ 2734.492627][T22996] active_anon 4333568 [ 2734.492627][T22996] inactive_file 0 [ 2734.492627][T22996] active_file 0 [ 2734.492627][T22996] unevictable 0 [ 2734.492627][T22996] slab_reclaimable 135168 [ 2734.492627][T22996] slab_unreclaimable 536576 [ 2734.492627][T22996] pgfault 35310 [ 2734.492627][T22996] pgmajfault 0 [ 2734.492627][T22996] workingset_refault 0 [ 2734.492627][T22996] workingset_activate 0 [ 2734.492627][T22996] workingset_nodereclaim 0 [ 2734.492627][T22996] pgrefill 166 [ 2734.492627][T22996] pgscan 167 [ 2734.492627][T22996] pgsteal 0 [ 2734.492627][T22996] pgactivate 99 [ 2734.610624][T22996] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=22995,uid=0 [ 2734.680929][T22996] Memory cgroup out of memory: Killed process 22995 (syz-executor.2) total-vm:72576kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2734.725261][ T1065] oom_reaper: reaped process 22995 (syz-executor.2), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 16:21:52 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2734.807060][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2734.833309][T22956] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2734.870391][T22956] CPU: 0 PID: 22956 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2734.877982][T22956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2734.888040][T22956] Call Trace: [ 2734.891344][T22956] dump_stack+0x172/0x1f0 [ 2734.895678][T22956] dump_header+0x10b/0x82d [ 2734.900089][T22956] ? oom_kill_process+0x94/0x3f0 [ 2734.905116][T22956] oom_kill_process.cold+0x10/0x15 [ 2734.910247][T22956] out_of_memory+0x334/0x1340 [ 2734.914939][T22956] ? lock_downgrade+0x920/0x920 [ 2734.919788][T22956] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2734.925684][T22956] ? oom_killer_disable+0x280/0x280 [ 2734.930892][T22956] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2734.936437][T22956] ? memcg_stat_show+0xc40/0xc40 [ 2734.941388][T22956] ? do_raw_spin_unlock+0x57/0x270 [ 2734.946498][T22956] ? _raw_spin_unlock+0x2d/0x50 [ 2734.951359][T22956] try_charge+0xf4b/0x1440 [ 2734.956308][T22956] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2734.961848][T22956] ? percpu_ref_tryget_live+0x111/0x290 [ 2734.967398][T22956] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2734.973643][T22956] ? __kasan_check_read+0x11/0x20 [ 2734.978673][T22956] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2734.984243][T22956] mem_cgroup_try_charge+0x136/0x590 [ 2734.989536][T22956] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2734.995169][T22956] wp_page_copy+0x407/0x1860 [ 2734.999757][T22956] ? find_held_lock+0x35/0x130 [ 2735.004520][T22956] ? do_wp_page+0x53b/0x15c0 [ 2735.009116][T22956] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2735.014929][T22956] ? lock_downgrade+0x920/0x920 [ 2735.019781][T22956] ? swp_swapcount+0x540/0x540 [ 2735.024556][T22956] ? __kasan_check_read+0x11/0x20 [ 2735.029600][T22956] ? do_raw_spin_unlock+0x57/0x270 [ 2735.034725][T22956] do_wp_page+0x543/0x15c0 [ 2735.039148][T22956] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2735.044534][T22956] __handle_mm_fault+0x23ec/0x4040 [ 2735.049650][T22956] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2735.055195][T22956] ? handle_mm_fault+0x292/0xaa0 [ 2735.060164][T22956] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2735.066405][T22956] ? __kasan_check_read+0x11/0x20 [ 2735.071781][T22956] handle_mm_fault+0x3b7/0xaa0 [ 2735.076550][T22956] __do_page_fault+0x536/0xdd0 [ 2735.081326][T22956] do_page_fault+0x38/0x590 [ 2735.085910][T22956] page_fault+0x39/0x40 [ 2735.090060][T22956] RIP: 0033:0x430b36 [ 2735.093955][T22956] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2735.113652][T22956] RSP: 002b:00007ffcccfbe610 EFLAGS: 00010206 [ 2735.119976][T22956] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2735.128061][T22956] RDX: 000000000222f930 RSI: 0000000002237970 RDI: 0000000000000003 [ 2735.136469][T22956] RBP: 0000000000008041 R08: 0000000000000001 R09: 000000000222e940 [ 2735.145043][T22956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2735.153538][T22956] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2735.167679][T22956] memory: usage 820kB, limit 0kB, failcnt 978 [ 2735.174050][T22956] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2735.183822][T22956] Memory cgroup stats for /syz2: [ 2735.183924][T22956] anon 73728 [ 2735.183924][T22956] file 86016 [ 2735.183924][T22956] kernel_stack 0 [ 2735.183924][T22956] slab 671744 [ 2735.183924][T22956] sock 0 [ 2735.183924][T22956] shmem 0 [ 2735.183924][T22956] file_mapped 0 [ 2735.183924][T22956] file_dirty 0 [ 2735.183924][T22956] file_writeback 0 [ 2735.183924][T22956] anon_thp 0 [ 2735.183924][T22956] inactive_anon 0 [ 2735.183924][T22956] active_anon 73728 [ 2735.183924][T22956] inactive_file 0 [ 2735.183924][T22956] active_file 0 [ 2735.183924][T22956] unevictable 0 [ 2735.183924][T22956] slab_reclaimable 135168 [ 2735.183924][T22956] slab_unreclaimable 536576 [ 2735.183924][T22956] pgfault 35310 [ 2735.183924][T22956] pgmajfault 0 [ 2735.183924][T22956] workingset_refault 0 [ 2735.183924][T22956] workingset_activate 0 [ 2735.183924][T22956] workingset_nodereclaim 0 [ 2735.183924][T22956] pgrefill 166 [ 2735.183924][T22956] pgscan 167 [ 2735.183924][T22956] pgsteal 0 [ 2735.183924][T22956] pgactivate 99 [ 2735.281933][T22956] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=22956,uid=0 [ 2735.299211][T22956] Memory cgroup out of memory: Killed process 22956 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 16:21:53 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2735.337943][T22999] IPVS: ftp: loaded support on port[0] = 21 [ 2735.356018][T23001] IPVS: ftp: loaded support on port[0] = 21 16:21:53 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r1 = socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2735.410203][T22974] team0: Port device team_slave_0 added [ 2735.433640][T22974] team0: Port device team_slave_1 added 16:21:53 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x0, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) 16:21:53 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:21:53 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x0, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) 16:21:53 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2735.944705][T22974] device hsr_slave_0 entered promiscuous mode [ 2736.011644][T22974] device hsr_slave_1 entered promiscuous mode [ 2736.030478][T22974] debugfs: Directory 'hsr0' with parent '/' already present! [ 2736.454372][T23001] chnl_net:caif_netlink_parms(): no params data found [ 2736.616360][T23001] bridge0: port 1(bridge_slave_0) entered blocking state [ 2736.625299][T23001] bridge0: port 1(bridge_slave_0) entered disabled state [ 2736.634694][T23001] device bridge_slave_0 entered promiscuous mode [ 2736.735420][T23001] bridge0: port 2(bridge_slave_1) entered blocking state [ 2736.742887][T23001] bridge0: port 2(bridge_slave_1) entered disabled state [ 2736.752633][T23001] device bridge_slave_1 entered promiscuous mode [ 2736.814714][T23001] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2736.835021][T23001] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2736.911347][T22999] chnl_net:caif_netlink_parms(): no params data found [ 2737.006808][T23005] IPVS: ftp: loaded support on port[0] = 21 [ 2737.022265][T23001] team0: Port device team_slave_0 added [ 2737.149750][T23001] team0: Port device team_slave_1 added [ 2737.215161][T22974] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2737.290030][T22999] bridge0: port 1(bridge_slave_0) entered blocking state [ 2737.311108][T22999] bridge0: port 1(bridge_slave_0) entered disabled state [ 2737.319984][T22999] device bridge_slave_0 entered promiscuous mode [ 2737.394571][T23001] device hsr_slave_0 entered promiscuous mode [ 2737.501937][T23001] device hsr_slave_1 entered promiscuous mode [ 2737.570495][T23001] debugfs: Directory 'hsr0' with parent '/' already present! [ 2737.632768][T22999] bridge0: port 2(bridge_slave_1) entered blocking state [ 2737.639875][T22999] bridge0: port 2(bridge_slave_1) entered disabled state [ 2737.665883][T22999] device bridge_slave_1 entered promiscuous mode [ 2737.686957][T23007] IPVS: ftp: loaded support on port[0] = 21 [ 2737.696660][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2737.707081][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2737.885417][T23009] IPVS: ftp: loaded support on port[0] = 21 [ 2737.918784][T22999] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2737.933201][T22974] 8021q: adding VLAN 0 to HW filter on device team0 [ 2737.944092][T22999] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2738.082224][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2738.093442][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2738.102788][T21074] bridge0: port 1(bridge_slave_0) entered blocking state [ 2738.109844][T21074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2738.197628][T22999] team0: Port device team_slave_0 added [ 2738.225933][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2738.235732][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2738.245999][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2738.255012][T11398] bridge0: port 2(bridge_slave_1) entered blocking state [ 2738.262126][T11398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2738.273870][T22999] team0: Port device team_slave_1 added [ 2738.477700][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2738.489975][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2738.705049][T22999] device hsr_slave_0 entered promiscuous mode [ 2738.751542][T22999] device hsr_slave_1 entered promiscuous mode [ 2738.840508][T22999] debugfs: Directory 'hsr0' with parent '/' already present! [ 2738.869943][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2738.881236][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2738.970962][T23005] chnl_net:caif_netlink_parms(): no params data found [ 2738.991662][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2739.000254][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2739.011269][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2739.021536][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2739.031253][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2739.049280][T22974] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2739.063163][T22974] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2739.158550][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2739.168848][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2739.321808][T23009] chnl_net:caif_netlink_parms(): no params data found [ 2739.394737][T23005] bridge0: port 1(bridge_slave_0) entered blocking state [ 2739.402802][T23005] bridge0: port 1(bridge_slave_0) entered disabled state [ 2739.412402][T23005] device bridge_slave_0 entered promiscuous mode [ 2739.488530][T23001] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2739.505750][T22974] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2739.514787][T23005] bridge0: port 2(bridge_slave_1) entered blocking state [ 2739.523378][T23005] bridge0: port 2(bridge_slave_1) entered disabled state [ 2739.533237][T23005] device bridge_slave_1 entered promiscuous mode [ 2739.652511][T23009] bridge0: port 1(bridge_slave_0) entered blocking state [ 2739.659604][T23009] bridge0: port 1(bridge_slave_0) entered disabled state [ 2739.669776][T23009] device bridge_slave_0 entered promiscuous mode [ 2739.686429][T23005] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2739.783282][T23009] bridge0: port 2(bridge_slave_1) entered blocking state [ 2739.800591][T23009] bridge0: port 2(bridge_slave_1) entered disabled state [ 2739.809220][T23009] device bridge_slave_1 entered promiscuous mode [ 2739.822272][T23005] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2739.841785][T23007] chnl_net:caif_netlink_parms(): no params data found [ 2739.884427][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2739.900827][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2739.990770][T23019] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2740.022864][T23019] CPU: 0 PID: 23019 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2740.024567][T23005] team0: Port device team_slave_0 added [ 2740.030562][T23019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2740.030572][T23019] Call Trace: [ 2740.030600][T23019] dump_stack+0x172/0x1f0 [ 2740.030629][T23019] dump_header+0x10b/0x82d [ 2740.030663][T23019] oom_kill_process.cold+0x10/0x15 [ 2740.046274][T23019] out_of_memory+0x334/0x1340 [ 2740.046299][T23019] ? __sched_text_start+0x8/0x8 [ 2740.046320][T23019] ? oom_killer_disable+0x280/0x280 [ 2740.046363][T23019] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2740.046381][T23019] ? memcg_stat_show+0xc40/0xc40 [ 2740.046416][T23019] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2740.054242][T23019] ? cgroup_file_notify+0x140/0x1b0 [ 2740.063744][T23019] memory_max_write+0x262/0x3a0 [ 2740.063769][T23019] ? mem_cgroup_write+0x370/0x370 [ 2740.063788][T23019] ? lock_acquire+0x190/0x410 [ 2740.063805][T23019] ? kernfs_fop_write+0x227/0x480 [ 2740.063834][T23019] cgroup_file_write+0x241/0x790 [ 2740.063858][T23019] ? mem_cgroup_write+0x370/0x370 [ 2740.063877][T23019] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2740.063912][T23019] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2740.063929][T23019] kernfs_fop_write+0x2b8/0x480 [ 2740.063946][T23019] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2740.063972][T23019] __vfs_write+0x8a/0x110 [ 2740.063988][T23019] ? kernfs_fop_open+0xd80/0xd80 [ 2740.064010][T23019] vfs_write+0x268/0x5d0 [ 2740.064038][T23019] ksys_write+0x14f/0x290 [ 2740.064060][T23019] ? __ia32_sys_read+0xb0/0xb0 [ 2740.064084][T23019] ? do_syscall_64+0x26/0x760 [ 2740.064103][T23019] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2740.064118][T23019] ? do_syscall_64+0x26/0x760 [ 2740.064147][T23019] __x64_sys_write+0x73/0xb0 [ 2740.064176][T23019] do_syscall_64+0xfa/0x760 [ 2740.064203][T23019] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2740.064219][T23019] RIP: 0033:0x459a59 [ 2740.064238][T23019] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2740.064249][T23019] RSP: 002b:00007f08b08c4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2740.064266][T23019] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2740.064276][T23019] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2740.064288][T23019] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2740.064299][T23019] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f08b08c56d4 [ 2740.064309][T23019] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2740.140501][T23019] memory: usage 5348kB, limit 0kB, failcnt 840 [ 2740.180544][T23019] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2740.188709][T23019] Memory cgroup stats for /syz3: [ 2740.188843][T23019] anon 4292608 [ 2740.188843][T23019] file 16384 [ 2740.188843][T23019] kernel_stack 65536 [ 2740.188843][T23019] slab 811008 [ 2740.188843][T23019] sock 0 [ 2740.188843][T23019] shmem 0 [ 2740.188843][T23019] file_mapped 0 [ 2740.188843][T23019] file_dirty 0 [ 2740.188843][T23019] file_writeback 0 [ 2740.188843][T23019] anon_thp 4194304 [ 2740.188843][T23019] inactive_anon 0 [ 2740.188843][T23019] active_anon 4292608 [ 2740.188843][T23019] inactive_file 0 [ 2740.188843][T23019] active_file 0 [ 2740.188843][T23019] unevictable 0 [ 2740.188843][T23019] slab_reclaimable 270336 [ 2740.188843][T23019] slab_unreclaimable 540672 [ 2740.188843][T23019] pgfault 31185 [ 2740.188843][T23019] pgmajfault 0 [ 2740.188843][T23019] workingset_refault 0 [ 2740.188843][T23019] workingset_activate 0 [ 2740.188843][T23019] workingset_nodereclaim 0 [ 2740.188843][T23019] pgrefill 100 [ 2740.188843][T23019] pgscan 99 [ 2740.188843][T23019] pgsteal 0 [ 2740.188843][T23019] pgactivate 66 [ 2740.210479][T23019] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23018,uid=0 [ 2740.260801][T23019] Memory cgroup out of memory: Killed process 23018 (syz-executor.3) total-vm:72708kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2740.442003][T23001] 8021q: adding VLAN 0 to HW filter on device team0 [ 2740.456892][T23009] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2740.472629][T23005] team0: Port device team_slave_1 added 16:21:58 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x0, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2740.523737][T22974] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2740.538781][T23009] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2740.552295][T22974] CPU: 0 PID: 22974 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2740.560481][T22974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2740.570536][T22974] Call Trace: [ 2740.573842][T22974] dump_stack+0x172/0x1f0 [ 2740.578183][T22974] dump_header+0x10b/0x82d [ 2740.582600][T22974] ? oom_kill_process+0x94/0x3f0 [ 2740.587643][T22974] oom_kill_process.cold+0x10/0x15 [ 2740.592773][T22974] out_of_memory+0x334/0x1340 [ 2740.597537][T22974] ? lock_downgrade+0x920/0x920 [ 2740.602398][T22974] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2740.608201][T22974] ? oom_killer_disable+0x280/0x280 [ 2740.613416][T22974] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2740.618960][T22974] ? memcg_stat_show+0xc40/0xc40 [ 2740.623903][T22974] ? do_raw_spin_unlock+0x57/0x270 [ 2740.629015][T22974] ? _raw_spin_unlock+0x2d/0x50 [ 2740.633890][T22974] try_charge+0xf4b/0x1440 [ 2740.638330][T22974] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2740.643874][T22974] ? percpu_ref_tryget_live+0x111/0x290 [ 2740.649422][T22974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2740.655664][T22974] ? __kasan_check_read+0x11/0x20 [ 2740.660702][T22974] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2740.666249][T22974] mem_cgroup_try_charge+0x136/0x590 [ 2740.671542][T22974] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2740.677180][T22974] wp_page_copy+0x407/0x1860 [ 2740.681772][T22974] ? find_held_lock+0x35/0x130 [ 2740.686533][T22974] ? do_wp_page+0x53b/0x15c0 [ 2740.691125][T22974] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2740.696930][T22974] ? lock_downgrade+0x920/0x920 [ 2740.701804][T22974] ? swp_swapcount+0x540/0x540 [ 2740.706573][T22974] ? __kasan_check_read+0x11/0x20 [ 2740.711597][T22974] ? do_raw_spin_unlock+0x57/0x270 [ 2740.716710][T22974] do_wp_page+0x543/0x15c0 [ 2740.721129][T22974] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2740.726507][T22974] __handle_mm_fault+0x23ec/0x4040 [ 2740.731619][T22974] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2740.737164][T22974] ? handle_mm_fault+0x292/0xaa0 [ 2740.742117][T22974] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2740.748356][T22974] ? __kasan_check_read+0x11/0x20 [ 2740.753381][T22974] handle_mm_fault+0x3b7/0xaa0 [ 2740.758166][T22974] __do_page_fault+0x536/0xdd0 [ 2740.763476][T22974] do_page_fault+0x38/0x590 [ 2740.767983][T22974] page_fault+0x39/0x40 [ 2740.772145][T22974] RIP: 0033:0x430b36 [ 2740.776034][T22974] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2740.795635][T22974] RSP: 002b:00007ffe7c6e84f0 EFLAGS: 00010206 [ 2740.801702][T22974] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2740.809668][T22974] RDX: 0000000001ff8930 RSI: 0000000002000970 RDI: 0000000000000003 [ 2740.817635][T22974] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001ff7940 [ 2740.825610][T22974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2740.833585][T22974] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2740.848404][T22974] memory: usage 928kB, limit 0kB, failcnt 848 [ 2740.855007][T22974] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2740.862813][T22974] Memory cgroup stats for /syz3: [ 2740.862926][T22974] anon 77824 [ 2740.862926][T22974] file 16384 [ 2740.862926][T22974] kernel_stack 0 [ 2740.862926][T22974] slab 811008 [ 2740.862926][T22974] sock 0 [ 2740.862926][T22974] shmem 0 [ 2740.862926][T22974] file_mapped 0 [ 2740.862926][T22974] file_dirty 0 [ 2740.862926][T22974] file_writeback 0 [ 2740.862926][T22974] anon_thp 0 [ 2740.862926][T22974] inactive_anon 0 [ 2740.862926][T22974] active_anon 77824 [ 2740.862926][T22974] inactive_file 0 [ 2740.862926][T22974] active_file 0 [ 2740.862926][T22974] unevictable 0 [ 2740.862926][T22974] slab_reclaimable 270336 [ 2740.862926][T22974] slab_unreclaimable 540672 [ 2740.862926][T22974] pgfault 31185 [ 2740.862926][T22974] pgmajfault 0 [ 2740.862926][T22974] workingset_refault 0 [ 2740.862926][T22974] workingset_activate 0 [ 2740.862926][T22974] workingset_nodereclaim 0 [ 2740.862926][T22974] pgrefill 100 [ 2740.862926][T22974] pgscan 99 [ 2740.862926][T22974] pgsteal 0 [ 2740.862926][T22974] pgactivate 66 [ 2740.956888][T22974] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=22974,uid=0 [ 2740.973513][T22974] Memory cgroup out of memory: Killed process 22974 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2740.992426][ T1065] oom_reaper: reaped process 22974 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2741.026083][T22999] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2741.033616][T23007] bridge0: port 1(bridge_slave_0) entered blocking state [ 2741.050485][T23007] bridge0: port 1(bridge_slave_0) entered disabled state [ 2741.059055][T23007] device bridge_slave_0 entered promiscuous mode [ 2741.077480][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2741.088865][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2741.097899][T20744] bridge0: port 1(bridge_slave_0) entered blocking state [ 2741.105026][T20744] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2741.424494][T23007] bridge0: port 2(bridge_slave_1) entered blocking state [ 2741.431848][T23007] bridge0: port 2(bridge_slave_1) entered disabled state [ 2741.441401][T23007] device bridge_slave_1 entered promiscuous mode [ 2741.494351][T23005] device hsr_slave_0 entered promiscuous mode [ 2741.551422][T23005] device hsr_slave_1 entered promiscuous mode [ 2741.600665][T23005] debugfs: Directory 'hsr0' with parent '/' already present! [ 2741.632890][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2741.651485][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2741.663064][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2741.672900][T20744] bridge0: port 2(bridge_slave_1) entered blocking state [ 2741.679965][T20744] bridge0: port 2(bridge_slave_1) entered forwarding state 16:21:59 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x0, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2741.764128][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2741.781236][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2741.805543][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2741.854557][T23007] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2741.872443][T23009] team0: Port device team_slave_0 added [ 2741.893894][T23007] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2742.021409][T23009] team0: Port device team_slave_1 added [ 2742.048915][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2742.058599][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2742.069223][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2742.094377][T22999] 8021q: adding VLAN 0 to HW filter on device team0 [ 2742.116124][T23007] team0: Port device team_slave_0 added [ 2742.123098][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2742.168906][T23007] team0: Port device team_slave_1 added [ 2742.218411][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2742.231806][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2742.241424][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2742.251901][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2742.261234][T20744] bridge0: port 1(bridge_slave_0) entered blocking state [ 2742.268331][T20744] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2742.278103][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2742.366553][T23009] device hsr_slave_0 entered promiscuous mode [ 2742.441584][T23009] device hsr_slave_1 entered promiscuous mode [ 2742.500543][T23009] debugfs: Directory 'hsr0' with parent '/' already present! [ 2742.595266][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2742.606433][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2742.674181][T23007] device hsr_slave_0 entered promiscuous mode [ 2742.732893][T23007] device hsr_slave_1 entered promiscuous mode [ 2742.790713][T23007] debugfs: Directory 'hsr0' with parent '/' already present! [ 2742.854469][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2742.871417][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2742.879895][T20744] bridge0: port 2(bridge_slave_1) entered blocking state [ 2742.887041][T20744] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2742.911524][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2742.921111][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2743.014125][T23001] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2743.064441][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2743.175069][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2743.280444][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2743.290047][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2743.331781][T23005] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2743.348373][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2743.358080][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2743.367915][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2743.381036][T23001] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2743.472921][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2743.482933][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2743.493174][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2743.505148][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2743.587488][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2743.597822][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2743.620161][T22999] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2743.712460][T23005] 8021q: adding VLAN 0 to HW filter on device team0 [ 2743.828418][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2743.838634][T23027] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2743.852094][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2743.861515][T23027] CPU: 0 PID: 23027 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2743.869123][T23027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2743.879210][T23027] Call Trace: [ 2743.882536][T23027] dump_stack+0x172/0x1f0 [ 2743.886904][T23027] dump_header+0x10b/0x82d [ 2743.891445][T23027] oom_kill_process.cold+0x10/0x15 [ 2743.896633][T23027] out_of_memory+0x334/0x1340 [ 2743.901347][T23027] ? __sched_text_start+0x8/0x8 [ 2743.906243][T23027] ? oom_killer_disable+0x280/0x280 [ 2743.911496][T23027] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2743.917066][T23027] ? memcg_stat_show+0xc40/0xc40 [ 2743.922047][T23027] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2743.927887][T23027] ? cgroup_file_notify+0x140/0x1b0 [ 2743.933139][T23027] memory_max_write+0x262/0x3a0 [ 2743.938024][T23027] ? mem_cgroup_write+0x370/0x370 [ 2743.943081][T23027] ? lock_acquire+0x190/0x410 [ 2743.947779][T23027] ? kernfs_fop_write+0x227/0x480 [ 2743.952845][T23027] cgroup_file_write+0x241/0x790 [ 2743.957808][T23027] ? mem_cgroup_write+0x370/0x370 [ 2743.962867][T23027] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2743.968547][T23027] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2743.974212][T23027] kernfs_fop_write+0x2b8/0x480 [ 2743.979084][T23027] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2743.985390][T23027] __vfs_write+0x8a/0x110 [ 2743.989740][T23027] ? kernfs_fop_open+0xd80/0xd80 [ 2743.994814][T23027] vfs_write+0x268/0x5d0 [ 2743.999090][T23027] ksys_write+0x14f/0x290 [ 2744.003446][T23027] ? __ia32_sys_read+0xb0/0xb0 [ 2744.008230][T23027] ? do_syscall_64+0x26/0x760 [ 2744.013379][T23027] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2744.020187][T23027] ? do_syscall_64+0x26/0x760 [ 2744.024908][T23027] __x64_sys_write+0x73/0xb0 [ 2744.029533][T23027] do_syscall_64+0xfa/0x760 [ 2744.034095][T23027] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2744.040004][T23027] RIP: 0033:0x459a59 [ 2744.043916][T23027] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2744.063623][T23027] RSP: 002b:00007f63d8569c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2744.072157][T23027] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2744.080253][T23027] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2744.088253][T23027] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2744.096247][T23027] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f63d856a6d4 [ 2744.104236][T23027] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2744.119177][T21272] bridge0: port 1(bridge_slave_0) entered blocking state [ 2744.126337][T21272] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2744.142382][T23027] memory: usage 28260kB, limit 0kB, failcnt 157 [ 2744.148671][T23027] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2744.173983][T23027] Memory cgroup stats for /syz0: [ 2744.174099][T23027] anon 4259840 [ 2744.174099][T23027] file 0 [ 2744.174099][T23027] kernel_stack 65536 [ 2744.174099][T23027] slab 24719360 [ 2744.174099][T23027] sock 0 [ 2744.174099][T23027] shmem 0 [ 2744.174099][T23027] file_mapped 0 [ 2744.174099][T23027] file_dirty 0 [ 2744.174099][T23027] file_writeback 0 [ 2744.174099][T23027] anon_thp 4194304 [ 2744.174099][T23027] inactive_anon 0 [ 2744.174099][T23027] active_anon 4259840 [ 2744.174099][T23027] inactive_file 0 [ 2744.174099][T23027] active_file 0 [ 2744.174099][T23027] unevictable 0 [ 2744.174099][T23027] slab_reclaimable 23924736 [ 2744.174099][T23027] slab_unreclaimable 794624 [ 2744.174099][T23027] pgfault 44913 [ 2744.174099][T23027] pgmajfault 0 [ 2744.174099][T23027] workingset_refault 0 [ 2744.174099][T23027] workingset_activate 0 [ 2744.174099][T23027] workingset_nodereclaim 0 [ 2744.174099][T23027] pgrefill 249 [ 2744.174099][T23027] pgscan 231 [ 2744.174099][T23027] pgsteal 34 [ 2744.174099][T23027] pgactivate 198 [ 2744.292985][T23027] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23026,uid=0 [ 2744.309675][T23027] Memory cgroup out of memory: Killed process 23026 (syz-executor.0) total-vm:72708kB, anon-rss:4184kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2744.331342][ T1065] oom_reaper: reaped process 23026 (syz-executor.0), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB [ 2744.352532][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2744.363020][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2744.373805][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2744.385005][T16115] bridge0: port 2(bridge_slave_1) entered blocking state [ 2744.392197][T16115] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2744.425401][T23009] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2744.465396][T23001] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2744.477318][T23001] CPU: 1 PID: 23001 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2744.484884][T23001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2744.494938][T23001] Call Trace: [ 2744.498239][T23001] dump_stack+0x172/0x1f0 [ 2744.502576][T23001] dump_header+0x10b/0x82d [ 2744.506985][T23001] ? oom_kill_process+0x94/0x3f0 [ 2744.511930][T23001] oom_kill_process.cold+0x10/0x15 [ 2744.517044][T23001] out_of_memory+0x334/0x1340 [ 2744.521730][T23001] ? lock_downgrade+0x920/0x920 [ 2744.526581][T23001] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2744.532392][T23001] ? oom_killer_disable+0x280/0x280 [ 2744.537599][T23001] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2744.543142][T23001] ? memcg_stat_show+0xc40/0xc40 [ 2744.548079][T23001] ? do_raw_spin_unlock+0x57/0x270 [ 2744.553187][T23001] ? _raw_spin_unlock+0x2d/0x50 [ 2744.558019][T23001] try_charge+0xf4b/0x1440 [ 2744.562419][T23001] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2744.568201][T23001] ? percpu_ref_tryget_live+0x111/0x290 [ 2744.573787][T23001] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2744.580006][T23001] ? __kasan_check_read+0x11/0x20 [ 2744.585016][T23001] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2744.590551][T23001] mem_cgroup_try_charge+0x136/0x590 [ 2744.595886][T23001] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2744.601499][T23001] wp_page_copy+0x407/0x1860 [ 2744.606080][T23001] ? find_held_lock+0x35/0x130 [ 2744.610842][T23001] ? do_wp_page+0x53b/0x15c0 [ 2744.615409][T23001] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2744.621202][T23001] ? lock_downgrade+0x920/0x920 [ 2744.626030][T23001] ? swp_swapcount+0x540/0x540 [ 2744.630773][T23001] ? __kasan_check_read+0x11/0x20 [ 2744.635877][T23001] ? do_raw_spin_unlock+0x57/0x270 [ 2744.640966][T23001] do_wp_page+0x543/0x15c0 [ 2744.645386][T23001] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2744.650761][T23001] __handle_mm_fault+0x23ec/0x4040 [ 2744.655865][T23001] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2744.661397][T23001] ? handle_mm_fault+0x292/0xaa0 [ 2744.666590][T23001] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2744.672896][T23001] ? __kasan_check_read+0x11/0x20 [ 2744.677919][T23001] handle_mm_fault+0x3b7/0xaa0 [ 2744.682665][T23001] __do_page_fault+0x536/0xdd0 [ 2744.687418][T23001] do_page_fault+0x38/0x590 [ 2744.691906][T23001] page_fault+0x39/0x40 [ 2744.696047][T23001] RIP: 0033:0x430b36 [ 2744.699922][T23001] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2744.719507][T23001] RSP: 002b:00007fff33e75510 EFLAGS: 00010206 [ 2744.725565][T23001] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2744.733515][T23001] RDX: 0000000001d55930 RSI: 0000000001d5d970 RDI: 0000000000000003 [ 2744.741899][T23001] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001d54940 [ 2744.749852][T23001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2744.757814][T23001] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2744.769082][T23001] memory: usage 23748kB, limit 0kB, failcnt 165 [ 2744.775685][T23001] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2744.782750][T23001] Memory cgroup stats for /syz0: [ 2744.782849][T23001] anon 8192 [ 2744.782849][T23001] file 0 [ 2744.782849][T23001] kernel_stack 65536 [ 2744.782849][T23001] slab 24584192 [ 2744.782849][T23001] sock 0 [ 2744.782849][T23001] shmem 0 [ 2744.782849][T23001] file_mapped 0 [ 2744.782849][T23001] file_dirty 0 [ 2744.782849][T23001] file_writeback 0 [ 2744.782849][T23001] anon_thp 0 [ 2744.782849][T23001] inactive_anon 0 [ 2744.782849][T23001] active_anon 8192 [ 2744.782849][T23001] inactive_file 0 [ 2744.782849][T23001] active_file 0 [ 2744.782849][T23001] unevictable 0 [ 2744.782849][T23001] slab_reclaimable 23789568 [ 2744.782849][T23001] slab_unreclaimable 794624 [ 2744.782849][T23001] pgfault 44913 [ 2744.782849][T23001] pgmajfault 0 [ 2744.782849][T23001] workingset_refault 0 [ 2744.782849][T23001] workingset_activate 0 [ 2744.782849][T23001] workingset_nodereclaim 0 [ 2744.782849][T23001] pgrefill 249 [ 2744.782849][T23001] pgscan 231 [ 2744.782849][T23001] pgsteal 34 [ 2744.782849][T23001] pgactivate 198 [ 2744.881533][T23001] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23001,uid=0 [ 2744.897588][T23001] Memory cgroup out of memory: Killed process 23001 (syz-executor.0) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2744.916046][ T1065] oom_reaper: reaped process 23001 (syz-executor.0), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2744.939117][T22999] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2744.963930][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2745.304247][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2745.313849][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2745.322641][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2745.400219][T23009] 8021q: adding VLAN 0 to HW filter on device team0 [ 2745.429164][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2745.439512][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2745.449283][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2745.470088][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2745.530960][T23007] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2745.585563][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2745.611837][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2745.621405][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2745.629966][T16115] bridge0: port 1(bridge_slave_0) entered blocking state [ 2745.636417][T23035] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2745.637097][T16115] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2745.648232][T23035] CPU: 1 PID: 23035 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 2745.662021][T23035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2745.672076][T23035] Call Trace: [ 2745.675376][T23035] dump_stack+0x172/0x1f0 [ 2745.679718][T23035] dump_header+0x10b/0x82d [ 2745.684144][T23035] oom_kill_process.cold+0x10/0x15 [ 2745.689268][T23035] out_of_memory+0x334/0x1340 [ 2745.691223][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2745.693965][T23035] ? __sched_text_start+0x8/0x8 [ 2745.706688][T23035] ? oom_killer_disable+0x280/0x280 [ 2745.711905][T23035] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2745.717455][T23035] ? memcg_stat_show+0xc40/0xc40 [ 2745.721591][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2745.722401][T23035] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2745.735900][T23035] ? cgroup_file_notify+0x140/0x1b0 [ 2745.741133][T23035] memory_max_write+0x262/0x3a0 [ 2745.742273][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2745.745995][T23035] ? mem_cgroup_write+0x370/0x370 [ 2745.758366][T23035] ? lock_acquire+0x190/0x410 [ 2745.763057][T23035] ? kernfs_fop_write+0x227/0x480 [ 2745.768116][T23035] cgroup_file_write+0x241/0x790 [ 2745.773063][T23035] ? mem_cgroup_write+0x370/0x370 [ 2745.778096][T23035] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2745.783773][T23035] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2745.789765][T23035] kernfs_fop_write+0x2b8/0x480 [ 2745.794623][T23035] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2745.800874][T23035] __vfs_write+0x8a/0x110 [ 2745.805205][T23035] ? kernfs_fop_open+0xd80/0xd80 [ 2745.810143][T23035] vfs_write+0x268/0x5d0 [ 2745.814392][T23035] ksys_write+0x14f/0x290 [ 2745.818749][T23035] ? __ia32_sys_read+0xb0/0xb0 [ 2745.823523][T23035] ? do_syscall_64+0x26/0x760 [ 2745.828200][T23035] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2745.834283][T23035] ? do_syscall_64+0x26/0x760 [ 2745.838964][T23035] __x64_sys_write+0x73/0xb0 [ 2745.843557][T23035] do_syscall_64+0xfa/0x760 [ 2745.848070][T23035] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2745.853977][T23035] RIP: 0033:0x459a59 [ 2745.858008][T23035] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2745.878072][T23035] RSP: 002b:00007f45afa08c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2745.886824][T23035] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2745.894783][T23035] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000d [ 2745.902759][T23035] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2745.910817][T23035] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f45afa096d4 [ 2745.918770][T23035] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2745.961053][T23035] memory: usage 5252kB, limit 0kB, failcnt 1096 [ 2745.967526][T23035] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2745.974896][T23035] Memory cgroup stats for /syz4: [ 2745.976533][T23035] anon 4325376 [ 2745.976533][T23035] file 0 [ 2745.976533][T23035] kernel_stack 65536 [ 2745.976533][T23035] slab 811008 [ 2745.976533][T23035] sock 0 [ 2745.976533][T23035] shmem 0 [ 2745.976533][T23035] file_mapped 0 [ 2745.976533][T23035] file_dirty 135168 [ 2745.976533][T23035] file_writeback 0 [ 2745.976533][T23035] anon_thp 4194304 [ 2745.976533][T23035] inactive_anon 0 [ 2745.976533][T23035] active_anon 4325376 [ 2745.976533][T23035] inactive_file 0 [ 2745.976533][T23035] active_file 0 [ 2745.976533][T23035] unevictable 0 [ 2745.976533][T23035] slab_reclaimable 270336 [ 2745.976533][T23035] slab_unreclaimable 540672 [ 2745.976533][T23035] pgfault 20361 [ 2745.976533][T23035] pgmajfault 0 [ 2745.976533][T23035] workingset_refault 0 [ 2745.976533][T23035] workingset_activate 0 [ 2745.976533][T23035] workingset_nodereclaim 0 [ 2745.976533][T23035] pgrefill 132 [ 2745.976533][T23035] pgscan 216 [ 2745.976533][T23035] pgsteal 105 [ 2745.976533][T23035] pgactivate 99 [ 2746.076432][T23035] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23034,uid=0 [ 2746.094947][T23035] Memory cgroup out of memory: Killed process 23034 (syz-executor.4) total-vm:72576kB, anon-rss:4228kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2746.117440][ T1065] oom_reaper: reaped process 23034 (syz-executor.4), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 2746.137100][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2746.149793][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2746.159237][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2746.168967][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2746.178800][T21074] bridge0: port 2(bridge_slave_1) entered blocking state [ 2746.185923][T21074] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2746.196118][T23005] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 16:22:04 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) 16:22:04 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x0, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) 16:22:04 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) [ 2746.258625][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2746.261251][T22999] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2746.283990][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2746.302504][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2746.340365][T22999] CPU: 0 PID: 22999 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 2746.347962][T22999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2746.358019][T22999] Call Trace: [ 2746.361326][T22999] dump_stack+0x172/0x1f0 [ 2746.365659][T22999] dump_header+0x10b/0x82d [ 2746.370069][T22999] ? oom_kill_process+0x94/0x3f0 [ 2746.375009][T22999] oom_kill_process.cold+0x10/0x15 [ 2746.380123][T22999] out_of_memory+0x334/0x1340 [ 2746.384815][T22999] ? lock_downgrade+0x920/0x920 [ 2746.389677][T22999] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2746.395492][T22999] ? oom_killer_disable+0x280/0x280 [ 2746.400706][T22999] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2746.406250][T22999] ? memcg_stat_show+0xc40/0xc40 [ 2746.411196][T22999] ? do_raw_spin_unlock+0x57/0x270 [ 2746.416368][T22999] ? _raw_spin_unlock+0x2d/0x50 [ 2746.421234][T22999] try_charge+0xf4b/0x1440 [ 2746.425663][T22999] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2746.431210][T22999] ? percpu_ref_tryget_live+0x111/0x290 [ 2746.436900][T22999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2746.443185][T22999] ? __kasan_check_read+0x11/0x20 [ 2746.448229][T22999] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2746.453797][T22999] mem_cgroup_try_charge+0x136/0x590 [ 2746.459101][T22999] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2746.464774][T22999] __handle_mm_fault+0x1f0d/0x4040 [ 2746.469937][T22999] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2746.475529][T22999] ? handle_mm_fault+0x292/0xaa0 [ 2746.480523][T22999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2746.486789][T22999] ? __kasan_check_read+0x11/0x20 [ 2746.491945][T22999] handle_mm_fault+0x3b7/0xaa0 [ 2746.496741][T22999] __do_page_fault+0x536/0xdd0 [ 2746.501549][T22999] do_page_fault+0x38/0x590 [ 2746.506066][T22999] page_fault+0x39/0x40 [ 2746.510216][T22999] RIP: 0033:0x42ffac [ 2746.514126][T22999] Code: 83 c0 17 41 55 41 54 55 53 48 89 c5 48 83 e5 f0 48 89 fb 48 81 ec 98 00 00 00 48 83 f8 20 b8 20 00 00 00 48 0f 42 e8 48 85 ff <48> 89 74 24 08 0f 84 3a 08 00 00 48 3b 2d ba 4f 64 00 77 70 89 ef [ 2746.534012][T22999] RSP: 002b:00007ffed32fffd0 EFLAGS: 00010202 [ 2746.540201][T22999] RAX: 0000000000000020 RBX: 0000000000716640 RCX: 0000000000458dc4 [ 2746.548196][T22999] RDX: 00007ffed33000c0 RSI: 0000000000008030 RDI: 0000000000716640 [ 2746.556181][T22999] RBP: 0000000000008040 R08: 0000000000000001 R09: 0000000000b2e940 [ 2746.564181][T22999] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffed33012a0 [ 2746.572174][T22999] R13: 00007ffed3301290 R14: 0000000000000000 R15: 00007ffed33012a0 [ 2746.622379][T22999] memory: usage 872kB, limit 0kB, failcnt 1108 [ 2746.628736][T22999] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2746.636452][T22999] Memory cgroup stats for /syz4: [ 2746.636578][T22999] anon 61440 [ 2746.636578][T22999] file 0 [ 2746.636578][T22999] kernel_stack 65536 [ 2746.636578][T22999] slab 811008 [ 2746.636578][T22999] sock 0 [ 2746.636578][T22999] shmem 0 [ 2746.636578][T22999] file_mapped 0 [ 2746.636578][T22999] file_dirty 135168 [ 2746.636578][T22999] file_writeback 0 [ 2746.636578][T22999] anon_thp 0 [ 2746.636578][T22999] inactive_anon 0 [ 2746.636578][T22999] active_anon 61440 [ 2746.636578][T22999] inactive_file 0 [ 2746.636578][T22999] active_file 0 [ 2746.636578][T22999] unevictable 0 [ 2746.636578][T22999] slab_reclaimable 270336 [ 2746.636578][T22999] slab_unreclaimable 540672 [ 2746.636578][T22999] pgfault 20361 [ 2746.636578][T22999] pgmajfault 0 [ 2746.636578][T22999] workingset_refault 0 [ 2746.636578][T22999] workingset_activate 0 [ 2746.636578][T22999] workingset_nodereclaim 0 [ 2746.636578][T22999] pgrefill 132 [ 2746.636578][T22999] pgscan 216 [ 2746.636578][T22999] pgsteal 105 [ 2746.636578][T22999] pgactivate 99 [ 2746.732873][T22999] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=22999,uid=0 [ 2746.748847][T22999] Memory cgroup out of memory: Killed process 22999 (syz-executor.4) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2746.767404][ T1065] oom_reaper: reaped process 22999 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2746.789537][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2746.813416][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2746.832786][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2746.865249][T23007] 8021q: adding VLAN 0 to HW filter on device team0 [ 2746.895335][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2746.923036][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2746.942749][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 16:22:05 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2747.281951][T23005] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2747.301097][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2747.340931][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 16:22:05 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2747.406338][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2747.424550][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2747.442050][T11398] bridge0: port 1(bridge_slave_0) entered blocking state [ 2747.449149][T11398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2747.481379][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2747.501899][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2747.565140][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2747.582714][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2747.623377][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2747.641021][ T3335] bridge0: port 2(bridge_slave_1) entered blocking state [ 2747.648141][ T3335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2747.681412][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2747.705791][T23009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2747.845667][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2747.879739][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready 16:22:05 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r1 = socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2747.906049][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2747.927313][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2748.005042][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2748.017136][T23045] IPVS: ftp: loaded support on port[0] = 21 [ 2748.089909][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 16:22:06 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r1 = socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2748.206204][T23009] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2748.214139][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2748.255721][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2748.355324][T23007] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2748.383720][T23050] IPVS: ftp: loaded support on port[0] = 21 [ 2748.404874][T23007] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2748.427995][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2748.441674][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 16:22:06 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2748.650067][T23007] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2748.867216][T23064] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2748.910706][T23064] CPU: 1 PID: 23064 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2748.918304][T23064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2748.928371][T23064] Call Trace: [ 2748.931674][T23064] dump_stack+0x172/0x1f0 [ 2748.936017][T23064] dump_header+0x10b/0x82d [ 2748.940638][T23064] oom_kill_process.cold+0x10/0x15 [ 2748.945759][T23064] out_of_memory+0x334/0x1340 [ 2748.950444][T23064] ? preempt_schedule_irq+0xf3/0x160 [ 2748.955744][T23064] ? retint_kernel+0x2b/0x2b [ 2748.960349][T23064] ? oom_killer_disable+0x280/0x280 [ 2748.965561][T23064] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 2748.971338][T23064] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2748.976894][T23064] ? memcg_stat_show+0xc40/0xc40 [ 2748.981863][T23064] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2748.987688][T23064] ? cgroup_file_notify+0x140/0x1b0 [ 2748.992911][T23064] memory_max_write+0x262/0x3a0 [ 2748.997783][T23064] ? mem_cgroup_write+0x370/0x370 [ 2749.002839][T23064] cgroup_file_write+0x241/0x790 [ 2749.007796][T23064] ? mem_cgroup_write+0x370/0x370 [ 2749.012841][T23064] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2749.018524][T23064] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2749.024198][T23064] kernfs_fop_write+0x2b8/0x480 [ 2749.029183][T23064] __vfs_write+0x8a/0x110 [ 2749.033676][T23064] ? kernfs_fop_open+0xd80/0xd80 [ 2749.038615][T23064] vfs_write+0x268/0x5d0 [ 2749.042846][T23064] ksys_write+0x14f/0x290 [ 2749.047170][T23064] ? __ia32_sys_read+0xb0/0xb0 [ 2749.051925][T23064] __x64_sys_write+0x73/0xb0 [ 2749.056509][T23064] do_syscall_64+0xfa/0x760 [ 2749.061096][T23064] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2749.066979][T23064] RIP: 0033:0x459a59 [ 2749.070874][T23064] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2749.090757][T23064] RSP: 002b:00007f5df3f0ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2749.099247][T23064] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2749.107226][T23064] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2749.115198][T23064] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2749.123159][T23064] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5df3f0b6d4 [ 2749.131115][T23064] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2749.182191][T23064] memory: usage 5188kB, limit 0kB, failcnt 979 [ 2749.199057][T23064] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2749.203984][T23069] IPVS: ftp: loaded support on port[0] = 21 [ 2749.208103][T23064] Memory cgroup stats for /syz2: [ 2749.209521][T23064] anon 4374528 [ 2749.209521][T23064] file 86016 [ 2749.209521][T23064] kernel_stack 65536 [ 2749.209521][T23064] slab 671744 [ 2749.209521][T23064] sock 0 [ 2749.209521][T23064] shmem 0 [ 2749.209521][T23064] file_mapped 0 [ 2749.209521][T23064] file_dirty 0 [ 2749.209521][T23064] file_writeback 0 [ 2749.209521][T23064] anon_thp 4194304 [ 2749.209521][T23064] inactive_anon 0 [ 2749.209521][T23064] active_anon 4374528 [ 2749.209521][T23064] inactive_file 0 [ 2749.209521][T23064] active_file 0 [ 2749.209521][T23064] unevictable 0 [ 2749.209521][T23064] slab_reclaimable 135168 [ 2749.209521][T23064] slab_unreclaimable 536576 [ 2749.209521][T23064] pgfault 35409 [ 2749.209521][T23064] pgmajfault 0 [ 2749.209521][T23064] workingset_refault 0 [ 2749.209521][T23064] workingset_activate 0 [ 2749.209521][T23064] workingset_nodereclaim 0 [ 2749.209521][T23064] pgrefill 166 [ 2749.209521][T23064] pgscan 167 [ 2749.209521][T23064] pgsteal 0 [ 2749.209521][T23064] pgactivate 99 [ 2749.314283][T23064] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23062,uid=0 [ 2749.373498][T23064] Memory cgroup out of memory: Killed process 23062 (syz-executor.2) total-vm:72576kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2749.406029][ T1065] oom_reaper: reaped process 23062 (syz-executor.2), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 2749.475790][T23005] syz-executor.5 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 2749.527551][T23005] CPU: 0 PID: 23005 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 2749.535313][T23005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2749.545371][T23005] Call Trace: [ 2749.548671][T23005] dump_stack+0x172/0x1f0 [ 2749.553020][T23005] dump_header+0x10b/0x82d [ 2749.557432][T23005] ? oom_kill_process+0x94/0x3f0 [ 2749.562403][T23005] oom_kill_process.cold+0x10/0x15 [ 2749.567612][T23005] out_of_memory+0x334/0x1340 [ 2749.572290][T23005] ? lock_downgrade+0x920/0x920 [ 2749.577150][T23005] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2749.582973][T23005] ? oom_killer_disable+0x280/0x280 [ 2749.588201][T23005] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2749.593768][T23005] ? memcg_stat_show+0xc40/0xc40 [ 2749.598718][T23005] ? do_raw_spin_unlock+0x57/0x270 [ 2749.603841][T23005] ? _raw_spin_unlock+0x2d/0x50 [ 2749.608789][T23005] try_charge+0xf4b/0x1440 [ 2749.613228][T23005] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2749.618783][T23005] ? cache_grow_begin+0x122/0xd20 [ 2749.623811][T23005] ? find_held_lock+0x35/0x130 [ 2749.628582][T23005] ? cache_grow_begin+0x122/0xd20 [ 2749.633619][T23005] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2749.639162][T23005] ? lock_downgrade+0x920/0x920 [ 2749.644192][T23005] ? memcg_kmem_put_cache+0x50/0x50 [ 2749.649395][T23005] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2749.655662][T23005] ? __kasan_check_read+0x11/0x20 [ 2749.660698][T23005] cache_grow_begin+0x629/0xd20 [ 2749.666073][T23005] ? write_comp_data+0x61/0x70 [ 2749.666088][T23005] ? mempolicy_slab_node+0x139/0x390 [ 2749.666108][T23005] fallback_alloc+0x1fd/0x2d0 [ 2749.680787][T23005] ____cache_alloc_node+0x1bc/0x1d0 [ 2749.680804][T23005] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2749.680823][T23005] kmem_cache_alloc+0x1ef/0x710 [ 2749.680838][T23005] ? lock_downgrade+0x920/0x920 [ 2749.680852][T23005] ? rwlock_bug.part.0+0x90/0x90 [ 2749.680870][T23005] ? ratelimit_state_init+0xb0/0xb0 [ 2749.680887][T23005] ext4_alloc_inode+0x1f/0x640 [ 2749.692293][T23005] ? ratelimit_state_init+0xb0/0xb0 [ 2749.692308][T23005] alloc_inode+0x68/0x1e0 [ 2749.692325][T23005] iget_locked+0x1a6/0x4b0 [ 2749.702001][T23005] __ext4_iget+0x265/0x3e20 [ 2749.702022][T23005] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2749.702048][T23005] ? ext4_get_projid+0x190/0x190 [ 2749.702067][T23005] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2749.702082][T23005] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2749.702099][T23005] ? d_alloc_parallel+0xa78/0x1c30 [ 2749.716968][T23005] ext4_lookup+0x3b1/0x7a0 [ 2749.730846][T23005] ? ext4_cross_rename+0x1430/0x1430 [ 2749.730863][T23005] ? __lock_acquire+0x16f2/0x4a00 [ 2749.730880][T23005] ? debug_smp_processor_id+0x3c/0x214 [ 2749.730902][T23005] ? lockdep_init_map+0x1be/0x6d0 [ 2749.730925][T23005] __lookup_slow+0x279/0x500 [ 2749.741632][T23005] ? vfs_unlink+0x620/0x620 [ 2749.752103][T23005] lookup_slow+0x58/0x80 [ 2749.752122][T23005] path_mountpoint+0x5d2/0x1e60 [ 2749.752140][T23005] ? debug_smp_processor_id+0x3c/0x214 [ 2749.772863][T23005] ? perf_trace_lock_acquire+0xf5/0x530 [ 2749.783307][T23005] ? path_openat+0x46d0/0x46d0 [ 2749.783334][T23005] filename_mountpoint+0x18e/0x390 [ 2749.783350][T23005] ? filename_parentat.isra.0+0x410/0x410 [ 2749.783368][T23005] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2749.783396][T23005] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2749.783411][T23005] ? __phys_addr_symbol+0x30/0x70 [ 2749.783426][T23005] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2749.783441][T23005] ? __check_object_size+0x3d/0x437 [ 2749.783466][T23005] ? strncpy_from_user+0x2b4/0x400 [ 2749.793039][T23005] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2749.793059][T23005] ? getname_flags+0x277/0x5b0 [ 2749.839964][T23005] user_path_mountpoint_at+0x3a/0x50 [ 2749.839984][T23005] ksys_umount+0x164/0xf00 [ 2749.856938][T23005] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2749.856952][T23005] ? __ia32_sys_rmdir+0x40/0x40 [ 2749.856972][T23005] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2749.873457][T23005] ? __detach_mounts+0x2a0/0x2a0 [ 2749.873475][T23005] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2749.873490][T23005] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2749.873509][T23005] ? do_syscall_64+0x26/0x760 [ 2749.873525][T23005] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2749.873539][T23005] ? do_syscall_64+0x26/0x760 [ 2749.873555][T23005] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2749.873573][T23005] __x64_sys_umount+0x54/0x80 [ 2749.873590][T23005] do_syscall_64+0xfa/0x760 [ 2749.883609][T23005] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2749.883624][T23005] RIP: 0033:0x45c487 [ 2749.893980][T23005] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2749.893989][T23005] RSP: 002b:00007fffb99b9b48 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 2749.894010][T23005] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c487 [ 2749.915462][T23005] RDX: 0000000000403550 RSI: 0000000000000002 RDI: 00007fffb99b9bf0 [ 2749.925579][T23005] RBP: 000000000000000a R08: 0000000000000000 R09: 000000000000000e [ 2749.925589][T23005] R10: 000000000000000a R11: 0000000000000202 R12: 00007fffb99bac80 [ 2749.925598][T23005] R13: 000000000142f940 R14: 0000000000000000 R15: 00007fffb99bac80 [ 2750.043069][T23005] memory: usage 1048kB, limit 0kB, failcnt 1078 [ 2750.049462][T23005] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2750.056980][T23005] Memory cgroup stats for /syz5: [ 2750.057096][T23005] anon 172032 [ 2750.057096][T23005] file 90112 [ 2750.057096][T23005] kernel_stack 0 [ 2750.057096][T23005] slab 966656 [ 2750.057096][T23005] sock 0 [ 2750.057096][T23005] shmem 0 [ 2750.057096][T23005] file_mapped 0 [ 2750.057096][T23005] file_dirty 0 [ 2750.057096][T23005] file_writeback 0 [ 2750.057096][T23005] anon_thp 0 [ 2750.057096][T23005] inactive_anon 0 [ 2750.057096][T23005] active_anon 94208 [ 2750.057096][T23005] inactive_file 135168 [ 2750.057096][T23005] active_file 0 [ 2750.057096][T23005] unevictable 0 [ 2750.057096][T23005] slab_reclaimable 270336 [ 2750.057096][T23005] slab_unreclaimable 696320 [ 2750.057096][T23005] pgfault 19899 [ 2750.057096][T23005] pgmajfault 0 [ 2750.057096][T23005] workingset_refault 0 [ 2750.057096][T23005] workingset_activate 0 [ 2750.057096][T23005] workingset_nodereclaim 0 [ 2750.057096][T23005] pgrefill 166 [ 2750.057096][T23005] pgscan 165 [ 2750.057096][T23005] pgsteal 35 [ 2750.057096][T23005] pgactivate 132 [ 2750.157016][T23005] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23005,uid=0 [ 2750.172648][T23005] Memory cgroup out of memory: Killed process 23005 (syz-executor.5) total-vm:72440kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2750.191529][ T1065] oom_reaper: reaped process 23005 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2750.202773][T23009] syz-executor.2 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 2750.215326][T23009] CPU: 0 PID: 23009 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2750.222890][T23009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2750.232940][T23009] Call Trace: [ 2750.232961][T23009] dump_stack+0x172/0x1f0 [ 2750.232980][T23009] dump_header+0x10b/0x82d [ 2750.232996][T23009] ? oom_kill_process+0x94/0x3f0 [ 2750.240681][T23009] oom_kill_process.cold+0x10/0x15 [ 2750.240699][T23009] out_of_memory+0x334/0x1340 [ 2750.240714][T23009] ? lock_downgrade+0x920/0x920 [ 2750.240733][T23009] ? oom_killer_disable+0x280/0x280 [ 2750.240757][T23009] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2750.240770][T23009] ? memcg_stat_show+0xc40/0xc40 [ 2750.240788][T23009] ? do_raw_spin_unlock+0x57/0x270 [ 2750.250140][T23009] ? _raw_spin_unlock+0x2d/0x50 [ 2750.250158][T23009] try_charge+0xf4b/0x1440 [ 2750.250183][T23009] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2750.259936][T23009] ? cache_grow_begin+0x122/0xd20 [ 2750.259956][T23009] ? find_held_lock+0x35/0x130 [ 2750.275493][T23009] ? cache_grow_begin+0x122/0xd20 [ 2750.275517][T23009] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2750.285529][T23009] ? lock_downgrade+0x920/0x920 [ 2750.285546][T23009] ? memcg_kmem_put_cache+0x50/0x50 [ 2750.285565][T23009] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2750.300440][T23009] ? __kasan_check_read+0x11/0x20 [ 2750.300462][T23009] cache_grow_begin+0x629/0xd20 [ 2750.300481][T23009] ? write_comp_data+0x61/0x70 [ 2750.300494][T23009] ? mempolicy_slab_node+0x139/0x390 [ 2750.300510][T23009] fallback_alloc+0x1fd/0x2d0 [ 2750.300533][T23009] ____cache_alloc_node+0x1bc/0x1d0 [ 2750.300548][T23009] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2750.300566][T23009] kmem_cache_alloc+0x1ef/0x710 [ 2750.300582][T23009] ? stack_trace_save+0xac/0xe0 [ 2750.300599][T23009] __alloc_file+0x27/0x340 [ 2750.300614][T23009] alloc_empty_file+0x72/0x170 [ 2750.300631][T23009] path_openat+0xef/0x46d0 [ 2750.300642][T23009] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 2750.300652][T23009] ? kasan_slab_alloc+0xf/0x20 [ 2750.300664][T23009] ? kmem_cache_alloc+0x121/0x710 [ 2750.300676][T23009] ? getname_flags+0xd6/0x5b0 [ 2750.300687][T23009] ? getname+0x1a/0x20 [ 2750.300704][T23009] ? do_sys_open+0x2c9/0x5d0 [ 2750.310473][T23009] ? __x64_sys_open+0x7e/0xc0 [ 2750.310490][T23009] ? __kasan_check_read+0x11/0x20 [ 2750.310503][T23009] ? mark_lock+0xc2/0x1220 [ 2750.310526][T23009] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 2750.310547][T23009] ? __alloc_fd+0x487/0x620 [ 2750.310568][T23009] do_filp_open+0x1a1/0x280 [ 2750.310584][T23009] ? may_open_dev+0x100/0x100 [ 2750.310599][T23009] ? lock_downgrade+0x920/0x920 [ 2750.310612][T23009] ? rwlock_bug.part.0+0x90/0x90 [ 2750.310631][T23009] ? __kasan_check_read+0x11/0x20 16:22:08 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x0, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) 16:22:08 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) 16:22:08 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2750.310643][T23009] ? do_raw_spin_unlock+0x57/0x270 [ 2750.310661][T23009] ? _raw_spin_unlock+0x2d/0x50 [ 2750.310674][T23009] ? __alloc_fd+0x487/0x620 [ 2750.310704][T23009] do_sys_open+0x3fe/0x5d0 [ 2750.310723][T23009] ? filp_open+0x80/0x80 [ 2750.310736][T23009] ? __detach_mounts+0x2a0/0x2a0 [ 2750.310754][T23009] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2750.310767][T23009] ? do_syscall_64+0x26/0x760 [ 2750.310782][T23009] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2750.310795][T23009] ? do_syscall_64+0x26/0x760 [ 2750.310815][T23009] __x64_sys_open+0x7e/0xc0 [ 2750.310832][T23009] do_syscall_64+0xfa/0x760 [ 2750.310851][T23009] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2750.310862][T23009] RIP: 0033:0x4579d0 [ 2750.310877][T23009] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 2750.310885][T23009] RSP: 002b:00007ffe2c30a2d0 EFLAGS: 00000202 ORIG_RAX: 0000000000000002 [ 2750.310898][T23009] RAX: ffffffffffffffda RBX: 000000000029f169 RCX: 00000000004579d0 [ 2750.310907][T23009] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007ffe2c30b4b0 [ 2750.310915][T23009] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001946940 [ 2750.310923][T23009] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffe2c30b4b0 [ 2750.310931][T23009] R13: 00007ffe2c30b4a0 R14: 0000000000000000 R15: 00007ffe2c30b4b0 [ 2750.327986][T23009] memory: usage 808kB, limit 0kB, failcnt 991 [ 2750.339590][T23009] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2750.359050][T23009] Memory cgroup stats for /syz2: [ 2750.359159][T23009] anon 49152 [ 2750.359159][T23009] file 86016 [ 2750.359159][T23009] kernel_stack 0 [ 2750.359159][T23009] slab 671744 [ 2750.359159][T23009] sock 0 [ 2750.359159][T23009] shmem 0 [ 2750.359159][T23009] file_mapped 0 [ 2750.359159][T23009] file_dirty 0 [ 2750.359159][T23009] file_writeback 0 [ 2750.359159][T23009] anon_thp 0 [ 2750.359159][T23009] inactive_anon 0 [ 2750.359159][T23009] active_anon 49152 [ 2750.359159][T23009] inactive_file 0 [ 2750.359159][T23009] active_file 0 [ 2750.359159][T23009] unevictable 0 [ 2750.359159][T23009] slab_reclaimable 135168 [ 2750.359159][T23009] slab_unreclaimable 536576 [ 2750.359159][T23009] pgfault 35409 [ 2750.359159][T23009] pgmajfault 0 [ 2750.359159][T23009] workingset_refault 0 [ 2750.359159][T23009] workingset_activate 0 [ 2750.359159][T23009] workingset_nodereclaim 0 [ 2750.359159][T23009] pgrefill 166 [ 2750.359159][T23009] pgscan 167 [ 2750.359159][T23009] pgsteal 0 [ 2750.359159][T23009] pgactivate 99 [ 2750.395493][T23009] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23009,uid=0 [ 2750.405335][T23009] Memory cgroup out of memory: Killed process 23009 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2750.520510][T23007] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2750.544239][T23007] CPU: 1 PID: 23007 Comm: syz-executor.1 Not tainted 5.3.0+ #0 [ 2750.566683][T23007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2750.566689][T23007] Call Trace: [ 2750.566710][T23007] dump_stack+0x172/0x1f0 [ 2750.566726][T23007] dump_header+0x10b/0x82d [ 2750.566736][T23007] ? oom_kill_process+0x94/0x3f0 [ 2750.566751][T23007] oom_kill_process.cold+0x10/0x15 [ 2750.566766][T23007] out_of_memory+0x334/0x1340 [ 2750.566779][T23007] ? lock_downgrade+0x920/0x920 [ 2750.566796][T23007] ? oom_killer_disable+0x280/0x280 [ 2750.566820][T23007] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2750.566833][T23007] ? memcg_stat_show+0xc40/0xc40 [ 2750.566850][T23007] ? do_raw_spin_unlock+0x57/0x270 [ 2750.566867][T23007] ? _raw_spin_unlock+0x2d/0x50 [ 2750.566886][T23007] try_charge+0xf4b/0x1440 [ 2750.583277][T23007] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2750.583295][T23007] ? percpu_ref_tryget_live+0x111/0x290 [ 2750.599213][T23007] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2750.615139][T23007] ? __kasan_check_read+0x11/0x20 [ 2750.615158][T23007] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2750.615177][T23007] mem_cgroup_try_charge+0x136/0x590 [ 2750.628059][T23007] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2750.721680][T23007] wp_page_copy+0x407/0x1860 [ 2750.721697][T23007] ? find_held_lock+0x35/0x130 [ 2750.721710][T23007] ? do_wp_page+0x53b/0x15c0 [ 2750.721728][T23007] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2750.754407][T23007] ? lock_downgrade+0x920/0x920 [ 2750.754426][T23007] ? swp_swapcount+0x540/0x540 [ 2750.754445][T23007] ? __kasan_check_read+0x11/0x20 [ 2750.771844][T23007] ? do_raw_spin_unlock+0x57/0x270 [ 2750.771861][T23007] do_wp_page+0x543/0x15c0 [ 2750.771881][T23007] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2750.785188][T23007] __handle_mm_fault+0x23ec/0x4040 [ 2750.793900][T23007] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2750.793914][T23007] ? handle_mm_fault+0x292/0xaa0 [ 2750.793944][T23007] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2750.803939][T23007] ? __kasan_check_read+0x11/0x20 [ 2750.803957][T23007] handle_mm_fault+0x3b7/0xaa0 [ 2750.803978][T23007] __do_page_fault+0x536/0xdd0 [ 2750.813465][T23007] do_page_fault+0x38/0x590 [ 2750.813487][T23007] page_fault+0x39/0x40 [ 2750.824196][T23007] RIP: 0033:0x403522 [ 2750.824211][T23007] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2750.824218][T23007] RSP: 002b:00007fffd32e3df0 EFLAGS: 00010246 [ 2750.834227][T23007] RAX: 0000000000000000 RBX: 000000000029f6f9 RCX: 0000000000413660 [ 2750.834235][T23007] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fffd32e4f20 [ 2750.834243][T23007] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000fc7940 [ 2750.834250][T23007] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffd32e4f20 [ 2750.834262][T23007] R13: 00007fffd32e4f10 R14: 0000000000000000 R15: 00007fffd32e4f20 [ 2750.900375][T23007] memory: usage 760kB, limit 0kB, failcnt 882 [ 2750.957689][T23007] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2750.990367][T23007] Memory cgroup stats for /syz1: [ 2750.990464][T23007] anon 114688 [ 2750.990464][T23007] file 40960 [ 2750.990464][T23007] kernel_stack 0 [ 2750.990464][T23007] slab 557056 [ 2750.990464][T23007] sock 0 [ 2750.990464][T23007] shmem 0 [ 2750.990464][T23007] file_mapped 0 [ 2750.990464][T23007] file_dirty 0 [ 2750.990464][T23007] file_writeback 0 [ 2750.990464][T23007] anon_thp 0 [ 2750.990464][T23007] inactive_anon 0 [ 2750.990464][T23007] active_anon 45056 [ 2750.990464][T23007] inactive_file 135168 [ 2750.990464][T23007] active_file 0 [ 2750.990464][T23007] unevictable 0 [ 2750.990464][T23007] slab_reclaimable 135168 [ 2750.990464][T23007] slab_unreclaimable 421888 [ 2750.990464][T23007] pgfault 29172 [ 2750.990464][T23007] pgmajfault 0 [ 2750.990464][T23007] workingset_refault 0 [ 2750.990464][T23007] workingset_activate 0 [ 2750.990464][T23007] workingset_nodereclaim 0 [ 2750.990464][T23007] pgrefill 100 [ 2750.990464][T23007] pgscan 100 [ 2750.990464][T23007] pgsteal 0 [ 2750.990464][T23007] pgactivate 66 [ 2750.998177][T23007] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=23007,uid=0 [ 2751.030449][T23007] Memory cgroup out of memory: Killed process 23007 (syz-executor.1) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2751.223155][T23045] chnl_net:caif_netlink_parms(): no params data found 16:22:09 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) 16:22:10 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2752.297974][T23045] bridge0: port 1(bridge_slave_0) entered blocking state [ 2752.307436][T23045] bridge0: port 1(bridge_slave_0) entered disabled state [ 2752.316740][T23045] device bridge_slave_0 entered promiscuous mode [ 2752.397178][T23045] bridge0: port 2(bridge_slave_1) entered blocking state [ 2752.406610][T23045] bridge0: port 2(bridge_slave_1) entered disabled state [ 2752.416137][T23045] device bridge_slave_1 entered promiscuous mode [ 2752.464846][T23050] chnl_net:caif_netlink_parms(): no params data found [ 2752.582947][T23045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2752.675504][T23045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2752.703904][T23069] chnl_net:caif_netlink_parms(): no params data found [ 2752.738451][T23045] team0: Port device team_slave_0 added [ 2752.747108][T23050] bridge0: port 1(bridge_slave_0) entered blocking state [ 2752.755124][T23050] bridge0: port 1(bridge_slave_0) entered disabled state [ 2752.764533][T23050] device bridge_slave_0 entered promiscuous mode [ 2752.893812][T23045] team0: Port device team_slave_1 added [ 2752.926966][T23050] bridge0: port 2(bridge_slave_1) entered blocking state [ 2752.935374][T23050] bridge0: port 2(bridge_slave_1) entered disabled state [ 2752.945318][T23050] device bridge_slave_1 entered promiscuous mode [ 2753.074909][T23069] bridge0: port 1(bridge_slave_0) entered blocking state [ 2753.083408][T23069] bridge0: port 1(bridge_slave_0) entered disabled state [ 2753.092909][T23069] device bridge_slave_0 entered promiscuous mode [ 2753.154457][T23045] device hsr_slave_0 entered promiscuous mode [ 2753.201706][T23045] device hsr_slave_1 entered promiscuous mode [ 2753.240496][T23045] debugfs: Directory 'hsr0' with parent '/' already present! [ 2753.250668][T23069] bridge0: port 2(bridge_slave_1) entered blocking state [ 2753.257763][T23069] bridge0: port 2(bridge_slave_1) entered disabled state [ 2753.274415][T23069] device bridge_slave_1 entered promiscuous mode [ 2753.286888][T23050] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2753.375090][T23050] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2753.402590][T23069] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2753.547484][T23069] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2753.599256][T23050] team0: Port device team_slave_0 added [ 2753.655633][T23069] team0: Port device team_slave_0 added [ 2753.667947][T23050] team0: Port device team_slave_1 added [ 2753.684537][T23069] team0: Port device team_slave_1 added [ 2753.864572][T23050] device hsr_slave_0 entered promiscuous mode [ 2753.951678][T23050] device hsr_slave_1 entered promiscuous mode [ 2754.040572][T23050] debugfs: Directory 'hsr0' with parent '/' already present! [ 2754.195022][T23069] device hsr_slave_0 entered promiscuous mode [ 2754.252035][T23069] device hsr_slave_1 entered promiscuous mode [ 2754.380805][T23069] debugfs: Directory 'hsr0' with parent '/' already present! [ 2754.728108][T23045] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2754.797691][T23045] 8021q: adding VLAN 0 to HW filter on device team0 [ 2754.816035][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2754.825161][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2754.834015][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2754.843766][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2754.853577][T21272] bridge0: port 1(bridge_slave_0) entered blocking state [ 2754.860710][T21272] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2755.012947][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2755.022580][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2755.032275][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2755.041517][T16391] bridge0: port 2(bridge_slave_1) entered blocking state [ 2755.048579][T16391] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2755.133203][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2755.159231][T23050] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2755.247652][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2755.269721][T23069] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2755.283525][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2755.294308][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2755.373251][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2755.402428][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2755.411700][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2755.420087][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2755.431121][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2755.440177][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2755.449218][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2755.472604][T23069] 8021q: adding VLAN 0 to HW filter on device team0 [ 2755.482885][T23050] 8021q: adding VLAN 0 to HW filter on device team0 [ 2755.523439][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2755.536377][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2755.576295][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2755.589146][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2755.598401][T11398] bridge0: port 1(bridge_slave_0) entered blocking state [ 2755.605531][T11398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2755.614958][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2755.624480][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2755.633380][T11398] bridge0: port 2(bridge_slave_1) entered blocking state [ 2755.640488][T11398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2755.648967][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2755.658716][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2755.668815][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2755.678408][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2755.687580][T11398] bridge0: port 1(bridge_slave_0) entered blocking state [ 2755.694703][T11398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2755.715236][T23045] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2755.828268][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2755.838857][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2755.848157][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2755.858612][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2755.868929][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2755.878567][ T3335] bridge0: port 2(bridge_slave_1) entered blocking state [ 2755.885795][ T3335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2755.945673][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2755.955719][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2756.025532][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2756.041925][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2756.075702][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2756.086508][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2756.096471][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2756.107035][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2756.116890][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2756.126530][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2756.228287][T23045] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2756.238446][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2756.249280][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2756.259734][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2756.347257][T23069] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2756.363672][T23069] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2756.388932][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2756.402384][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2756.414531][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2756.432338][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2756.512104][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2756.521822][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2756.531294][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2756.542214][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2756.589370][T23050] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2756.615311][T23069] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2756.821066][T23050] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2757.076952][T23083] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2757.091071][T23083] CPU: 1 PID: 23083 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2757.098667][T23083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2757.108724][T23083] Call Trace: [ 2757.112029][T23083] dump_stack+0x172/0x1f0 [ 2757.116369][T23083] dump_header+0x10b/0x82d [ 2757.120794][T23083] oom_kill_process.cold+0x10/0x15 [ 2757.125910][T23083] out_of_memory+0x334/0x1340 [ 2757.130604][T23083] ? __sched_text_start+0x8/0x8 [ 2757.135460][T23083] ? oom_killer_disable+0x280/0x280 [ 2757.140761][T23083] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2757.146311][T23083] ? memcg_stat_show+0xc40/0xc40 [ 2757.151274][T23083] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2757.157084][T23083] ? cgroup_file_notify+0x140/0x1b0 [ 2757.162294][T23083] memory_max_write+0x262/0x3a0 [ 2757.167153][T23083] ? mem_cgroup_write+0x370/0x370 [ 2757.172181][T23083] ? lock_acquire+0x190/0x410 [ 2757.176861][T23083] ? kernfs_fop_write+0x227/0x480 [ 2757.182078][T23083] cgroup_file_write+0x241/0x790 [ 2757.187043][T23083] ? mem_cgroup_write+0x370/0x370 [ 2757.192081][T23083] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2757.197736][T23083] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2757.203379][T23083] kernfs_fop_write+0x2b8/0x480 [ 2757.208241][T23083] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2757.214617][T23083] __vfs_write+0x8a/0x110 [ 2757.218962][T23083] ? kernfs_fop_open+0xd80/0xd80 [ 2757.223915][T23083] vfs_write+0x268/0x5d0 [ 2757.228171][T23083] ksys_write+0x14f/0x290 [ 2757.232517][T23083] ? __ia32_sys_read+0xb0/0xb0 [ 2757.237469][T23083] ? do_syscall_64+0x26/0x760 [ 2757.242154][T23083] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2757.248222][T23083] ? do_syscall_64+0x26/0x760 [ 2757.253176][T23083] __x64_sys_write+0x73/0xb0 [ 2757.257773][T23083] do_syscall_64+0xfa/0x760 [ 2757.262383][T23083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2757.268384][T23083] RIP: 0033:0x459a59 [ 2757.272294][T23083] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2757.292124][T23083] RSP: 002b:00007f15a571ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2757.300543][T23083] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2757.308517][T23083] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2757.316491][T23083] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2757.324486][T23083] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f15a571f6d4 [ 2757.332461][T23083] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2757.371578][T23083] memory: usage 26164kB, limit 0kB, failcnt 166 [ 2757.378379][T23083] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2757.386295][T23083] Memory cgroup stats for /syz0: [ 2757.388027][T23083] anon 4263936 [ 2757.388027][T23083] file 0 [ 2757.388027][T23083] kernel_stack 65536 [ 2757.388027][T23083] slab 22421504 [ 2757.388027][T23083] sock 0 [ 2757.388027][T23083] shmem 0 [ 2757.388027][T23083] file_mapped 0 [ 2757.388027][T23083] file_dirty 0 [ 2757.388027][T23083] file_writeback 0 [ 2757.388027][T23083] anon_thp 4194304 [ 2757.388027][T23083] inactive_anon 0 [ 2757.388027][T23083] active_anon 4263936 [ 2757.388027][T23083] inactive_file 0 [ 2757.388027][T23083] active_file 0 [ 2757.388027][T23083] unevictable 0 [ 2757.388027][T23083] slab_reclaimable 21762048 [ 2757.388027][T23083] slab_unreclaimable 659456 [ 2757.388027][T23083] pgfault 44979 [ 2757.388027][T23083] pgmajfault 0 [ 2757.388027][T23083] workingset_refault 0 [ 2757.388027][T23083] workingset_activate 0 [ 2757.388027][T23083] workingset_nodereclaim 0 [ 2757.388027][T23083] pgrefill 249 [ 2757.388027][T23083] pgscan 231 [ 2757.388027][T23083] pgsteal 34 [ 2757.388027][T23083] pgactivate 198 [ 2757.666463][T23083] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23082,uid=0 [ 2757.684822][T23083] Memory cgroup out of memory: Killed process 23082 (syz-executor.0) total-vm:72708kB, anon-rss:4184kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2757.708089][ T1065] oom_reaper: reaped process 23082 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 2757.774797][T23045] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2757.800512][T23045] CPU: 1 PID: 23045 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2757.808116][T23045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2757.818194][T23045] Call Trace: [ 2757.821508][T23045] dump_stack+0x172/0x1f0 [ 2757.825902][T23045] dump_header+0x10b/0x82d [ 2757.830456][T23045] ? oom_kill_process+0x94/0x3f0 [ 2757.835423][T23045] oom_kill_process.cold+0x10/0x15 [ 2757.840745][T23045] out_of_memory+0x334/0x1340 [ 2757.840763][T23045] ? lock_downgrade+0x920/0x920 [ 2757.840783][T23045] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2757.840798][T23045] ? oom_killer_disable+0x280/0x280 [ 2757.840823][T23045] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2757.840837][T23045] ? memcg_stat_show+0xc40/0xc40 [ 2757.840864][T23045] ? do_raw_spin_unlock+0x57/0x270 [ 2757.856350][T23045] ? _raw_spin_unlock+0x2d/0x50 [ 2757.856374][T23045] try_charge+0xf4b/0x1440 [ 2757.872132][T23045] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2757.872145][T23045] ? percpu_ref_tryget_live+0x111/0x290 [ 2757.872165][T23045] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2757.872182][T23045] ? __kasan_check_read+0x11/0x20 [ 2757.872202][T23045] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2757.882256][T23045] mem_cgroup_try_charge+0x136/0x590 [ 2757.882279][T23045] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2757.882298][T23045] wp_page_copy+0x407/0x1860 [ 2757.882323][T23045] ? find_held_lock+0x35/0x130 [ 2757.882340][T23045] ? do_wp_page+0x53b/0x15c0 [ 2757.892434][T23045] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2757.892455][T23045] ? lock_downgrade+0x920/0x920 [ 2757.892474][T23045] ? swp_swapcount+0x540/0x540 [ 2757.892491][T23045] ? __kasan_check_read+0x11/0x20 [ 2757.892504][T23045] ? do_raw_spin_unlock+0x57/0x270 [ 2757.892522][T23045] do_wp_page+0x543/0x15c0 [ 2757.904297][T23045] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2757.904332][T23045] __handle_mm_fault+0x23ec/0x4040 [ 2757.904353][T23045] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2757.914929][T23045] ? handle_mm_fault+0x292/0xaa0 [ 2757.914968][T23045] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2757.925860][T23045] ? __kasan_check_read+0x11/0x20 [ 2757.925883][T23045] handle_mm_fault+0x3b7/0xaa0 [ 2757.925906][T23045] __do_page_fault+0x536/0xdd0 [ 2757.935265][T23045] do_page_fault+0x38/0x590 [ 2757.935288][T23045] page_fault+0x39/0x40 [ 2757.935307][T23045] RIP: 0033:0x430b36 [ 2757.945688][T23045] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2757.945696][T23045] RSP: 002b:00007fff1d9f0430 EFLAGS: 00010206 [ 2757.945707][T23045] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2757.945715][T23045] RDX: 0000000002041930 RSI: 0000000002049970 RDI: 0000000000000003 [ 2757.945723][T23045] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000002040940 [ 2757.945731][T23045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2757.945739][T23045] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2758.110063][T23045] memory: usage 21620kB, limit 0kB, failcnt 182 [ 2758.116643][T23045] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2758.125156][T23045] Memory cgroup stats for /syz0: [ 2758.125286][T23045] anon 8192 [ 2758.125286][T23045] file 0 [ 2758.125286][T23045] kernel_stack 0 [ 2758.125286][T23045] slab 22286336 [ 2758.125286][T23045] sock 0 [ 2758.125286][T23045] shmem 0 [ 2758.125286][T23045] file_mapped 0 [ 2758.125286][T23045] file_dirty 0 [ 2758.125286][T23045] file_writeback 0 [ 2758.125286][T23045] anon_thp 0 [ 2758.125286][T23045] inactive_anon 0 [ 2758.125286][T23045] active_anon 8192 [ 2758.125286][T23045] inactive_file 0 [ 2758.125286][T23045] active_file 0 [ 2758.125286][T23045] unevictable 0 [ 2758.125286][T23045] slab_reclaimable 21626880 [ 2758.125286][T23045] slab_unreclaimable 659456 [ 2758.125286][T23045] pgfault 45012 [ 2758.125286][T23045] pgmajfault 0 [ 2758.125286][T23045] workingset_refault 0 [ 2758.125286][T23045] workingset_activate 0 [ 2758.125286][T23045] workingset_nodereclaim 0 [ 2758.125286][T23045] pgrefill 249 [ 2758.125286][T23045] pgscan 231 [ 2758.125286][T23045] pgsteal 34 [ 2758.125286][T23045] pgactivate 198 [ 2758.225214][T23045] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23045,uid=0 [ 2758.241025][T23045] Memory cgroup out of memory: Killed process 23045 (syz-executor.0) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2758.259288][T23098] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2758.259504][ T1065] oom_reaper: reaped process 23045 (syz-executor.0), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2758.270828][T23098] CPU: 0 PID: 23098 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2758.289131][T23098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2758.299215][T23098] Call Trace: [ 2758.302552][T23098] dump_stack+0x172/0x1f0 [ 2758.306922][T23098] dump_header+0x10b/0x82d [ 2758.311364][T23098] oom_kill_process.cold+0x10/0x15 [ 2758.316501][T23098] out_of_memory+0x334/0x1340 [ 2758.321278][T23098] ? retint_kernel+0x2b/0x2b [ 2758.325882][T23098] ? oom_killer_disable+0x280/0x280 [ 2758.331126][T23098] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2758.336735][T23098] ? memcg_stat_show+0xc40/0xc40 [ 2758.341688][T23098] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2758.347496][T23098] ? cgroup_file_notify+0x140/0x1b0 [ 2758.352715][T23098] memory_max_write+0x262/0x3a0 [ 2758.357666][T23098] ? mem_cgroup_write+0x370/0x370 [ 2758.362830][T23098] ? cgroup_file_write+0x86/0x790 [ 2758.367862][T23098] cgroup_file_write+0x241/0x790 [ 2758.372808][T23098] ? mem_cgroup_write+0x370/0x370 [ 2758.377849][T23098] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2758.383512][T23098] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2758.389185][T23098] kernfs_fop_write+0x2b8/0x480 [ 2758.394058][T23098] __vfs_write+0x8a/0x110 [ 2758.398395][T23098] ? kernfs_fop_open+0xd80/0xd80 [ 2758.403348][T23098] vfs_write+0x268/0x5d0 [ 2758.407612][T23098] ksys_write+0x14f/0x290 [ 2758.411951][T23098] ? __ia32_sys_read+0xb0/0xb0 [ 2758.416730][T23098] __x64_sys_write+0x73/0xb0 [ 2758.421342][T23098] do_syscall_64+0xfa/0x760 [ 2758.427375][T23098] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2758.433296][T23098] RIP: 0033:0x459a59 [ 2758.437203][T23098] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2758.456908][T23098] RSP: 002b:00007fd4db418c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2758.465464][T23098] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2758.473446][T23098] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2758.481422][T23098] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2758.489391][T23098] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd4db4196d4 [ 2758.497369][T23098] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2758.529029][T23098] memory: usage 5268kB, limit 0kB, failcnt 849 [ 2758.535666][T23098] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2758.543308][T23098] Memory cgroup stats for /syz3: [ 2758.543425][T23098] anon 4341760 [ 2758.543425][T23098] file 16384 [ 2758.543425][T23098] kernel_stack 0 [ 2758.543425][T23098] slab 946176 [ 2758.543425][T23098] sock 0 [ 2758.543425][T23098] shmem 0 [ 2758.543425][T23098] file_mapped 0 [ 2758.543425][T23098] file_dirty 0 [ 2758.543425][T23098] file_writeback 0 [ 2758.543425][T23098] anon_thp 4194304 [ 2758.543425][T23098] inactive_anon 0 [ 2758.543425][T23098] active_anon 4341760 [ 2758.543425][T23098] inactive_file 0 [ 2758.543425][T23098] active_file 0 [ 2758.543425][T23098] unevictable 0 [ 2758.543425][T23098] slab_reclaimable 270336 [ 2758.543425][T23098] slab_unreclaimable 675840 [ 2758.543425][T23098] pgfault 31251 [ 2758.543425][T23098] pgmajfault 0 [ 2758.543425][T23098] workingset_refault 0 [ 2758.543425][T23098] workingset_activate 0 [ 2758.543425][T23098] workingset_nodereclaim 0 [ 2758.543425][T23098] pgrefill 100 [ 2758.543425][T23098] pgscan 99 [ 2758.543425][T23098] pgsteal 0 [ 2758.543425][T23098] pgactivate 66 [ 2758.548489][T23098] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23096,uid=0 [ 2758.680576][T23098] Memory cgroup out of memory: Killed process 23098 (syz-executor.3) total-vm:72708kB, anon-rss:4236kB, file-rss:35828kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2758.723100][ T1065] oom_reaper: reaped process 23098 (syz-executor.3), now anon-rss:0kB, file-rss:34868kB, shmem-rss:0kB 16:22:16 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) 16:22:16 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) 16:22:16 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:22:16 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) write$cgroup_int(r5, 0x0, 0x0) 16:22:16 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x0, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) 16:22:16 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) [ 2758.790689][T23050] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2758.829634][T23050] CPU: 0 PID: 23050 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2758.837229][T23050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2758.847324][T23050] Call Trace: [ 2758.850627][T23050] dump_stack+0x172/0x1f0 [ 2758.854982][T23050] dump_header+0x10b/0x82d [ 2758.859503][T23050] ? oom_kill_process+0x94/0x3f0 [ 2758.864456][T23050] oom_kill_process.cold+0x10/0x15 [ 2758.869592][T23050] out_of_memory+0x334/0x1340 [ 2758.874288][T23050] ? lock_downgrade+0x920/0x920 [ 2758.879208][T23050] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2758.885040][T23050] ? oom_killer_disable+0x280/0x280 [ 2758.890269][T23050] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2758.895841][T23050] ? memcg_stat_show+0xc40/0xc40 [ 2758.900805][T23050] ? do_raw_spin_unlock+0x57/0x270 [ 2758.905968][T23050] ? _raw_spin_unlock+0x2d/0x50 [ 2758.910866][T23050] try_charge+0xf4b/0x1440 [ 2758.915306][T23050] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2758.920888][T23050] ? percpu_ref_tryget_live+0x111/0x290 [ 2758.926464][T23050] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2758.932753][T23050] ? __kasan_check_read+0x11/0x20 [ 2758.937801][T23050] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2758.943375][T23050] mem_cgroup_try_charge+0x136/0x590 [ 2758.948683][T23050] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2758.954354][T23050] wp_page_copy+0x407/0x1860 [ 2758.958953][T23050] ? find_held_lock+0x35/0x130 [ 2758.963733][T23050] ? do_wp_page+0x53b/0x15c0 [ 2758.968337][T23050] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2758.974156][T23050] ? lock_downgrade+0x920/0x920 [ 2758.979106][T23050] ? swp_swapcount+0x540/0x540 [ 2758.983881][T23050] ? __kasan_check_read+0x11/0x20 [ 2758.988924][T23050] ? do_raw_spin_unlock+0x57/0x270 [ 2758.994051][T23050] do_wp_page+0x543/0x15c0 [ 2758.998502][T23050] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2759.003895][T23050] __handle_mm_fault+0x23ec/0x4040 [ 2759.009025][T23050] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2759.014587][T23050] ? handle_mm_fault+0x292/0xaa0 [ 2759.019552][T23050] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2759.025808][T23050] ? __kasan_check_read+0x11/0x20 [ 2759.030859][T23050] handle_mm_fault+0x3b7/0xaa0 [ 2759.035638][T23050] __do_page_fault+0x536/0xdd0 [ 2759.040506][T23050] do_page_fault+0x38/0x590 [ 2759.045035][T23050] page_fault+0x39/0x40 [ 2759.049247][T23050] RIP: 0033:0x430b36 [ 2759.053173][T23050] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2759.072788][T23050] RSP: 002b:00007ffc1accb6f0 EFLAGS: 00010206 [ 2759.078879][T23050] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2759.086880][T23050] RDX: 0000000001d92930 RSI: 0000000001d9a970 RDI: 0000000000000003 [ 2759.094869][T23050] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001d91940 [ 2759.102866][T23050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2759.110929][T23050] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2759.260221][T23050] memory: usage 908kB, limit 0kB, failcnt 857 [ 2759.266724][T23050] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2759.274622][T23050] Memory cgroup stats for /syz3: [ 2759.274753][T23050] anon 61440 [ 2759.274753][T23050] file 16384 [ 2759.274753][T23050] kernel_stack 0 [ 2759.274753][T23050] slab 946176 [ 2759.274753][T23050] sock 0 [ 2759.274753][T23050] shmem 0 [ 2759.274753][T23050] file_mapped 0 [ 2759.274753][T23050] file_dirty 0 [ 2759.274753][T23050] file_writeback 0 [ 2759.274753][T23050] anon_thp 0 [ 2759.274753][T23050] inactive_anon 0 [ 2759.274753][T23050] active_anon 61440 [ 2759.274753][T23050] inactive_file 0 [ 2759.274753][T23050] active_file 0 [ 2759.274753][T23050] unevictable 0 [ 2759.274753][T23050] slab_reclaimable 270336 [ 2759.274753][T23050] slab_unreclaimable 675840 [ 2759.274753][T23050] pgfault 31284 [ 2759.274753][T23050] pgmajfault 0 [ 2759.274753][T23050] workingset_refault 0 [ 2759.274753][T23050] workingset_activate 0 [ 2759.274753][T23050] workingset_nodereclaim 0 [ 2759.274753][T23050] pgrefill 100 [ 2759.274753][T23050] pgscan 99 [ 2759.274753][T23050] pgsteal 0 [ 2759.274753][T23050] pgactivate 66 [ 2759.371638][T23050] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23050,uid=0 [ 2759.388159][T23050] Memory cgroup out of memory: Killed process 23050 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2759.406497][T23102] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2759.422863][T23102] CPU: 1 PID: 23102 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 2759.430451][T23102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2759.440536][T23102] Call Trace: [ 2759.443838][T23102] dump_stack+0x172/0x1f0 [ 2759.448186][T23102] dump_header+0x10b/0x82d [ 2759.452610][T23102] oom_kill_process.cold+0x10/0x15 [ 2759.457768][T23102] out_of_memory+0x334/0x1340 [ 2759.462648][T23102] ? cgroup_file_notify+0x140/0x1b0 [ 2759.467996][T23102] ? oom_killer_disable+0x280/0x280 [ 2759.473920][T23102] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2759.479478][T23102] ? memcg_stat_show+0xc40/0xc40 [ 2759.484430][T23102] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2759.490262][T23102] ? cgroup_file_notify+0x140/0x1b0 [ 2759.495488][T23102] memory_max_write+0x262/0x3a0 [ 2759.500374][T23102] ? mem_cgroup_write+0x370/0x370 [ 2759.505510][T23102] ? cgroup_file_write+0x188/0x790 [ 2759.510640][T23102] cgroup_file_write+0x241/0x790 [ 2759.515585][T23102] ? mem_cgroup_write+0x370/0x370 [ 2759.520793][T23102] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2759.526441][T23102] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2759.532171][T23102] kernfs_fop_write+0x2b8/0x480 [ 2759.537050][T23102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2759.543304][T23102] __vfs_write+0x8a/0x110 [ 2759.547636][T23102] ? kernfs_fop_open+0xd80/0xd80 [ 2759.552777][T23102] vfs_write+0x268/0x5d0 [ 2759.557033][T23102] ksys_write+0x14f/0x290 [ 2759.561367][T23102] ? __ia32_sys_read+0xb0/0xb0 [ 2759.566144][T23102] ? do_syscall_64+0x26/0x760 [ 2759.570828][T23102] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2759.576893][T23102] ? do_syscall_64+0x26/0x760 [ 2759.581591][T23102] __x64_sys_write+0x73/0xb0 [ 2759.586198][T23102] do_syscall_64+0xfa/0x760 [ 2759.590714][T23102] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2759.596746][T23102] RIP: 0033:0x459a59 [ 2759.600653][T23102] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2759.620439][T23102] RSP: 002b:00007f4fbf53ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2759.628851][T23102] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2759.640358][T23102] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000d [ 2759.648347][T23102] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2759.656299][T23102] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4fbf53f6d4 [ 2759.664250][T23102] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2759.802001][T23102] memory: usage 5652kB, limit 0kB, failcnt 1109 [ 2759.809271][T23102] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2759.818478][T23102] Memory cgroup stats for /syz4: [ 2759.820155][T23102] anon 4325376 [ 2759.820155][T23102] file 0 [ 2759.820155][T23102] kernel_stack 196608 [ 2759.820155][T23102] slab 950272 [ 2759.820155][T23102] sock 0 [ 2759.820155][T23102] shmem 0 [ 2759.820155][T23102] file_mapped 0 [ 2759.820155][T23102] file_dirty 135168 [ 2759.820155][T23102] file_writeback 0 [ 2759.820155][T23102] anon_thp 4194304 [ 2759.820155][T23102] inactive_anon 0 [ 2759.820155][T23102] active_anon 4325376 [ 2759.820155][T23102] inactive_file 0 [ 2759.820155][T23102] active_file 0 [ 2759.820155][T23102] unevictable 0 [ 2759.820155][T23102] slab_reclaimable 270336 [ 2759.820155][T23102] slab_unreclaimable 679936 [ 2759.820155][T23102] pgfault 20526 [ 2759.820155][T23102] pgmajfault 0 [ 2759.820155][T23102] workingset_refault 0 [ 2759.820155][T23102] workingset_activate 0 [ 2759.820155][T23102] workingset_nodereclaim 0 [ 2759.820155][T23102] pgrefill 132 [ 2759.820155][T23102] pgscan 216 [ 2759.820155][T23102] pgsteal 105 [ 2759.820155][T23102] pgactivate 99 16:22:17 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) [ 2759.981373][T23102] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23101,uid=0 16:22:17 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) write$cgroup_int(r5, 0x0, 0x0) [ 2760.030932][T23102] Memory cgroup out of memory: Killed process 23102 (syz-executor.4) total-vm:73232kB, anon-rss:4280kB, file-rss:35828kB, shmem-rss:0kB, UID:0 pgtables:143360kB oom_score_adj:1000 [ 2760.052966][ T1065] oom_reaper: reaped process 23102 (syz-executor.4), now anon-rss:0kB, file-rss:34868kB, shmem-rss:0kB 16:22:17 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) [ 2760.122390][T23069] syz-executor.4 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 2760.140715][T23069] CPU: 1 PID: 23069 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 2760.148294][T23069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2760.158353][T23069] Call Trace: [ 2760.161655][T23069] dump_stack+0x172/0x1f0 [ 2760.166090][T23069] dump_header+0x10b/0x82d [ 2760.170520][T23069] ? oom_kill_process+0x94/0x3f0 [ 2760.175479][T23069] oom_kill_process.cold+0x10/0x15 [ 2760.180609][T23069] out_of_memory+0x334/0x1340 [ 2760.185307][T23069] ? lock_downgrade+0x920/0x920 [ 2760.190164][T23069] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2760.195983][T23069] ? oom_killer_disable+0x280/0x280 [ 2760.201201][T23069] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2760.206754][T23069] ? memcg_stat_show+0xc40/0xc40 [ 2760.211705][T23069] ? do_raw_spin_unlock+0x57/0x270 [ 2760.216827][T23069] ? _raw_spin_unlock+0x2d/0x50 [ 2760.221798][T23069] try_charge+0xf4b/0x1440 [ 2760.226423][T23069] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2760.231975][T23069] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2760.237540][T23069] ? cache_grow_begin+0x122/0xd20 [ 2760.242576][T23069] ? find_held_lock+0x35/0x130 [ 2760.247352][T23069] ? cache_grow_begin+0x122/0xd20 [ 2760.252392][T23069] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2760.258032][T23069] ? lock_downgrade+0x920/0x920 [ 2760.262897][T23069] ? memcg_kmem_put_cache+0x50/0x50 [ 2760.268096][T23069] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2760.274348][T23069] ? __kasan_check_read+0x11/0x20 [ 2760.279404][T23069] cache_grow_begin+0x629/0xd20 [ 2760.284267][T23069] ? write_comp_data+0x61/0x70 [ 2760.289061][T23069] ? mempolicy_slab_node+0x139/0x390 [ 2760.294363][T23069] fallback_alloc+0x1fd/0x2d0 [ 2760.299089][T23069] ____cache_alloc_node+0x1bc/0x1d0 [ 2760.304294][T23069] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2760.310542][T23069] kmem_cache_alloc+0x1ef/0x710 [ 2760.315398][T23069] ? lock_downgrade+0x920/0x920 [ 2760.321120][T23069] ? rwlock_bug.part.0+0x90/0x90 [ 2760.326071][T23069] ? ratelimit_state_init+0xb0/0xb0 [ 2760.331321][T23069] ext4_alloc_inode+0x1f/0x640 [ 2760.336120][T23069] ? ratelimit_state_init+0xb0/0xb0 [ 2760.341328][T23069] alloc_inode+0x68/0x1e0 [ 2760.345662][T23069] iget_locked+0x1a6/0x4b0 [ 2760.350083][T23069] __ext4_iget+0x265/0x3e20 [ 2760.354628][T23069] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2760.360883][T23069] ? ext4_get_projid+0x190/0x190 [ 2760.365829][T23069] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2760.371401][T23069] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2760.377415][T23069] ? d_alloc_parallel+0xa78/0x1c30 [ 2760.382570][T23069] ext4_lookup+0x3b1/0x7a0 [ 2760.387013][T23069] ? ext4_cross_rename+0x1430/0x1430 [ 2760.392337][T23069] ? __lock_acquire+0x16f2/0x4a00 [ 2760.397489][T23069] ? __kasan_check_read+0x11/0x20 [ 2760.402533][T23069] ? lockdep_init_map+0x1be/0x6d0 [ 2760.407573][T23069] __lookup_slow+0x279/0x500 [ 2760.412177][T23069] ? vfs_unlink+0x620/0x620 [ 2760.416724][T23069] lookup_slow+0x58/0x80 [ 2760.420981][T23069] path_mountpoint+0x5d2/0x1e60 [ 2760.425854][T23069] ? __kasan_check_read+0x11/0x20 [ 2760.430892][T23069] ? __lock_acquire+0x16f2/0x4a00 [ 2760.435937][T23069] ? path_openat+0x46d0/0x46d0 [ 2760.440706][T23069] ? find_held_lock+0x35/0x130 [ 2760.445475][T23069] filename_mountpoint+0x18e/0x390 [ 2760.450587][T23069] ? filename_parentat.isra.0+0x410/0x410 [ 2760.456317][T23069] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2760.462491][T23069] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2760.468760][T23069] ? __phys_addr_symbol+0x30/0x70 [ 2760.473787][T23069] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2760.479514][T23069] ? __check_object_size+0x3d/0x437 [ 2760.484726][T23069] ? strncpy_from_user+0x2b4/0x400 [ 2760.489839][T23069] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2760.496083][T23069] ? getname_flags+0x277/0x5b0 [ 2760.500860][T23069] user_path_mountpoint_at+0x3a/0x50 [ 2760.506298][T23069] ksys_umount+0x164/0xf00 [ 2760.510740][T23069] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2760.516712][T23069] ? __ia32_sys_rmdir+0x40/0x40 [ 2760.521582][T23069] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2760.527824][T23069] ? __detach_mounts+0x2a0/0x2a0 [ 2760.532766][T23069] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2760.538227][T23069] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2760.543686][T23069] ? do_syscall_64+0x26/0x760 [ 2760.548531][T23069] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2760.554608][T23069] ? do_syscall_64+0x26/0x760 [ 2760.559285][T23069] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2760.564576][T23069] __x64_sys_umount+0x54/0x80 [ 2760.569250][T23069] do_syscall_64+0xfa/0x760 [ 2760.573880][T23069] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2760.579876][T23069] RIP: 0033:0x45c487 [ 2760.583755][T23069] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2760.603763][T23069] RSP: 002b:00007ffdcc192538 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 2760.612436][T23069] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c487 [ 2760.620454][T23069] RDX: 0000000000403550 RSI: 0000000000000002 RDI: 00007ffdcc1925e0 [ 2760.628414][T23069] RBP: 0000000000000004 R08: 0000000000000000 R09: 000000000000000e [ 2760.636370][T23069] R10: 000000000000000a R11: 0000000000000206 R12: 00007ffdcc193670 [ 2760.644339][T23069] R13: 0000000002999940 R14: 0000000000000000 R15: 00007ffdcc193670 [ 2760.658872][T23069] memory: usage 1052kB, limit 0kB, failcnt 1121 [ 2760.665256][T23069] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2760.672614][T23069] Memory cgroup stats for /syz4: [ 2760.672715][T23069] anon 40960 [ 2760.672715][T23069] file 0 [ 2760.672715][T23069] kernel_stack 65536 [ 2760.672715][T23069] slab 950272 [ 2760.672715][T23069] sock 0 [ 2760.672715][T23069] shmem 0 [ 2760.672715][T23069] file_mapped 0 [ 2760.672715][T23069] file_dirty 135168 [ 2760.672715][T23069] file_writeback 0 [ 2760.672715][T23069] anon_thp 0 [ 2760.672715][T23069] inactive_anon 0 [ 2760.672715][T23069] active_anon 40960 [ 2760.672715][T23069] inactive_file 0 [ 2760.672715][T23069] active_file 0 [ 2760.672715][T23069] unevictable 0 [ 2760.672715][T23069] slab_reclaimable 270336 [ 2760.672715][T23069] slab_unreclaimable 679936 [ 2760.672715][T23069] pgfault 20526 [ 2760.672715][T23069] pgmajfault 0 [ 2760.672715][T23069] workingset_refault 0 [ 2760.672715][T23069] workingset_activate 0 [ 2760.672715][T23069] workingset_nodereclaim 0 [ 2760.672715][T23069] pgrefill 132 [ 2760.672715][T23069] pgscan 216 [ 2760.672715][T23069] pgsteal 105 [ 2760.672715][T23069] pgactivate 99 [ 2760.844611][T23069] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23069,uid=0 [ 2760.860225][T23069] Memory cgroup out of memory: Killed process 23069 (syz-executor.4) total-vm:72440kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 2760.884479][ T1065] oom_reaper: reaped process 23069 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 16:22:18 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x0, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2760.930119][T23109] IPVS: ftp: loaded support on port[0] = 21 [ 2760.992080][T23112] IPVS: ftp: loaded support on port[0] = 21 16:22:18 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2761.354029][T23113] IPVS: ftp: loaded support on port[0] = 21 16:22:19 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) write$cgroup_int(r5, 0x0, 0x0) 16:22:19 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2761.705494][T23115] IPVS: ftp: loaded support on port[0] = 21 [ 2762.322696][T23112] chnl_net:caif_netlink_parms(): no params data found [ 2762.415111][T23109] chnl_net:caif_netlink_parms(): no params data found [ 2762.477353][T23120] IPVS: ftp: loaded support on port[0] = 21 [ 2762.484347][T23113] chnl_net:caif_netlink_parms(): no params data found [ 2762.709329][T23112] bridge0: port 1(bridge_slave_0) entered blocking state [ 2762.717890][T23112] bridge0: port 1(bridge_slave_0) entered disabled state [ 2762.727955][T23112] device bridge_slave_0 entered promiscuous mode [ 2762.824625][T23112] bridge0: port 2(bridge_slave_1) entered blocking state [ 2762.840587][T23112] bridge0: port 2(bridge_slave_1) entered disabled state [ 2762.850030][T23112] device bridge_slave_1 entered promiscuous mode [ 2762.891616][T23115] chnl_net:caif_netlink_parms(): no params data found [ 2762.907510][T23109] bridge0: port 1(bridge_slave_0) entered blocking state [ 2762.915749][T23109] bridge0: port 1(bridge_slave_0) entered disabled state [ 2762.925182][T23109] device bridge_slave_0 entered promiscuous mode [ 2762.987304][T23113] bridge0: port 1(bridge_slave_0) entered blocking state [ 2762.999456][T23113] bridge0: port 1(bridge_slave_0) entered disabled state [ 2763.009337][T23113] device bridge_slave_0 entered promiscuous mode [ 2763.036827][T23109] bridge0: port 2(bridge_slave_1) entered blocking state [ 2763.045440][T23109] bridge0: port 2(bridge_slave_1) entered disabled state [ 2763.055284][T23109] device bridge_slave_1 entered promiscuous mode [ 2763.074805][T23113] bridge0: port 2(bridge_slave_1) entered blocking state [ 2763.089308][T23113] bridge0: port 2(bridge_slave_1) entered disabled state [ 2763.113032][T23113] device bridge_slave_1 entered promiscuous mode [ 2763.136128][T23112] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2763.235841][T23112] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2763.364466][T23113] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2763.377857][T23123] IPVS: ftp: loaded support on port[0] = 21 [ 2763.455932][T23109] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2763.477519][T23115] bridge0: port 1(bridge_slave_0) entered blocking state [ 2763.485145][T23115] bridge0: port 1(bridge_slave_0) entered disabled state [ 2763.494736][T23115] device bridge_slave_0 entered promiscuous mode [ 2763.507056][T23113] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2763.529454][T23109] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2763.543708][T23112] team0: Port device team_slave_0 added [ 2763.550281][T23115] bridge0: port 2(bridge_slave_1) entered blocking state [ 2763.557543][T23115] bridge0: port 2(bridge_slave_1) entered disabled state [ 2763.568032][T23115] device bridge_slave_1 entered promiscuous mode [ 2763.615389][T23112] team0: Port device team_slave_1 added [ 2763.636909][T23115] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2763.650532][T23115] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2763.796476][T23113] team0: Port device team_slave_0 added [ 2763.875061][T23112] device hsr_slave_0 entered promiscuous mode [ 2763.952822][T23112] device hsr_slave_1 entered promiscuous mode [ 2763.990499][T23112] debugfs: Directory 'hsr0' with parent '/' already present! [ 2764.001070][T23109] team0: Port device team_slave_0 added [ 2764.020683][T23113] team0: Port device team_slave_1 added [ 2764.092515][T23109] team0: Port device team_slave_1 added [ 2764.159630][T23115] team0: Port device team_slave_0 added [ 2764.208993][T23115] team0: Port device team_slave_1 added [ 2764.356009][T23113] device hsr_slave_0 entered promiscuous mode [ 2764.392549][T23113] device hsr_slave_1 entered promiscuous mode [ 2764.460713][T23113] debugfs: Directory 'hsr0' with parent '/' already present! [ 2764.603038][T23120] chnl_net:caif_netlink_parms(): no params data found [ 2764.667264][T23109] device hsr_slave_0 entered promiscuous mode [ 2764.743478][T23109] device hsr_slave_1 entered promiscuous mode [ 2764.793270][T23109] debugfs: Directory 'hsr0' with parent '/' already present! [ 2764.884900][T23115] device hsr_slave_0 entered promiscuous mode [ 2764.932068][T23115] device hsr_slave_1 entered promiscuous mode [ 2765.010637][T23115] debugfs: Directory 'hsr0' with parent '/' already present! [ 2765.332355][T23120] bridge0: port 1(bridge_slave_0) entered blocking state [ 2765.339586][T23120] bridge0: port 1(bridge_slave_0) entered disabled state [ 2765.353103][T23120] device bridge_slave_0 entered promiscuous mode [ 2765.366504][T23123] chnl_net:caif_netlink_parms(): no params data found [ 2765.413551][T23120] bridge0: port 2(bridge_slave_1) entered blocking state [ 2765.421817][T23120] bridge0: port 2(bridge_slave_1) entered disabled state [ 2765.432523][T23120] device bridge_slave_1 entered promiscuous mode [ 2765.883205][T23120] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2765.897468][T23120] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2765.930058][T23120] team0: Port device team_slave_0 added [ 2766.076264][T23120] team0: Port device team_slave_1 added [ 2766.093586][T23123] bridge0: port 1(bridge_slave_0) entered blocking state [ 2766.101386][T23123] bridge0: port 1(bridge_slave_0) entered disabled state [ 2766.111672][T23123] device bridge_slave_0 entered promiscuous mode [ 2766.208057][T23123] bridge0: port 2(bridge_slave_1) entered blocking state [ 2766.220554][T23123] bridge0: port 2(bridge_slave_1) entered disabled state [ 2766.229309][T23123] device bridge_slave_1 entered promiscuous mode [ 2766.365151][T23120] device hsr_slave_0 entered promiscuous mode [ 2766.502252][T23120] device hsr_slave_1 entered promiscuous mode [ 2766.600559][T23120] debugfs: Directory 'hsr0' with parent '/' already present! [ 2766.668504][T23123] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2766.745937][T23123] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2766.774038][T23112] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2766.986308][T23123] team0: Port device team_slave_0 added [ 2767.011932][T23109] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2767.027851][T23123] team0: Port device team_slave_1 added [ 2767.043751][T23113] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2767.127396][T23115] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2767.169410][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2767.179416][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2767.282546][T23123] device hsr_slave_0 entered promiscuous mode [ 2767.342119][T23123] device hsr_slave_1 entered promiscuous mode [ 2767.380687][T23123] debugfs: Directory 'hsr0' with parent '/' already present! [ 2767.395770][T23112] 8021q: adding VLAN 0 to HW filter on device team0 [ 2767.486982][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2767.502711][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2767.512417][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2767.522378][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2767.539336][T23113] 8021q: adding VLAN 0 to HW filter on device team0 [ 2767.637481][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2767.647233][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2767.656903][T11398] bridge0: port 1(bridge_slave_0) entered blocking state [ 2767.664073][T11398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2767.673261][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2767.682789][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2767.702052][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2767.727191][T23115] 8021q: adding VLAN 0 to HW filter on device team0 [ 2767.770788][T23109] 8021q: adding VLAN 0 to HW filter on device team0 [ 2767.876411][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2767.886816][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2767.896267][T11398] bridge0: port 2(bridge_slave_1) entered blocking state [ 2767.903418][T11398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2767.914615][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2767.924431][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2767.934206][T11398] bridge0: port 1(bridge_slave_0) entered blocking state [ 2767.941380][T11398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2767.951258][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2767.961982][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2767.972242][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2767.981637][T11398] bridge0: port 1(bridge_slave_0) entered blocking state [ 2767.988714][T11398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2768.078648][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2768.090119][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2768.121985][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2768.143903][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2768.153805][T11398] bridge0: port 2(bridge_slave_1) entered blocking state [ 2768.160953][T11398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2768.169454][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2768.179472][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2768.189047][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2768.197727][T11398] bridge0: port 1(bridge_slave_0) entered blocking state [ 2768.205092][T11398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2768.213829][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2768.224389][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2768.234247][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2768.243119][T11398] bridge0: port 2(bridge_slave_1) entered blocking state [ 2768.250191][T11398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2768.259552][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2768.323549][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2768.333895][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2768.343418][T16391] bridge0: port 2(bridge_slave_1) entered blocking state [ 2768.350570][T16391] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2768.359589][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2768.369927][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2768.380697][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2768.389737][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2768.483693][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2768.493006][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2768.503409][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2768.513432][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2768.523325][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2768.533418][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2768.545079][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2768.555203][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2768.573394][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2768.583614][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2768.692350][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2768.744360][T23120] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2768.757046][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2768.770044][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2768.779929][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2768.789498][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2768.799396][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2768.811385][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2768.821634][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2768.832078][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2768.841670][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2768.851614][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2768.861349][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2768.869755][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2768.899748][T23113] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2768.918747][T23113] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2768.942824][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2768.953316][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2768.962917][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2768.972220][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2769.065837][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2769.076745][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2769.086800][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2769.098160][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2769.117585][T23109] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2769.130003][T23109] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2769.239389][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2769.251230][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2769.260172][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2769.271340][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2769.286527][T23120] 8021q: adding VLAN 0 to HW filter on device team0 [ 2769.352442][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2769.371625][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2769.388105][T23112] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2769.407098][T23113] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2769.462376][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2769.482474][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2769.492385][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2769.502449][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2769.511543][T21074] bridge0: port 1(bridge_slave_0) entered blocking state [ 2769.520256][T21074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2769.554475][T23115] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2769.566675][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2769.582337][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2769.613121][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2769.622773][ T3335] bridge0: port 2(bridge_slave_1) entered blocking state [ 2769.629870][ T3335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2769.639532][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2769.658195][T23109] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2769.758357][T23123] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2770.005791][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2770.025573][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2770.060094][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2770.121569][T23141] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2770.148016][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2770.171312][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2770.172146][T23141] CPU: 0 PID: 23141 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2770.186816][T23141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2770.196929][T23141] Call Trace: [ 2770.200264][T23141] dump_stack+0x172/0x1f0 [ 2770.204649][T23141] dump_header+0x10b/0x82d [ 2770.209116][T23141] oom_kill_process.cold+0x10/0x15 [ 2770.211799][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2770.214267][T23141] out_of_memory+0x334/0x1340 [ 2770.214300][T23141] ? __sched_text_start+0x8/0x8 [ 2770.231697][T23141] ? oom_killer_disable+0x280/0x280 [ 2770.236954][T23141] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2770.242546][T23141] ? memcg_stat_show+0xc40/0xc40 [ 2770.247656][T23141] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2770.253519][T23141] ? cgroup_file_notify+0x140/0x1b0 [ 2770.258772][T23141] memory_max_write+0x262/0x3a0 [ 2770.263701][T23141] ? mem_cgroup_write+0x370/0x370 [ 2770.268938][T23141] ? cgroup_file_write+0x86/0x790 [ 2770.271546][T23120] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2770.274099][T23141] cgroup_file_write+0x241/0x790 [ 2770.274130][T23141] ? mem_cgroup_write+0x370/0x370 [ 2770.294457][T23141] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2770.300134][T23141] ? kernfs_ops+0x9f/0x120 [ 2770.304567][T23120] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2770.314952][T23141] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2770.320626][T23141] kernfs_fop_write+0x2b8/0x480 [ 2770.325527][T23141] __vfs_write+0x8a/0x110 [ 2770.329892][T23141] ? kernfs_fop_open+0xd80/0xd80 [ 2770.334871][T23141] vfs_write+0x268/0x5d0 [ 2770.339155][T23141] ksys_write+0x14f/0x290 [ 2770.343541][T23141] ? __ia32_sys_read+0xb0/0xb0 [ 2770.348370][T23141] __x64_sys_write+0x73/0xb0 [ 2770.352997][T23141] do_syscall_64+0xfa/0x760 [ 2770.357640][T23141] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2770.363565][T23141] RIP: 0033:0x459a59 [ 2770.367500][T23141] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2770.383044][T23120] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2770.387124][T23141] RSP: 002b:00007f0a9fb9ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2770.387145][T23141] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2770.387156][T23141] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2770.387174][T23141] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2770.410324][T23141] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0a9fb9b6d4 [ 2770.410336][T23141] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2770.444579][T23141] memory: usage 5264kB, limit 0kB, failcnt 994 [ 2770.451445][T23141] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2770.458475][T23141] Memory cgroup stats for /syz2: [ 2770.459466][T23141] anon 4272128 [ 2770.459466][T23141] file 86016 [ 2770.459466][T23141] kernel_stack 65536 [ 2770.459466][T23141] slab 671744 [ 2770.459466][T23141] sock 0 [ 2770.459466][T23141] shmem 0 [ 2770.459466][T23141] file_mapped 0 [ 2770.459466][T23141] file_dirty 0 [ 2770.459466][T23141] file_writeback 0 [ 2770.459466][T23141] anon_thp 4194304 [ 2770.459466][T23141] inactive_anon 0 [ 2770.459466][T23141] active_anon 4272128 [ 2770.459466][T23141] inactive_file 0 [ 2770.459466][T23141] active_file 0 [ 2770.459466][T23141] unevictable 0 [ 2770.459466][T23141] slab_reclaimable 135168 [ 2770.459466][T23141] slab_unreclaimable 536576 [ 2770.459466][T23141] pgfault 35475 [ 2770.459466][T23141] pgmajfault 0 [ 2770.459466][T23141] workingset_refault 0 [ 2770.459466][T23141] workingset_activate 0 [ 2770.459466][T23141] workingset_nodereclaim 0 [ 2770.459466][T23141] pgrefill 166 [ 2770.459466][T23141] pgscan 167 [ 2770.459466][T23141] pgsteal 0 [ 2770.459466][T23141] pgactivate 99 [ 2770.691222][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2770.702976][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2770.713496][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2770.724660][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2770.735216][T23141] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23139,uid=0 [ 2770.793992][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2770.803939][T23141] Memory cgroup out of memory: Killed process 23139 (syz-executor.2) total-vm:72708kB, anon-rss:4236kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2770.815302][T23115] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2770.835082][ T1065] oom_reaper: reaped process 23139 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2770.859003][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2770.874495][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2770.967025][T23123] 8021q: adding VLAN 0 to HW filter on device team0 [ 2771.023845][T23113] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2771.060836][T23113] CPU: 1 PID: 23113 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2771.068425][T23113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2771.078520][T23113] Call Trace: [ 2771.081833][T23113] dump_stack+0x172/0x1f0 [ 2771.086186][T23113] dump_header+0x10b/0x82d [ 2771.090621][T23113] ? oom_kill_process+0x94/0x3f0 [ 2771.095582][T23113] oom_kill_process.cold+0x10/0x15 [ 2771.100741][T23113] out_of_memory+0x334/0x1340 [ 2771.105433][T23113] ? lock_downgrade+0x920/0x920 [ 2771.110302][T23113] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2771.116150][T23113] ? oom_killer_disable+0x280/0x280 [ 2771.121394][T23113] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2771.126963][T23113] ? memcg_stat_show+0xc40/0xc40 [ 2771.131926][T23113] ? do_raw_spin_unlock+0x57/0x270 [ 2771.137056][T23113] ? _raw_spin_unlock+0x2d/0x50 [ 2771.141936][T23113] try_charge+0xf4b/0x1440 [ 2771.146389][T23113] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2771.151966][T23113] ? percpu_ref_tryget_live+0x111/0x290 [ 2771.157547][T23113] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2771.163810][T23113] ? __kasan_check_read+0x11/0x20 [ 2771.168875][T23113] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2771.174446][T23113] mem_cgroup_try_charge+0x136/0x590 [ 2771.180107][T23113] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2771.185757][T23113] wp_page_copy+0x407/0x1860 [ 2771.190370][T23113] ? find_held_lock+0x35/0x130 [ 2771.195147][T23113] ? do_wp_page+0x53b/0x15c0 [ 2771.199847][T23113] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2771.205703][T23113] ? lock_downgrade+0x920/0x920 [ 2771.210573][T23113] ? swp_swapcount+0x540/0x540 [ 2771.215375][T23113] ? __kasan_check_read+0x11/0x20 [ 2771.220507][T23113] ? do_raw_spin_unlock+0x57/0x270 [ 2771.225630][T23113] do_wp_page+0x543/0x15c0 [ 2771.230164][T23113] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2771.235559][T23113] __handle_mm_fault+0x23ec/0x4040 [ 2771.240707][T23113] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2771.246445][T23113] ? handle_mm_fault+0x292/0xaa0 [ 2771.251422][T23113] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2771.257685][T23113] ? __kasan_check_read+0x11/0x20 [ 2771.262752][T23113] handle_mm_fault+0x3b7/0xaa0 [ 2771.267555][T23113] __do_page_fault+0x536/0xdd0 [ 2771.272440][T23113] do_page_fault+0x38/0x590 [ 2771.276963][T23113] page_fault+0x39/0x40 [ 2771.281120][T23113] RIP: 0033:0x430b36 [ 2771.285010][T23113] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2771.304788][T23113] RSP: 002b:00007ffc6139a520 EFLAGS: 00010206 [ 2771.310850][T23113] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2771.318827][T23113] RDX: 0000000000d07930 RSI: 0000000000d0f970 RDI: 0000000000000003 [ 2771.326828][T23113] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000000d06940 [ 2771.337924][T23113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2771.345888][T23113] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2771.365226][T23113] memory: usage 840kB, limit 0kB, failcnt 1002 [ 2771.371840][T23113] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2771.378706][T23113] Memory cgroup stats for /syz2: [ 2771.378830][T23113] anon 8192 [ 2771.378830][T23113] file 86016 [ 2771.378830][T23113] kernel_stack 0 [ 2771.378830][T23113] slab 671744 [ 2771.378830][T23113] sock 0 [ 2771.378830][T23113] shmem 0 [ 2771.378830][T23113] file_mapped 0 [ 2771.378830][T23113] file_dirty 0 [ 2771.378830][T23113] file_writeback 0 [ 2771.378830][T23113] anon_thp 0 [ 2771.378830][T23113] inactive_anon 0 [ 2771.378830][T23113] active_anon 8192 [ 2771.378830][T23113] inactive_file 0 [ 2771.378830][T23113] active_file 0 [ 2771.378830][T23113] unevictable 0 [ 2771.378830][T23113] slab_reclaimable 135168 [ 2771.378830][T23113] slab_unreclaimable 536576 [ 2771.378830][T23113] pgfault 35475 [ 2771.378830][T23113] pgmajfault 0 [ 2771.378830][T23113] workingset_refault 0 [ 2771.378830][T23113] workingset_activate 0 [ 2771.378830][T23113] workingset_nodereclaim 0 [ 2771.378830][T23113] pgrefill 166 [ 2771.378830][T23113] pgscan 167 [ 2771.378830][T23113] pgsteal 0 [ 2771.378830][T23113] pgactivate 99 [ 2771.474388][T23113] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23113,uid=0 [ 2771.490448][T23113] Memory cgroup out of memory: Killed process 23113 (syz-executor.2) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2771.509958][ T1065] oom_reaper: reaped process 23113 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2771.522745][T23151] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2771.541805][T23151] CPU: 0 PID: 23151 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 2771.549406][T23151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2771.559483][T23151] Call Trace: [ 2771.562781][T23151] dump_stack+0x172/0x1f0 [ 2771.567136][T23151] dump_header+0x10b/0x82d [ 2771.571554][T23151] oom_kill_process.cold+0x10/0x15 [ 2771.576667][T23151] out_of_memory+0x334/0x1340 [ 2771.581347][T23151] ? oom_killer_disable+0x280/0x280 [ 2771.586550][T23151] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2771.592088][T23151] ? memcg_stat_show+0xc40/0xc40 [ 2771.597028][T23151] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2771.602836][T23151] ? cgroup_file_notify+0x140/0x1b0 [ 2771.608035][T23151] memory_max_write+0x262/0x3a0 [ 2771.612884][T23151] ? mem_cgroup_write+0x370/0x370 [ 2771.617912][T23151] ? cgroup_file_write+0x86/0x790 [ 2771.622933][T23151] cgroup_file_write+0x241/0x790 [ 2771.627860][T23151] ? mem_cgroup_write+0x370/0x370 [ 2771.632900][T23151] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2771.638537][T23151] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2771.644164][T23151] kernfs_fop_write+0x2b8/0x480 [ 2771.649006][T23151] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2771.655351][T23151] __vfs_write+0x8a/0x110 [ 2771.659684][T23151] ? kernfs_fop_open+0xd80/0xd80 [ 2771.664626][T23151] vfs_write+0x268/0x5d0 [ 2771.668868][T23151] ksys_write+0x14f/0x290 [ 2771.673190][T23151] ? __ia32_sys_read+0xb0/0xb0 [ 2771.677946][T23151] ? do_syscall_64+0x26/0x760 [ 2771.682612][T23151] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2771.688671][T23151] ? do_syscall_64+0x26/0x760 [ 2771.693349][T23151] __x64_sys_write+0x73/0xb0 [ 2771.697933][T23151] do_syscall_64+0xfa/0x760 [ 2771.702436][T23151] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2771.708325][T23151] RIP: 0033:0x459a59 [ 2771.712216][T23151] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2771.731902][T23151] RSP: 002b:00007f3b46dc7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2771.740768][T23151] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2771.748738][T23151] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2771.756707][T23151] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2771.764684][T23151] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3b46dc86d4 [ 2771.772657][T23151] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2771.901719][T23151] memory: usage 5468kB, limit 0kB, failcnt 1079 [ 2771.902804][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2771.908296][T23151] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2771.946032][T23151] Memory cgroup stats for /syz5: [ 2771.947255][T23151] anon 4337664 [ 2771.947255][T23151] file 90112 [ 2771.947255][T23151] kernel_stack 65536 [ 2771.947255][T23151] slab 966656 [ 2771.947255][T23151] sock 0 [ 2771.947255][T23151] shmem 0 [ 2771.947255][T23151] file_mapped 0 [ 2771.947255][T23151] file_dirty 0 [ 2771.947255][T23151] file_writeback 0 [ 2771.947255][T23151] anon_thp 4194304 [ 2771.947255][T23151] inactive_anon 0 [ 2771.947255][T23151] active_anon 4337664 [ 2771.947255][T23151] inactive_file 135168 [ 2771.947255][T23151] active_file 0 [ 2771.947255][T23151] unevictable 0 [ 2771.947255][T23151] slab_reclaimable 270336 [ 2771.947255][T23151] slab_unreclaimable 696320 [ 2771.947255][T23151] pgfault 19965 [ 2771.947255][T23151] pgmajfault 0 [ 2771.947255][T23151] workingset_refault 0 [ 2771.947255][T23151] workingset_activate 0 [ 2771.947255][T23151] workingset_nodereclaim 0 [ 2771.947255][T23151] pgrefill 166 [ 2771.947255][T23151] pgscan 165 [ 2771.947255][T23151] pgsteal 35 [ 2771.947255][T23151] pgactivate 132 [ 2771.947911][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2771.952757][T23151] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23150,uid=0 [ 2772.077630][T23151] Memory cgroup out of memory: Killed process 23150 (syz-executor.5) total-vm:72708kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2772.121519][ T1065] oom_reaper: reaped process 23150 (syz-executor.5), now anon-rss:0kB, file-rss:34872kB, shmem-rss:0kB [ 2772.123264][T23160] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2772.191085][ T3335] bridge0: port 1(bridge_slave_0) entered blocking state [ 2772.198186][ T3335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2772.200783][T23160] CPU: 0 PID: 23160 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2772.213100][T23160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2772.221530][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2772.223200][T23160] Call Trace: [ 2772.234561][T23160] dump_stack+0x172/0x1f0 [ 2772.238929][T23160] dump_header+0x10b/0x82d [ 2772.241652][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2772.243381][T23160] oom_kill_process.cold+0x10/0x15 [ 2772.257172][T23160] out_of_memory+0x334/0x1340 [ 2772.261877][T23160] ? __sched_text_start+0x8/0x8 [ 2772.266755][T23160] ? oom_killer_disable+0x280/0x280 [ 2772.271073][ T3335] bridge0: port 2(bridge_slave_1) entered blocking state [ 2772.271983][T23160] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2772.278995][ T3335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2772.284509][T23160] ? memcg_stat_show+0xc40/0xc40 [ 2772.284541][T23160] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2772.284568][T23160] ? cgroup_file_notify+0x140/0x1b0 [ 2772.284601][T23160] memory_max_write+0x262/0x3a0 [ 2772.311420][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2772.312555][T23160] ? mem_cgroup_write+0x370/0x370 [ 2772.325468][T23160] ? lock_acquire+0x190/0x410 [ 2772.330447][T23160] ? kernfs_fop_write+0x227/0x480 [ 2772.332227][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2772.335498][T23160] cgroup_file_write+0x241/0x790 [ 2772.348465][T23160] ? mem_cgroup_write+0x370/0x370 [ 2772.353514][T23160] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2772.359177][T23160] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2772.362229][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2772.364854][T23160] kernfs_fop_write+0x2b8/0x480 [ 2772.377714][T23160] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2772.384013][T23160] __vfs_write+0x8a/0x110 [ 2772.384321][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2772.388361][T23160] ? kernfs_fop_open+0xd80/0xd80 [ 2772.401220][T23160] vfs_write+0x268/0x5d0 [ 2772.405489][T23160] ksys_write+0x14f/0x290 [ 2772.409833][T23160] ? __ia32_sys_read+0xb0/0xb0 [ 2772.411881][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2772.414641][T23160] ? do_syscall_64+0x26/0x760 [ 2772.427557][T23160] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2772.433643][T23160] ? do_syscall_64+0x26/0x760 [ 2772.438348][T23160] __x64_sys_write+0x73/0xb0 [ 2772.442149][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2772.442952][T23160] do_syscall_64+0xfa/0x760 [ 2772.455277][T23160] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2772.461201][T23160] RIP: 0033:0x459a59 [ 2772.462255][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2772.465122][T23160] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2772.481621][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2772.492507][T23160] RSP: 002b:00007f356883fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2772.492524][T23160] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2772.492533][T23160] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2772.492543][T23160] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2772.492553][T23160] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f35688406d4 [ 2772.492563][T23160] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff 16:22:30 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) 16:22:30 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:22:30 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2772.587650][T23160] memory: usage 5388kB, limit 0kB, failcnt 858 [ 2772.608212][T23160] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2772.615984][T23160] Memory cgroup stats for /syz3: [ 2772.616117][T23160] anon 4276224 [ 2772.616117][T23160] file 16384 [ 2772.616117][T23160] kernel_stack 65536 [ 2772.616117][T23160] slab 946176 [ 2772.616117][T23160] sock 0 [ 2772.616117][T23160] shmem 0 [ 2772.616117][T23160] file_mapped 0 [ 2772.616117][T23160] file_dirty 0 [ 2772.616117][T23160] file_writeback 0 [ 2772.616117][T23160] anon_thp 4194304 [ 2772.616117][T23160] inactive_anon 0 [ 2772.616117][T23160] active_anon 4276224 [ 2772.616117][T23160] inactive_file 0 [ 2772.616117][T23160] active_file 0 [ 2772.616117][T23160] unevictable 0 [ 2772.616117][T23160] slab_reclaimable 270336 [ 2772.616117][T23160] slab_unreclaimable 675840 [ 2772.616117][T23160] pgfault 31350 [ 2772.616117][T23160] pgmajfault 0 [ 2772.616117][T23160] workingset_refault 0 [ 2772.616117][T23160] workingset_activate 0 [ 2772.616117][T23160] workingset_nodereclaim 0 [ 2772.616117][T23160] pgrefill 100 [ 2772.616117][T23160] pgscan 99 [ 2772.616117][T23160] pgsteal 0 [ 2772.616117][T23160] pgactivate 66 [ 2772.631788][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2772.716075][T23160] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23158,uid=0 [ 2772.737565][T23160] Memory cgroup out of memory: Killed process 23158 (syz-executor.3) total-vm:72708kB, anon-rss:4184kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2772.758261][T23109] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2772.761418][ T1065] oom_reaper: reaped process 23158 (syz-executor.3), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB [ 2772.769009][T23109] CPU: 0 PID: 23109 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 2772.786752][T23109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2772.796810][T23109] Call Trace: [ 2772.800107][T23109] dump_stack+0x172/0x1f0 [ 2772.804444][T23109] dump_header+0x10b/0x82d [ 2772.808854][T23109] ? oom_kill_process+0x94/0x3f0 [ 2772.813798][T23109] oom_kill_process.cold+0x10/0x15 [ 2772.818914][T23109] out_of_memory+0x334/0x1340 [ 2772.823593][T23109] ? lock_downgrade+0x920/0x920 [ 2772.828447][T23109] ? oom_killer_disable+0x280/0x280 [ 2772.833668][T23109] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2772.838674][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2772.839217][T23109] ? memcg_stat_show+0xc40/0xc40 [ 2772.851851][T23109] ? do_raw_spin_unlock+0x57/0x270 [ 2772.856972][T23109] ? _raw_spin_unlock+0x2d/0x50 [ 2772.861838][T23109] try_charge+0xf4b/0x1440 [ 2772.866266][T23109] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2772.871815][T23109] ? percpu_ref_tryget_live+0x111/0x290 [ 2772.876727][T23123] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2772.877367][T23109] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2772.890781][T23109] ? __kasan_check_read+0x11/0x20 [ 2772.895819][T23109] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2772.901374][T23109] mem_cgroup_try_charge+0x136/0x590 [ 2772.906668][T23109] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2772.912418][T23109] wp_page_copy+0x407/0x1860 [ 2772.917021][T23109] ? find_held_lock+0x35/0x130 [ 2772.921790][T23109] ? do_wp_page+0x53b/0x15c0 [ 2772.926389][T23109] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2772.932198][T23109] ? lock_downgrade+0x920/0x920 [ 2772.937050][T23109] ? swp_swapcount+0x540/0x540 [ 2772.941816][T23109] ? __kasan_check_read+0x11/0x20 [ 2772.946850][T23109] ? do_raw_spin_unlock+0x57/0x270 [ 2772.951968][T23109] do_wp_page+0x543/0x15c0 [ 2772.956398][T23109] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2772.961784][T23109] __handle_mm_fault+0x23ec/0x4040 [ 2772.966908][T23109] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2772.972459][T23109] ? handle_mm_fault+0x292/0xaa0 [ 2772.977420][T23109] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2772.983668][T23109] ? __kasan_check_read+0x11/0x20 [ 2772.988705][T23109] handle_mm_fault+0x3b7/0xaa0 [ 2772.993499][T23109] __do_page_fault+0x536/0xdd0 [ 2772.998280][T23109] do_page_fault+0x38/0x590 [ 2773.002795][T23109] page_fault+0x39/0x40 [ 2773.006950][T23109] RIP: 0033:0x403522 [ 2773.011473][T23109] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2773.031079][T23109] RSP: 002b:00007ffe75b06dd0 EFLAGS: 00010246 [ 2773.037168][T23109] RAX: 0000000000000000 RBX: 00000000002a4bb0 RCX: 0000000000413660 [ 2773.045142][T23109] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffe75b07f00 [ 2773.053114][T23109] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001d87940 [ 2773.061083][T23109] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe75b07f00 [ 2773.069053][T23109] R13: 00007ffe75b07ef0 R14: 0000000000000000 R15: 00007ffe75b07f00 16:22:30 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2773.109042][T23109] memory: usage 1052kB, limit 0kB, failcnt 1087 [ 2773.124917][T23109] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2773.132054][T23109] Memory cgroup stats for /syz5: [ 2773.132143][T23109] anon 40960 [ 2773.132143][T23109] file 90112 [ 2773.132143][T23109] kernel_stack 0 [ 2773.132143][T23109] slab 966656 [ 2773.132143][T23109] sock 0 [ 2773.132143][T23109] shmem 0 [ 2773.132143][T23109] file_mapped 0 [ 2773.132143][T23109] file_dirty 0 [ 2773.132143][T23109] file_writeback 0 [ 2773.132143][T23109] anon_thp 0 [ 2773.132143][T23109] inactive_anon 0 [ 2773.132143][T23109] active_anon 40960 [ 2773.132143][T23109] inactive_file 135168 [ 2773.132143][T23109] active_file 0 [ 2773.132143][T23109] unevictable 0 [ 2773.132143][T23109] slab_reclaimable 270336 [ 2773.132143][T23109] slab_unreclaimable 696320 [ 2773.132143][T23109] pgfault 19965 [ 2773.132143][T23109] pgmajfault 0 [ 2773.132143][T23109] workingset_refault 0 [ 2773.132143][T23109] workingset_activate 0 [ 2773.132143][T23109] workingset_nodereclaim 0 [ 2773.132143][T23109] pgrefill 166 [ 2773.132143][T23109] pgscan 165 [ 2773.132143][T23109] pgsteal 35 [ 2773.132143][T23109] pgactivate 132 [ 2773.323860][T23109] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23109,uid=0 [ 2773.357040][T23109] Memory cgroup out of memory: Killed process 23109 (syz-executor.5) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2773.394515][ T1065] oom_reaper: reaped process 23109 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2773.406260][T23166] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2773.429016][T23166] CPU: 1 PID: 23166 Comm: syz-executor.1 Not tainted 5.3.0+ #0 [ 2773.436601][T23166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2773.446655][T23166] Call Trace: [ 2773.449988][T23166] dump_stack+0x172/0x1f0 [ 2773.454338][T23166] dump_header+0x10b/0x82d [ 2773.458760][T23166] oom_kill_process.cold+0x10/0x15 [ 2773.463879][T23166] out_of_memory+0x334/0x1340 [ 2773.468582][T23166] ? oom_killer_disable+0x280/0x280 [ 2773.473800][T23166] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2773.479351][T23166] ? memcg_stat_show+0xc40/0xc40 [ 2773.484330][T23166] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2773.490141][T23166] ? cgroup_file_notify+0x140/0x1b0 [ 2773.495356][T23166] memory_max_write+0x262/0x3a0 [ 2773.500218][T23166] ? mem_cgroup_write+0x370/0x370 [ 2773.505337][T23166] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2773.510821][T23166] cgroup_file_write+0x241/0x790 [ 2773.515769][T23166] ? mem_cgroup_write+0x370/0x370 [ 2773.520800][T23166] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2773.526446][T23166] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2773.532098][T23166] kernfs_fop_write+0x2b8/0x480 [ 2773.536955][T23166] __vfs_write+0x8a/0x110 [ 2773.541285][T23166] ? kernfs_fop_open+0xd80/0xd80 [ 2773.546228][T23166] vfs_write+0x268/0x5d0 [ 2773.550478][T23166] ksys_write+0x14f/0x290 [ 2773.554829][T23166] ? __ia32_sys_read+0xb0/0xb0 [ 2773.559611][T23166] __x64_sys_write+0x73/0xb0 [ 2773.564202][T23166] ? do_syscall_64+0x5b/0x760 [ 2773.568904][T23166] do_syscall_64+0xfa/0x760 [ 2773.573417][T23166] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2773.579306][T23166] RIP: 0033:0x459a59 [ 2773.583205][T23166] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2773.605157][T23166] RSP: 002b:00007f2c80861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2773.613606][T23166] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2773.621859][T23166] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2773.629902][T23166] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 2773.637977][T23166] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2c808626d4 [ 2773.645934][T23166] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2773.730689][T23166] memory: usage 5340kB, limit 0kB, failcnt 883 [ 2773.737340][T23166] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2773.745067][T23166] Memory cgroup stats for /syz1: [ 2773.746399][T23166] anon 4386816 [ 2773.746399][T23166] file 40960 [ 2773.746399][T23166] kernel_stack 65536 [ 2773.746399][T23166] slab 696320 [ 2773.746399][T23166] sock 0 [ 2773.746399][T23166] shmem 0 [ 2773.746399][T23166] file_mapped 0 [ 2773.746399][T23166] file_dirty 0 [ 2773.746399][T23166] file_writeback 0 [ 2773.746399][T23166] anon_thp 4194304 [ 2773.746399][T23166] inactive_anon 0 [ 2773.746399][T23166] active_anon 4313088 [ 2773.746399][T23166] inactive_file 135168 [ 2773.746399][T23166] active_file 0 [ 2773.746399][T23166] unevictable 0 [ 2773.746399][T23166] slab_reclaimable 135168 [ 2773.746399][T23166] slab_unreclaimable 561152 [ 2773.746399][T23166] pgfault 29337 [ 2773.746399][T23166] pgmajfault 0 [ 2773.746399][T23166] workingset_refault 0 [ 2773.746399][T23166] workingset_activate 0 [ 2773.746399][T23166] workingset_nodereclaim 0 [ 2773.746399][T23166] pgrefill 100 [ 2773.746399][T23166] pgscan 100 [ 2773.746399][T23166] pgsteal 0 [ 2773.746399][T23166] pgactivate 66 [ 2773.851256][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2773.859967][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2773.868096][T23166] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=23163,uid=0 [ 2773.887267][T23166] Memory cgroup out of memory: Killed process 23163 (syz-executor.1) total-vm:72836kB, anon-rss:4256kB, file-rss:35824kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2773.927397][ T1065] oom_reaper: reaped process 23163 (syz-executor.1), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2773.940529][T23120] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2773.956671][T23120] CPU: 0 PID: 23120 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2773.964241][T23120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2773.974300][T23120] Call Trace: [ 2773.977595][T23120] dump_stack+0x172/0x1f0 [ 2773.981940][T23120] dump_header+0x10b/0x82d [ 2773.986353][T23120] ? oom_kill_process+0x94/0x3f0 [ 2773.991295][T23120] oom_kill_process.cold+0x10/0x15 [ 2773.996407][T23120] out_of_memory+0x334/0x1340 [ 2774.001086][T23120] ? lock_downgrade+0x920/0x920 [ 2774.005954][T23120] ? oom_killer_disable+0x280/0x280 [ 2774.011166][T23120] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2774.016798][T23120] ? memcg_stat_show+0xc40/0xc40 [ 2774.021742][T23120] ? do_raw_spin_unlock+0x57/0x270 [ 2774.026856][T23120] ? _raw_spin_unlock+0x2d/0x50 [ 2774.031717][T23120] try_charge+0xf4b/0x1440 [ 2774.036154][T23120] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2774.041698][T23120] ? percpu_ref_tryget_live+0x111/0x290 [ 2774.047252][T23120] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2774.053545][T23120] ? __kasan_check_read+0x11/0x20 [ 2774.058609][T23120] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2774.064171][T23120] mem_cgroup_try_charge+0x136/0x590 [ 2774.069469][T23120] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2774.075118][T23120] wp_page_copy+0x407/0x1860 [ 2774.079709][T23120] ? find_held_lock+0x35/0x130 [ 2774.084563][T23120] ? do_wp_page+0x53b/0x15c0 [ 2774.089155][T23120] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2774.095039][T23120] ? lock_downgrade+0x920/0x920 [ 2774.099896][T23120] ? swp_swapcount+0x540/0x540 [ 2774.104673][T23120] ? __kasan_check_read+0x11/0x20 [ 2774.109697][T23120] ? do_raw_spin_unlock+0x57/0x270 [ 2774.114932][T23120] do_wp_page+0x543/0x15c0 [ 2774.119373][T23120] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2774.124786][T23120] __handle_mm_fault+0x23ec/0x4040 [ 2774.129906][T23120] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2774.135462][T23120] ? handle_mm_fault+0x292/0xaa0 [ 2774.140510][T23120] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2774.146755][T23120] ? __kasan_check_read+0x11/0x20 [ 2774.151790][T23120] handle_mm_fault+0x3b7/0xaa0 [ 2774.156564][T23120] __do_page_fault+0x536/0xdd0 [ 2774.161342][T23120] do_page_fault+0x38/0x590 [ 2774.165851][T23120] page_fault+0x39/0x40 [ 2774.170000][T23120] RIP: 0033:0x430b36 [ 2774.173920][T23120] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2774.193537][T23120] RSP: 002b:00007ffc93092500 EFLAGS: 00010206 [ 2774.199604][T23120] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2774.207588][T23120] RDX: 0000000001b03930 RSI: 0000000001b0b970 RDI: 0000000000000003 [ 2774.215573][T23120] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001b02940 16:22:32 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2774.223558][T23120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2774.231534][T23120] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2774.256182][T23120] memory: usage 964kB, limit 0kB, failcnt 866 [ 2774.262878][T23120] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2774.290383][T23120] Memory cgroup stats for /syz3: [ 2774.290505][T23120] anon 8192 [ 2774.290505][T23120] file 16384 [ 2774.290505][T23120] kernel_stack 0 [ 2774.290505][T23120] slab 946176 [ 2774.290505][T23120] sock 0 [ 2774.290505][T23120] shmem 0 [ 2774.290505][T23120] file_mapped 0 [ 2774.290505][T23120] file_dirty 0 [ 2774.290505][T23120] file_writeback 0 [ 2774.290505][T23120] anon_thp 0 [ 2774.290505][T23120] inactive_anon 0 [ 2774.290505][T23120] active_anon 8192 [ 2774.290505][T23120] inactive_file 0 [ 2774.290505][T23120] active_file 0 [ 2774.290505][T23120] unevictable 0 [ 2774.290505][T23120] slab_reclaimable 270336 [ 2774.290505][T23120] slab_unreclaimable 675840 [ 2774.290505][T23120] pgfault 31350 [ 2774.290505][T23120] pgmajfault 0 [ 2774.290505][T23120] workingset_refault 0 [ 2774.290505][T23120] workingset_activate 0 [ 2774.290505][T23120] workingset_nodereclaim 0 [ 2774.290505][T23120] pgrefill 100 [ 2774.290505][T23120] pgscan 99 [ 2774.290505][T23120] pgsteal 0 [ 2774.290505][T23120] pgactivate 66 [ 2774.490508][T23120] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23120,uid=0 [ 2774.530451][T23120] Memory cgroup out of memory: Killed process 23120 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2774.560663][T23112] syz-executor.1 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 2774.561249][ T1065] oom_reaper: reaped process 23120 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2774.580339][T23112] CPU: 0 PID: 23112 Comm: syz-executor.1 Not tainted 5.3.0+ #0 [ 2774.590895][T23112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2774.600950][T23112] Call Trace: [ 2774.604283][T23112] dump_stack+0x172/0x1f0 [ 2774.608646][T23112] dump_header+0x10b/0x82d [ 2774.613168][T23112] ? oom_kill_process+0x94/0x3f0 [ 2774.618117][T23112] oom_kill_process.cold+0x10/0x15 [ 2774.623423][T23112] out_of_memory+0x334/0x1340 [ 2774.628104][T23112] ? lock_downgrade+0x920/0x920 [ 2774.633140][T23112] ? oom_killer_disable+0x280/0x280 [ 2774.638360][T23112] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2774.643913][T23112] ? memcg_stat_show+0xc40/0xc40 [ 2774.648866][T23112] ? do_raw_spin_unlock+0x57/0x270 [ 2774.653987][T23112] ? _raw_spin_unlock+0x2d/0x50 [ 2774.658846][T23112] try_charge+0xf4b/0x1440 [ 2774.663278][T23112] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2774.668833][T23112] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2774.674410][T23112] ? cache_grow_begin+0x122/0xd20 [ 2774.679438][T23112] ? find_held_lock+0x35/0x130 [ 2774.684317][T23112] ? cache_grow_begin+0x122/0xd20 [ 2774.689355][T23112] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2774.694929][T23112] ? lock_downgrade+0x920/0x920 [ 2774.699786][T23112] ? memcg_kmem_put_cache+0x50/0x50 [ 2774.705002][T23112] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2774.711255][T23112] ? __kasan_check_read+0x11/0x20 [ 2774.716291][T23112] cache_grow_begin+0x629/0xd20 [ 2774.721147][T23112] ? write_comp_data+0x61/0x70 [ 2774.725919][T23112] ? mempolicy_slab_node+0x139/0x390 [ 2774.731212][T23112] fallback_alloc+0x1fd/0x2d0 [ 2774.736012][T23112] ____cache_alloc_node+0x1bc/0x1d0 [ 2774.741218][T23112] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2774.747472][T23112] kmem_cache_alloc+0x1ef/0x710 [ 2774.752363][T23112] __alloc_file+0x27/0x340 [ 2774.756787][T23112] alloc_empty_file+0x72/0x170 [ 2774.761557][T23112] path_openat+0xef/0x46d0 [ 2774.765972][T23112] ? _raw_spin_unlock_irq+0x28/0x90 [ 2774.771171][T23112] ? finish_task_switch+0x147/0x750 [ 2774.776388][T23112] ? _raw_spin_unlock_irq+0x28/0x90 [ 2774.781594][T23112] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2774.786890][T23112] ? trace_hardirqs_on+0x67/0x240 [ 2774.791924][T23112] ? _raw_spin_unlock_irq+0x5e/0x90 [ 2774.797151][T23112] ? finish_task_switch+0x147/0x750 [ 2774.802350][T23112] ? finish_task_switch+0x119/0x750 [ 2774.807553][T23112] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 2774.813022][T23112] ? __schedule+0x957/0x1e70 [ 2774.817646][T23112] do_filp_open+0x1a1/0x280 [ 2774.822155][T23112] ? may_open_dev+0x100/0x100 [ 2774.826830][T23112] ? __kasan_check_read+0x11/0x20 [ 2774.831883][T23112] ? preempt_schedule_common+0x63/0xe0 [ 2774.837437][T23112] ? ___preempt_schedule+0x16/0x20 [ 2774.842560][T23112] ? _raw_spin_unlock+0x41/0x50 [ 2774.847414][T23112] ? __alloc_fd+0x487/0x620 [ 2774.851939][T23112] do_sys_open+0x3fe/0x5d0 [ 2774.856388][T23112] ? filp_open+0x80/0x80 [ 2774.860642][T23112] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2774.866109][T23112] ? do_syscall_64+0x26/0x760 [ 2774.870793][T23112] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2774.876862][T23112] ? do_syscall_64+0x26/0x760 [ 2774.881563][T23112] __x64_sys_open+0x7e/0xc0 [ 2774.886070][T23112] do_syscall_64+0xfa/0x760 [ 2774.890594][T23112] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2774.896486][T23112] RIP: 0033:0x4579d0 [ 2774.900390][T23112] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 2774.919998][T23112] RSP: 002b:00007ffc7ef83950 EFLAGS: 00000206 ORIG_RAX: 0000000000000002 [ 2774.928414][T23112] RAX: ffffffffffffffda RBX: 00000000002a51a9 RCX: 00000000004579d0 [ 2774.936393][T23112] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007ffc7ef84b30 [ 2774.944378][T23112] RBP: 0000000000000005 R08: 0000000000000001 R09: 0000000001d7a940 [ 2774.952357][T23112] R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffc7ef84b30 [ 2774.960337][T23112] R13: 00007ffc7ef84b20 R14: 0000000000000000 R15: 00007ffc7ef84b30 [ 2774.987969][T23112] memory: usage 864kB, limit 0kB, failcnt 895 [ 2774.994360][T23112] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2775.001938][T23112] Memory cgroup stats for /syz1: [ 2775.002042][T23112] anon 57344 [ 2775.002042][T23112] file 40960 [ 2775.002042][T23112] kernel_stack 0 [ 2775.002042][T23112] slab 696320 [ 2775.002042][T23112] sock 0 [ 2775.002042][T23112] shmem 0 [ 2775.002042][T23112] file_mapped 0 [ 2775.002042][T23112] file_dirty 0 [ 2775.002042][T23112] file_writeback 0 [ 2775.002042][T23112] anon_thp 0 [ 2775.002042][T23112] inactive_anon 0 [ 2775.002042][T23112] active_anon 57344 [ 2775.002042][T23112] inactive_file 135168 [ 2775.002042][T23112] active_file 0 [ 2775.002042][T23112] unevictable 0 [ 2775.002042][T23112] slab_reclaimable 135168 [ 2775.002042][T23112] slab_unreclaimable 561152 [ 2775.002042][T23112] pgfault 29337 [ 2775.002042][T23112] pgmajfault 0 [ 2775.002042][T23112] workingset_refault 0 [ 2775.002042][T23112] workingset_activate 0 [ 2775.002042][T23112] workingset_nodereclaim 0 [ 2775.002042][T23112] pgrefill 100 [ 2775.002042][T23112] pgscan 100 16:22:32 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, 0x0}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2775.002042][T23112] pgsteal 0 [ 2775.002042][T23112] pgactivate 66 16:22:32 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) 16:22:33 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, 0x0}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2775.240961][T23112] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=23112,uid=0 [ 2775.280556][T23112] Memory cgroup out of memory: Killed process 23112 (syz-executor.1) total-vm:72440kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2775.321376][ T1065] oom_reaper: reaped process 23112 (syz-executor.1), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2775.332606][T23115] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2775.343509][T23115] CPU: 1 PID: 23115 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2775.351179][T23115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2775.361271][T23115] Call Trace: [ 2775.364579][T23115] dump_stack+0x172/0x1f0 [ 2775.368925][T23115] dump_header+0x10b/0x82d [ 2775.373352][T23115] ? oom_kill_process+0x94/0x3f0 [ 2775.378300][T23115] oom_kill_process.cold+0x10/0x15 [ 2775.383451][T23115] out_of_memory+0x334/0x1340 [ 2775.388160][T23115] ? lock_downgrade+0x920/0x920 [ 2775.393026][T23115] ? oom_killer_disable+0x280/0x280 [ 2775.398264][T23115] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2775.403816][T23115] ? memcg_stat_show+0xc40/0xc40 [ 2775.408877][T23115] ? do_raw_spin_unlock+0x57/0x270 [ 2775.414091][T23115] ? _raw_spin_unlock+0x2d/0x50 [ 2775.418956][T23115] try_charge+0xf4b/0x1440 [ 2775.423386][T23115] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2775.429046][T23115] ? percpu_ref_tryget_live+0x111/0x290 [ 2775.434605][T23115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2775.440854][T23115] ? __kasan_check_read+0x11/0x20 [ 2775.445892][T23115] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2775.451461][T23115] mem_cgroup_try_charge+0x136/0x590 [ 2775.456755][T23115] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2775.462403][T23115] wp_page_copy+0x407/0x1860 [ 2775.467006][T23115] ? find_held_lock+0x35/0x130 [ 2775.471773][T23115] ? do_wp_page+0x53b/0x15c0 [ 2775.476368][T23115] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2775.482266][T23115] ? lock_downgrade+0x920/0x920 [ 2775.487120][T23115] ? swp_swapcount+0x540/0x540 [ 2775.491892][T23115] ? __kasan_check_read+0x11/0x20 [ 2775.496935][T23115] ? do_raw_spin_unlock+0x57/0x270 [ 2775.502055][T23115] do_wp_page+0x543/0x15c0 [ 2775.506481][T23115] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2775.511872][T23115] __handle_mm_fault+0x23ec/0x4040 [ 2775.516996][T23115] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2775.522547][T23115] ? handle_mm_fault+0x292/0xaa0 [ 2775.527505][T23115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2775.533757][T23115] ? __kasan_check_read+0x11/0x20 [ 2775.538798][T23115] handle_mm_fault+0x3b7/0xaa0 [ 2775.543574][T23115] __do_page_fault+0x536/0xdd0 [ 2775.548633][T23115] do_page_fault+0x38/0x590 [ 2775.553147][T23115] page_fault+0x39/0x40 [ 2775.557306][T23115] RIP: 0033:0x430b36 [ 2775.561203][T23115] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2775.580817][T23115] RSP: 002b:00007ffd7e6e65c0 EFLAGS: 00010206 [ 2775.586893][T23115] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2775.595138][T23115] RDX: 00000000029a1930 RSI: 00000000029a9970 RDI: 0000000000000003 [ 2775.603104][T23115] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000029a0940 [ 2775.611071][T23115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2775.619036][T23115] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2775.647985][T23115] memory: usage 19048kB, limit 0kB, failcnt 191 [ 2775.655073][T23115] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2775.662615][T23115] Memory cgroup stats for /syz0: [ 2775.662718][T23115] anon 53248 [ 2775.662718][T23115] file 0 [ 2775.662718][T23115] kernel_stack 0 [ 2775.662718][T23115] slab 19718144 [ 2775.662718][T23115] sock 0 [ 2775.662718][T23115] shmem 0 [ 2775.662718][T23115] file_mapped 0 [ 2775.662718][T23115] file_dirty 0 [ 2775.662718][T23115] file_writeback 0 [ 2775.662718][T23115] anon_thp 0 [ 2775.662718][T23115] inactive_anon 0 [ 2775.662718][T23115] active_anon 0 [ 2775.662718][T23115] inactive_file 0 [ 2775.662718][T23115] active_file 0 [ 2775.662718][T23115] unevictable 0 [ 2775.662718][T23115] slab_reclaimable 19058688 [ 2775.662718][T23115] slab_unreclaimable 659456 [ 2775.662718][T23115] pgfault 45078 [ 2775.662718][T23115] pgmajfault 0 [ 2775.662718][T23115] workingset_refault 0 [ 2775.662718][T23115] workingset_activate 0 [ 2775.662718][T23115] workingset_nodereclaim 0 [ 2775.662718][T23115] pgrefill 249 [ 2775.662718][T23115] pgscan 231 [ 2775.662718][T23115] pgsteal 34 [ 2775.662718][T23115] pgactivate 198 [ 2775.756700][T23115] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23115,uid=0 [ 2775.772455][T23115] Memory cgroup out of memory: Killed process 23115 (syz-executor.0) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2775.791219][ T1065] oom_reaper: reaped process 23115 (syz-executor.0), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 16:22:33 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2775.870792][T23123] 8021q: adding VLAN 0 to HW filter on device batadv0 16:22:33 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:22:34 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) [ 2776.762028][T23176] IPVS: ftp: loaded support on port[0] = 21 16:22:34 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 16:22:34 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) 16:22:34 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:22:34 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) [ 2777.216180][T23176] chnl_net:caif_netlink_parms(): no params data found 16:22:35 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2777.479581][T23176] bridge0: port 1(bridge_slave_0) entered blocking state [ 2777.540974][T23176] bridge0: port 1(bridge_slave_0) entered disabled state [ 2777.550187][T23176] device bridge_slave_0 entered promiscuous mode 16:22:35 executing program 4: socketpair(0x1e, 0x1, 0x0, 0x0) [ 2777.609099][T23188] IPVS: ftp: loaded support on port[0] = 21 [ 2777.616908][T23176] bridge0: port 2(bridge_slave_1) entered blocking state [ 2777.630532][T23176] bridge0: port 2(bridge_slave_1) entered disabled state [ 2777.639522][T23176] device bridge_slave_1 entered promiscuous mode 16:22:35 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000000c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r1, 0x0, 0x0) 16:22:35 executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000980)=ANY=[@ANYBLOB="b702000003400000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d6bb7030000000000006a0a00fe000000808500000026000000b70000000000000095000000000000006eace264330a0cbf6e08d472ca3cb9c3fe2e8a1dfd9dbcbb79d68e19c175b61a266a284a7fcd49ab4a305bbea8c1e07ccf518f886c53a1b9cc77998fd8125976bbf8bdfd00c68e87e2db2a037814122b5da1512081fd8357dc9876799b3bead00ed0e5f8554f9f5b34d3239dcd753aae6ef237b219488b43d269dbb5b6f5b75bd349523c9994ecfdc8d354afd088f814084fb348312816bba27809997a98436c27cd52290d79086001a232a3c1acba7fae7d2552f1c2dec89d623df1ae52f50a038f122e2ea5bc58be1620db037a743f3d30f3da3f1acd40642bb004ee632822aec716aae4e46fa00f30234c84c420cf7913ca0e238ca85cdf5fefd89d332c4c648a47273ca7fe02e9da249cce4ad2d94ce4527d88948d1584cc46b5e521c3aa5f274d3a9b97aa98532f94b5dae2e54f874f7543c16bfcb66bc85da14cd8796e3be4c174b789a0fd6c5fa9f9376ec4df390d3ad0ac03c442f51387377f3d8495cd3a7d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000180)={r0, 0x0, 0x0}, 0x10) [ 2777.816387][T23176] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2777.847405][T23176] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2777.948523][T23176] team0: Port device team_slave_0 added [ 2777.961482][T23176] team0: Port device team_slave_1 added [ 2778.134393][T23176] device hsr_slave_0 entered promiscuous mode [ 2778.181739][T23176] device hsr_slave_1 entered promiscuous mode [ 2778.250561][T23176] debugfs: Directory 'hsr0' with parent '/' already present! [ 2778.370214][T23188] chnl_net:caif_netlink_parms(): no params data found [ 2778.554020][T23188] bridge0: port 1(bridge_slave_0) entered blocking state [ 2778.563810][T23188] bridge0: port 1(bridge_slave_0) entered disabled state [ 2778.573424][T23188] device bridge_slave_0 entered promiscuous mode [ 2778.592334][T23200] IPVS: ftp: loaded support on port[0] = 21 [ 2778.594276][T23188] bridge0: port 2(bridge_slave_1) entered blocking state [ 2778.606433][T23188] bridge0: port 2(bridge_slave_1) entered disabled state [ 2778.616215][T23188] device bridge_slave_1 entered promiscuous mode [ 2778.813970][T23188] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2778.897241][T23188] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2778.919172][T23203] IPVS: ftp: loaded support on port[0] = 21 [ 2778.948818][T23204] IPVS: ftp: loaded support on port[0] = 21 [ 2779.128798][T23176] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2779.140063][T23188] team0: Port device team_slave_0 added [ 2779.243653][T23188] team0: Port device team_slave_1 added [ 2779.346795][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2779.357005][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2779.402681][T23176] 8021q: adding VLAN 0 to HW filter on device team0 [ 2779.453867][T23188] device hsr_slave_0 entered promiscuous mode [ 2779.491680][T23188] device hsr_slave_1 entered promiscuous mode [ 2779.530595][T23188] debugfs: Directory 'hsr0' with parent '/' already present! [ 2779.711870][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2779.722123][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2779.730967][ T3335] bridge0: port 1(bridge_slave_0) entered blocking state [ 2779.738043][ T3335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2779.748137][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2779.757856][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2779.766496][ T3335] bridge0: port 2(bridge_slave_1) entered blocking state [ 2779.773625][ T3335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2779.832940][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2779.852120][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2779.896118][T23200] chnl_net:caif_netlink_parms(): no params data found [ 2780.137665][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2780.277682][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2780.289022][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2780.299260][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2780.328385][T23200] bridge0: port 1(bridge_slave_0) entered blocking state [ 2780.337914][T23200] bridge0: port 1(bridge_slave_0) entered disabled state [ 2780.347985][T23200] device bridge_slave_0 entered promiscuous mode [ 2780.383241][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2780.394262][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2780.443302][T23200] bridge0: port 2(bridge_slave_1) entered blocking state [ 2780.455237][T23200] bridge0: port 2(bridge_slave_1) entered disabled state [ 2780.466267][T23200] device bridge_slave_1 entered promiscuous mode [ 2780.568007][T23203] chnl_net:caif_netlink_parms(): no params data found [ 2780.602604][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2780.611727][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2780.630815][T23204] chnl_net:caif_netlink_parms(): no params data found [ 2780.721940][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2780.733637][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2780.763896][T23200] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2780.783593][T23176] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2780.877755][T23200] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2780.982551][T23203] bridge0: port 1(bridge_slave_0) entered blocking state [ 2780.989656][T23203] bridge0: port 1(bridge_slave_0) entered disabled state [ 2781.001476][T23203] device bridge_slave_0 entered promiscuous mode [ 2781.105242][T23203] bridge0: port 2(bridge_slave_1) entered blocking state [ 2781.113834][T23203] bridge0: port 2(bridge_slave_1) entered disabled state [ 2781.123531][T23203] device bridge_slave_1 entered promiscuous mode [ 2781.159377][T23200] team0: Port device team_slave_0 added [ 2781.224298][T23204] bridge0: port 1(bridge_slave_0) entered blocking state [ 2781.238519][T23204] bridge0: port 1(bridge_slave_0) entered disabled state [ 2781.248608][T23204] device bridge_slave_0 entered promiscuous mode [ 2781.274601][T23200] team0: Port device team_slave_1 added [ 2781.285485][T23176] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2781.293897][T23204] bridge0: port 2(bridge_slave_1) entered blocking state [ 2781.301591][T23204] bridge0: port 2(bridge_slave_1) entered disabled state [ 2781.321891][T23204] device bridge_slave_1 entered promiscuous mode [ 2781.339181][T23203] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2781.492039][T23203] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2781.554858][T23200] device hsr_slave_0 entered promiscuous mode [ 2781.641648][T23200] device hsr_slave_1 entered promiscuous mode [ 2781.710592][T23200] debugfs: Directory 'hsr0' with parent '/' already present! [ 2781.731848][T23188] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2781.824707][T23204] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2781.861728][T23204] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2781.997257][T23203] team0: Port device team_slave_0 added [ 2782.026788][T23204] team0: Port device team_slave_0 added [ 2782.146706][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2782.161763][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2782.169963][T23214] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2782.182522][T23214] CPU: 0 PID: 23214 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2782.190090][T23214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2782.200859][T23214] Call Trace: [ 2782.204171][T23214] dump_stack+0x172/0x1f0 [ 2782.208528][T23214] dump_header+0x10b/0x82d [ 2782.213025][T23214] oom_kill_process.cold+0x10/0x15 [ 2782.218261][T23214] out_of_memory+0x334/0x1340 [ 2782.223001][T23214] ? __sched_text_start+0x8/0x8 [ 2782.227896][T23214] ? oom_killer_disable+0x280/0x280 [ 2782.233144][T23214] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2782.238721][T23214] ? memcg_stat_show+0xc40/0xc40 [ 2782.243691][T23214] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2782.249516][T23214] ? cgroup_file_notify+0x140/0x1b0 [ 2782.254780][T23214] memory_max_write+0x262/0x3a0 [ 2782.259661][T23214] ? mem_cgroup_write+0x370/0x370 [ 2782.264713][T23214] ? cgroup_file_write+0x86/0x790 [ 2782.269786][T23214] cgroup_file_write+0x241/0x790 [ 2782.274762][T23214] ? mem_cgroup_write+0x370/0x370 [ 2782.279805][T23214] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2782.285510][T23214] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2782.291172][T23214] kernfs_fop_write+0x2b8/0x480 [ 2782.296040][T23214] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2782.302311][T23214] __vfs_write+0x8a/0x110 [ 2782.306653][T23214] ? kernfs_fop_open+0xd80/0xd80 [ 2782.311609][T23214] vfs_write+0x268/0x5d0 [ 2782.315892][T23214] ksys_write+0x14f/0x290 [ 2782.320238][T23214] ? __ia32_sys_read+0xb0/0xb0 [ 2782.325038][T23214] ? do_syscall_64+0x26/0x760 [ 2782.329734][T23214] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2782.335815][T23214] ? do_syscall_64+0x26/0x760 [ 2782.340519][T23214] __x64_sys_write+0x73/0xb0 [ 2782.345132][T23214] do_syscall_64+0xfa/0x760 [ 2782.349668][T23214] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2782.356272][T23214] RIP: 0033:0x459a59 [ 2782.360176][T23214] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2782.379899][T23214] RSP: 002b:00007fb9d81cbc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2782.388336][T23214] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2782.396329][T23214] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2782.404319][T23214] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2782.412305][T23214] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb9d81cc6d4 [ 2782.420290][T23214] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2782.483420][T23214] memory: usage 5264kB, limit 0kB, failcnt 1003 [ 2782.489923][T23214] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2782.497165][T23214] Memory cgroup stats for /syz2: [ 2782.498343][T23214] anon 4198400 [ 2782.498343][T23214] file 86016 [ 2782.498343][T23214] kernel_stack 65536 [ 2782.498343][T23214] slab 671744 [ 2782.498343][T23214] sock 0 [ 2782.498343][T23214] shmem 0 [ 2782.498343][T23214] file_mapped 0 [ 2782.498343][T23214] file_dirty 0 [ 2782.498343][T23214] file_writeback 0 [ 2782.498343][T23214] anon_thp 4194304 [ 2782.498343][T23214] inactive_anon 0 [ 2782.498343][T23214] active_anon 4198400 [ 2782.498343][T23214] inactive_file 0 [ 2782.498343][T23214] active_file 0 [ 2782.498343][T23214] unevictable 0 [ 2782.498343][T23214] slab_reclaimable 135168 [ 2782.498343][T23214] slab_unreclaimable 536576 [ 2782.498343][T23214] pgfault 35574 [ 2782.498343][T23214] pgmajfault 0 [ 2782.498343][T23214] workingset_refault 0 [ 2782.498343][T23214] workingset_activate 0 [ 2782.498343][T23214] workingset_nodereclaim 0 [ 2782.498343][T23214] pgrefill 166 [ 2782.498343][T23214] pgscan 167 [ 2782.498343][T23214] pgsteal 0 [ 2782.498343][T23214] pgactivate 99 [ 2782.679442][T23214] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23213,uid=0 [ 2782.696074][T23214] Memory cgroup out of memory: Killed process 23213 (syz-executor.2) total-vm:72708kB, anon-rss:4240kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:1000 [ 2782.728664][ T1065] oom_reaper: reaped process 23213 (syz-executor.2), now anon-rss:0kB, file-rss:34872kB, shmem-rss:0kB [ 2782.746100][T23203] team0: Port device team_slave_1 added [ 2782.757276][T23204] team0: Port device team_slave_1 added 16:22:40 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="c2599e03809fe287b5b30d3dd0e62a00002b8e85b84eee9ae0bdb700000000ddff210f0100000000000000000100ff000000950000040000000022680c85d80f0b045c4f81796c92d8b01c6577da0e3afc18cd481d4aa91e55bbd8a336ef9a00f803d2bf7337568ffc8b36c3c2cd1a170500000067a49b"], &(0x7f0000003ff6)='OPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) 16:22:40 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, 0x0}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2782.786064][T23188] 8021q: adding VLAN 0 to HW filter on device team0 [ 2782.795553][T23176] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2782.820873][T23176] CPU: 0 PID: 23176 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2782.828489][T23176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2782.838636][T23176] Call Trace: [ 2782.841939][T23176] dump_stack+0x172/0x1f0 [ 2782.846292][T23176] dump_header+0x10b/0x82d [ 2782.850710][T23176] ? oom_kill_process+0x94/0x3f0 [ 2782.855648][T23176] oom_kill_process.cold+0x10/0x15 [ 2782.860762][T23176] out_of_memory+0x334/0x1340 [ 2782.865436][T23176] ? lock_downgrade+0x920/0x920 [ 2782.870286][T23176] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2782.876089][T23176] ? oom_killer_disable+0x280/0x280 [ 2782.881323][T23176] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2782.886968][T23176] ? memcg_stat_show+0xc40/0xc40 [ 2782.891916][T23176] ? do_raw_spin_unlock+0x57/0x270 [ 2782.897028][T23176] ? _raw_spin_unlock+0x2d/0x50 [ 2782.901887][T23176] try_charge+0xf4b/0x1440 [ 2782.906406][T23176] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2782.911952][T23176] ? percpu_ref_tryget_live+0x111/0x290 [ 2782.917497][T23176] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2782.923737][T23176] ? __kasan_check_read+0x11/0x20 [ 2782.928767][T23176] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2782.934322][T23176] mem_cgroup_try_charge+0x136/0x590 [ 2782.939612][T23176] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2782.945252][T23176] wp_page_copy+0x407/0x1860 [ 2782.949840][T23176] ? find_held_lock+0x35/0x130 [ 2782.954644][T23176] ? do_wp_page+0x53b/0x15c0 [ 2782.959239][T23176] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2782.965052][T23176] ? lock_downgrade+0x920/0x920 [ 2782.969916][T23176] ? swp_swapcount+0x540/0x540 [ 2782.974694][T23176] ? __kasan_check_read+0x11/0x20 [ 2782.979715][T23176] ? do_raw_spin_unlock+0x57/0x270 [ 2782.984837][T23176] do_wp_page+0x543/0x15c0 [ 2782.989265][T23176] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2782.994666][T23176] __handle_mm_fault+0x23ec/0x4040 [ 2782.999787][T23176] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2783.005335][T23176] ? handle_mm_fault+0x292/0xaa0 [ 2783.010286][T23176] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2783.016538][T23176] ? __kasan_check_read+0x11/0x20 [ 2783.021658][T23176] handle_mm_fault+0x3b7/0xaa0 [ 2783.026429][T23176] __do_page_fault+0x536/0xdd0 [ 2783.031212][T23176] do_page_fault+0x38/0x590 [ 2783.035727][T23176] page_fault+0x39/0x40 [ 2783.039881][T23176] RIP: 0033:0x403522 [ 2783.043781][T23176] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2783.063500][T23176] RSP: 002b:00007ffea7c90df0 EFLAGS: 00010246 [ 2783.069591][T23176] RAX: 0000000000000000 RBX: 00000000002a75af RCX: 0000000000413660 [ 2783.077563][T23176] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffea7c91f20 [ 2783.085535][T23176] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000ae8940 [ 2783.093510][T23176] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffea7c91f20 [ 2783.101513][T23176] R13: 00007ffea7c91f10 R14: 0000000000000000 R15: 00007ffea7c91f20 [ 2783.120814][T23176] memory: usage 856kB, limit 0kB, failcnt 1011 [ 2783.127017][T23176] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2783.150485][T23176] Memory cgroup stats for /syz2: [ 2783.150585][T23176] anon 0 [ 2783.150585][T23176] file 86016 [ 2783.150585][T23176] kernel_stack 0 [ 2783.150585][T23176] slab 671744 [ 2783.150585][T23176] sock 0 [ 2783.150585][T23176] shmem 0 [ 2783.150585][T23176] file_mapped 0 [ 2783.150585][T23176] file_dirty 0 [ 2783.150585][T23176] file_writeback 0 [ 2783.150585][T23176] anon_thp 0 [ 2783.150585][T23176] inactive_anon 0 [ 2783.150585][T23176] active_anon 0 [ 2783.150585][T23176] inactive_file 0 [ 2783.150585][T23176] active_file 0 [ 2783.150585][T23176] unevictable 0 [ 2783.150585][T23176] slab_reclaimable 135168 [ 2783.150585][T23176] slab_unreclaimable 536576 [ 2783.150585][T23176] pgfault 35574 [ 2783.150585][T23176] pgmajfault 0 [ 2783.150585][T23176] workingset_refault 0 [ 2783.150585][T23176] workingset_activate 0 [ 2783.150585][T23176] workingset_nodereclaim 0 [ 2783.150585][T23176] pgrefill 166 [ 2783.150585][T23176] pgscan 167 [ 2783.150585][T23176] pgsteal 0 [ 2783.150585][T23176] pgactivate 99 [ 2783.150585][T23176] pgdeactivate 166 [ 2783.155702][T23176] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23176,uid=0 [ 2783.312108][T23176] Memory cgroup out of memory: Killed process 23176 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:118784kB oom_score_adj:0 [ 2783.331571][ T1065] oom_reaper: reaped process 23176 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2783.352945][T23204] device hsr_slave_0 entered promiscuous mode [ 2783.401667][T23204] device hsr_slave_1 entered promiscuous mode [ 2783.460594][T23204] debugfs: Directory 'hsr0' with parent '/' already present! [ 2783.837479][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2783.861625][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2783.871175][T21272] bridge0: port 1(bridge_slave_0) entered blocking state [ 2783.878398][T21272] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2783.888271][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2783.897894][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2783.911487][T21272] bridge0: port 2(bridge_slave_1) entered blocking state [ 2783.918758][T21272] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2783.994593][T23203] device hsr_slave_0 entered promiscuous mode [ 2784.161777][T23203] device hsr_slave_1 entered promiscuous mode [ 2784.220780][T23203] debugfs: Directory 'hsr0' with parent '/' already present! [ 2784.283507][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2784.293100][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2784.473813][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2784.594895][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2784.605624][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2784.661991][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2784.671428][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2784.682265][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2784.723175][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2784.733138][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2784.808066][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2784.817955][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2784.889654][T23188] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2784.923598][T23200] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2785.167127][T23188] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2785.179637][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2785.198165][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2785.249265][T23200] 8021q: adding VLAN 0 to HW filter on device team0 [ 2785.349121][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2785.362547][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2785.372277][T21074] bridge0: port 1(bridge_slave_0) entered blocking state [ 2785.379356][T21074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2785.389097][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2785.398729][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2785.407765][T21074] bridge0: port 2(bridge_slave_1) entered blocking state [ 2785.415028][T21074] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2785.503321][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2785.521671][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2785.553635][T23204] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2785.577020][T23203] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2785.588365][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2785.752258][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2785.772043][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2785.780889][T23226] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2785.801517][T23226] CPU: 0 PID: 23226 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 2785.809283][T23226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2785.819580][T23226] Call Trace: [ 2785.820354][T23204] 8021q: adding VLAN 0 to HW filter on device team0 [ 2785.822915][T23226] dump_stack+0x172/0x1f0 [ 2785.834274][T23226] dump_header+0x10b/0x82d [ 2785.838955][T23226] oom_kill_process.cold+0x10/0x15 [ 2785.844095][T23226] out_of_memory+0x334/0x1340 [ 2785.848787][T23226] ? __sched_text_start+0x8/0x8 [ 2785.853659][T23226] ? oom_killer_disable+0x280/0x280 [ 2785.858897][T23226] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2785.864465][T23226] ? memcg_stat_show+0xc40/0xc40 [ 2785.869544][T23226] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2785.873378][T23200] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2785.875943][T23226] ? cgroup_file_notify+0x140/0x1b0 [ 2785.891730][T23226] memory_max_write+0x262/0x3a0 [ 2785.896597][T23226] ? mem_cgroup_write+0x370/0x370 [ 2785.900348][T23200] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2785.901766][T23226] ? lock_acquire+0x190/0x410 [ 2785.917202][T23226] ? kernfs_fop_write+0x227/0x480 [ 2785.922337][T23226] cgroup_file_write+0x241/0x790 [ 2785.928413][T23226] ? mem_cgroup_write+0x370/0x370 [ 2785.933463][T23226] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2785.939122][T23226] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2785.944990][T23226] kernfs_fop_write+0x2b8/0x480 [ 2785.950025][T23226] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2785.956292][T23226] __vfs_write+0x8a/0x110 [ 2785.960899][T23226] ? kernfs_fop_open+0xd80/0xd80 [ 2785.965945][T23226] vfs_write+0x268/0x5d0 [ 2785.970441][T23226] ksys_write+0x14f/0x290 [ 2785.974979][T23226] ? __ia32_sys_read+0xb0/0xb0 [ 2785.978166][T23200] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2785.979780][T23226] ? do_syscall_64+0x26/0x760 [ 2785.991534][T23226] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2785.991549][T23226] ? do_syscall_64+0x26/0x760 [ 2785.991572][T23226] __x64_sys_write+0x73/0xb0 [ 2785.991594][T23226] do_syscall_64+0xfa/0x760 [ 2786.011723][T23226] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2786.017724][T23226] RIP: 0033:0x459a59 [ 2786.021636][T23226] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2786.041507][T23226] RSP: 002b:00007f3d94f67c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2786.050121][T23226] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2786.058116][T23226] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2786.066115][T23226] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2786.074130][T23226] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3d94f686d4 [ 2786.082098][T23226] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2786.095502][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2786.108573][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2786.118122][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2786.126770][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2786.162075][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2786.184394][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2786.205756][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2786.219432][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2786.230871][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2786.240628][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2786.366833][T23203] 8021q: adding VLAN 0 to HW filter on device team0 [ 2786.394440][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2786.428658][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2786.593658][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2786.599413][T23226] memory: usage 5476kB, limit 0kB, failcnt 1088 [ 2786.608947][T23226] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2786.611084][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2786.617552][T23226] Memory cgroup stats for /syz5: [ 2786.617658][T23226] anon 4304896 [ 2786.617658][T23226] file 90112 [ 2786.617658][T23226] kernel_stack 65536 [ 2786.617658][T23226] slab 966656 [ 2786.617658][T23226] sock 0 [ 2786.617658][T23226] shmem 0 [ 2786.617658][T23226] file_mapped 0 [ 2786.617658][T23226] file_dirty 0 [ 2786.617658][T23226] file_writeback 0 [ 2786.617658][T23226] anon_thp 4194304 [ 2786.617658][T23226] inactive_anon 0 [ 2786.617658][T23226] active_anon 4304896 [ 2786.617658][T23226] inactive_file 135168 [ 2786.617658][T23226] active_file 0 [ 2786.617658][T23226] unevictable 0 [ 2786.617658][T23226] slab_reclaimable 270336 [ 2786.617658][T23226] slab_unreclaimable 696320 [ 2786.617658][T23226] pgfault 20031 [ 2786.617658][T23226] pgmajfault 0 [ 2786.617658][T23226] workingset_refault 0 [ 2786.617658][T23226] workingset_activate 0 [ 2786.617658][T23226] workingset_nodereclaim 0 [ 2786.617658][T23226] pgrefill 166 [ 2786.617658][T23226] pgscan 165 [ 2786.617658][T23226] pgsteal 35 [ 2786.617658][T23226] pgactivate 132 [ 2786.640904][ T3335] bridge0: port 1(bridge_slave_0) entered blocking state [ 2786.726361][T23226] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23224,uid=0 [ 2786.727554][ T3335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2786.751165][T23226] Memory cgroup out of memory: Killed process 23226 (syz-executor.5) total-vm:72708kB, anon-rss:4236kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2786.773486][ T1065] oom_reaper: reaped process 23226 (syz-executor.5), now anon-rss:0kB, file-rss:34872kB, shmem-rss:0kB [ 2786.788329][T23233] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2786.802175][T23233] CPU: 0 PID: 23233 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2786.809914][T23233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2786.819987][T23233] Call Trace: [ 2786.823484][T23233] dump_stack+0x172/0x1f0 [ 2786.827851][T23233] dump_header+0x10b/0x82d [ 2786.832459][T23233] oom_kill_process.cold+0x10/0x15 [ 2786.837757][T23233] out_of_memory+0x334/0x1340 [ 2786.842650][T23233] ? oom_killer_disable+0x280/0x280 [ 2786.847895][T23233] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2786.853468][T23233] ? memcg_stat_show+0xc40/0xc40 [ 2786.858529][T23233] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2786.864459][T23233] ? cgroup_file_notify+0x140/0x1b0 [ 2786.869690][T23233] memory_max_write+0x262/0x3a0 [ 2786.874861][T23233] ? mem_cgroup_write+0x370/0x370 [ 2786.879998][T23233] ? __this_cpu_preempt_check+0x3a/0x210 [ 2786.885654][T23233] ? retint_kernel+0x2b/0x2b [ 2786.890284][T23233] cgroup_file_write+0x241/0x790 [ 2786.895253][T23233] ? mem_cgroup_write+0x370/0x370 [ 2786.900388][T23233] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2786.904132][T23203] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2786.906242][T23233] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2786.922337][T23233] kernfs_fop_write+0x2b8/0x480 [ 2786.927296][T23233] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2786.930343][T23203] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2786.933989][T23233] __vfs_write+0x8a/0x110 [ 2786.949071][T23233] ? kernfs_fop_open+0xd80/0xd80 [ 2786.954053][T23233] vfs_write+0x268/0x5d0 [ 2786.958331][T23233] ksys_write+0x14f/0x290 [ 2786.963547][T23233] ? __ia32_sys_read+0xb0/0xb0 [ 2786.968641][T23233] ? do_syscall_64+0x26/0x760 [ 2786.973348][T23233] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2786.979711][T23233] ? do_syscall_64+0x26/0x760 [ 2786.984424][T23233] __x64_sys_write+0x73/0xb0 [ 2786.989046][T23233] do_syscall_64+0xfa/0x760 [ 2786.993592][T23233] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2786.999630][T23233] RIP: 0033:0x459a59 [ 2787.003639][T23233] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2787.011741][T23203] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2787.024872][T23233] RSP: 002b:00007faaeba1dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 16:22:44 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2787.024890][T23233] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2787.024900][T23233] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2787.024910][T23233] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2787.024927][T23233] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faaeba1e6d4 [ 2787.056635][T23233] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff 16:22:44 executing program 4: r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8b24, &(0x7f00000000c0)='wlan1\x00\x19\xca[\xd0\xf8O\xe7\v\x05r\x10\xd1.J\xbb4p\xe5\xa9\x88\x12R \xf7\xd96\x0fBBR\\\xd3\xb2d\xaf5|Z\x8f\xf1\x87\xb4\xc3&\xdc\xab\x82c\x01\xbey\xf6\x0f\xe5\x11Z\x18\x852\xf1\x82\xbf\x82;\x80\x87\xa7\xb6\xe1\xfd\xb9\xca\bB\x82\xa3m\x855\xed\v\x1a\xab\xa8[[\\]\xf2I\xa6\xce\x86\x11\xff\xdb\xcf\xc5Hl\xd6\x14\xe4\xffH_a,\xe2\xb1\x8a\xf3:s\xc5\xce\xc9\x12P\xe3\xc9\xb3\x8a\x10\xa5\b\xa3Q\xfb\x1a\x17\xac\x804V=\xf8%\x1b\x0e\x051(\x87\xd50\x84b\x97\xafJ\x0e\xdb\xf8Z\x96\xbd\x1d\x87&\xea@\xe8\x93\xd8G\xdc\xaa\x12\xb4\xd1\x8e\"\x12)_^\x13254\xaer\xb7\x90\x054@\x06\x00\x00\x00\x00\x00\x00\x00\xfe\x9d\x8e\x7f\xe2\xabH\xb1.i\xf8\x81\xa9\xb1(\x04\x1cH\xa5\xb9x\x8f;\x98\xb8)') 16:22:44 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x0, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2787.157613][T23233] memory: usage 5308kB, limit 0kB, failcnt 867 [ 2787.179615][T23233] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2787.197527][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2787.207327][T23233] Memory cgroup stats for /syz3: [ 2787.208174][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2787.208633][T23233] anon 4370432 [ 2787.208633][T23233] file 16384 [ 2787.208633][T23233] kernel_stack 65536 [ 2787.208633][T23233] slab 942080 [ 2787.208633][T23233] sock 0 [ 2787.208633][T23233] shmem 0 [ 2787.208633][T23233] file_mapped 0 [ 2787.208633][T23233] file_dirty 0 [ 2787.208633][T23233] file_writeback 0 [ 2787.208633][T23233] anon_thp 4194304 [ 2787.208633][T23233] inactive_anon 0 [ 2787.208633][T23233] active_anon 4370432 [ 2787.208633][T23233] inactive_file 0 [ 2787.208633][T23233] active_file 0 [ 2787.208633][T23233] unevictable 0 [ 2787.208633][T23233] slab_reclaimable 270336 [ 2787.208633][T23233] slab_unreclaimable 671744 [ 2787.208633][T23233] pgfault 31416 [ 2787.208633][T23233] pgmajfault 0 [ 2787.208633][T23233] workingset_refault 0 [ 2787.208633][T23233] workingset_activate 0 [ 2787.208633][T23233] workingset_nodereclaim 0 [ 2787.208633][T23233] pgrefill 100 [ 2787.208633][T23233] pgscan 99 [ 2787.208633][T23233] pgsteal 0 [ 2787.208633][T23233] pgactivate 66 [ 2787.223031][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2787.327422][T23233] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23232,uid=0 [ 2787.344479][T23233] Memory cgroup out of memory: Killed process 23233 (syz-executor.3) total-vm:72708kB, anon-rss:4240kB, file-rss:35828kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2787.363804][T23188] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2787.366535][ T1065] oom_reaper: reaped process 23233 (syz-executor.3), now anon-rss:0kB, file-rss:34868kB, shmem-rss:0kB [ 2787.374665][T23188] CPU: 0 PID: 23188 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 2787.393682][T23188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2787.403805][T23188] Call Trace: [ 2787.407210][T23188] dump_stack+0x172/0x1f0 [ 2787.411668][T23188] dump_header+0x10b/0x82d [ 2787.416118][T23188] ? oom_kill_process+0x94/0x3f0 [ 2787.421087][T23188] oom_kill_process.cold+0x10/0x15 [ 2787.426225][T23188] out_of_memory+0x334/0x1340 [ 2787.431215][T23188] ? lock_downgrade+0x920/0x920 [ 2787.436179][T23188] ? oom_killer_disable+0x280/0x280 [ 2787.441500][T23188] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2787.447069][T23188] ? memcg_stat_show+0xc40/0xc40 [ 2787.452146][T23188] ? do_raw_spin_unlock+0x57/0x270 [ 2787.457278][T23188] ? _raw_spin_unlock+0x2d/0x50 [ 2787.462238][T23188] try_charge+0xf4b/0x1440 [ 2787.466780][T23188] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2787.472499][T23188] ? percpu_ref_tryget_live+0x111/0x290 [ 2787.478936][T23188] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2787.485357][T23188] ? __kasan_check_read+0x11/0x20 [ 2787.490411][T23188] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2787.496171][T23188] mem_cgroup_try_charge+0x136/0x590 [ 2787.501616][T23188] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2787.507272][T23188] wp_page_copy+0x407/0x1860 [ 2787.512050][T23188] ? find_held_lock+0x35/0x130 [ 2787.516837][T23188] ? do_wp_page+0x53b/0x15c0 [ 2787.521449][T23188] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2787.527277][T23188] ? lock_downgrade+0x920/0x920 [ 2787.532240][T23188] ? swp_swapcount+0x540/0x540 [ 2787.537041][T23188] ? __kasan_check_read+0x11/0x20 [ 2787.542168][T23188] ? do_raw_spin_unlock+0x57/0x270 [ 2787.547296][T23188] do_wp_page+0x543/0x15c0 [ 2787.551253][T21074] bridge0: port 1(bridge_slave_0) entered blocking state [ 2787.552049][T23188] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2787.552073][T23188] __handle_mm_fault+0x23ec/0x4040 [ 2787.559109][T21074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2787.564463][T23188] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2787.564477][T23188] ? handle_mm_fault+0x292/0xaa0 [ 2787.564507][T23188] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2787.594157][T23188] ? __kasan_check_read+0x11/0x20 [ 2787.597947][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2787.599345][T23188] handle_mm_fault+0x3b7/0xaa0 [ 2787.599368][T23188] __do_page_fault+0x536/0xdd0 [ 2787.617346][T23188] do_page_fault+0x38/0x590 [ 2787.621871][T23188] page_fault+0x39/0x40 [ 2787.626072][T23188] RIP: 0033:0x430b36 [ 2787.630130][T23188] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2787.633167][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2787.650433][T23188] RSP: 002b:00007ffd2be14740 EFLAGS: 00010206 [ 2787.650445][T23188] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2787.650452][T23188] RDX: 0000000000ac4930 RSI: 0000000000acc970 RDI: 0000000000000003 [ 2787.650459][T23188] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000000ac3940 [ 2787.650466][T23188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2787.650473][T23188] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 16:22:45 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2787.673174][T23188] memory: usage 1056kB, limit 0kB, failcnt 1096 [ 2787.723845][T23188] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2787.732063][T23188] Memory cgroup stats for /syz5: [ 2787.732168][T23188] anon 90112 [ 2787.732168][T23188] file 90112 [ 2787.732168][T23188] kernel_stack 0 [ 2787.732168][T23188] slab 966656 [ 2787.732168][T23188] sock 0 [ 2787.732168][T23188] shmem 0 [ 2787.732168][T23188] file_mapped 0 [ 2787.732168][T23188] file_dirty 0 [ 2787.732168][T23188] file_writeback 0 [ 2787.732168][T23188] anon_thp 0 [ 2787.732168][T23188] inactive_anon 0 [ 2787.732168][T23188] active_anon 90112 [ 2787.732168][T23188] inactive_file 135168 [ 2787.732168][T23188] active_file 0 [ 2787.732168][T23188] unevictable 0 [ 2787.732168][T23188] slab_reclaimable 270336 [ 2787.732168][T23188] slab_unreclaimable 696320 [ 2787.732168][T23188] pgfault 20064 [ 2787.732168][T23188] pgmajfault 0 [ 2787.732168][T23188] workingset_refault 0 [ 2787.732168][T23188] workingset_activate 0 [ 2787.732168][T23188] workingset_nodereclaim 0 [ 2787.732168][T23188] pgrefill 166 [ 2787.732168][T23188] pgscan 165 [ 2787.732168][T23188] pgsteal 35 [ 2787.732168][T23188] pgactivate 132 [ 2787.732567][T21074] bridge0: port 2(bridge_slave_1) entered blocking state [ 2787.737396][T23188] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23188,uid=0 [ 2787.827014][T21074] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2787.832687][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2787.850443][T23188] Memory cgroup out of memory: Killed process 23188 (syz-executor.5) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2787.853285][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2787.858888][T23200] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2787.867394][ T1065] oom_reaper: reaped process 23188 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2787.900580][T23200] CPU: 0 PID: 23200 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2787.905589][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2787.914906][T23200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2787.914913][T23200] Call Trace: [ 2787.914936][T23200] dump_stack+0x172/0x1f0 [ 2787.914954][T23200] dump_header+0x10b/0x82d [ 2787.914966][T23200] ? oom_kill_process+0x94/0x3f0 [ 2787.914982][T23200] oom_kill_process.cold+0x10/0x15 [ 2787.914998][T23200] out_of_memory+0x334/0x1340 [ 2787.924167][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2787.930549][T23200] ? lock_downgrade+0x920/0x920 [ 2787.930570][T23200] ? oom_killer_disable+0x280/0x280 [ 2787.930602][T23200] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2787.943736][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2787.944227][T23200] ? memcg_stat_show+0xc40/0xc40 [ 2787.950116][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2787.953322][T23200] ? do_raw_spin_unlock+0x57/0x270 [ 2787.953340][T23200] ? _raw_spin_unlock+0x2d/0x50 [ 2787.953364][T23200] try_charge+0xf4b/0x1440 [ 2787.959306][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2787.963477][T23200] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2787.963491][T23200] ? percpu_ref_tryget_live+0x111/0x290 [ 2787.963511][T23200] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2787.969619][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2787.976698][T23200] ? __kasan_check_read+0x11/0x20 [ 2787.976718][T23200] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2787.976740][T23200] mem_cgroup_try_charge+0x136/0x590 [ 2787.983411][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2787.987053][T23200] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2787.993640][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2788.000809][T23200] wp_page_copy+0x407/0x1860 [ 2788.000825][T23200] ? find_held_lock+0x35/0x130 [ 2788.000844][T23200] ? do_wp_page+0x53b/0x15c0 [ 2788.007062][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2788.014179][T23200] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2788.014197][T23200] ? lock_downgrade+0x920/0x920 [ 2788.014214][T23200] ? swp_swapcount+0x540/0x540 [ 2788.014232][T23200] ? __kasan_check_read+0x11/0x20 [ 2788.020625][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2788.024812][T23200] ? do_raw_spin_unlock+0x57/0x270 [ 2788.029849][T21074] bridge0: port 2(bridge_slave_1) entered blocking state [ 2788.037355][T23200] do_wp_page+0x543/0x15c0 [ 2788.037373][T23200] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2788.037404][T23200] __handle_mm_fault+0x23ec/0x4040 [ 2788.043146][T21074] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2788.048637][T23200] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2788.056565][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2788.063061][T23200] ? handle_mm_fault+0x292/0xaa0 [ 2788.063089][T23200] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2788.063107][T23200] ? __kasan_check_read+0x11/0x20 [ 2788.069916][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2788.074340][T23200] handle_mm_fault+0x3b7/0xaa0 [ 2788.074360][T23200] __do_page_fault+0x536/0xdd0 [ 2788.074383][T23200] do_page_fault+0x38/0x590 [ 2788.081189][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2788.087855][T23200] page_fault+0x39/0x40 [ 2788.250159][T23200] RIP: 0033:0x403522 [ 2788.254264][T23200] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2788.274409][T23200] RSP: 002b:00007ffed3479c00 EFLAGS: 00010246 [ 2788.280617][T23200] RAX: 0000000000000000 RBX: 00000000002a8748 RCX: 0000000000413660 [ 2788.288580][T23200] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffed347ad30 [ 2788.296727][T23200] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000eb5940 [ 2788.305061][T23200] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffed347ad30 [ 2788.313033][T23200] R13: 00007ffed347ad20 R14: 0000000000000000 R15: 00007ffed347ad30 [ 2788.347044][T23200] memory: usage 888kB, limit 0kB, failcnt 875 [ 2788.353228][T23200] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2788.365822][T23200] Memory cgroup stats for /syz3: [ 2788.365915][T23200] anon 40960 [ 2788.365915][T23200] file 16384 [ 2788.365915][T23200] kernel_stack 0 [ 2788.365915][T23200] slab 942080 [ 2788.365915][T23200] sock 0 [ 2788.365915][T23200] shmem 0 [ 2788.365915][T23200] file_mapped 0 [ 2788.365915][T23200] file_dirty 0 [ 2788.365915][T23200] file_writeback 0 [ 2788.365915][T23200] anon_thp 0 [ 2788.365915][T23200] inactive_anon 0 [ 2788.365915][T23200] active_anon 40960 [ 2788.365915][T23200] inactive_file 0 [ 2788.365915][T23200] active_file 0 [ 2788.365915][T23200] unevictable 0 [ 2788.365915][T23200] slab_reclaimable 270336 [ 2788.365915][T23200] slab_unreclaimable 671744 [ 2788.365915][T23200] pgfault 31416 [ 2788.365915][T23200] pgmajfault 0 [ 2788.365915][T23200] workingset_refault 0 [ 2788.365915][T23200] workingset_activate 0 [ 2788.365915][T23200] workingset_nodereclaim 0 [ 2788.365915][T23200] pgrefill 100 [ 2788.365915][T23200] pgscan 99 [ 2788.365915][T23200] pgsteal 0 [ 2788.365915][T23200] pgactivate 66 [ 2788.367047][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2788.371410][T23200] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23200,uid=0 [ 2788.469576][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2788.491314][T23200] Memory cgroup out of memory: Killed process 23200 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2788.521814][ T1065] oom_reaper: reaped process 23200 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2788.555135][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2788.594222][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2788.998223][T23246] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2789.039524][ C1] neighbour: ndisc_cache: neighbor table overflow! [ 2789.041026][T23246] CPU: 0 PID: 23246 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2789.054432][T23246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2789.064822][T23246] Call Trace: [ 2789.068151][T23246] dump_stack+0x172/0x1f0 [ 2789.072521][T23246] dump_header+0x10b/0x82d [ 2789.076971][T23246] oom_kill_process.cold+0x10/0x15 [ 2789.082126][T23246] out_of_memory+0x334/0x1340 [ 2789.086974][T23246] ? __sched_text_start+0x8/0x8 [ 2789.091943][T23246] ? oom_killer_disable+0x280/0x280 [ 2789.097282][T23246] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2789.102947][T23246] ? memcg_stat_show+0xc40/0xc40 [ 2789.107927][T23246] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2789.113946][T23246] ? cgroup_file_notify+0x140/0x1b0 [ 2789.119268][T23246] memory_max_write+0x262/0x3a0 [ 2789.124264][T23246] ? mem_cgroup_write+0x370/0x370 [ 2789.129334][T23246] ? lock_acquire+0x190/0x410 [ 2789.134285][T23246] ? kernfs_fop_write+0x227/0x480 [ 2789.139351][T23246] cgroup_file_write+0x241/0x790 [ 2789.144319][T23246] ? mem_cgroup_write+0x370/0x370 [ 2789.149389][T23246] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2789.155248][T23246] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2789.161023][T23246] kernfs_fop_write+0x2b8/0x480 [ 2789.166133][T23246] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2789.172557][T23246] __vfs_write+0x8a/0x110 [ 2789.176999][T23246] ? kernfs_fop_open+0xd80/0xd80 [ 2789.182101][T23246] vfs_write+0x268/0x5d0 [ 2789.186465][T23246] ksys_write+0x14f/0x290 [ 2789.190827][T23246] ? __ia32_sys_read+0xb0/0xb0 [ 2789.195637][T23246] ? do_syscall_64+0x26/0x760 [ 2789.200457][T23246] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2789.206642][T23246] ? do_syscall_64+0x26/0x760 [ 2789.211366][T23246] __x64_sys_write+0x73/0xb0 [ 2789.215990][T23246] do_syscall_64+0xfa/0x760 [ 2789.220799][T23246] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2789.227333][T23246] RIP: 0033:0x459a59 [ 2789.231285][T23246] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2789.251620][T23246] RSP: 002b:00007feb452ebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2789.260059][T23246] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2789.268233][T23246] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2789.276501][T23246] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2789.284706][T23246] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feb452ec6d4 [ 2789.292786][T23246] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2789.380832][T23246] memory: usage 20968kB, limit 0kB, failcnt 192 [ 2789.388318][T23246] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2789.420815][T23246] Memory cgroup stats for /syz0: [ 2789.422222][T23246] anon 4153344 [ 2789.422222][T23246] file 0 [ 2789.422222][T23246] kernel_stack 65536 [ 2789.422222][T23246] slab 17149952 [ 2789.422222][T23246] sock 0 [ 2789.422222][T23246] shmem 0 [ 2789.422222][T23246] file_mapped 0 [ 2789.422222][T23246] file_dirty 0 [ 2789.422222][T23246] file_writeback 0 [ 2789.422222][T23246] anon_thp 4194304 [ 2789.422222][T23246] inactive_anon 0 [ 2789.422222][T23246] active_anon 4153344 [ 2789.422222][T23246] inactive_file 0 [ 2789.422222][T23246] active_file 0 [ 2789.422222][T23246] unevictable 0 [ 2789.422222][T23246] slab_reclaimable 16490496 [ 2789.422222][T23246] slab_unreclaimable 659456 [ 2789.422222][T23246] pgfault 45177 [ 2789.422222][T23246] pgmajfault 0 [ 2789.422222][T23246] workingset_refault 0 [ 2789.422222][T23246] workingset_activate 0 [ 2789.422222][T23246] workingset_nodereclaim 0 [ 2789.422222][T23246] pgrefill 249 [ 2789.422222][T23246] pgscan 231 [ 2789.422222][T23246] pgsteal 34 [ 2789.422222][T23246] pgactivate 198 [ 2789.525187][T23246] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23245,uid=0 [ 2789.542334][T23246] Memory cgroup out of memory: Killed process 23245 (syz-executor.0) total-vm:72708kB, anon-rss:4184kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2789.567647][ T1065] oom_reaper: reaped process 23245 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 2789.697888][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2789.722499][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2789.733580][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2789.773177][T23203] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2789.848425][T23203] CPU: 1 PID: 23203 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2789.856166][T23203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2789.866856][T23203] Call Trace: [ 2789.870338][T23203] dump_stack+0x172/0x1f0 [ 2789.874698][T23203] dump_header+0x10b/0x82d [ 2789.879210][T23203] ? oom_kill_process+0x94/0x3f0 [ 2789.884331][T23203] oom_kill_process.cold+0x10/0x15 [ 2789.889588][T23203] out_of_memory+0x334/0x1340 [ 2789.894392][T23203] ? lock_downgrade+0x920/0x920 [ 2789.899262][T23203] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2789.905198][T23203] ? oom_killer_disable+0x280/0x280 [ 2789.910427][T23203] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2789.915976][T23203] ? memcg_stat_show+0xc40/0xc40 [ 2789.921076][T23203] ? do_raw_spin_unlock+0x57/0x270 [ 2789.926300][T23203] ? _raw_spin_unlock+0x2d/0x50 [ 2789.931168][T23203] try_charge+0xf4b/0x1440 [ 2789.935606][T23203] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2789.941345][T23203] ? percpu_ref_tryget_live+0x111/0x290 [ 2789.946948][T23203] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2789.953203][T23203] ? __kasan_check_read+0x11/0x20 [ 2789.958969][T23203] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2789.964660][T23203] mem_cgroup_try_charge+0x136/0x590 [ 2789.969967][T23203] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2789.975700][T23203] __handle_mm_fault+0x1f0d/0x4040 [ 2789.980831][T23203] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2789.986397][T23203] ? handle_mm_fault+0x292/0xaa0 [ 2789.991674][T23203] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2789.998220][T23203] ? __kasan_check_read+0x11/0x20 [ 2790.003263][T23203] handle_mm_fault+0x3b7/0xaa0 [ 2790.008129][T23203] __do_page_fault+0x536/0xdd0 [ 2790.013028][T23203] do_page_fault+0x38/0x590 [ 2790.017548][T23203] page_fault+0x39/0x40 [ 2790.021720][T23203] RIP: 0033:0x403522 [ 2790.025633][T23203] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2790.045548][T23203] RSP: 002b:00007ffcc9769fa0 EFLAGS: 00010246 [ 2790.051782][T23203] RAX: 0000000000000000 RBX: 00000000002a9020 RCX: 0000000000413660 [ 2790.059923][T23203] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffcc976b0d0 [ 2790.067905][T23203] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000e88940 [ 2790.076101][T23203] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc976b0d0 [ 2790.084330][T23203] R13: 00007ffcc976b0c0 R14: 0000000000000000 R15: 00007ffcc976b0d0 [ 2790.094859][T23203] memory: usage 16536kB, limit 0kB, failcnt 208 [ 2790.101413][T23203] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2790.108446][T23203] Memory cgroup stats for /syz0: [ 2790.108559][T23203] anon 0 [ 2790.108559][T23203] file 0 [ 2790.108559][T23203] kernel_stack 0 [ 2790.108559][T23203] slab 17149952 [ 2790.108559][T23203] sock 0 [ 2790.108559][T23203] shmem 0 [ 2790.108559][T23203] file_mapped 0 [ 2790.108559][T23203] file_dirty 0 [ 2790.108559][T23203] file_writeback 0 [ 2790.108559][T23203] anon_thp 0 [ 2790.108559][T23203] inactive_anon 0 [ 2790.108559][T23203] active_anon 0 [ 2790.108559][T23203] inactive_file 0 [ 2790.108559][T23203] active_file 0 [ 2790.108559][T23203] unevictable 0 [ 2790.108559][T23203] slab_reclaimable 16490496 [ 2790.108559][T23203] slab_unreclaimable 659456 [ 2790.108559][T23203] pgfault 45177 [ 2790.108559][T23203] pgmajfault 0 [ 2790.108559][T23203] workingset_refault 0 [ 2790.108559][T23203] workingset_activate 0 [ 2790.108559][T23203] workingset_nodereclaim 0 [ 2790.108559][T23203] pgrefill 249 [ 2790.108559][T23203] pgscan 231 [ 2790.108559][T23203] pgsteal 34 [ 2790.108559][T23203] pgactivate 198 [ 2790.108559][T23203] pgdeactivate 249 [ 2790.207311][T23203] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23203,uid=0 [ 2790.223660][T23203] Memory cgroup out of memory: Killed process 23203 (syz-executor.0) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2790.242458][ T1065] oom_reaper: reaped process 23203 (syz-executor.0), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2790.275129][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2790.315978][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2790.368240][T23250] IPVS: ftp: loaded support on port[0] = 21 [ 2790.747311][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2790.763948][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2790.812949][T23204] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2791.054693][T23204] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2791.232039][T23250] chnl_net:caif_netlink_parms(): no params data found [ 2791.287527][T23250] bridge0: port 1(bridge_slave_0) entered blocking state [ 2791.296080][T23250] bridge0: port 1(bridge_slave_0) entered disabled state [ 2791.306033][T23250] device bridge_slave_0 entered promiscuous mode [ 2791.317075][T23250] bridge0: port 2(bridge_slave_1) entered blocking state [ 2791.324844][T23250] bridge0: port 2(bridge_slave_1) entered disabled state [ 2791.362238][T23250] device bridge_slave_1 entered promiscuous mode [ 2791.514829][T23257] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2791.539394][T23250] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2791.541768][T23257] CPU: 1 PID: 23257 Comm: syz-executor.1 Not tainted 5.3.0+ #0 [ 2791.556941][T23257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2791.567184][T23257] Call Trace: [ 2791.570678][T23257] dump_stack+0x172/0x1f0 [ 2791.572459][T23250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2791.575123][T23257] dump_header+0x10b/0x82d [ 2791.575145][T23257] oom_kill_process.cold+0x10/0x15 [ 2791.593966][T23257] out_of_memory+0x334/0x1340 [ 2791.598834][T23257] ? __sched_text_start+0x8/0x8 [ 2791.604596][T23257] ? oom_killer_disable+0x280/0x280 [ 2791.609823][T23257] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2791.609844][T23257] ? memcg_stat_show+0xc40/0xc40 [ 2791.620482][T23257] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2791.626417][T23257] ? cgroup_file_notify+0x140/0x1b0 [ 2791.626444][T23257] memory_max_write+0x262/0x3a0 [ 2791.636609][T23257] ? mem_cgroup_write+0x370/0x370 [ 2791.641838][T23257] ? lock_acquire+0x20b/0x410 [ 2791.641864][T23257] cgroup_file_write+0x241/0x790 [ 2791.641883][T23257] ? mem_cgroup_write+0x370/0x370 [ 2791.641901][T23257] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2791.641924][T23257] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2791.641943][T23257] kernfs_fop_write+0x2b8/0x480 [ 2791.641966][T23257] __vfs_write+0x8a/0x110 [ 2791.641980][T23257] ? kernfs_fop_open+0xd80/0xd80 [ 2791.641997][T23257] vfs_write+0x268/0x5d0 [ 2791.642018][T23257] ksys_write+0x14f/0x290 [ 2791.642039][T23257] ? __ia32_sys_read+0xb0/0xb0 [ 2791.657334][T23257] __x64_sys_write+0x73/0xb0 [ 2791.657353][T23257] ? do_syscall_64+0x5b/0x760 [ 2791.657371][T23257] do_syscall_64+0xfa/0x760 [ 2791.678213][T23257] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2791.678229][T23257] RIP: 0033:0x459a59 [ 2791.696708][T23257] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2791.696717][T23257] RSP: 002b:00007f239abe5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2791.696731][T23257] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2791.696739][T23257] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2791.696821][T23257] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2791.717083][T23257] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f239abe66d4 [ 2791.717093][T23257] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2791.791662][T23257] memory: usage 5256kB, limit 0kB, failcnt 898 [ 2791.798120][T23257] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2791.805691][T23257] Memory cgroup stats for /syz1: [ 2791.806344][T23257] anon 4337664 [ 2791.806344][T23257] file 40960 [ 2791.806344][T23257] kernel_stack 65536 [ 2791.806344][T23257] slab 696320 [ 2791.806344][T23257] sock 0 [ 2791.806344][T23257] shmem 0 [ 2791.806344][T23257] file_mapped 0 [ 2791.806344][T23257] file_dirty 0 [ 2791.806344][T23257] file_writeback 0 [ 2791.806344][T23257] anon_thp 4194304 [ 2791.806344][T23257] inactive_anon 0 [ 2791.806344][T23257] active_anon 4337664 [ 2791.806344][T23257] inactive_file 135168 [ 2791.806344][T23257] active_file 0 [ 2791.806344][T23257] unevictable 0 [ 2791.806344][T23257] slab_reclaimable 135168 [ 2791.806344][T23257] slab_unreclaimable 561152 [ 2791.806344][T23257] pgfault 29436 [ 2791.806344][T23257] pgmajfault 0 [ 2791.806344][T23257] workingset_refault 0 [ 2791.806344][T23257] workingset_activate 0 [ 2791.806344][T23257] workingset_nodereclaim 0 [ 2791.806344][T23257] pgrefill 100 [ 2791.806344][T23257] pgscan 100 [ 2791.806344][T23257] pgsteal 0 [ 2791.806344][T23257] pgactivate 66 [ 2791.913256][T23257] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=23256,uid=0 [ 2791.933598][T23257] Memory cgroup out of memory: Killed process 23256 (syz-executor.1) total-vm:72576kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2791.974952][ T1065] oom_reaper: reaped process 23256 (syz-executor.1), now anon-rss:0kB, file-rss:34876kB, shmem-rss:0kB [ 2792.101166][T23250] team0: Port device team_slave_0 added [ 2792.147332][T23250] team0: Port device team_slave_1 added 16:22:50 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:22:50 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r1 = socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 16:22:50 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:22:50 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:22:50 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="bf1600000006000000000000000a00004870000010000000bc7000000000000095000000000000e7e7743fbe323de204f3699ff54d177dd9ee6deedda5e2d89a66d3ac3546f4637d65f67c60e28e220cd40a359de16d17ee9e8252b74a3e2cb0ff791b80f3fe5192cea7487d250ff938a379db0d8e2c153f664f6c04ce6729bff3244fe3d448451ca2e236759bb76e84bbf11855f200508a0a43274042"], &(0x7f0000000140)='vS\xfdIG|\x8aL[\xf2\'\x9c\xea\xb1\xc0\xb1\x19\x91\x9d/Q\xd9\xe3T\xce\xdax;\x02%\xc5\x1c\xd5GA\xad[(\xbblZ\x01\x1dF\x92#]%sj\xd0i\xc6C\x1f&\xe2\xc5\xa5z\x7f\xe1 \xfb\xc27\x03\x84\x8e\xef\x82-\xfc$$\xaf\v\xbd\x95\x1e\x0f\xbeVI\xec\r!\f\x86\xf5\xfb[Y\x1e\xd4\xdfc\xb1\xc8\xa2\xc1/5\xffr\x1f\x80@\xb8F\xea\xde\x93\xa1\xcb6\xee\xf2\xce\x95\xf2\xfdxR\x17F\xad\xc1~\xa2\x97=O^o\"\xbb\xa8\x9746'}, 0x48) [ 2792.265391][T23204] syz-executor.1 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 2792.310449][T23204] CPU: 1 PID: 23204 Comm: syz-executor.1 Not tainted 5.3.0+ #0 [ 2792.318235][T23204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2792.318242][T23204] Call Trace: [ 2792.318262][T23204] dump_stack+0x172/0x1f0 [ 2792.318287][T23204] dump_header+0x10b/0x82d [ 2792.340717][T23204] ? oom_kill_process+0x94/0x3f0 [ 2792.345683][T23204] oom_kill_process.cold+0x10/0x15 [ 2792.351052][T23204] out_of_memory+0x334/0x1340 [ 2792.355841][T23204] ? lock_downgrade+0x920/0x920 [ 2792.360803][T23204] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2792.366736][T23204] ? oom_killer_disable+0x280/0x280 [ 2792.366762][T23204] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2792.377856][T23204] ? memcg_stat_show+0xc40/0xc40 [ 2792.382830][T23204] ? do_raw_spin_unlock+0x57/0x270 [ 2792.388111][T23204] ? _raw_spin_unlock+0x2d/0x50 [ 2792.393046][T23204] try_charge+0xf4b/0x1440 [ 2792.393071][T23204] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2792.393085][T23204] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2792.393105][T23204] ? cache_grow_begin+0x122/0xd20 [ 2792.393121][T23204] ? find_held_lock+0x35/0x130 [ 2792.393135][T23204] ? cache_grow_begin+0x122/0xd20 [ 2792.393156][T23204] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2792.393170][T23204] ? lock_downgrade+0x920/0x920 [ 2792.393183][T23204] ? memcg_kmem_put_cache+0x50/0x50 [ 2792.393204][T23204] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2792.419098][T23204] ? __kasan_check_read+0x11/0x20 [ 2792.429876][T23204] cache_grow_begin+0x629/0xd20 [ 2792.429894][T23204] ? write_comp_data+0x61/0x70 [ 2792.429911][T23204] ? mempolicy_slab_node+0x139/0x390 [ 2792.452104][T23204] fallback_alloc+0x1fd/0x2d0 [ 2792.471932][T23204] ____cache_alloc_node+0x1bc/0x1d0 [ 2792.471954][T23204] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2792.483480][T23204] kmem_cache_alloc+0x1ef/0x710 [ 2792.488354][T23204] ? stack_trace_save+0xac/0xe0 [ 2792.493377][T23204] __alloc_file+0x27/0x340 [ 2792.498159][T23204] alloc_empty_file+0x72/0x170 [ 2792.498177][T23204] path_openat+0xef/0x46d0 16:22:50 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair(0xa, 0x1, 0x0, &(0x7f0000000040)) [ 2792.498194][T23204] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 2792.513647][T23204] ? kasan_slab_alloc+0xf/0x20 [ 2792.518437][T23204] ? kmem_cache_alloc+0x121/0x710 [ 2792.523477][T23204] ? getname_flags+0xd6/0x5b0 [ 2792.528171][T23204] ? getname+0x1a/0x20 [ 2792.536858][T23204] ? do_sys_open+0x2c9/0x5d0 [ 2792.541458][T23204] ? __x64_sys_open+0x7e/0xc0 [ 2792.546449][T23204] ? __kasan_check_read+0x11/0x20 [ 2792.546464][T23204] ? mark_lock+0xc2/0x1220 [ 2792.546477][T23204] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2792.546498][T23204] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 2792.567095][T23204] ? __alloc_fd+0x487/0x620 [ 2792.571887][T23204] do_filp_open+0x1a1/0x280 [ 2792.576513][T23204] ? may_open_dev+0x100/0x100 [ 2792.581300][T23204] ? lock_downgrade+0x920/0x920 [ 2792.586164][T23204] ? rwlock_bug.part.0+0x90/0x90 [ 2792.591211][T23204] ? __kasan_check_read+0x11/0x20 [ 2792.596344][T23204] ? do_raw_spin_unlock+0x57/0x270 [ 2792.596363][T23204] ? _raw_spin_unlock+0x2d/0x50 [ 2792.596376][T23204] ? __alloc_fd+0x487/0x620 [ 2792.596409][T23204] do_sys_open+0x3fe/0x5d0 [ 2792.615498][T23204] ? filp_open+0x80/0x80 [ 2792.619853][T23204] ? __detach_mounts+0x2a0/0x2a0 [ 2792.619872][T23204] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2792.619890][T23204] ? do_syscall_64+0x26/0x760 [ 2792.635370][T23204] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2792.641607][T23204] ? do_syscall_64+0x26/0x760 [ 2792.646309][T23204] __x64_sys_open+0x7e/0xc0 [ 2792.650829][T23204] do_syscall_64+0xfa/0x760 [ 2792.650852][T23204] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2792.650862][T23204] RIP: 0033:0x4579d0 [ 2792.650876][T23204] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 2792.650884][T23204] RSP: 002b:00007ffc2ad60070 EFLAGS: 00000202 ORIG_RAX: 0000000000000002 [ 2792.650895][T23204] RAX: ffffffffffffffda RBX: 00000000002a983a RCX: 00000000004579d0 [ 2792.650902][T23204] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007ffc2ad61250 [ 2792.650909][T23204] RBP: 0000000000000002 R08: 0000000000000001 R09: 000000000286d940 [ 2792.650917][T23204] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffc2ad61250 [ 2792.650924][T23204] R13: 00007ffc2ad61240 R14: 0000000000000000 R15: 00007ffc2ad61250 [ 2792.735737][T23204] memory: usage 876kB, limit 0kB, failcnt 910 [ 2792.761486][T23204] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2792.768530][T23204] Memory cgroup stats for /syz1: [ 2792.768638][T23204] anon 49152 [ 2792.768638][T23204] file 40960 [ 2792.768638][T23204] kernel_stack 0 [ 2792.768638][T23204] slab 696320 [ 2792.768638][T23204] sock 0 [ 2792.768638][T23204] shmem 0 [ 2792.768638][T23204] file_mapped 0 [ 2792.768638][T23204] file_dirty 0 [ 2792.768638][T23204] file_writeback 0 [ 2792.768638][T23204] anon_thp 0 [ 2792.768638][T23204] inactive_anon 0 [ 2792.768638][T23204] active_anon 49152 [ 2792.768638][T23204] inactive_file 135168 [ 2792.768638][T23204] active_file 0 [ 2792.768638][T23204] unevictable 0 [ 2792.768638][T23204] slab_reclaimable 135168 [ 2792.768638][T23204] slab_unreclaimable 561152 [ 2792.768638][T23204] pgfault 29436 [ 2792.768638][T23204] pgmajfault 0 [ 2792.768638][T23204] workingset_refault 0 [ 2792.768638][T23204] workingset_activate 0 [ 2792.768638][T23204] workingset_nodereclaim 0 [ 2792.768638][T23204] pgrefill 100 [ 2792.768638][T23204] pgscan 100 [ 2792.768638][T23204] pgsteal 0 [ 2792.768638][T23204] pgactivate 66 16:22:50 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0x1, 0x616, 0xf95, 0x0, 0x1}, 0x3c) [ 2793.064878][T23250] device hsr_slave_0 entered promiscuous mode [ 2793.101090][T23204] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=23204,uid=0 [ 2793.121639][T23250] device hsr_slave_1 entered promiscuous mode [ 2793.127192][T23204] Memory cgroup out of memory: Killed process 23204 (syz-executor.1) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2793.170510][ T1065] oom_reaper: reaped process 23204 (syz-executor.1), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2793.175385][T23250] debugfs: Directory 'hsr0' with parent '/' already present! 16:22:51 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000580)={'nr0\x01\x00', 0x801}) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xc, 0x3, &(0x7f00000000c0)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x11, 0x6c}}, &(0x7f0000000000)='syzkaller\x00', 0x1, 0xcf, &(0x7f0000000480)=""/207}, 0x48) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000040)=r1) 16:22:51 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:22:51 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2793.978539][T23274] IPVS: ftp: loaded support on port[0] = 21 [ 2794.207787][T23250] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2794.353558][T23278] IPVS: ftp: loaded support on port[0] = 21 [ 2794.431337][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2794.439687][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2794.453795][T23279] IPVS: ftp: loaded support on port[0] = 21 [ 2794.474309][T23250] 8021q: adding VLAN 0 to HW filter on device team0 [ 2794.518341][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2794.529394][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2794.538913][ T3335] bridge0: port 1(bridge_slave_0) entered blocking state [ 2794.546036][ T3335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2794.673154][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2794.691605][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2794.702772][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2794.711438][T11398] bridge0: port 2(bridge_slave_1) entered blocking state [ 2794.718494][T11398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2794.803238][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2794.926033][T23274] chnl_net:caif_netlink_parms(): no params data found [ 2794.944858][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2795.041702][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2795.053901][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2795.097490][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2795.107497][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2795.117439][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2795.193763][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2795.203358][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2795.404507][T23274] bridge0: port 1(bridge_slave_0) entered blocking state [ 2795.439064][T23274] bridge0: port 1(bridge_slave_0) entered disabled state [ 2795.452445][T23274] device bridge_slave_0 entered promiscuous mode [ 2795.466468][T23274] bridge0: port 2(bridge_slave_1) entered blocking state [ 2795.474007][T23274] bridge0: port 2(bridge_slave_1) entered disabled state [ 2795.483997][T23274] device bridge_slave_1 entered promiscuous mode [ 2795.492878][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2795.503584][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2795.520665][T23250] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2795.636501][T23278] chnl_net:caif_netlink_parms(): no params data found [ 2795.646848][T23284] IPVS: ftp: loaded support on port[0] = 21 [ 2795.737763][T23274] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2795.749057][T23279] chnl_net:caif_netlink_parms(): no params data found [ 2795.778344][T23274] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2795.887840][T23278] bridge0: port 1(bridge_slave_0) entered blocking state [ 2795.899721][T23278] bridge0: port 1(bridge_slave_0) entered disabled state [ 2795.909640][T23278] device bridge_slave_0 entered promiscuous mode [ 2795.965621][T23278] bridge0: port 2(bridge_slave_1) entered blocking state [ 2795.973923][T23278] bridge0: port 2(bridge_slave_1) entered disabled state [ 2795.983885][T23278] device bridge_slave_1 entered promiscuous mode [ 2795.994479][T23250] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2796.082404][T23274] team0: Port device team_slave_0 added [ 2796.098469][T23274] team0: Port device team_slave_1 added [ 2796.119745][T23279] bridge0: port 1(bridge_slave_0) entered blocking state [ 2796.130476][T23279] bridge0: port 1(bridge_slave_0) entered disabled state [ 2796.150976][T23279] device bridge_slave_0 entered promiscuous mode [ 2796.163637][T23279] bridge0: port 2(bridge_slave_1) entered blocking state [ 2796.170887][T23279] bridge0: port 2(bridge_slave_1) entered disabled state [ 2796.179964][T23279] device bridge_slave_1 entered promiscuous mode [ 2796.255086][T23274] device hsr_slave_0 entered promiscuous mode [ 2796.321690][T23274] device hsr_slave_1 entered promiscuous mode [ 2796.380501][T23274] debugfs: Directory 'hsr0' with parent '/' already present! [ 2796.418629][T23278] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2796.549479][T23278] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2796.582491][T23279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2796.648952][T23291] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2796.659664][T23291] CPU: 1 PID: 23291 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2796.667225][T23291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2796.677470][T23291] Call Trace: [ 2796.680817][T23291] dump_stack+0x172/0x1f0 [ 2796.685162][T23291] dump_header+0x10b/0x82d [ 2796.689591][T23291] oom_kill_process.cold+0x10/0x15 [ 2796.694735][T23291] out_of_memory+0x334/0x1340 [ 2796.699423][T23291] ? __sched_text_start+0x8/0x8 [ 2796.704362][T23291] ? oom_killer_disable+0x280/0x280 [ 2796.709588][T23291] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2796.715185][T23291] ? memcg_stat_show+0xc40/0xc40 [ 2796.720241][T23291] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2796.726067][T23291] ? cgroup_file_notify+0x140/0x1b0 [ 2796.731362][T23291] memory_max_write+0x262/0x3a0 [ 2796.736231][T23291] ? mem_cgroup_write+0x370/0x370 [ 2796.741266][T23291] ? lock_acquire+0x190/0x410 [ 2796.746039][T23291] ? kernfs_fop_write+0x227/0x480 [ 2796.751170][T23291] cgroup_file_write+0x241/0x790 [ 2796.756560][T23291] ? mem_cgroup_write+0x370/0x370 [ 2796.761769][T23291] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2796.767418][T23291] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2796.773056][T23291] kernfs_fop_write+0x2b8/0x480 [ 2796.777920][T23291] __vfs_write+0x8a/0x110 [ 2796.782265][T23291] ? kernfs_fop_open+0xd80/0xd80 [ 2796.787209][T23291] vfs_write+0x268/0x5d0 [ 2796.791460][T23291] ksys_write+0x14f/0x290 [ 2796.795792][T23291] ? __ia32_sys_read+0xb0/0xb0 [ 2796.800567][T23291] ? do_syscall_64+0x26/0x760 [ 2796.805257][T23291] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2796.811407][T23291] ? do_syscall_64+0x26/0x760 [ 2796.816267][T23291] __x64_sys_write+0x73/0xb0 [ 2796.820873][T23291] do_syscall_64+0xfa/0x760 [ 2796.825785][T23291] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2796.831675][T23291] RIP: 0033:0x459a59 [ 2796.835558][T23291] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2796.855155][T23291] RSP: 002b:00007f2c2ccebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2796.863554][T23291] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2796.871517][T23291] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2796.879477][T23291] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2796.887439][T23291] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2c2ccec6d4 [ 2796.895495][T23291] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2796.944445][T23291] memory: usage 5328kB, limit 0kB, failcnt 1012 [ 2796.963421][T23278] team0: Port device team_slave_0 added [ 2796.970002][T23291] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2796.977262][T23291] Memory cgroup stats for /syz2: [ 2796.978325][T23291] anon 4255744 [ 2796.978325][T23291] file 86016 [ 2796.978325][T23291] kernel_stack 65536 [ 2796.978325][T23291] slab 806912 [ 2796.978325][T23291] sock 0 [ 2796.978325][T23291] shmem 0 [ 2796.978325][T23291] file_mapped 0 [ 2796.978325][T23291] file_dirty 0 [ 2796.978325][T23291] file_writeback 0 [ 2796.978325][T23291] anon_thp 4194304 [ 2796.978325][T23291] inactive_anon 0 [ 2796.978325][T23291] active_anon 4255744 [ 2796.978325][T23291] inactive_file 0 [ 2796.978325][T23291] active_file 0 [ 2796.978325][T23291] unevictable 0 [ 2796.978325][T23291] slab_reclaimable 135168 [ 2796.978325][T23291] slab_unreclaimable 671744 [ 2796.978325][T23291] pgfault 35640 [ 2796.978325][T23291] pgmajfault 0 [ 2796.978325][T23291] workingset_refault 0 [ 2796.978325][T23291] workingset_activate 0 [ 2796.978325][T23291] workingset_nodereclaim 0 [ 2796.978325][T23291] pgrefill 166 [ 2796.978325][T23291] pgscan 167 [ 2796.978325][T23291] pgsteal 0 [ 2796.978325][T23291] pgactivate 99 [ 2796.987820][T23291] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23290,uid=0 [ 2797.097030][T23291] Memory cgroup out of memory: Killed process 23290 (syz-executor.2) total-vm:72708kB, anon-rss:4244kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2797.121646][ T1065] oom_reaper: reaped process 23290 (syz-executor.2), now anon-rss:0kB, file-rss:34872kB, shmem-rss:0kB [ 2797.151474][T23279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2797.183753][T23278] team0: Port device team_slave_1 added 16:22:55 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x0, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:22:55 executing program 4: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg(r1, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) close(r0) [ 2797.243183][T23250] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2797.286175][T23250] CPU: 1 PID: 23250 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2797.293758][T23250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2797.293764][T23250] Call Trace: [ 2797.293785][T23250] dump_stack+0x172/0x1f0 [ 2797.293803][T23250] dump_header+0x10b/0x82d [ 2797.293815][T23250] ? oom_kill_process+0x94/0x3f0 [ 2797.293830][T23250] oom_kill_process.cold+0x10/0x15 [ 2797.293844][T23250] out_of_memory+0x334/0x1340 [ 2797.293863][T23250] ? lock_downgrade+0x920/0x920 [ 2797.326122][T23250] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2797.326141][T23250] ? oom_killer_disable+0x280/0x280 [ 2797.341432][T23250] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2797.352258][T23250] ? memcg_stat_show+0xc40/0xc40 [ 2797.357196][T23250] ? do_raw_spin_unlock+0x57/0x270 [ 2797.357219][T23250] ? _raw_spin_unlock+0x2d/0x50 [ 2797.367146][T23250] try_charge+0xf4b/0x1440 [ 2797.371565][T23250] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2797.371581][T23250] ? percpu_ref_tryget_live+0x111/0x290 [ 2797.382649][T23250] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2797.388951][T23250] ? __kasan_check_read+0x11/0x20 [ 2797.388973][T23250] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2797.400071][T23250] mem_cgroup_try_charge+0x136/0x590 [ 2797.405373][T23250] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2797.411004][T23250] wp_page_copy+0x407/0x1860 [ 2797.411022][T23250] ? find_held_lock+0x35/0x130 [ 2797.411036][T23250] ? do_wp_page+0x53b/0x15c0 [ 2797.411053][T23250] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2797.430777][T23250] ? lock_downgrade+0x920/0x920 [ 2797.435641][T23250] ? swp_swapcount+0x540/0x540 [ 2797.435658][T23250] ? __kasan_check_read+0x11/0x20 [ 2797.435673][T23250] ? do_raw_spin_unlock+0x57/0x270 [ 2797.445619][T23250] do_wp_page+0x543/0x15c0 [ 2797.445641][T23250] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2797.460592][T23250] __handle_mm_fault+0x23ec/0x4040 [ 2797.465729][T23250] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2797.465744][T23250] ? handle_mm_fault+0x292/0xaa0 [ 2797.465773][T23250] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2797.482454][T23250] ? __kasan_check_read+0x11/0x20 [ 2797.487660][T23250] handle_mm_fault+0x3b7/0xaa0 [ 2797.487688][T23250] __do_page_fault+0x536/0xdd0 [ 2797.497199][T23250] do_page_fault+0x38/0x590 [ 2797.501723][T23250] page_fault+0x39/0x40 [ 2797.505902][T23250] RIP: 0033:0x430b36 [ 2797.509797][T23250] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2797.529411][T23250] RSP: 002b:00007ffee0fee800 EFLAGS: 00010206 [ 2797.535485][T23250] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2797.543467][T23250] RDX: 0000000002431930 RSI: 0000000002439970 RDI: 0000000000000003 [ 2797.551450][T23250] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000002430940 [ 2797.559518][T23250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2797.567520][T23250] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2797.594416][T23250] memory: usage 904kB, limit 0kB, failcnt 1024 [ 2797.614373][T23250] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2797.628277][T23279] team0: Port device team_slave_0 added [ 2797.630995][T23250] Memory cgroup stats for /syz2: [ 2797.631095][T23250] anon 40960 [ 2797.631095][T23250] file 86016 [ 2797.631095][T23250] kernel_stack 0 [ 2797.631095][T23250] slab 806912 [ 2797.631095][T23250] sock 0 [ 2797.631095][T23250] shmem 0 [ 2797.631095][T23250] file_mapped 0 [ 2797.631095][T23250] file_dirty 0 [ 2797.631095][T23250] file_writeback 0 [ 2797.631095][T23250] anon_thp 0 [ 2797.631095][T23250] inactive_anon 0 [ 2797.631095][T23250] active_anon 40960 [ 2797.631095][T23250] inactive_file 0 [ 2797.631095][T23250] active_file 0 [ 2797.631095][T23250] unevictable 0 [ 2797.631095][T23250] slab_reclaimable 135168 [ 2797.631095][T23250] slab_unreclaimable 671744 [ 2797.631095][T23250] pgfault 35673 [ 2797.631095][T23250] pgmajfault 0 [ 2797.631095][T23250] workingset_refault 0 [ 2797.631095][T23250] workingset_activate 0 [ 2797.631095][T23250] workingset_nodereclaim 0 [ 2797.631095][T23250] pgrefill 166 [ 2797.631095][T23250] pgscan 167 [ 2797.631095][T23250] pgsteal 0 [ 2797.631095][T23250] pgactivate 99 [ 2797.741500][T23250] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23250,uid=0 [ 2797.762459][T23250] Memory cgroup out of memory: Killed process 23250 (syz-executor.2) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2797.780850][ T1065] oom_reaper: reaped process 23250 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 16:22:55 executing program 4: ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f00000002c0)) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x4, 0x4, 0x4000004, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0xfffffffffffffe75) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) socket$kcm(0x29, 0x5, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000004c0), 0x4) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000340)='cgroup.events\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x12, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000097c3000000651002000000000095000000000000001b1161"], &(0x7f0000f6bffb), 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000e00)=r0, 0x1e9) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0xbfffffffffffffff, r1, 0x8) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x800000000006) recvmsg(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000000580)=""/230, 0xe6}, {&(0x7f0000000740)=""/157, 0x9d}, {&(0x7f0000000800)=""/232, 0xe8}, {&(0x7f0000000680)=""/66, 0x42}, {&(0x7f0000000900)=""/33, 0x21}, {&(0x7f0000000940)=""/223, 0xdf}, {&(0x7f0000000ec0)=""/240, 0xf0}], 0x7, &(0x7f0000000bc0)=""/25, 0x19}, 0x40) close(0xffffffffffffffff) r2 = socket$kcm(0x10, 0x3, 0x10) socket$kcm(0x29, 0x7, 0x0) sendmsg$kcm(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) ioctl$PERF_EVENT_IOC_RESET(r1, 0x2403, 0x8) r3 = socket$kcm(0x10, 0x0, 0x10) recvmsg(r3, &(0x7f0000000380)={0x0, 0xffffff92, 0x0, 0x0, 0x0, 0xfffffffffffffe2c}, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)='cpuset.cpu_exclusive\x00', 0x2, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000c00)='cgroup.stat\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, &(0x7f00000002c0)=r4, 0x161) [ 2797.883118][T23279] team0: Port device team_slave_1 added [ 2797.924673][T23278] device hsr_slave_0 entered promiscuous mode [ 2797.937580][T23300] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2797.991716][T23278] device hsr_slave_1 entered promiscuous mode [ 2798.080467][T23278] debugfs: Directory 'hsr0' with parent '/' already present! [ 2798.398241][T23284] chnl_net:caif_netlink_parms(): no params data found [ 2798.473480][T23274] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2798.727077][T23300] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.4'. [ 2798.814759][T23279] device hsr_slave_0 entered promiscuous mode [ 2798.862365][T23279] device hsr_slave_1 entered promiscuous mode [ 2798.911390][T23279] debugfs: Directory 'hsr0' with parent '/' already present! [ 2798.924617][T23284] bridge0: port 1(bridge_slave_0) entered blocking state [ 2798.933597][T23284] bridge0: port 1(bridge_slave_0) entered disabled state [ 2798.943834][T23284] device bridge_slave_0 entered promiscuous mode [ 2799.069205][T23284] bridge0: port 2(bridge_slave_1) entered blocking state [ 2799.077704][T23284] bridge0: port 2(bridge_slave_1) entered disabled state [ 2799.088174][T23284] device bridge_slave_1 entered promiscuous mode [ 2799.267770][T23284] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2799.284210][T23284] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2799.369049][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2799.380037][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2799.416084][T23274] 8021q: adding VLAN 0 to HW filter on device team0 [ 2799.523898][T23284] team0: Port device team_slave_0 added [ 2799.534770][T23284] team0: Port device team_slave_1 added [ 2799.562482][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2799.572689][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2799.582245][T13846] bridge0: port 1(bridge_slave_0) entered blocking state [ 2799.589587][T13846] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2799.671434][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2799.709901][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2799.721233][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2799.729975][ T3335] bridge0: port 2(bridge_slave_1) entered blocking state [ 2799.737461][ T3335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2799.814639][T23284] device hsr_slave_0 entered promiscuous mode [ 2799.881773][T23284] device hsr_slave_1 entered promiscuous mode [ 2799.930650][T23284] debugfs: Directory 'hsr0' with parent '/' already present! [ 2799.954900][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2800.043020][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2800.086546][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2800.097133][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2800.191305][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2800.224334][T23274] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2800.235808][T23274] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2800.254584][T23278] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2800.274084][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2800.284684][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2800.294325][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2800.304173][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2800.314525][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2800.324625][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2800.390063][T23279] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2800.400842][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2800.492864][T23278] 8021q: adding VLAN 0 to HW filter on device team0 [ 2800.512433][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2800.521901][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2800.566658][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2800.576571][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2800.587649][T21074] bridge0: port 1(bridge_slave_0) entered blocking state [ 2800.595289][T21074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2800.604306][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2800.613497][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2800.625425][T23274] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2800.700234][T23279] 8021q: adding VLAN 0 to HW filter on device team0 [ 2800.710250][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2800.826624][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2800.848124][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2800.868774][T16391] bridge0: port 2(bridge_slave_1) entered blocking state [ 2800.876102][T16391] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2800.885805][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2800.895476][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2800.904482][T16391] bridge0: port 1(bridge_slave_0) entered blocking state [ 2800.911851][T16391] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2800.952333][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2800.961981][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2800.972702][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2800.984432][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2801.019055][T13846] bridge0: port 2(bridge_slave_1) entered blocking state [ 2801.026634][T13846] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2801.236095][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2801.291642][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2801.457723][T23310] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2801.482720][T23284] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2801.495116][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2801.500793][T23310] CPU: 0 PID: 23310 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2801.510648][T23310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2801.512636][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2801.520904][T23310] Call Trace: [ 2801.520933][T23310] dump_stack+0x172/0x1f0 [ 2801.520959][T23310] dump_header+0x10b/0x82d [ 2801.520984][T23310] oom_kill_process.cold+0x10/0x15 [ 2801.521007][T23310] out_of_memory+0x334/0x1340 [ 2801.521026][T23310] ? mark_held_locks+0xa4/0xf0 [ 2801.521047][T23310] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2801.521065][T23310] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2801.521089][T23310] ? oom_killer_disable+0x280/0x280 [ 2801.521105][T23310] ? trace_hardirqs_on_caller+0x6a/0x240 [ 2801.521144][T23310] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2801.521163][T23310] ? memcg_stat_show+0xc40/0xc40 [ 2801.551500][T23310] ? retint_kernel+0x2b/0x2b [ 2801.551553][T23310] memory_max_write+0x262/0x3a0 [ 2801.551578][T23310] ? mem_cgroup_write+0x370/0x370 [ 2801.551597][T23310] ? lock_acquire+0x20b/0x410 [ 2801.551636][T23310] cgroup_file_write+0x241/0x790 [ 2801.551659][T23310] ? mem_cgroup_write+0x370/0x370 [ 2801.551678][T23310] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2801.551712][T23310] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2801.551735][T23310] kernfs_fop_write+0x2b8/0x480 [ 2801.578639][T23310] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2801.614574][T23310] __vfs_write+0x8a/0x110 [ 2801.647089][T23310] ? kernfs_fop_open+0xd80/0xd80 [ 2801.650818][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2801.652361][T23310] vfs_write+0x268/0x5d0 [ 2801.664272][T23310] ksys_write+0x14f/0x290 [ 2801.668873][T23310] ? __ia32_sys_read+0xb0/0xb0 [ 2801.672011][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2801.673888][T23310] ? do_syscall_64+0x26/0x760 [ 2801.686637][T23310] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2801.692576][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2801.692906][T23310] ? do_syscall_64+0x26/0x760 [ 2801.705912][T23310] __x64_sys_write+0x73/0xb0 [ 2801.711163][T23310] do_syscall_64+0xfa/0x760 [ 2801.712249][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2801.715864][T23310] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2801.729993][T23310] RIP: 0033:0x459a59 [ 2801.734182][T23310] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2801.745442][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2801.754547][T23310] RSP: 002b:00007fe01aa92c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2801.754570][T23310] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2801.754579][T23310] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2801.754588][T23310] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2801.754597][T23310] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe01aa936d4 [ 2801.754605][T23310] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2801.817889][T23310] memory: usage 5300kB, limit 0kB, failcnt 876 [ 2801.880893][T23310] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2801.888740][T23310] Memory cgroup stats for /syz3: [ 2801.889963][T23310] anon 4374528 [ 2801.889963][T23310] file 16384 [ 2801.889963][T23310] kernel_stack 65536 [ 2801.889963][T23310] slab 942080 [ 2801.889963][T23310] sock 0 [ 2801.889963][T23310] shmem 0 [ 2801.889963][T23310] file_mapped 0 [ 2801.889963][T23310] file_dirty 0 [ 2801.889963][T23310] file_writeback 0 [ 2801.889963][T23310] anon_thp 4194304 [ 2801.889963][T23310] inactive_anon 0 [ 2801.889963][T23310] active_anon 4374528 [ 2801.889963][T23310] inactive_file 0 [ 2801.889963][T23310] active_file 0 [ 2801.889963][T23310] unevictable 0 [ 2801.889963][T23310] slab_reclaimable 270336 [ 2801.889963][T23310] slab_unreclaimable 671744 [ 2801.889963][T23310] pgfault 31515 [ 2801.889963][T23310] pgmajfault 0 [ 2801.889963][T23310] workingset_refault 0 [ 2801.889963][T23310] workingset_activate 0 [ 2801.889963][T23310] workingset_nodereclaim 0 [ 2801.889963][T23310] pgrefill 100 [ 2801.889963][T23310] pgscan 99 [ 2801.889963][T23310] pgsteal 0 [ 2801.889963][T23310] pgactivate 66 [ 2801.893161][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2801.895484][T23310] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23309,uid=0 [ 2802.016079][T23310] Memory cgroup out of memory: Killed process 23309 (syz-executor.3) total-vm:72708kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2802.042293][ T1065] oom_reaper: reaped process 23309 (syz-executor.3), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 2802.055842][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2802.066967][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2802.092813][T23274] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2802.103925][T23274] CPU: 0 PID: 23274 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2802.111894][T23274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2802.122708][T23274] Call Trace: [ 2802.126205][T23274] dump_stack+0x172/0x1f0 [ 2802.131073][T23274] dump_header+0x10b/0x82d [ 2802.135673][T23274] ? oom_kill_process+0x94/0x3f0 [ 2802.141082][T23274] oom_kill_process.cold+0x10/0x15 [ 2802.146668][T23274] out_of_memory+0x334/0x1340 [ 2802.151395][T23274] ? lock_downgrade+0x920/0x920 [ 2802.156675][T23274] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2802.163182][T23274] ? oom_killer_disable+0x280/0x280 [ 2802.168590][T23274] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2802.174883][T23274] ? memcg_stat_show+0xc40/0xc40 [ 2802.180198][T23274] ? do_raw_spin_unlock+0x57/0x270 [ 2802.185993][T23274] ? _raw_spin_unlock+0x2d/0x50 [ 2802.191562][T23274] try_charge+0xf4b/0x1440 [ 2802.196708][T23274] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2802.202631][T23274] ? percpu_ref_tryget_live+0x111/0x290 [ 2802.208742][T23274] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2802.215104][T23274] ? __kasan_check_read+0x11/0x20 [ 2802.220163][T23274] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2802.225801][T23274] mem_cgroup_try_charge+0x136/0x590 [ 2802.231215][T23274] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2802.237195][T23274] wp_page_copy+0x407/0x1860 [ 2802.242090][T23274] ? find_held_lock+0x35/0x130 [ 2802.247100][T23274] ? do_wp_page+0x53b/0x15c0 [ 2802.252076][T23274] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2802.258254][T23274] ? lock_downgrade+0x920/0x920 [ 2802.263233][T23274] ? swp_swapcount+0x540/0x540 [ 2802.268018][T23274] ? __kasan_check_read+0x11/0x20 [ 2802.273170][T23274] ? do_raw_spin_unlock+0x57/0x270 [ 2802.278568][T23274] do_wp_page+0x543/0x15c0 [ 2802.283013][T23274] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2802.288805][T23274] __handle_mm_fault+0x23ec/0x4040 [ 2802.293953][T23274] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2802.299626][T23274] ? handle_mm_fault+0x292/0xaa0 [ 2802.305165][T23274] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2802.312383][T23274] ? __kasan_check_read+0x11/0x20 [ 2802.317446][T23274] handle_mm_fault+0x3b7/0xaa0 [ 2802.322244][T23274] __do_page_fault+0x536/0xdd0 [ 2802.327036][T23274] do_page_fault+0x38/0x590 [ 2802.331744][T23274] page_fault+0x39/0x40 [ 2802.335920][T23274] RIP: 0033:0x430b36 [ 2802.339830][T23274] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2802.360764][T23274] RSP: 002b:00007ffcba52a8b0 EFLAGS: 00010206 [ 2802.367020][T23274] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2802.375108][T23274] RDX: 00000000025e9930 RSI: 00000000025f1970 RDI: 0000000000000003 [ 2802.383329][T23274] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000025e8940 [ 2802.391865][T23274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2802.400205][T23274] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2802.414935][T23274] memory: usage 880kB, limit 0kB, failcnt 884 [ 2802.431284][T23274] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2802.438395][T23274] Memory cgroup stats for /syz3: [ 2802.438496][T23274] anon 49152 [ 2802.438496][T23274] file 16384 [ 2802.438496][T23274] kernel_stack 0 [ 2802.438496][T23274] slab 942080 [ 2802.438496][T23274] sock 0 [ 2802.438496][T23274] shmem 0 [ 2802.438496][T23274] file_mapped 0 [ 2802.438496][T23274] file_dirty 0 [ 2802.438496][T23274] file_writeback 0 [ 2802.438496][T23274] anon_thp 0 [ 2802.438496][T23274] inactive_anon 0 [ 2802.438496][T23274] active_anon 49152 [ 2802.438496][T23274] inactive_file 0 [ 2802.438496][T23274] active_file 0 [ 2802.438496][T23274] unevictable 0 [ 2802.438496][T23274] slab_reclaimable 270336 [ 2802.438496][T23274] slab_unreclaimable 671744 [ 2802.438496][T23274] pgfault 31515 [ 2802.438496][T23274] pgmajfault 0 [ 2802.438496][T23274] workingset_refault 0 [ 2802.438496][T23274] workingset_activate 0 [ 2802.438496][T23274] workingset_nodereclaim 0 [ 2802.438496][T23274] pgrefill 100 [ 2802.438496][T23274] pgscan 99 [ 2802.438496][T23274] pgsteal 0 [ 2802.438496][T23274] pgactivate 66 [ 2802.458382][T23284] 8021q: adding VLAN 0 to HW filter on device team0 [ 2802.549364][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2802.558990][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2802.568079][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2802.577710][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2802.587958][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2802.597849][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2802.607347][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2802.616855][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2802.626609][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2802.638417][T23278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2802.650582][T23274] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23274,uid=0 [ 2802.666367][T23274] Memory cgroup out of memory: Killed process 23274 (syz-executor.3) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2802.687164][ T1065] oom_reaper: reaped process 23274 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2802.743114][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2802.763907][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2802.774241][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2802.784256][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2802.793638][T21074] bridge0: port 1(bridge_slave_0) entered blocking state [ 2802.801022][T21074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2802.815397][T23279] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2803.173922][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2803.191761][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2803.202113][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2803.211712][ T3335] bridge0: port 2(bridge_slave_1) entered blocking state [ 2803.218810][ T3335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2803.321348][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2803.355027][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2803.437538][T23279] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2803.451626][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2803.463454][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2803.487957][T23278] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2803.578564][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2803.611495][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2803.651975][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2803.664743][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2803.674687][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2803.684379][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2803.694283][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2803.768850][T23284] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2803.979188][T23284] 8021q: adding VLAN 0 to HW filter on device batadv0 16:23:01 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r1 = socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 16:23:01 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x0, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2804.154620][T23331] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2804.181974][T23331] CPU: 0 PID: 23331 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 2804.190310][T23331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2804.190319][T23331] Call Trace: [ 2804.190350][T23331] dump_stack+0x172/0x1f0 [ 2804.190376][T23331] dump_header+0x10b/0x82d [ 2804.190397][T23331] oom_kill_process.cold+0x10/0x15 [ 2804.190420][T23331] out_of_memory+0x334/0x1340 [ 2804.223341][T23331] ? __sched_text_start+0x8/0x8 [ 2804.228641][T23331] ? oom_killer_disable+0x280/0x280 [ 2804.234319][T23331] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2804.239999][T23331] ? memcg_stat_show+0xc40/0xc40 [ 2804.246848][T23331] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2804.252854][T23331] ? cgroup_file_notify+0x140/0x1b0 [ 2804.252877][T23331] memory_max_write+0x262/0x3a0 [ 2804.252897][T23331] ? mem_cgroup_write+0x370/0x370 [ 2804.252913][T23331] ? lock_acquire+0x190/0x410 [ 2804.252937][T23331] ? kernfs_fop_write+0x227/0x480 [ 2804.252959][T23331] cgroup_file_write+0x241/0x790 [ 2804.252977][T23331] ? mem_cgroup_write+0x370/0x370 [ 2804.252994][T23331] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2804.253023][T23331] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2804.253041][T23331] kernfs_fop_write+0x2b8/0x480 [ 2804.301165][T23331] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2804.301194][T23331] __vfs_write+0x8a/0x110 [ 2804.301209][T23331] ? kernfs_fop_open+0xd80/0xd80 [ 2804.301225][T23331] vfs_write+0x268/0x5d0 [ 2804.301243][T23331] ksys_write+0x14f/0x290 [ 2804.301261][T23331] ? __ia32_sys_read+0xb0/0xb0 [ 2804.301280][T23331] ? do_syscall_64+0x26/0x760 [ 2804.301299][T23331] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2804.301311][T23331] ? do_syscall_64+0x26/0x760 [ 2804.301328][T23331] __x64_sys_write+0x73/0xb0 [ 2804.301343][T23331] do_syscall_64+0xfa/0x760 [ 2804.301361][T23331] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2804.301372][T23331] RIP: 0033:0x459a59 [ 2804.301388][T23331] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2804.301396][T23331] RSP: 002b:00007f400d130c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2804.301413][T23331] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2804.301421][T23331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000c [ 2804.301429][T23331] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2804.301438][T23331] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f400d1316d4 [ 2804.301447][T23331] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2804.479915][T23331] memory: usage 5272kB, limit 0kB, failcnt 1097 [ 2804.486838][T23331] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2804.494318][T23331] Memory cgroup stats for /syz5: [ 2804.494436][T23331] anon 4382720 [ 2804.494436][T23331] file 90112 [ 2804.494436][T23331] kernel_stack 65536 [ 2804.494436][T23331] slab 831488 [ 2804.494436][T23331] sock 0 [ 2804.494436][T23331] shmem 0 [ 2804.494436][T23331] file_mapped 0 [ 2804.494436][T23331] file_dirty 0 [ 2804.494436][T23331] file_writeback 0 [ 2804.494436][T23331] anon_thp 4194304 [ 2804.494436][T23331] inactive_anon 0 [ 2804.494436][T23331] active_anon 4382720 [ 2804.494436][T23331] inactive_file 135168 [ 2804.494436][T23331] active_file 0 [ 2804.494436][T23331] unevictable 0 [ 2804.494436][T23331] slab_reclaimable 270336 [ 2804.494436][T23331] slab_unreclaimable 561152 [ 2804.494436][T23331] pgfault 20130 [ 2804.494436][T23331] pgmajfault 0 [ 2804.494436][T23331] workingset_refault 0 [ 2804.494436][T23331] workingset_activate 0 [ 2804.494436][T23331] workingset_nodereclaim 0 [ 2804.494436][T23331] pgrefill 166 [ 2804.494436][T23331] pgscan 165 [ 2804.494436][T23331] pgsteal 35 [ 2804.494436][T23331] pgactivate 132 [ 2804.593496][T23331] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23322,uid=0 [ 2804.609795][T23331] Memory cgroup out of memory: Killed process 23322 (syz-executor.5) total-vm:72708kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2804.635683][ T1065] oom_reaper: reaped process 23322 (syz-executor.5), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB [ 2804.729285][T23279] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2804.741222][T23279] CPU: 0 PID: 23279 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 2804.749262][T23279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2804.759337][T23279] Call Trace: [ 2804.762642][T23279] dump_stack+0x172/0x1f0 [ 2804.766975][T23279] dump_header+0x10b/0x82d [ 2804.771403][T23279] ? oom_kill_process+0x94/0x3f0 [ 2804.776353][T23279] oom_kill_process.cold+0x10/0x15 [ 2804.781570][T23279] out_of_memory+0x334/0x1340 [ 2804.786258][T23279] ? lock_downgrade+0x920/0x920 [ 2804.791115][T23279] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2804.797011][T23279] ? oom_killer_disable+0x280/0x280 [ 2804.802220][T23279] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2804.807887][T23279] ? memcg_stat_show+0xc40/0xc40 [ 2804.813004][T23279] ? do_raw_spin_unlock+0x57/0x270 [ 2804.818114][T23279] ? _raw_spin_unlock+0x2d/0x50 [ 2804.822961][T23279] try_charge+0xf4b/0x1440 [ 2804.827383][T23279] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2804.832918][T23279] ? percpu_ref_tryget_live+0x111/0x290 [ 2804.838464][T23279] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2804.844697][T23279] ? __kasan_check_read+0x11/0x20 [ 2804.849740][T23279] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2804.855288][T23279] mem_cgroup_try_charge+0x136/0x590 [ 2804.860571][T23279] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2804.866194][T23279] __handle_mm_fault+0x1f0d/0x4040 [ 2804.871301][T23279] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2804.876842][T23279] ? handle_mm_fault+0x292/0xaa0 [ 2804.881785][T23279] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2804.888016][T23279] ? __kasan_check_read+0x11/0x20 [ 2804.893036][T23279] handle_mm_fault+0x3b7/0xaa0 [ 2804.897803][T23279] __do_page_fault+0x536/0xdd0 [ 2804.902566][T23279] do_page_fault+0x38/0x590 [ 2804.907058][T23279] page_fault+0x39/0x40 [ 2804.911199][T23279] RIP: 0033:0x403522 [ 2804.915084][T23279] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2804.934686][T23279] RSP: 002b:00007fff6897bfa0 EFLAGS: 00010246 [ 2804.940748][T23279] RAX: 0000000000000000 RBX: 00000000002acaf3 RCX: 0000000000413660 [ 2804.948714][T23279] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff6897d0d0 [ 2804.956679][T23279] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000016f1940 [ 2804.964635][T23279] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff6897d0d0 16:23:02 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:23:02 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0x82630, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x820004, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c) 16:23:02 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:23:02 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r1 = socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2804.973118][T23279] R13: 00007fff6897d0c0 R14: 0000000000000000 R15: 00007fff6897d0d0 16:23:03 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0x82630, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x820004, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c) [ 2805.388942][T23279] memory: usage 852kB, limit 0kB, failcnt 1105 [ 2805.409157][T23279] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2805.437864][T23279] Memory cgroup stats for /syz5: [ 2805.437965][T23279] anon 61440 [ 2805.437965][T23279] file 90112 [ 2805.437965][T23279] kernel_stack 0 [ 2805.437965][T23279] slab 831488 [ 2805.437965][T23279] sock 0 [ 2805.437965][T23279] shmem 0 [ 2805.437965][T23279] file_mapped 0 [ 2805.437965][T23279] file_dirty 0 [ 2805.437965][T23279] file_writeback 0 [ 2805.437965][T23279] anon_thp 0 [ 2805.437965][T23279] inactive_anon 0 [ 2805.437965][T23279] active_anon 61440 [ 2805.437965][T23279] inactive_file 135168 [ 2805.437965][T23279] active_file 0 16:23:03 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) [ 2805.437965][T23279] unevictable 0 [ 2805.437965][T23279] slab_reclaimable 270336 [ 2805.437965][T23279] slab_unreclaimable 561152 [ 2805.437965][T23279] pgfault 20130 [ 2805.437965][T23279] pgmajfault 0 [ 2805.437965][T23279] workingset_refault 0 [ 2805.437965][T23279] workingset_activate 0 [ 2805.437965][T23279] workingset_nodereclaim 0 [ 2805.437965][T23279] pgrefill 166 [ 2805.437965][T23279] pgscan 165 [ 2805.437965][T23279] pgsteal 35 [ 2805.437965][T23279] pgactivate 132 [ 2805.802385][T23279] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23279,uid=0 [ 2805.821365][T23279] Memory cgroup out of memory: Killed process 23279 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2805.839721][ T1065] oom_reaper: reaped process 23279 (syz-executor.5), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB 16:23:03 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2805.851971][T23349] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2805.890589][T23349] CPU: 1 PID: 23349 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2805.898187][T23349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2805.908258][T23349] Call Trace: [ 2805.911588][T23349] dump_stack+0x172/0x1f0 [ 2805.916111][T23349] dump_header+0x10b/0x82d [ 2805.920544][T23349] oom_kill_process.cold+0x10/0x15 [ 2805.925666][T23349] out_of_memory+0x334/0x1340 [ 2805.930450][T23349] ? retint_kernel+0x2b/0x2b [ 2805.935057][T23349] ? oom_killer_disable+0x280/0x280 [ 2805.940262][T23349] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 2805.946004][T23349] mem_cgroup_out_of_memory+0x1d8/0x240 16:23:03 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0x82630, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x820004, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c) [ 2805.951572][T23349] ? memcg_stat_show+0xc40/0xc40 [ 2805.956527][T23349] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2805.962346][T23349] ? cgroup_file_notify+0x140/0x1b0 [ 2805.967569][T23349] memory_max_write+0x262/0x3a0 [ 2805.972423][T23349] ? mem_cgroup_write+0x370/0x370 [ 2805.972440][T23349] ? lock_acquire+0x190/0x410 [ 2805.972454][T23349] ? kernfs_fop_write+0x227/0x480 [ 2805.972477][T23349] cgroup_file_write+0x241/0x790 [ 2805.972500][T23349] ? mem_cgroup_write+0x370/0x370 [ 2805.997507][T23349] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2806.003182][T23349] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2806.009005][T23349] kernfs_fop_write+0x2b8/0x480 [ 2806.013871][T23349] __vfs_write+0x8a/0x110 [ 2806.018297][T23349] ? kernfs_fop_open+0xd80/0xd80 [ 2806.023235][T23349] vfs_write+0x268/0x5d0 [ 2806.027480][T23349] ksys_write+0x14f/0x290 [ 2806.031900][T23349] ? __ia32_sys_read+0xb0/0xb0 [ 2806.036665][T23349] ? do_syscall_64+0x26/0x760 [ 2806.041366][T23349] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2806.047446][T23349] ? do_syscall_64+0x26/0x760 [ 2806.052132][T23349] __x64_sys_write+0x73/0xb0 [ 2806.056736][T23349] do_syscall_64+0xfa/0x760 [ 2806.061243][T23349] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2806.067140][T23349] RIP: 0033:0x459a59 [ 2806.071032][T23349] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2806.090629][T23349] RSP: 002b:00007f65474abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2806.099053][T23349] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2806.107016][T23349] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2806.114983][T23349] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2806.122952][T23349] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f65474ac6d4 [ 2806.130936][T23349] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2806.192740][T23349] memory: usage 18232kB, limit 0kB, failcnt 209 [ 2806.199720][T23349] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2806.211083][T23349] Memory cgroup stats for /syz0: [ 2806.213915][T23349] anon 4329472 [ 2806.213915][T23349] file 0 [ 2806.213915][T23349] kernel_stack 65536 [ 2806.213915][T23349] slab 14176256 [ 2806.213915][T23349] sock 0 [ 2806.213915][T23349] shmem 0 [ 2806.213915][T23349] file_mapped 0 [ 2806.213915][T23349] file_dirty 0 [ 2806.213915][T23349] file_writeback 0 [ 2806.213915][T23349] anon_thp 4194304 [ 2806.213915][T23349] inactive_anon 0 [ 2806.213915][T23349] active_anon 4329472 [ 2806.213915][T23349] inactive_file 0 [ 2806.213915][T23349] active_file 0 [ 2806.213915][T23349] unevictable 0 [ 2806.213915][T23349] slab_reclaimable 13381632 [ 2806.213915][T23349] slab_unreclaimable 794624 [ 2806.213915][T23349] pgfault 45474 [ 2806.213915][T23349] pgmajfault 0 [ 2806.213915][T23349] workingset_refault 0 [ 2806.213915][T23349] workingset_activate 0 16:23:04 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2806.213915][T23349] workingset_nodereclaim 0 [ 2806.213915][T23349] pgrefill 249 [ 2806.213915][T23349] pgscan 231 [ 2806.213915][T23349] pgsteal 34 [ 2806.213915][T23349] pgactivate 198 [ 2806.353146][T23349] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23347,uid=0 [ 2806.416829][T23350] IPVS: ftp: loaded support on port[0] = 21 [ 2806.453181][T23349] Memory cgroup out of memory: Killed process 23349 (syz-executor.0) total-vm:72572kB, anon-rss:4240kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2806.513710][ T1065] oom_reaper: reaped process 23349 (syz-executor.0), now anon-rss:0kB, file-rss:34872kB, shmem-rss:0kB [ 2806.524941][T23284] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2806.535235][T23284] CPU: 0 PID: 23284 Comm: syz-executor.1 Not tainted 5.3.0+ #0 [ 2806.542790][T23284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2806.553643][T23284] Call Trace: [ 2806.556965][T23284] dump_stack+0x172/0x1f0 [ 2806.561317][T23284] dump_header+0x10b/0x82d [ 2806.565744][T23284] ? oom_kill_process+0x94/0x3f0 [ 2806.570692][T23284] oom_kill_process.cold+0x10/0x15 [ 2806.575812][T23284] out_of_memory+0x334/0x1340 [ 2806.580496][T23284] ? lock_downgrade+0x920/0x920 [ 2806.585446][T23284] ? oom_killer_disable+0x280/0x280 [ 2806.590664][T23284] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2806.596220][T23284] ? memcg_stat_show+0xc40/0xc40 [ 2806.601171][T23284] ? do_raw_spin_unlock+0x57/0x270 [ 2806.606291][T23284] ? _raw_spin_unlock+0x2d/0x50 [ 2806.611165][T23284] try_charge+0xf4b/0x1440 [ 2806.615775][T23284] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2806.621332][T23284] ? percpu_ref_tryget_live+0x111/0x290 [ 2806.626919][T23284] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2806.633173][T23284] ? __kasan_check_read+0x11/0x20 [ 2806.638212][T23284] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2806.643771][T23284] mem_cgroup_try_charge+0x136/0x590 [ 2806.649147][T23284] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2806.654812][T23284] wp_page_copy+0x407/0x1860 [ 2806.659415][T23284] ? find_held_lock+0x35/0x130 [ 2806.664193][T23284] ? do_wp_page+0x53b/0x15c0 [ 2806.668796][T23284] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2806.674622][T23284] ? lock_downgrade+0x920/0x920 [ 2806.679488][T23284] ? swp_swapcount+0x540/0x540 [ 2806.684275][T23284] ? __kasan_check_read+0x11/0x20 [ 2806.689306][T23284] ? do_raw_spin_unlock+0x57/0x270 [ 2806.694433][T23284] do_wp_page+0x543/0x15c0 [ 2806.698872][T23284] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2806.704271][T23284] __handle_mm_fault+0x23ec/0x4040 [ 2806.709403][T23284] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2806.714959][T23284] ? handle_mm_fault+0x292/0xaa0 [ 2806.719923][T23284] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2806.726175][T23284] ? __kasan_check_read+0x11/0x20 [ 2806.731217][T23284] handle_mm_fault+0x3b7/0xaa0 [ 2806.736086][T23284] __do_page_fault+0x536/0xdd0 [ 2806.740876][T23284] do_page_fault+0x38/0x590 [ 2806.745387][T23284] page_fault+0x39/0x40 [ 2806.749563][T23284] RIP: 0033:0x430b36 [ 2806.753469][T23284] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2806.773082][T23284] RSP: 002b:00007ffde6fae5d0 EFLAGS: 00010206 [ 2806.779157][T23284] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2806.787136][T23284] RDX: 00000000028e7930 RSI: 00000000028ef970 RDI: 0000000000000003 [ 2806.795134][T23284] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000028e6940 [ 2806.803115][T23284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 16:23:04 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) [ 2806.811090][T23284] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2806.890531][T23284] memory: usage 892kB, limit 0kB, failcnt 921 [ 2806.899033][T23284] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2806.914736][T23284] Memory cgroup stats for /syz1: [ 2806.914850][T23284] anon 118784 [ 2806.914850][T23284] file 40960 [ 2806.914850][T23284] kernel_stack 65536 [ 2806.914850][T23284] slab 696320 [ 2806.914850][T23284] sock 0 [ 2806.914850][T23284] shmem 0 [ 2806.914850][T23284] file_mapped 0 [ 2806.914850][T23284] file_dirty 0 [ 2806.914850][T23284] file_writeback 0 [ 2806.914850][T23284] anon_thp 0 [ 2806.914850][T23284] inactive_anon 0 [ 2806.914850][T23284] active_anon 49152 [ 2806.914850][T23284] inactive_file 135168 [ 2806.914850][T23284] active_file 0 [ 2806.914850][T23284] unevictable 0 [ 2806.914850][T23284] slab_reclaimable 135168 [ 2806.914850][T23284] slab_unreclaimable 561152 [ 2806.914850][T23284] pgfault 29502 [ 2806.914850][T23284] pgmajfault 0 [ 2806.914850][T23284] workingset_refault 0 [ 2806.914850][T23284] workingset_activate 0 [ 2806.914850][T23284] workingset_nodereclaim 0 [ 2806.914850][T23284] pgrefill 100 [ 2806.914850][T23284] pgscan 100 [ 2806.914850][T23284] pgsteal 0 [ 2806.914850][T23284] pgactivate 66 [ 2807.015279][T23284] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=23284,uid=0 [ 2807.033508][T23284] Memory cgroup out of memory: Killed process 23284 (syz-executor.1) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2807.052313][ T1065] oom_reaper: reaped process 23284 (syz-executor.1), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2807.064292][T23358] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2807.075139][T23358] CPU: 1 PID: 23358 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 2807.082689][T23358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2807.092745][T23358] Call Trace: [ 2807.096039][T23358] dump_stack+0x172/0x1f0 [ 2807.100373][T23358] dump_header+0x10b/0x82d [ 2807.104792][T23358] oom_kill_process.cold+0x10/0x15 [ 2807.109907][T23358] out_of_memory+0x334/0x1340 [ 2807.114597][T23358] ? oom_killer_disable+0x280/0x280 [ 2807.119826][T23358] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2807.125391][T23358] ? memcg_stat_show+0xc40/0xc40 [ 2807.130335][T23358] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2807.136143][T23358] ? cgroup_file_notify+0x140/0x1b0 [ 2807.141346][T23358] memory_max_write+0x262/0x3a0 [ 2807.146216][T23358] ? mem_cgroup_write+0x370/0x370 [ 2807.151271][T23358] ? cgroup_file_write+0x86/0x790 [ 2807.156300][T23358] cgroup_file_write+0x241/0x790 [ 2807.161238][T23358] ? mem_cgroup_write+0x370/0x370 [ 2807.166262][T23358] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2807.171905][T23358] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2807.177537][T23358] kernfs_fop_write+0x2b8/0x480 [ 2807.182397][T23358] __vfs_write+0x8a/0x110 [ 2807.186733][T23358] ? kernfs_fop_open+0xd80/0xd80 [ 2807.191675][T23358] vfs_write+0x268/0x5d0 [ 2807.195921][T23358] ksys_write+0x14f/0x290 [ 2807.200248][T23358] ? __ia32_sys_read+0xb0/0xb0 [ 2807.205014][T23358] ? do_syscall_64+0x26/0x760 [ 2807.209881][T23358] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2807.215957][T23358] ? do_syscall_64+0x26/0x760 [ 2807.220653][T23358] __x64_sys_write+0x73/0xb0 [ 2807.225350][T23358] do_syscall_64+0xfa/0x760 [ 2807.229868][T23358] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2807.235760][T23358] RIP: 0033:0x459a59 [ 2807.239653][T23358] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2807.259268][T23358] RSP: 002b:00007fa7eab84c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2807.267685][T23358] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2807.275674][T23358] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2807.283760][T23358] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2807.291812][T23358] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7eab856d4 [ 2807.299789][T23358] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2807.329683][T23358] memory: usage 6840kB, limit 0kB, failcnt 1122 [ 2807.336201][T23358] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2807.348699][T23358] Memory cgroup stats for /syz4: [ 2807.349405][T23358] anon 4268032 [ 2807.349405][T23358] file 0 [ 2807.349405][T23358] kernel_stack 65536 [ 2807.349405][T23358] slab 2174976 [ 2807.349405][T23358] sock 0 [ 2807.349405][T23358] shmem 0 [ 2807.349405][T23358] file_mapped 0 [ 2807.349405][T23358] file_dirty 135168 [ 2807.349405][T23358] file_writeback 0 [ 2807.349405][T23358] anon_thp 4194304 [ 2807.349405][T23358] inactive_anon 0 [ 2807.349405][T23358] active_anon 4268032 [ 2807.349405][T23358] inactive_file 0 [ 2807.349405][T23358] active_file 0 [ 2807.349405][T23358] unevictable 0 [ 2807.349405][T23358] slab_reclaimable 675840 [ 2807.349405][T23358] slab_unreclaimable 1499136 [ 2807.349405][T23358] pgfault 22473 [ 2807.349405][T23358] pgmajfault 0 [ 2807.349405][T23358] workingset_refault 0 [ 2807.349405][T23358] workingset_activate 0 [ 2807.349405][T23358] workingset_nodereclaim 0 [ 2807.349405][T23358] pgrefill 132 [ 2807.349405][T23358] pgscan 216 [ 2807.349405][T23358] pgsteal 105 [ 2807.349405][T23358] pgactivate 99 [ 2807.356482][T23358] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23356,uid=0 [ 2807.464490][T23358] Memory cgroup out of memory: Killed process 23356 (syz-executor.4) total-vm:72572kB, anon-rss:4236kB, file-rss:35920kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2807.484406][T23278] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 2807.487175][ T1065] oom_reaper: reaped process 23356 (syz-executor.4), now anon-rss:0kB, file-rss:34960kB, shmem-rss:0kB [ 2807.498631][T23278] CPU: 1 PID: 23278 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2807.514970][T23278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2807.525034][T23278] Call Trace: [ 2807.528335][T23278] dump_stack+0x172/0x1f0 [ 2807.532934][T23278] dump_header+0x10b/0x82d [ 2807.537344][T23278] ? oom_kill_process+0x94/0x3f0 [ 2807.542283][T23278] oom_kill_process.cold+0x10/0x15 [ 2807.547422][T23278] out_of_memory+0x334/0x1340 [ 2807.552097][T23278] ? lock_downgrade+0x920/0x920 [ 2807.556957][T23278] ? oom_killer_disable+0x280/0x280 [ 2807.562170][T23278] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2807.569832][T23278] ? memcg_stat_show+0xc40/0xc40 [ 2807.574764][T23278] ? do_raw_spin_unlock+0x57/0x270 [ 2807.580124][T23278] ? _raw_spin_unlock+0x2d/0x50 [ 2807.584963][T23278] try_charge+0xf4b/0x1440 [ 2807.589377][T23278] ? find_held_lock+0x35/0x130 [ 2807.594135][T23278] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2807.599662][T23278] ? get_mem_cgroup_from_mm+0x139/0x320 [ 2807.605192][T23278] ? find_held_lock+0x35/0x130 [ 2807.609945][T23278] ? get_mem_cgroup_from_mm+0x139/0x320 [ 2807.615752][T23278] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2807.621312][T23278] ? memcg_kmem_put_cache+0x50/0x50 [ 2807.626586][T23278] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2807.632121][T23278] __memcg_kmem_charge+0x13a/0x3a0 [ 2807.637237][T23278] __alloc_pages_nodemask+0x4f5/0x900 [ 2807.642591][T23278] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2807.648123][T23278] ? __alloc_pages_slowpath+0x2910/0x2910 [ 2807.653843][T23278] ? percpu_ref_put_many+0xb6/0x190 [ 2807.659033][T23278] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2807.664308][T23278] ? trace_hardirqs_on+0x67/0x240 [ 2807.669316][T23278] ? __kasan_check_read+0x11/0x20 [ 2807.674339][T23278] copy_process+0x3f8/0x6860 [ 2807.678921][T23278] ? __kasan_check_read+0x11/0x20 [ 2807.683938][T23278] ? __lock_acquire+0x16f2/0x4a00 [ 2807.688949][T23278] ? debug_smp_processor_id+0x3c/0x214 [ 2807.694401][T23278] ? __cleanup_sighand+0x60/0x60 [ 2807.699323][T23278] ? find_held_lock+0x35/0x130 [ 2807.704089][T23278] _do_fork+0x146/0xfa0 [ 2807.708235][T23278] ? copy_init_mm+0x20/0x20 [ 2807.712859][T23278] ? __kasan_check_read+0x11/0x20 [ 2807.717870][T23278] ? _copy_to_user+0x118/0x160 [ 2807.722970][T23278] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2807.729193][T23278] ? put_timespec64+0xda/0x140 [ 2807.734043][T23278] __x64_sys_clone+0x18d/0x250 [ 2807.738797][T23278] ? __ia32_sys_vfork+0xc0/0xc0 [ 2807.743649][T23278] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2807.748922][T23278] ? trace_hardirqs_on+0x67/0x240 [ 2807.753940][T23278] do_syscall_64+0xfa/0x760 [ 2807.758437][T23278] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2807.764316][T23278] RIP: 0033:0x45802a [ 2807.768195][T23278] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2807.787786][T23278] RSP: 002b:00007fff72e17b90 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2807.796192][T23278] RAX: ffffffffffffffda RBX: 00007fff72e17b90 RCX: 000000000045802a [ 2807.804152][T23278] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2807.812106][T23278] RBP: 00007fff72e17bd0 R08: 0000000000000001 R09: 0000000001bd7940 [ 2807.820063][T23278] R10: 0000000001bd7c10 R11: 0000000000000246 R12: 0000000000000001 [ 2807.828018][T23278] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff72e17c20 [ 2807.845671][T23278] memory: usage 13676kB, limit 0kB, failcnt 217 [ 2807.852037][T23278] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2807.858878][T23278] Memory cgroup stats for /syz0: [ 2807.858982][T23278] anon 61440 [ 2807.858982][T23278] file 0 [ 2807.858982][T23278] kernel_stack 0 [ 2807.858982][T23278] slab 14041088 [ 2807.858982][T23278] sock 0 [ 2807.858982][T23278] shmem 0 [ 2807.858982][T23278] file_mapped 0 [ 2807.858982][T23278] file_dirty 0 [ 2807.858982][T23278] file_writeback 0 [ 2807.858982][T23278] anon_thp 0 [ 2807.858982][T23278] inactive_anon 0 [ 2807.858982][T23278] active_anon 61440 [ 2807.858982][T23278] inactive_file 0 [ 2807.858982][T23278] active_file 0 [ 2807.858982][T23278] unevictable 0 [ 2807.858982][T23278] slab_reclaimable 13246464 [ 2807.858982][T23278] slab_unreclaimable 794624 [ 2807.858982][T23278] pgfault 45474 [ 2807.858982][T23278] pgmajfault 0 [ 2807.858982][T23278] workingset_refault 0 [ 2807.858982][T23278] workingset_activate 0 [ 2807.858982][T23278] workingset_nodereclaim 0 [ 2807.858982][T23278] pgrefill 249 [ 2807.858982][T23278] pgscan 231 16:23:05 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2807.858982][T23278] pgsteal 34 [ 2807.858982][T23278] pgactivate 198 [ 2807.953862][T23278] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23278,uid=0 [ 2807.969871][T23278] Memory cgroup out of memory: Killed process 23278 (syz-executor.0) total-vm:72440kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2807.988693][ T1065] oom_reaper: reaped process 23278 (syz-executor.0), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2807.998215][T23123] syz-executor.4 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 2808.023967][T23123] CPU: 0 PID: 23123 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 2808.031542][T23123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2808.042205][T23123] Call Trace: [ 2808.045506][T23123] dump_stack+0x172/0x1f0 [ 2808.049839][T23123] dump_header+0x10b/0x82d [ 2808.054253][T23123] ? oom_kill_process+0x94/0x3f0 [ 2808.059192][T23123] oom_kill_process.cold+0x10/0x15 [ 2808.064310][T23123] out_of_memory+0x334/0x1340 [ 2808.068989][T23123] ? lock_downgrade+0x920/0x920 [ 2808.073839][T23123] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2808.079647][T23123] ? oom_killer_disable+0x280/0x280 [ 2808.084855][T23123] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2808.090429][T23123] ? memcg_stat_show+0xc40/0xc40 [ 2808.095388][T23123] ? do_raw_spin_unlock+0x57/0x270 [ 2808.100508][T23123] ? _raw_spin_unlock+0x2d/0x50 [ 2808.105361][T23123] try_charge+0xf4b/0x1440 [ 2808.109789][T23123] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2808.115332][T23123] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2808.120879][T23123] ? cache_grow_begin+0x122/0xd20 [ 2808.125898][T23123] ? find_held_lock+0x35/0x130 [ 2808.130662][T23123] ? cache_grow_begin+0x122/0xd20 [ 2808.135693][T23123] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2808.141234][T23123] ? lock_downgrade+0x920/0x920 [ 2808.146084][T23123] ? memcg_kmem_put_cache+0x50/0x50 [ 2808.151280][T23123] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2808.157546][T23123] ? __kasan_check_read+0x11/0x20 [ 2808.162582][T23123] cache_grow_begin+0x629/0xd20 [ 2808.167432][T23123] ? write_comp_data+0x61/0x70 [ 2808.172197][T23123] ? mempolicy_slab_node+0x139/0x390 [ 2808.177491][T23123] fallback_alloc+0x1fd/0x2d0 [ 2808.182176][T23123] ____cache_alloc_node+0x1bc/0x1d0 [ 2808.187374][T23123] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2808.193628][T23123] kmem_cache_alloc+0x1ef/0x710 [ 2808.198489][T23123] ? lock_downgrade+0x920/0x920 [ 2808.203357][T23123] ? rwlock_bug.part.0+0x90/0x90 [ 2808.208304][T23123] ? ratelimit_state_init+0xb0/0xb0 [ 2808.213611][T23123] ext4_alloc_inode+0x1f/0x640 [ 2808.218381][T23123] ? ratelimit_state_init+0xb0/0xb0 [ 2808.223588][T23123] alloc_inode+0x68/0x1e0 [ 2808.227925][T23123] iget_locked+0x1a6/0x4b0 [ 2808.232356][T23123] __ext4_iget+0x265/0x3e20 [ 2808.236864][T23123] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2808.243195][T23123] ? ext4_get_projid+0x190/0x190 [ 2808.248128][T23123] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2808.253671][T23123] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2808.259645][T23123] ? d_alloc_parallel+0xa78/0x1c30 [ 2808.264776][T23123] ext4_lookup+0x3b1/0x7a0 [ 2808.269191][T23123] ? ext4_cross_rename+0x1430/0x1430 [ 2808.274476][T23123] ? __lock_acquire+0x16f2/0x4a00 [ 2808.279505][T23123] ? __kasan_check_read+0x11/0x20 [ 2808.284532][T23123] ? lockdep_init_map+0x1be/0x6d0 [ 2808.289559][T23123] __lookup_slow+0x279/0x500 [ 2808.294150][T23123] ? vfs_unlink+0x620/0x620 [ 2808.298684][T23123] lookup_slow+0x58/0x80 [ 2808.302939][T23123] path_mountpoint+0x5d2/0x1e60 [ 2808.307786][T23123] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2808.313506][T23123] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2808.319493][T23123] ? path_openat+0x46d0/0x46d0 [ 2808.324269][T23123] filename_mountpoint+0x18e/0x390 [ 2808.329380][T23123] ? filename_parentat.isra.0+0x410/0x410 [ 2808.335108][T23123] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2808.341274][T23123] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2808.347507][T23123] ? __phys_addr_symbol+0x30/0x70 [ 2808.352525][T23123] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2808.358240][T23123] ? __check_object_size+0x3d/0x437 [ 2808.363571][T23123] ? strncpy_from_user+0x2b4/0x400 [ 2808.368699][T23123] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2808.374955][T23123] ? getname_flags+0x277/0x5b0 [ 2808.379729][T23123] user_path_mountpoint_at+0x3a/0x50 [ 2808.385028][T23123] ksys_umount+0x164/0xf00 [ 2808.389449][T23123] ? __ia32_sys_rmdir+0x40/0x40 [ 2808.394302][T23123] ? __detach_mounts+0x2a0/0x2a0 [ 2808.399239][T23123] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2808.405482][T23123] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2808.410940][T23123] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2808.416393][T23123] ? do_syscall_64+0x26/0x760 [ 2808.421068][T23123] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2808.427136][T23123] ? do_syscall_64+0x26/0x760 [ 2808.431816][T23123] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2808.437103][T23123] __x64_sys_umount+0x54/0x80 [ 2808.441785][T23123] do_syscall_64+0xfa/0x760 [ 2808.446361][T23123] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2808.452621][T23123] RIP: 0033:0x45c487 [ 2808.456782][T23123] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2808.476392][T23123] RSP: 002b:00007fff788d6478 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 2808.484815][T23123] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c487 [ 2808.492786][T23123] RDX: 0000000000403550 RSI: 0000000000000002 RDI: 00007fff788d6520 [ 2808.500755][T23123] RBP: 000000000000002f R08: 0000000000000000 R09: 000000000000000f [ 2808.508725][T23123] R10: 000000000000000a R11: 0000000000000202 R12: 00007fff788d75b0 [ 2808.516694][T23123] R13: 0000000000e05940 R14: 0000000000000000 R15: 00007fff788d75b0 [ 2808.535036][T23123] memory: usage 2452kB, limit 0kB, failcnt 1138 [ 2808.550083][T23123] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2808.559103][T23123] Memory cgroup stats for /syz4: [ 2808.559203][T23123] anon 65536 [ 2808.559203][T23123] file 0 [ 2808.559203][T23123] kernel_stack 65536 [ 2808.559203][T23123] slab 2174976 [ 2808.559203][T23123] sock 0 [ 2808.559203][T23123] shmem 0 [ 2808.559203][T23123] file_mapped 0 [ 2808.559203][T23123] file_dirty 135168 [ 2808.559203][T23123] file_writeback 0 [ 2808.559203][T23123] anon_thp 0 [ 2808.559203][T23123] inactive_anon 0 [ 2808.559203][T23123] active_anon 65536 [ 2808.559203][T23123] inactive_file 0 [ 2808.559203][T23123] active_file 0 [ 2808.559203][T23123] unevictable 0 [ 2808.559203][T23123] slab_reclaimable 675840 [ 2808.559203][T23123] slab_unreclaimable 1499136 [ 2808.559203][T23123] pgfault 22473 [ 2808.559203][T23123] pgmajfault 0 [ 2808.559203][T23123] workingset_refault 0 [ 2808.559203][T23123] workingset_activate 0 [ 2808.559203][T23123] workingset_nodereclaim 0 [ 2808.559203][T23123] pgrefill 132 [ 2808.559203][T23123] pgscan 216 [ 2808.559203][T23123] pgsteal 105 [ 2808.559203][T23123] pgactivate 99 [ 2808.750394][T23123] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23123,uid=0 [ 2808.780716][T23123] Memory cgroup out of memory: Killed process 23123 (syz-executor.4) total-vm:72440kB, anon-rss:96kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2808.821223][ T1065] oom_reaper: reaped process 23123 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2808.835060][T23359] IPVS: ftp: loaded support on port[0] = 21 [ 2810.200008][T23350] chnl_net:caif_netlink_parms(): no params data found [ 2810.211764][T23359] chnl_net:caif_netlink_parms(): no params data found [ 2810.437194][T23350] bridge0: port 1(bridge_slave_0) entered blocking state [ 2810.445061][T23350] bridge0: port 1(bridge_slave_0) entered disabled state [ 2810.456982][T23350] device bridge_slave_0 entered promiscuous mode [ 2810.475260][T23350] bridge0: port 2(bridge_slave_1) entered blocking state [ 2810.483648][T23350] bridge0: port 2(bridge_slave_1) entered disabled state [ 2810.493192][T23350] device bridge_slave_1 entered promiscuous mode [ 2810.501331][T23359] bridge0: port 1(bridge_slave_0) entered blocking state [ 2810.508838][T23359] bridge0: port 1(bridge_slave_0) entered disabled state [ 2810.519004][T23359] device bridge_slave_0 entered promiscuous mode [ 2810.592401][T23359] bridge0: port 2(bridge_slave_1) entered blocking state [ 2810.599489][T23359] bridge0: port 2(bridge_slave_1) entered disabled state [ 2810.609142][T23359] device bridge_slave_1 entered promiscuous mode [ 2810.622804][T23350] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2810.688268][T23350] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2810.719861][T23359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2810.775912][T23350] team0: Port device team_slave_0 added [ 2810.805170][T23359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2810.837040][T23350] team0: Port device team_slave_1 added [ 2810.895127][T23359] team0: Port device team_slave_0 added [ 2810.964348][T23359] team0: Port device team_slave_1 added [ 2811.022351][T23350] device hsr_slave_0 entered promiscuous mode [ 2811.121717][T23350] device hsr_slave_1 entered promiscuous mode [ 2811.210644][T23350] debugfs: Directory 'hsr0' with parent '/' already present! [ 2811.363761][T23359] device hsr_slave_0 entered promiscuous mode [ 2811.411750][T23359] device hsr_slave_1 entered promiscuous mode [ 2811.490567][T23359] debugfs: Directory 'hsr0' with parent '/' already present! [ 2811.991803][T23350] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2812.097110][T23359] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2812.136499][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2812.146246][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2812.172439][T23350] 8021q: adding VLAN 0 to HW filter on device team0 [ 2812.183693][T23359] 8021q: adding VLAN 0 to HW filter on device team0 [ 2812.203579][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2812.213645][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2812.336011][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2812.346745][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2812.355967][T13846] bridge0: port 1(bridge_slave_0) entered blocking state [ 2812.363124][T13846] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2812.373780][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2812.384517][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2812.393726][T13846] bridge0: port 1(bridge_slave_0) entered blocking state [ 2812.401189][T13846] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2812.529766][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2812.542160][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2812.553033][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2812.563416][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2812.573849][T16391] bridge0: port 2(bridge_slave_1) entered blocking state [ 2812.581004][T16391] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2812.671020][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2812.681436][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2812.690069][T13846] bridge0: port 2(bridge_slave_1) entered blocking state [ 2812.697187][T13846] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2812.708542][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2812.718300][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2812.818640][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2812.828946][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2812.839083][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2812.849595][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2812.932174][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2812.947737][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2812.971724][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2812.982000][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2812.991855][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2813.011784][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2813.031133][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2813.041349][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2813.050935][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2813.059908][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2813.162504][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2813.172571][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2813.195537][T23359] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2813.210129][T23359] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2813.268614][T23350] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2813.283906][T23350] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2813.299397][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2813.309495][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2813.319094][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2813.331869][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2813.450923][T23350] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2813.462810][T23359] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2814.243225][T23375] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2814.254280][T23375] CPU: 0 PID: 23375 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2814.261871][T23375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2814.271936][T23375] Call Trace: [ 2814.271969][T23375] dump_stack+0x172/0x1f0 [ 2814.271999][T23375] dump_header+0x10b/0x82d [ 2814.280039][T23375] oom_kill_process.cold+0x10/0x15 [ 2814.280066][T23375] out_of_memory+0x334/0x1340 [ 2814.280087][T23375] ? trace_hardirqs_on_caller+0x6a/0x240 [ 2814.294299][T23375] ? cgroup_file_notify+0x140/0x1b0 [ 2814.294337][T23375] ? oom_killer_disable+0x280/0x280 [ 2814.311555][T23375] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2814.317124][T23375] ? memcg_stat_show+0xc40/0xc40 [ 2814.317164][T23375] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2814.327947][T23375] ? cgroup_file_notify+0x140/0x1b0 [ 2814.333611][T23375] memory_max_write+0x262/0x3a0 [ 2814.333639][T23375] ? mem_cgroup_write+0x370/0x370 [ 2814.333659][T23375] ? lock_acquire+0x190/0x410 [ 2814.333681][T23375] ? kernfs_fop_write+0x227/0x480 [ 2814.333713][T23375] cgroup_file_write+0x241/0x790 [ 2814.333735][T23375] ? mem_cgroup_write+0x370/0x370 [ 2814.333754][T23375] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2814.348360][T23375] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2814.348384][T23375] kernfs_fop_write+0x2b8/0x480 [ 2814.369075][T23375] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2814.369120][T23375] __vfs_write+0x8a/0x110 [ 2814.390268][T23375] ? kernfs_fop_open+0xd80/0xd80 [ 2814.395447][T23375] vfs_write+0x268/0x5d0 [ 2814.399752][T23375] ksys_write+0x14f/0x290 [ 2814.404108][T23375] ? __ia32_sys_read+0xb0/0xb0 [ 2814.404134][T23375] ? do_syscall_64+0x26/0x760 [ 2814.404155][T23375] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2814.404169][T23375] ? do_syscall_64+0x26/0x760 [ 2814.404200][T23375] __x64_sys_write+0x73/0xb0 [ 2814.404219][T23375] do_syscall_64+0xfa/0x760 [ 2814.404243][T23375] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2814.404259][T23375] RIP: 0033:0x459a59 [ 2814.404280][T23375] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2814.429289][T23375] RSP: 002b:00007f78bb1d8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2814.429308][T23375] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2814.429319][T23375] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2814.429330][T23375] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2814.429346][T23375] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f78bb1d96d4 [ 2814.463281][T23375] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2814.488702][T23375] memory: usage 5260kB, limit 0kB, failcnt 1025 [ 2814.541358][T23375] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2814.548384][T23375] Memory cgroup stats for /syz2: [ 2814.550078][T23375] anon 4362240 [ 2814.550078][T23375] file 86016 [ 2814.550078][T23375] kernel_stack 65536 [ 2814.550078][T23375] slab 806912 [ 2814.550078][T23375] sock 0 [ 2814.550078][T23375] shmem 0 [ 2814.550078][T23375] file_mapped 0 [ 2814.550078][T23375] file_dirty 0 [ 2814.550078][T23375] file_writeback 0 [ 2814.550078][T23375] anon_thp 4194304 [ 2814.550078][T23375] inactive_anon 0 [ 2814.550078][T23375] active_anon 4362240 [ 2814.550078][T23375] inactive_file 0 [ 2814.550078][T23375] active_file 0 [ 2814.550078][T23375] unevictable 0 [ 2814.550078][T23375] slab_reclaimable 135168 [ 2814.550078][T23375] slab_unreclaimable 671744 [ 2814.550078][T23375] pgfault 35739 [ 2814.550078][T23375] pgmajfault 0 [ 2814.550078][T23375] workingset_refault 0 [ 2814.550078][T23375] workingset_activate 0 [ 2814.550078][T23375] workingset_nodereclaim 0 [ 2814.550078][T23375] pgrefill 166 [ 2814.550078][T23375] pgscan 167 [ 2814.550078][T23375] pgsteal 0 [ 2814.550078][T23375] pgactivate 99 [ 2814.570578][T23375] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23374,uid=0 [ 2814.711206][T23375] Memory cgroup out of memory: Killed process 23374 (syz-executor.2) total-vm:72576kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 16:23:12 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x0, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:23:12 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2814.747754][ T1065] oom_reaper: reaped process 23374 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2814.777827][T23350] syz-executor.2 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0 [ 2814.791625][T23350] CPU: 1 PID: 23350 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2814.799207][T23350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2814.809282][T23350] Call Trace: [ 2814.812614][T23350] dump_stack+0x172/0x1f0 [ 2814.816983][T23350] dump_header+0x10b/0x82d [ 2814.821427][T23350] ? oom_kill_process+0x94/0x3f0 [ 2814.826403][T23350] oom_kill_process.cold+0x10/0x15 [ 2814.831548][T23350] out_of_memory+0x334/0x1340 [ 2814.836280][T23350] ? lock_downgrade+0x920/0x920 [ 2814.841171][T23350] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2814.847013][T23350] ? oom_killer_disable+0x280/0x280 [ 2814.852339][T23350] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2814.857923][T23350] ? memcg_stat_show+0xc40/0xc40 [ 2814.862893][T23350] ? do_raw_spin_unlock+0x57/0x270 [ 2814.868046][T23350] ? _raw_spin_unlock+0x2d/0x50 [ 2814.872957][T23350] try_charge+0xf4b/0x1440 [ 2814.877428][T23350] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2814.883000][T23350] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2814.888592][T23350] ? cache_grow_begin+0x122/0xd20 [ 2814.893630][T23350] ? find_held_lock+0x35/0x130 [ 2814.898400][T23350] ? cache_grow_begin+0x122/0xd20 [ 2814.903432][T23350] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2814.908976][T23350] ? lock_downgrade+0x920/0x920 [ 2814.913821][T23350] ? memcg_kmem_put_cache+0x50/0x50 [ 2814.919102][T23350] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2814.925336][T23350] ? __kasan_check_read+0x11/0x20 [ 2814.930365][T23350] cache_grow_begin+0x629/0xd20 [ 2814.935227][T23350] ? write_comp_data+0x61/0x70 [ 2814.939986][T23350] ? mempolicy_slab_node+0x139/0x390 [ 2814.945270][T23350] fallback_alloc+0x1fd/0x2d0 [ 2814.949980][T23350] ____cache_alloc_node+0x1bc/0x1d0 [ 2814.955175][T23350] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2814.961420][T23350] kmem_cache_alloc+0x1ef/0x710 [ 2814.966273][T23350] ? stack_trace_save+0xac/0xe0 [ 2814.971123][T23350] __alloc_file+0x27/0x340 [ 2814.975545][T23350] alloc_empty_file+0x72/0x170 [ 2814.980329][T23350] path_openat+0xef/0x46d0 [ 2814.984741][T23350] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 2814.990546][T23350] ? kasan_slab_alloc+0xf/0x20 [ 2814.995313][T23350] ? kmem_cache_alloc+0x121/0x710 [ 2815.000335][T23350] ? getname_flags+0xd6/0x5b0 [ 2815.005003][T23350] ? getname+0x1a/0x20 [ 2815.009069][T23350] ? do_sys_open+0x2c9/0x5d0 [ 2815.013653][T23350] ? __x64_sys_open+0x7e/0xc0 [ 2815.018329][T23350] ? __kasan_check_read+0x11/0x20 [ 2815.023349][T23350] ? mark_lock+0xc2/0x1220 [ 2815.027767][T23350] ? __kasan_check_read+0x11/0x20 [ 2815.032795][T23350] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 2815.038174][T23350] ? __alloc_fd+0x487/0x620 [ 2815.042691][T23350] do_filp_open+0x1a1/0x280 [ 2815.047198][T23350] ? may_open_dev+0x100/0x100 [ 2815.051875][T23350] ? lock_downgrade+0x920/0x920 [ 2815.056716][T23350] ? rwlock_bug.part.0+0x90/0x90 [ 2815.061655][T23350] ? __kasan_check_read+0x11/0x20 [ 2815.066696][T23350] ? do_raw_spin_unlock+0x57/0x270 [ 2815.071809][T23350] ? _raw_spin_unlock+0x2d/0x50 [ 2815.076658][T23350] ? __alloc_fd+0x487/0x620 [ 2815.081194][T23350] do_sys_open+0x3fe/0x5d0 [ 2815.085611][T23350] ? filp_open+0x80/0x80 [ 2815.089849][T23350] ? __detach_mounts+0x2a0/0x2a0 [ 2815.094796][T23350] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2815.100252][T23350] ? do_syscall_64+0x26/0x760 [ 2815.104929][T23350] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2815.110989][T23350] ? do_syscall_64+0x26/0x760 [ 2815.115689][T23350] __x64_sys_open+0x7e/0xc0 [ 2815.120192][T23350] do_syscall_64+0xfa/0x760 [ 2815.124694][T23350] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2815.130592][T23350] RIP: 0033:0x4579d0 [ 2815.134504][T23350] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00 [ 2815.154215][T23350] RSP: 002b:00007ffdc517a910 EFLAGS: 00000202 ORIG_RAX: 0000000000000002 [ 2815.162647][T23350] RAX: ffffffffffffffda RBX: 00000000002af231 RCX: 00000000004579d0 [ 2815.170628][T23350] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007ffdc517baf0 [ 2815.178613][T23350] RBP: 0000000000000002 R08: 0000000000000001 R09: 00000000021b0940 [ 2815.186669][T23350] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffdc517baf0 16:23:12 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) 16:23:12 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) 16:23:12 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) 16:23:12 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={0xffffffffffffffff, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2815.194638][T23350] R13: 00007ffdc517bae0 R14: 0000000000000000 R15: 00007ffdc517baf0 [ 2815.397523][T23350] memory: usage 880kB, limit 0kB, failcnt 1037 [ 2815.409019][T23350] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2815.438210][T23350] Memory cgroup stats for /syz2: [ 2815.438334][T23350] anon 102400 [ 2815.438334][T23350] file 86016 [ 2815.438334][T23350] kernel_stack 65536 [ 2815.438334][T23350] slab 806912 [ 2815.438334][T23350] sock 0 [ 2815.438334][T23350] shmem 0 [ 2815.438334][T23350] file_mapped 0 [ 2815.438334][T23350] file_dirty 0 [ 2815.438334][T23350] file_writeback 0 [ 2815.438334][T23350] anon_thp 0 [ 2815.438334][T23350] inactive_anon 0 [ 2815.438334][T23350] active_anon 102400 [ 2815.438334][T23350] inactive_file 0 [ 2815.438334][T23350] active_file 0 [ 2815.438334][T23350] unevictable 0 [ 2815.438334][T23350] slab_reclaimable 135168 [ 2815.438334][T23350] slab_unreclaimable 671744 [ 2815.438334][T23350] pgfault 35739 [ 2815.438334][T23350] pgmajfault 0 [ 2815.438334][T23350] workingset_refault 0 [ 2815.438334][T23350] workingset_activate 0 [ 2815.438334][T23350] workingset_nodereclaim 0 [ 2815.438334][T23350] pgrefill 166 [ 2815.438334][T23350] pgscan 167 [ 2815.438334][T23350] pgsteal 0 [ 2815.438334][T23350] pgactivate 99 [ 2815.476127][T23350] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23350,uid=0 [ 2815.550833][T23350] Memory cgroup out of memory: Killed process 23350 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2815.570459][ T1065] oom_reaper: reaped process 23350 (syz-executor.2), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2815.586612][T23381] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2815.619657][T23381] CPU: 0 PID: 23381 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2815.627413][T23381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2815.627430][T23381] Call Trace: [ 2815.640820][T23381] dump_stack+0x172/0x1f0 [ 2815.645180][T23381] dump_header+0x10b/0x82d [ 2815.649625][T23381] oom_kill_process.cold+0x10/0x15 [ 2815.654780][T23381] out_of_memory+0x334/0x1340 [ 2815.659492][T23381] ? __sched_text_start+0x8/0x8 [ 2815.664392][T23381] ? oom_killer_disable+0x280/0x280 [ 2815.669733][T23381] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2815.675300][T23381] ? memcg_stat_show+0xc40/0xc40 [ 2815.680252][T23381] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2815.680275][T23381] ? cgroup_file_notify+0x140/0x1b0 [ 2815.691293][T23381] memory_max_write+0x262/0x3a0 [ 2815.696169][T23381] ? mem_cgroup_write+0x370/0x370 [ 2815.701209][T23381] ? lock_acquire+0x190/0x410 [ 2815.705919][T23381] ? kernfs_fop_write+0x227/0x480 [ 2815.710977][T23381] cgroup_file_write+0x241/0x790 [ 2815.715976][T23381] ? mem_cgroup_write+0x370/0x370 [ 2815.721030][T23381] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2815.721052][T23381] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2815.721069][T23381] kernfs_fop_write+0x2b8/0x480 [ 2815.721087][T23381] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2815.721109][T23381] __vfs_write+0x8a/0x110 [ 2815.721121][T23381] ? kernfs_fop_open+0xd80/0xd80 [ 2815.721139][T23381] vfs_write+0x268/0x5d0 [ 2815.757645][T23381] ksys_write+0x14f/0x290 [ 2815.762010][T23381] ? __ia32_sys_read+0xb0/0xb0 [ 2815.766898][T23381] ? do_syscall_64+0x26/0x760 [ 2815.771607][T23381] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2815.771624][T23381] ? do_syscall_64+0x26/0x760 [ 2815.771645][T23381] __x64_sys_write+0x73/0xb0 [ 2815.771661][T23381] do_syscall_64+0xfa/0x760 [ 2815.771680][T23381] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2815.771691][T23381] RIP: 0033:0x459a59 [ 2815.771707][T23381] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2815.771714][T23381] RSP: 002b:00007f3979e38c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2815.771727][T23381] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2815.771734][T23381] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2815.771741][T23381] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2815.771749][T23381] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3979e396d4 [ 2815.771756][T23381] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2816.030998][T23381] memory: usage 5436kB, limit 0kB, failcnt 885 [ 2816.050548][T23381] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2816.057585][T23381] Memory cgroup stats for /syz3: [ 2816.057722][T23381] anon 4333568 [ 2816.057722][T23381] file 16384 [ 2816.057722][T23381] kernel_stack 65536 [ 2816.057722][T23381] slab 1077248 [ 2816.057722][T23381] sock 0 [ 2816.057722][T23381] shmem 0 [ 2816.057722][T23381] file_mapped 0 [ 2816.057722][T23381] file_dirty 0 [ 2816.057722][T23381] file_writeback 0 [ 2816.057722][T23381] anon_thp 4194304 [ 2816.057722][T23381] inactive_anon 0 [ 2816.057722][T23381] active_anon 4333568 [ 2816.057722][T23381] inactive_file 0 [ 2816.057722][T23381] active_file 0 [ 2816.057722][T23381] unevictable 0 [ 2816.057722][T23381] slab_reclaimable 270336 [ 2816.057722][T23381] slab_unreclaimable 806912 [ 2816.057722][T23381] pgfault 31647 [ 2816.057722][T23381] pgmajfault 0 [ 2816.057722][T23381] workingset_refault 0 [ 2816.057722][T23381] workingset_activate 0 [ 2816.057722][T23381] workingset_nodereclaim 0 [ 2816.057722][T23381] pgrefill 100 [ 2816.057722][T23381] pgscan 99 [ 2816.057722][T23381] pgsteal 0 [ 2816.057722][T23381] pgactivate 66 [ 2816.170543][T23381] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23379,uid=0 [ 2816.187089][T23381] Memory cgroup out of memory: Killed process 23379 (syz-executor.3) total-vm:72704kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2816.210444][ T1065] oom_reaper: reaped process 23379 (syz-executor.3), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 16:23:14 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={0xffffffffffffffff, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2816.291952][T23359] syz-executor.3 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 2816.321424][T23359] CPU: 0 PID: 23359 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2816.329197][T23359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2816.339349][T23359] Call Trace: [ 2816.342923][T23359] dump_stack+0x172/0x1f0 [ 2816.347261][T23359] dump_header+0x10b/0x82d [ 2816.351681][T23359] ? oom_kill_process+0x94/0x3f0 [ 2816.356627][T23359] oom_kill_process.cold+0x10/0x15 [ 2816.361753][T23359] out_of_memory+0x334/0x1340 [ 2816.366433][T23359] ? lock_downgrade+0x920/0x920 [ 2816.371291][T23359] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2816.377102][T23359] ? oom_killer_disable+0x280/0x280 [ 2816.382322][T23359] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2816.387873][T23359] ? memcg_stat_show+0xc40/0xc40 [ 2816.392833][T23359] ? do_raw_spin_unlock+0x57/0x270 [ 2816.397967][T23359] ? _raw_spin_unlock+0x2d/0x50 [ 2816.402853][T23359] try_charge+0xf4b/0x1440 [ 2816.407285][T23359] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2816.412838][T23359] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2816.418424][T23359] ? cache_grow_begin+0x122/0xd20 [ 2816.423481][T23359] ? find_held_lock+0x35/0x130 [ 2816.428260][T23359] ? cache_grow_begin+0x122/0xd20 [ 2816.433332][T23359] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2816.438972][T23359] ? lock_downgrade+0x920/0x920 [ 2816.443837][T23359] ? memcg_kmem_put_cache+0x50/0x50 [ 2816.449047][T23359] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2816.455388][T23359] ? __kasan_check_read+0x11/0x20 [ 2816.460525][T23359] cache_grow_begin+0x629/0xd20 [ 2816.465383][T23359] ? write_comp_data+0x61/0x70 [ 2816.470164][T23359] ? mempolicy_slab_node+0x139/0x390 [ 2816.475491][T23359] fallback_alloc+0x1fd/0x2d0 [ 2816.480274][T23359] ____cache_alloc_node+0x1bc/0x1d0 [ 2816.485511][T23359] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2816.491771][T23359] kmem_cache_alloc+0x1ef/0x710 [ 2816.496624][T23359] ? lock_downgrade+0x920/0x920 [ 2816.501477][T23359] ? rwlock_bug.part.0+0x90/0x90 [ 2816.506423][T23359] ? ratelimit_state_init+0xb0/0xb0 [ 2816.511633][T23359] ext4_alloc_inode+0x1f/0x640 [ 2816.516396][T23359] ? ratelimit_state_init+0xb0/0xb0 [ 2816.521630][T23359] alloc_inode+0x68/0x1e0 [ 2816.525966][T23359] iget_locked+0x1a6/0x4b0 [ 2816.530386][T23359] __ext4_iget+0x265/0x3e20 [ 2816.534898][T23359] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2816.541161][T23359] ? ext4_get_projid+0x190/0x190 [ 2816.546134][T23359] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2816.551715][T23359] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2816.557707][T23359] ? d_alloc_parallel+0xa78/0x1c30 [ 2816.562832][T23359] ext4_lookup+0x3b1/0x7a0 [ 2816.567254][T23359] ? ext4_cross_rename+0x1430/0x1430 [ 2816.572639][T23359] ? __lock_acquire+0x16f2/0x4a00 [ 2816.577670][T23359] ? __kasan_check_read+0x11/0x20 [ 2816.582711][T23359] ? lockdep_init_map+0x1be/0x6d0 [ 2816.587749][T23359] __lookup_slow+0x279/0x500 [ 2816.592348][T23359] ? vfs_unlink+0x620/0x620 [ 2816.596888][T23359] lookup_slow+0x58/0x80 [ 2816.601135][T23359] path_mountpoint+0x5d2/0x1e60 [ 2816.606004][T23359] ? __kasan_check_read+0x11/0x20 [ 2816.611032][T23359] ? __lock_acquire+0x16f2/0x4a00 [ 2816.616053][T23359] ? putname+0xef/0x130 [ 2816.620219][T23359] ? path_openat+0x46d0/0x46d0 [ 2816.625128][T23359] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2816.630770][T23359] ? find_held_lock+0x35/0x130 [ 2816.635547][T23359] filename_mountpoint+0x18e/0x390 [ 2816.640679][T23359] ? filename_parentat.isra.0+0x410/0x410 [ 2816.646402][T23359] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2816.652577][T23359] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2816.658818][T23359] ? __phys_addr_symbol+0x30/0x70 [ 2816.663844][T23359] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2816.669615][T23359] ? __check_object_size+0x3d/0x437 [ 2816.674826][T23359] ? strncpy_from_user+0x2b4/0x400 [ 2816.679948][T23359] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2816.686196][T23359] ? getname_flags+0x277/0x5b0 [ 2816.690974][T23359] user_path_mountpoint_at+0x3a/0x50 [ 2816.696282][T23359] ksys_umount+0x164/0xf00 [ 2816.700708][T23359] ? __ia32_sys_rmdir+0x40/0x40 [ 2816.705587][T23359] ? __detach_mounts+0x2a0/0x2a0 [ 2816.710555][T23359] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2816.716805][T23359] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2816.722267][T23359] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2816.727820][T23359] ? do_syscall_64+0x26/0x760 [ 2816.732615][T23359] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2816.738683][T23359] ? do_syscall_64+0x26/0x760 [ 2816.743375][T23359] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2816.748717][T23359] __x64_sys_umount+0x54/0x80 [ 2816.753402][T23359] do_syscall_64+0xfa/0x760 [ 2816.757917][T23359] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2816.763815][T23359] RIP: 0033:0x45c487 [ 2816.767733][T23359] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2816.787452][T23359] RSP: 002b:00007ffcbef4b388 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 2816.796063][T23359] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c487 [ 2816.804048][T23359] RDX: 0000000000403550 RSI: 0000000000000002 RDI: 00007ffcbef4b430 [ 2816.812028][T23359] RBP: 0000000000000005 R08: 0000000000000000 R09: 000000000000000e [ 2816.820088][T23359] R10: 000000000000000a R11: 0000000000000206 R12: 00007ffcbef4c4c0 [ 2816.828063][T23359] R13: 0000000001757940 R14: 0000000000000000 R15: 00007ffcbef4c4c0 [ 2816.845455][T23359] memory: usage 1000kB, limit 0kB, failcnt 897 [ 2816.851832][T23359] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2816.858994][T23359] Memory cgroup stats for /syz3: [ 2816.859223][T23359] anon 24576 [ 2816.859223][T23359] file 16384 [ 2816.859223][T23359] kernel_stack 0 [ 2816.859223][T23359] slab 1077248 [ 2816.859223][T23359] sock 0 [ 2816.859223][T23359] shmem 0 [ 2816.859223][T23359] file_mapped 0 [ 2816.859223][T23359] file_dirty 0 [ 2816.859223][T23359] file_writeback 0 [ 2816.859223][T23359] anon_thp 0 [ 2816.859223][T23359] inactive_anon 0 [ 2816.859223][T23359] active_anon 24576 [ 2816.859223][T23359] inactive_file 0 [ 2816.859223][T23359] active_file 0 [ 2816.859223][T23359] unevictable 0 [ 2816.859223][T23359] slab_reclaimable 270336 [ 2816.859223][T23359] slab_unreclaimable 806912 [ 2816.859223][T23359] pgfault 31680 [ 2816.859223][T23359] pgmajfault 0 [ 2816.859223][T23359] workingset_refault 0 [ 2816.859223][T23359] workingset_activate 0 [ 2816.859223][T23359] workingset_nodereclaim 0 [ 2816.859223][T23359] pgrefill 100 16:23:14 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x0, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2816.859223][T23359] pgscan 99 [ 2816.859223][T23359] pgsteal 0 [ 2816.859223][T23359] pgactivate 66 [ 2816.865259][T23359] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23359,uid=0 [ 2817.011805][T23359] Memory cgroup out of memory: Killed process 23359 (syz-executor.3) total-vm:72440kB, anon-rss:96kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2817.091130][ T1065] oom_reaper: reaped process 23359 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 16:23:15 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x0, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:23:15 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={0xffffffffffffffff, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2817.805271][T23387] IPVS: ftp: loaded support on port[0] = 21 [ 2817.816764][T23388] IPVS: ftp: loaded support on port[0] = 21 [ 2817.843062][T23389] IPVS: ftp: loaded support on port[0] = 21 [ 2817.864411][T23386] IPVS: ftp: loaded support on port[0] = 21 16:23:15 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, 0xffffffffffffffff, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2818.762503][T23387] chnl_net:caif_netlink_parms(): no params data found [ 2818.785141][T23389] chnl_net:caif_netlink_parms(): no params data found [ 2818.826176][T23388] chnl_net:caif_netlink_parms(): no params data found [ 2818.967590][T23395] IPVS: ftp: loaded support on port[0] = 21 [ 2819.005976][T23386] chnl_net:caif_netlink_parms(): no params data found [ 2819.097126][T23389] bridge0: port 1(bridge_slave_0) entered blocking state [ 2819.109227][T23389] bridge0: port 1(bridge_slave_0) entered disabled state [ 2819.120815][T23389] device bridge_slave_0 entered promiscuous mode [ 2819.157606][T23389] bridge0: port 2(bridge_slave_1) entered blocking state [ 2819.169614][T23389] bridge0: port 2(bridge_slave_1) entered disabled state [ 2819.192777][T23389] device bridge_slave_1 entered promiscuous mode [ 2819.285229][T23387] bridge0: port 1(bridge_slave_0) entered blocking state [ 2819.293372][T23387] bridge0: port 1(bridge_slave_0) entered disabled state [ 2819.304018][T23387] device bridge_slave_0 entered promiscuous mode [ 2819.336962][T23388] bridge0: port 1(bridge_slave_0) entered blocking state [ 2819.349910][T23388] bridge0: port 1(bridge_slave_0) entered disabled state [ 2819.360201][T23388] device bridge_slave_0 entered promiscuous mode [ 2819.468823][T23387] bridge0: port 2(bridge_slave_1) entered blocking state [ 2819.478204][T23387] bridge0: port 2(bridge_slave_1) entered disabled state [ 2819.488495][T23387] device bridge_slave_1 entered promiscuous mode [ 2819.539624][T23388] bridge0: port 2(bridge_slave_1) entered blocking state [ 2819.548579][T23388] bridge0: port 2(bridge_slave_1) entered disabled state [ 2819.559017][T23388] device bridge_slave_1 entered promiscuous mode [ 2819.575909][T23397] IPVS: ftp: loaded support on port[0] = 21 [ 2819.683909][T23389] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2819.694824][T23386] bridge0: port 1(bridge_slave_0) entered blocking state [ 2819.702963][T23386] bridge0: port 1(bridge_slave_0) entered disabled state [ 2819.713046][T23386] device bridge_slave_0 entered promiscuous mode [ 2819.751833][T23387] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2819.765884][T23387] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2819.780178][T23389] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2819.838497][T23386] bridge0: port 2(bridge_slave_1) entered blocking state [ 2819.846204][T23386] bridge0: port 2(bridge_slave_1) entered disabled state [ 2819.856343][T23386] device bridge_slave_1 entered promiscuous mode [ 2819.875019][T23388] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2820.033446][T23388] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2820.059715][T23389] team0: Port device team_slave_0 added [ 2820.097443][T23387] team0: Port device team_slave_0 added [ 2820.152144][T23389] team0: Port device team_slave_1 added [ 2820.168445][T23386] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2820.189338][T23387] team0: Port device team_slave_1 added [ 2820.217548][T23386] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2820.230958][T23388] team0: Port device team_slave_0 added [ 2820.239546][T23388] team0: Port device team_slave_1 added [ 2820.484385][T23387] device hsr_slave_0 entered promiscuous mode [ 2820.542257][T23387] device hsr_slave_1 entered promiscuous mode [ 2820.600555][T23387] debugfs: Directory 'hsr0' with parent '/' already present! [ 2820.665539][T23389] device hsr_slave_0 entered promiscuous mode [ 2820.703953][T23389] device hsr_slave_1 entered promiscuous mode [ 2820.760550][T23389] debugfs: Directory 'hsr0' with parent '/' already present! [ 2820.790082][T23386] team0: Port device team_slave_0 added [ 2820.952587][T23388] device hsr_slave_0 entered promiscuous mode [ 2820.992492][T23388] device hsr_slave_1 entered promiscuous mode [ 2821.063990][T23388] debugfs: Directory 'hsr0' with parent '/' already present! [ 2821.075186][T23386] team0: Port device team_slave_1 added [ 2821.495266][T23386] device hsr_slave_0 entered promiscuous mode [ 2821.582115][T23386] device hsr_slave_1 entered promiscuous mode [ 2821.640530][T23386] debugfs: Directory 'hsr0' with parent '/' already present! [ 2821.792701][T23395] chnl_net:caif_netlink_parms(): no params data found [ 2822.133840][T23397] chnl_net:caif_netlink_parms(): no params data found [ 2822.238245][T23395] bridge0: port 1(bridge_slave_0) entered blocking state [ 2822.245784][T23395] bridge0: port 1(bridge_slave_0) entered disabled state [ 2822.255711][T23395] device bridge_slave_0 entered promiscuous mode [ 2822.288530][T23395] bridge0: port 2(bridge_slave_1) entered blocking state [ 2822.300088][T23395] bridge0: port 2(bridge_slave_1) entered disabled state [ 2822.312184][T23395] device bridge_slave_1 entered promiscuous mode [ 2822.420190][T23397] bridge0: port 1(bridge_slave_0) entered blocking state [ 2822.429368][T23397] bridge0: port 1(bridge_slave_0) entered disabled state [ 2822.439060][T23397] device bridge_slave_0 entered promiscuous mode [ 2822.454411][T23389] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2822.531005][T23395] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2822.543564][T23397] bridge0: port 2(bridge_slave_1) entered blocking state [ 2822.552877][T23397] bridge0: port 2(bridge_slave_1) entered disabled state [ 2822.562725][T23397] device bridge_slave_1 entered promiscuous mode [ 2822.636039][T23395] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2822.670268][T23397] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2822.715613][T23387] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2822.727543][T23397] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2822.751456][T23388] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2822.829167][T23395] team0: Port device team_slave_0 added [ 2822.843125][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2822.852280][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2822.878241][T23389] 8021q: adding VLAN 0 to HW filter on device team0 [ 2822.927344][T23395] team0: Port device team_slave_1 added [ 2823.018819][T23397] team0: Port device team_slave_0 added [ 2823.053953][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2823.063875][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2823.073298][T16391] bridge0: port 1(bridge_slave_0) entered blocking state [ 2823.080437][T16391] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2823.089575][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2823.112305][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2823.166090][T23397] team0: Port device team_slave_1 added [ 2823.265998][T23395] device hsr_slave_0 entered promiscuous mode [ 2823.302511][T23395] device hsr_slave_1 entered promiscuous mode [ 2823.340837][T23395] debugfs: Directory 'hsr0' with parent '/' already present! [ 2823.365707][T23387] 8021q: adding VLAN 0 to HW filter on device team0 [ 2823.375524][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2823.386447][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2823.396815][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2823.406124][T13846] bridge0: port 2(bridge_slave_1) entered blocking state [ 2823.413261][T13846] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2823.424194][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2823.433518][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2823.445516][T23388] 8021q: adding VLAN 0 to HW filter on device team0 [ 2823.478304][T23386] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2823.624961][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2823.695759][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2823.706447][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2823.715620][T20744] bridge0: port 1(bridge_slave_0) entered blocking state [ 2823.722800][T20744] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2823.733295][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2823.743557][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2823.754243][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2823.763378][T20744] bridge0: port 1(bridge_slave_0) entered blocking state [ 2823.770523][T20744] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2823.885506][T23397] device hsr_slave_0 entered promiscuous mode [ 2823.972077][T23397] device hsr_slave_1 entered promiscuous mode [ 2824.020693][T23397] debugfs: Directory 'hsr0' with parent '/' already present! [ 2824.048099][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2824.058018][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2824.068748][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2824.081182][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2824.102637][T23386] 8021q: adding VLAN 0 to HW filter on device team0 [ 2824.124274][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2824.139220][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2824.149662][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2824.159989][T21074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2824.169937][T21074] bridge0: port 2(bridge_slave_1) entered blocking state [ 2824.177113][T21074] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2824.334501][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2824.344595][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2824.355788][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2824.365200][T20744] bridge0: port 2(bridge_slave_1) entered blocking state [ 2824.372370][T20744] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2824.382747][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2824.392980][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2824.403149][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2824.414130][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2824.426647][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2824.436024][T20744] bridge0: port 1(bridge_slave_0) entered blocking state [ 2824.443171][T20744] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2824.452452][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2824.588827][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2824.611888][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2824.622662][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2824.631874][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2824.641317][T20744] bridge0: port 2(bridge_slave_1) entered blocking state [ 2824.648389][T20744] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2824.666104][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2824.676886][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2824.813557][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2824.823797][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2824.833343][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2824.843472][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2824.853394][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2824.864731][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2824.874338][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2824.884752][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2824.894218][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2824.903751][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2824.914008][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2825.008346][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2825.018114][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2825.027315][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2825.037926][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2825.047849][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2825.058375][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2825.068094][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2825.077544][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2825.088705][T23389] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2825.183878][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2825.195055][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2825.205540][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2825.215131][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2825.224806][T16391] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2825.255730][T23388] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2825.371068][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2825.390544][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2825.399750][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2825.409967][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2825.446945][T23386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2825.589837][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2825.602724][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2825.698031][T23395] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2825.735306][T23388] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2825.744002][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2825.754648][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2825.849881][T23387] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2825.926973][T23389] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2826.042227][T23386] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2826.079649][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2826.097209][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2826.233492][T23412] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2826.260689][T23412] CPU: 1 PID: 23412 Comm: syz-executor.1 Not tainted 5.3.0+ #0 [ 2826.271286][T23412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2826.281455][T23412] Call Trace: [ 2826.284774][T23412] dump_stack+0x172/0x1f0 [ 2826.289125][T23412] dump_header+0x10b/0x82d [ 2826.293578][T23412] oom_kill_process.cold+0x10/0x15 [ 2826.298711][T23412] out_of_memory+0x334/0x1340 [ 2826.303409][T23412] ? __sched_text_start+0x8/0x8 [ 2826.308283][T23412] ? oom_killer_disable+0x280/0x280 [ 2826.313518][T23412] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2826.319078][T23412] ? memcg_stat_show+0xc40/0xc40 [ 2826.324060][T23412] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2826.329902][T23412] ? cgroup_file_notify+0x140/0x1b0 [ 2826.335147][T23412] memory_max_write+0x262/0x3a0 [ 2826.340036][T23412] ? mem_cgroup_write+0x370/0x370 [ 2826.345097][T23412] ? lock_acquire+0x190/0x410 [ 2826.349788][T23412] ? kernfs_fop_write+0x227/0x480 [ 2826.354837][T23412] cgroup_file_write+0x241/0x790 [ 2826.359805][T23412] ? mem_cgroup_write+0x370/0x370 [ 2826.364840][T23412] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2826.370491][T23412] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2826.376140][T23412] kernfs_fop_write+0x2b8/0x480 [ 2826.381008][T23412] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2826.387296][T23412] __vfs_write+0x8a/0x110 [ 2826.391727][T23412] ? kernfs_fop_open+0xd80/0xd80 [ 2826.396873][T23412] vfs_write+0x268/0x5d0 [ 2826.401242][T23412] ksys_write+0x14f/0x290 [ 2826.405601][T23412] ? __ia32_sys_read+0xb0/0xb0 [ 2826.410387][T23412] ? do_syscall_64+0x26/0x760 [ 2826.415095][T23412] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2826.421180][T23412] ? do_syscall_64+0x26/0x760 [ 2826.425878][T23412] __x64_sys_write+0x73/0xb0 [ 2826.430655][T23412] do_syscall_64+0xfa/0x760 [ 2826.435177][T23412] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2826.441092][T23412] RIP: 0033:0x459a59 [ 2826.445012][T23412] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2826.464749][T23412] RSP: 002b:00007f55184efc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2826.473182][T23412] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2826.481272][T23412] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2826.489251][T23412] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2826.497233][T23412] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f55184f06d4 [ 2826.505216][T23412] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2826.525200][T23412] memory: usage 5268kB, limit 0kB, failcnt 922 [ 2826.531470][T23412] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2826.538322][T23412] Memory cgroup stats for /syz1: [ 2826.538468][T23412] anon 4382720 [ 2826.538468][T23412] file 40960 [ 2826.538468][T23412] kernel_stack 65536 [ 2826.538468][T23412] slab 696320 [ 2826.538468][T23412] sock 0 [ 2826.538468][T23412] shmem 0 [ 2826.538468][T23412] file_mapped 0 [ 2826.538468][T23412] file_dirty 0 [ 2826.538468][T23412] file_writeback 0 [ 2826.538468][T23412] anon_thp 4194304 [ 2826.538468][T23412] inactive_anon 0 [ 2826.538468][T23412] active_anon 4313088 [ 2826.538468][T23412] inactive_file 135168 [ 2826.538468][T23412] active_file 0 [ 2826.538468][T23412] unevictable 0 [ 2826.538468][T23412] slab_reclaimable 135168 [ 2826.538468][T23412] slab_unreclaimable 561152 [ 2826.538468][T23412] pgfault 29601 [ 2826.538468][T23412] pgmajfault 0 [ 2826.538468][T23412] workingset_refault 0 [ 2826.538468][T23412] workingset_activate 0 [ 2826.538468][T23412] workingset_nodereclaim 0 [ 2826.538468][T23412] pgrefill 100 [ 2826.538468][T23412] pgscan 100 [ 2826.538468][T23412] pgsteal 0 [ 2826.538468][T23412] pgactivate 66 [ 2826.640773][T23412] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=23405,uid=0 [ 2826.658676][T23412] Memory cgroup out of memory: Killed process 23405 (syz-executor.1) total-vm:72708kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2826.683176][ T1065] oom_reaper: reaped process 23405 (syz-executor.1), now anon-rss:0kB, file-rss:34876kB, shmem-rss:0kB [ 2826.713234][T23395] 8021q: adding VLAN 0 to HW filter on device team0 [ 2826.736333][T23397] 8021q: adding VLAN 0 to HW filter on device bond0 16:23:24 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r1 = socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2826.773003][T23388] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2826.830674][T23388] CPU: 0 PID: 23388 Comm: syz-executor.1 Not tainted 5.3.0+ #0 [ 2826.838271][T23388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2826.848336][T23388] Call Trace: [ 2826.851638][T23388] dump_stack+0x172/0x1f0 [ 2826.855986][T23388] dump_header+0x10b/0x82d [ 2826.860411][T23388] ? oom_kill_process+0x94/0x3f0 [ 2826.862365][T23397] 8021q: adding VLAN 0 to HW filter on device team0 [ 2826.865352][T23388] oom_kill_process.cold+0x10/0x15 [ 2826.865373][T23388] out_of_memory+0x334/0x1340 [ 2826.881708][T23388] ? lock_downgrade+0x920/0x920 [ 2826.886580][T23388] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2826.892393][T23388] ? oom_killer_disable+0x280/0x280 [ 2826.897611][T23388] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2826.903174][T23388] ? memcg_stat_show+0xc40/0xc40 [ 2826.908127][T23388] ? do_raw_spin_unlock+0x57/0x270 [ 2826.913247][T23388] ? _raw_spin_unlock+0x2d/0x50 [ 2826.918108][T23388] try_charge+0xf4b/0x1440 [ 2826.922556][T23388] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2826.928107][T23388] ? percpu_ref_tryget_live+0x111/0x290 [ 2826.933753][T23388] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2826.940005][T23388] ? __kasan_check_read+0x11/0x20 [ 2826.945042][T23388] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2826.950609][T23388] mem_cgroup_try_charge+0x136/0x590 [ 2826.956084][T23388] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2826.961744][T23388] wp_page_copy+0x407/0x1860 [ 2826.966343][T23388] ? find_held_lock+0x35/0x130 [ 2826.971116][T23388] ? do_wp_page+0x53b/0x15c0 [ 2826.975720][T23388] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2826.981546][T23388] ? lock_downgrade+0x920/0x920 [ 2826.986421][T23388] ? swp_swapcount+0x540/0x540 [ 2826.991201][T23388] ? __kasan_check_read+0x11/0x20 [ 2826.996234][T23388] ? do_raw_spin_unlock+0x57/0x270 [ 2827.001391][T23388] do_wp_page+0x543/0x15c0 [ 2827.005825][T23388] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2827.011210][T23388] __handle_mm_fault+0x23ec/0x4040 [ 2827.016339][T23388] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2827.022010][T23388] ? handle_mm_fault+0x292/0xaa0 [ 2827.026969][T23388] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2827.033214][T23388] ? __kasan_check_read+0x11/0x20 [ 2827.038253][T23388] handle_mm_fault+0x3b7/0xaa0 [ 2827.043037][T23388] __do_page_fault+0x536/0xdd0 [ 2827.047815][T23388] do_page_fault+0x38/0x590 [ 2827.052334][T23388] page_fault+0x39/0x40 [ 2827.056492][T23388] RIP: 0033:0x403522 [ 2827.060392][T23388] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2827.080092][T23388] RSP: 002b:00007fff2d247cc0 EFLAGS: 00010246 [ 2827.086192][T23388] RAX: 0000000000000000 RBX: 00000000002b2116 RCX: 0000000000413660 [ 2827.094175][T23388] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff2d248df0 [ 2827.102154][T23388] RBP: 0000000000000002 R08: 0000000000000001 R09: 000000000107f940 [ 2827.102758][T23397] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2827.110138][T23388] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff2d248df0 [ 2827.110151][T23388] R13: 00007fff2d248de0 R14: 0000000000000000 R15: 00007fff2d248df0 [ 2827.152089][T23388] memory: usage 844kB, limit 0kB, failcnt 930 [ 2827.158206][T23388] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2827.165544][T23388] Memory cgroup stats for /syz1: [ 2827.165664][T23388] anon 114688 [ 2827.165664][T23388] file 40960 [ 2827.165664][T23388] kernel_stack 0 [ 2827.165664][T23388] slab 696320 [ 2827.165664][T23388] sock 0 [ 2827.165664][T23388] shmem 0 [ 2827.165664][T23388] file_mapped 0 [ 2827.165664][T23388] file_dirty 0 [ 2827.165664][T23388] file_writeback 0 [ 2827.165664][T23388] anon_thp 0 [ 2827.165664][T23388] inactive_anon 0 [ 2827.165664][T23388] active_anon 45056 [ 2827.165664][T23388] inactive_file 135168 [ 2827.165664][T23388] active_file 0 [ 2827.165664][T23388] unevictable 0 [ 2827.165664][T23388] slab_reclaimable 135168 [ 2827.165664][T23388] slab_unreclaimable 561152 [ 2827.165664][T23388] pgfault 29601 [ 2827.165664][T23388] pgmajfault 0 [ 2827.165664][T23388] workingset_refault 0 [ 2827.165664][T23388] workingset_activate 0 [ 2827.165664][T23388] workingset_nodereclaim 0 [ 2827.165664][T23388] pgrefill 100 [ 2827.165664][T23388] pgscan 100 [ 2827.165664][T23388] pgsteal 0 [ 2827.165664][T23388] pgactivate 66 [ 2827.171670][T23397] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2827.276954][T23388] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=23388,uid=0 [ 2827.281944][T23387] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2827.299393][T23388] Memory cgroup out of memory: Killed process 23388 (syz-executor.1) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2827.318766][T23418] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2827.319047][ T1065] oom_reaper: reaped process 23388 (syz-executor.1), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2827.331370][T23418] CPU: 1 PID: 23418 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 2827.347864][T23418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2827.357927][T23418] Call Trace: [ 2827.361252][T23418] dump_stack+0x172/0x1f0 [ 2827.365588][T23418] dump_header+0x10b/0x82d [ 2827.370009][T23418] oom_kill_process.cold+0x10/0x15 [ 2827.375671][T23418] out_of_memory+0x334/0x1340 [ 2827.380360][T23418] ? retint_kernel+0x2b/0x2b [ 2827.384961][T23418] ? oom_killer_disable+0x280/0x280 [ 2827.390183][T23418] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2827.395738][T23418] ? memcg_stat_show+0xc40/0xc40 [ 2827.400689][T23418] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2827.406539][T23418] ? cgroup_file_notify+0x140/0x1b0 [ 2827.411745][T23418] memory_max_write+0x262/0x3a0 [ 2827.416605][T23418] ? mem_cgroup_write+0x370/0x370 [ 2827.421640][T23418] ? lock_acquire+0x190/0x410 [ 2827.426321][T23418] ? kernfs_fop_write+0x227/0x480 [ 2827.431357][T23418] cgroup_file_write+0x241/0x790 [ 2827.436309][T23418] ? mem_cgroup_write+0x370/0x370 [ 2827.441336][T23418] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2827.446980][T23418] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2827.452640][T23418] kernfs_fop_write+0x2b8/0x480 [ 2827.457667][T23418] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2827.463934][T23418] __vfs_write+0x8a/0x110 [ 2827.468264][T23418] ? kernfs_fop_open+0xd80/0xd80 [ 2827.473207][T23418] vfs_write+0x268/0x5d0 [ 2827.477490][T23418] ksys_write+0x14f/0x290 [ 2827.481827][T23418] ? __ia32_sys_read+0xb0/0xb0 [ 2827.486594][T23418] ? do_syscall_64+0x26/0x760 [ 2827.491278][T23418] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2827.497343][T23418] ? do_syscall_64+0x26/0x760 [ 2827.502029][T23418] __x64_sys_write+0x73/0xb0 [ 2827.506621][T23418] do_syscall_64+0xfa/0x760 [ 2827.511163][T23418] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2827.517068][T23418] RIP: 0033:0x459a59 [ 2827.520991][T23418] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2827.540608][T23418] RSP: 002b:00007f4f0aff3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2827.549205][T23418] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2827.557171][T23418] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2827.565679][T23418] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2827.573751][T23418] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4f0aff46d4 [ 2827.581802][T23418] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2827.628500][T23418] memory: usage 6728kB, limit 0kB, failcnt 1139 [ 2827.651878][T23418] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2827.658866][T23418] Memory cgroup stats for /syz4: [ 2827.660034][T23418] anon 4272128 [ 2827.660034][T23418] file 0 [ 2827.660034][T23418] kernel_stack 65536 [ 2827.660034][T23418] slab 2174976 [ 2827.660034][T23418] sock 0 [ 2827.660034][T23418] shmem 0 [ 2827.660034][T23418] file_mapped 0 [ 2827.660034][T23418] file_dirty 135168 [ 2827.660034][T23418] file_writeback 0 [ 2827.660034][T23418] anon_thp 4194304 [ 2827.660034][T23418] inactive_anon 0 [ 2827.660034][T23418] active_anon 4272128 [ 2827.660034][T23418] inactive_file 0 [ 2827.660034][T23418] active_file 0 [ 2827.660034][T23418] unevictable 0 [ 2827.660034][T23418] slab_reclaimable 675840 [ 2827.660034][T23418] slab_unreclaimable 1499136 [ 2827.660034][T23418] pgfault 22605 [ 2827.660034][T23418] pgmajfault 0 [ 2827.660034][T23418] workingset_refault 0 [ 2827.660034][T23418] workingset_activate 0 [ 2827.660034][T23418] workingset_nodereclaim 0 [ 2827.660034][T23418] pgrefill 132 [ 2827.660034][T23418] pgscan 216 [ 2827.660034][T23418] pgsteal 105 [ 2827.660034][T23418] pgactivate 99 [ 2827.766830][T23418] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23417,uid=0 [ 2827.784641][T23418] Memory cgroup out of memory: Killed process 23417 (syz-executor.4) total-vm:72576kB, anon-rss:4232kB, file-rss:35844kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2827.808357][ T1065] oom_reaper: reaped process 23417 (syz-executor.4), now anon-rss:0kB, file-rss:34884kB, shmem-rss:0kB 16:23:25 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) [ 2827.872372][T23389] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2827.891308][T23389] CPU: 0 PID: 23389 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 2827.898886][T23389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2827.908941][T23389] Call Trace: [ 2827.912239][T23389] dump_stack+0x172/0x1f0 [ 2827.916573][T23389] dump_header+0x10b/0x82d [ 2827.920986][T23389] ? oom_kill_process+0x94/0x3f0 [ 2827.925926][T23389] oom_kill_process.cold+0x10/0x15 [ 2827.931039][T23389] out_of_memory+0x334/0x1340 [ 2827.935715][T23389] ? lock_downgrade+0x920/0x920 [ 2827.940562][T23389] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2827.946498][T23389] ? oom_killer_disable+0x280/0x280 [ 2827.951709][T23389] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2827.957251][T23389] ? memcg_stat_show+0xc40/0xc40 [ 2827.962196][T23389] ? do_raw_spin_unlock+0x57/0x270 [ 2827.967311][T23389] ? _raw_spin_unlock+0x2d/0x50 [ 2827.972166][T23389] try_charge+0xf4b/0x1440 [ 2827.976589][T23389] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2827.982131][T23389] ? percpu_ref_tryget_live+0x111/0x290 [ 2827.987677][T23389] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2827.993921][T23389] ? __kasan_check_read+0x11/0x20 [ 2827.998949][T23389] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2828.004495][T23389] mem_cgroup_try_charge+0x136/0x590 [ 2828.009792][T23389] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2828.015432][T23389] wp_page_copy+0x407/0x1860 [ 2828.020031][T23389] ? find_held_lock+0x35/0x130 [ 2828.024796][T23389] ? do_wp_page+0x53b/0x15c0 [ 2828.029390][T23389] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2828.035221][T23389] ? lock_downgrade+0x920/0x920 [ 2828.040077][T23389] ? swp_swapcount+0x540/0x540 [ 2828.044842][T23389] ? __kasan_check_read+0x11/0x20 [ 2828.049864][T23389] ? do_raw_spin_unlock+0x57/0x270 [ 2828.054979][T23389] do_wp_page+0x543/0x15c0 [ 2828.059410][T23389] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2828.064818][T23389] __handle_mm_fault+0x23ec/0x4040 [ 2828.069976][T23389] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2828.075523][T23389] ? handle_mm_fault+0x292/0xaa0 [ 2828.080479][T23389] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2828.086731][T23389] ? __kasan_check_read+0x11/0x20 [ 2828.091762][T23389] handle_mm_fault+0x3b7/0xaa0 [ 2828.096531][T23389] __do_page_fault+0x536/0xdd0 [ 2828.101306][T23389] do_page_fault+0x38/0x590 [ 2828.105813][T23389] page_fault+0x39/0x40 [ 2828.109960][T23389] RIP: 0033:0x430b36 [ 2828.113890][T23389] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2828.133596][T23389] RSP: 002b:00007fff64d1f970 EFLAGS: 00010206 [ 2828.139661][T23389] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2828.147636][T23389] RDX: 0000000001671930 RSI: 0000000001679970 RDI: 0000000000000003 [ 2828.155693][T23389] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000001670940 [ 2828.163698][T23389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2828.173766][T23389] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2828.188943][T23389] memory: usage 2352kB, limit 0kB, failcnt 1147 [ 2828.195777][T23389] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2828.203205][T23389] Memory cgroup stats for /syz4: [ 2828.203318][T23389] anon 8192 [ 2828.203318][T23389] file 0 [ 2828.203318][T23389] kernel_stack 65536 [ 2828.203318][T23389] slab 2174976 [ 2828.203318][T23389] sock 0 [ 2828.203318][T23389] shmem 0 [ 2828.203318][T23389] file_mapped 0 [ 2828.203318][T23389] file_dirty 135168 [ 2828.203318][T23389] file_writeback 0 [ 2828.203318][T23389] anon_thp 0 [ 2828.203318][T23389] inactive_anon 0 [ 2828.203318][T23389] active_anon 8192 [ 2828.203318][T23389] inactive_file 0 [ 2828.203318][T23389] active_file 0 [ 2828.203318][T23389] unevictable 0 [ 2828.203318][T23389] slab_reclaimable 675840 [ 2828.203318][T23389] slab_unreclaimable 1499136 [ 2828.203318][T23389] pgfault 22605 [ 2828.203318][T23389] pgmajfault 0 [ 2828.203318][T23389] workingset_refault 0 [ 2828.203318][T23389] workingset_activate 0 [ 2828.203318][T23389] workingset_nodereclaim 0 [ 2828.203318][T23389] pgrefill 132 [ 2828.203318][T23389] pgscan 216 [ 2828.203318][T23389] pgsteal 105 [ 2828.203318][T23389] pgactivate 99 [ 2828.301961][T23389] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23389,uid=0 [ 2828.318872][T23389] Memory cgroup out of memory: Killed process 23389 (syz-executor.4) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2828.337545][ T1065] oom_reaper: reaped process 23389 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2828.352806][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2828.373281][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2828.382304][T11398] bridge0: port 1(bridge_slave_0) entered blocking state [ 2828.389396][T11398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2828.397905][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2828.409892][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2828.418576][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2828.428046][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2828.436679][T11398] bridge0: port 1(bridge_slave_0) entered blocking state [ 2828.443806][T11398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2828.452347][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2828.462178][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2828.470992][T11398] bridge0: port 2(bridge_slave_1) entered blocking state [ 2828.478059][T11398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2828.486821][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2828.496757][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2828.506793][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2828.516759][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2828.526391][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2828.536540][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2828.546438][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2828.556013][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2828.565984][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2828.575623][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2829.038552][T23425] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2829.049414][T23425] CPU: 0 PID: 23425 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 2829.057114][T23425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2829.067183][T23425] Call Trace: [ 2829.067209][T23425] dump_stack+0x172/0x1f0 [ 2829.074839][T23425] dump_header+0x10b/0x82d [ 2829.079282][T23425] oom_kill_process.cold+0x10/0x15 [ 2829.084402][T23425] out_of_memory+0x334/0x1340 [ 2829.084429][T23425] ? retint_kernel+0x2b/0x2b [ 2829.093666][T23425] ? oom_killer_disable+0x280/0x280 [ 2829.093703][T23425] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2829.093720][T23425] ? memcg_stat_show+0xc40/0xc40 [ 2829.093753][T23425] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2829.093777][T23425] ? cgroup_file_notify+0x140/0x1b0 [ 2829.093805][T23425] memory_max_write+0x262/0x3a0 [ 2829.093831][T23425] ? mem_cgroup_write+0x370/0x370 [ 2829.125292][T23425] ? lock_acquire+0x190/0x410 [ 2829.134987][T23425] ? kernfs_fop_write+0x227/0x480 [ 2829.140080][T23425] cgroup_file_write+0x241/0x790 [ 2829.145114][T23425] ? mem_cgroup_write+0x370/0x370 [ 2829.150145][T23425] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2829.155884][T23425] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2829.155905][T23425] kernfs_fop_write+0x2b8/0x480 [ 2829.155924][T23425] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2829.155952][T23425] __vfs_write+0x8a/0x110 [ 2829.155969][T23425] ? kernfs_fop_open+0xd80/0xd80 [ 2829.155993][T23425] vfs_write+0x268/0x5d0 [ 2829.156022][T23425] ksys_write+0x14f/0x290 [ 2829.156044][T23425] ? __ia32_sys_read+0xb0/0xb0 [ 2829.156078][T23425] __x64_sys_write+0x73/0xb0 [ 2829.182065][T23425] do_syscall_64+0xfa/0x760 [ 2829.190616][T23425] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2829.190630][T23425] RIP: 0033:0x459a59 [ 2829.190647][T23425] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2829.190656][T23425] RSP: 002b:00007f542f2b6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2829.190672][T23425] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2829.190681][T23425] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2829.190691][T23425] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2829.190701][T23425] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f542f2b76d4 [ 2829.190713][T23425] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2829.205182][T23425] memory: usage 5176kB, limit 0kB, failcnt 1106 [ 2829.244575][T23425] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2829.271945][T23425] Memory cgroup stats for /syz5: [ 2829.272689][T23425] anon 4313088 [ 2829.272689][T23425] file 90112 [ 2829.272689][T23425] kernel_stack 0 [ 2829.272689][T23425] slab 696320 [ 2829.272689][T23425] sock 0 [ 2829.272689][T23425] shmem 0 [ 2829.272689][T23425] file_mapped 0 [ 2829.272689][T23425] file_dirty 0 [ 2829.272689][T23425] file_writeback 0 [ 2829.272689][T23425] anon_thp 4194304 [ 2829.272689][T23425] inactive_anon 0 [ 2829.272689][T23425] active_anon 4313088 [ 2829.272689][T23425] inactive_file 135168 [ 2829.272689][T23425] active_file 0 [ 2829.272689][T23425] unevictable 0 [ 2829.272689][T23425] slab_reclaimable 135168 [ 2829.272689][T23425] slab_unreclaimable 561152 [ 2829.272689][T23425] pgfault 20196 [ 2829.272689][T23425] pgmajfault 0 [ 2829.272689][T23425] workingset_refault 0 [ 2829.272689][T23425] workingset_activate 0 [ 2829.272689][T23425] workingset_nodereclaim 0 [ 2829.272689][T23425] pgrefill 166 [ 2829.272689][T23425] pgscan 165 [ 2829.272689][T23425] pgsteal 35 [ 2829.272689][T23425] pgactivate 132 [ 2829.288092][T23425] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23423,uid=0 [ 2829.448643][T23425] Memory cgroup out of memory: Killed process 23423 (syz-executor.5) total-vm:72576kB, anon-rss:4184kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2829.476073][ T1065] oom_reaper: reaped process 23423 (syz-executor.5), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 2829.553663][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2829.582990][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2829.600261][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2829.632035][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2829.662538][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2829.681842][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2829.710925][T11398] bridge0: port 2(bridge_slave_1) entered blocking state [ 2829.718025][T11398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2829.929178][T20744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2830.064150][T23428] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2830.104434][T23428] CPU: 1 PID: 23428 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2830.112056][T23428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2830.122191][T23428] Call Trace: [ 2830.122219][T23428] dump_stack+0x172/0x1f0 [ 2830.122242][T23428] dump_header+0x10b/0x82d [ 2830.122263][T23428] oom_kill_process.cold+0x10/0x15 [ 2830.139363][T23428] out_of_memory+0x334/0x1340 [ 2830.144076][T23428] ? __sched_text_start+0x8/0x8 [ 2830.148946][T23428] ? oom_killer_disable+0x280/0x280 [ 2830.154181][T23428] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2830.159883][T23428] ? memcg_stat_show+0xc40/0xc40 [ 2830.164853][T23428] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2830.170666][T23428] ? cgroup_file_notify+0x140/0x1b0 [ 2830.175869][T23428] memory_max_write+0x262/0x3a0 [ 2830.175889][T23428] ? mem_cgroup_write+0x370/0x370 [ 2830.175908][T23428] ? lock_acquire+0x190/0x410 [ 2830.190421][T23428] ? kernfs_fop_write+0x227/0x480 [ 2830.195507][T23428] cgroup_file_write+0x241/0x790 [ 2830.200466][T23428] ? mem_cgroup_write+0x370/0x370 [ 2830.205502][T23428] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2830.211159][T23428] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2830.216798][T23428] kernfs_fop_write+0x2b8/0x480 [ 2830.221655][T23428] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2830.227914][T23428] __vfs_write+0x8a/0x110 [ 2830.232250][T23428] ? kernfs_fop_open+0xd80/0xd80 [ 2830.237193][T23428] vfs_write+0x268/0x5d0 [ 2830.241437][T23428] ksys_write+0x14f/0x290 [ 2830.245758][T23428] ? __ia32_sys_read+0xb0/0xb0 [ 2830.250522][T23428] ? do_syscall_64+0x26/0x760 [ 2830.250541][T23428] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2830.250558][T23428] ? do_syscall_64+0x26/0x760 [ 2830.265984][T23428] __x64_sys_write+0x73/0xb0 [ 2830.270591][T23428] do_syscall_64+0xfa/0x760 [ 2830.275106][T23428] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2830.280999][T23428] RIP: 0033:0x459a59 [ 2830.285856][T23428] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 16:23:28 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2830.305459][T23428] RSP: 002b:00007fb1c6065c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2830.305474][T23428] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2830.305481][T23428] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2830.305489][T23428] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2830.305497][T23428] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb1c60666d4 [ 2830.305506][T23428] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2830.311029][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2830.319758][T23428] memory: usage 14868kB, limit 0kB, failcnt 220 [ 2830.342301][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2830.376620][T23428] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2830.382763][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2830.390454][T23428] Memory cgroup stats for /syz0: [ 2830.390577][T23428] anon 4362240 [ 2830.390577][T23428] file 0 [ 2830.390577][T23428] kernel_stack 65536 [ 2830.390577][T23428] slab 10661888 [ 2830.390577][T23428] sock 0 [ 2830.390577][T23428] shmem 0 [ 2830.390577][T23428] file_mapped 0 [ 2830.390577][T23428] file_dirty 0 [ 2830.390577][T23428] file_writeback 0 [ 2830.390577][T23428] anon_thp 4194304 [ 2830.390577][T23428] inactive_anon 0 [ 2830.390577][T23428] active_anon 4362240 [ 2830.390577][T23428] inactive_file 0 [ 2830.390577][T23428] active_file 0 [ 2830.390577][T23428] unevictable 0 [ 2830.390577][T23428] slab_reclaimable 9867264 [ 2830.390577][T23428] slab_unreclaimable 794624 [ 2830.390577][T23428] pgfault 45540 [ 2830.390577][T23428] pgmajfault 0 [ 2830.390577][T23428] workingset_refault 0 [ 2830.390577][T23428] workingset_activate 0 [ 2830.390577][T23428] workingset_nodereclaim 0 [ 2830.390577][T23428] pgrefill 249 [ 2830.390577][T23428] pgscan 231 [ 2830.390577][T23428] pgsteal 34 [ 2830.390577][T23428] pgactivate 198 [ 2830.402747][T11398] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2830.506144][T23428] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23427,uid=0 [ 2830.521933][T23428] Memory cgroup out of memory: Killed process 23427 (syz-executor.0) total-vm:72708kB, anon-rss:4184kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2830.544496][ T1065] oom_reaper: reaped process 23427 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 2830.556047][T23386] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2830.566545][T23386] CPU: 0 PID: 23386 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 2830.574288][T23386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2830.584343][T23386] Call Trace: [ 2830.587640][T23386] dump_stack+0x172/0x1f0 [ 2830.591975][T23386] dump_header+0x10b/0x82d [ 2830.596387][T23386] ? oom_kill_process+0x94/0x3f0 [ 2830.601329][T23386] oom_kill_process.cold+0x10/0x15 [ 2830.606442][T23386] out_of_memory+0x334/0x1340 [ 2830.611124][T23386] ? lock_downgrade+0x920/0x920 [ 2830.615984][T23386] ? oom_killer_disable+0x280/0x280 [ 2830.621202][T23386] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2830.626760][T23386] ? memcg_stat_show+0xc40/0xc40 [ 2830.631738][T23386] ? do_raw_spin_unlock+0x57/0x270 [ 2830.636854][T23386] ? _raw_spin_unlock+0x2d/0x50 [ 2830.641728][T23386] try_charge+0xf4b/0x1440 [ 2830.646520][T23386] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2830.652155][T23386] ? percpu_ref_tryget_live+0x111/0x290 [ 2830.657711][T23386] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2830.663964][T23386] ? __kasan_check_read+0x11/0x20 [ 2830.668997][T23386] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2830.674555][T23386] mem_cgroup_try_charge+0x136/0x590 [ 2830.679853][T23386] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2830.685506][T23386] wp_page_copy+0x407/0x1860 [ 2830.690102][T23386] ? find_held_lock+0x35/0x130 [ 2830.694871][T23386] ? do_wp_page+0x53b/0x15c0 [ 2830.699465][T23386] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2830.705279][T23386] ? lock_downgrade+0x920/0x920 [ 2830.710146][T23386] ? swp_swapcount+0x540/0x540 [ 2830.714916][T23386] ? __kasan_check_read+0x11/0x20 [ 2830.719942][T23386] ? do_raw_spin_unlock+0x57/0x270 [ 2830.725064][T23386] do_wp_page+0x543/0x15c0 [ 2830.729483][T23386] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2830.734856][T23386] __handle_mm_fault+0x23ec/0x4040 [ 2830.739961][T23386] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2830.745510][T23386] ? handle_mm_fault+0x292/0xaa0 [ 2830.750495][T23386] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2830.756749][T23386] ? __kasan_check_read+0x11/0x20 [ 2830.761785][T23386] handle_mm_fault+0x3b7/0xaa0 [ 2830.766556][T23386] __do_page_fault+0x536/0xdd0 [ 2830.771318][T23386] do_page_fault+0x38/0x590 [ 2830.775816][T23386] page_fault+0x39/0x40 [ 2830.779954][T23386] RIP: 0033:0x430b36 [ 2830.783835][T23386] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2830.803510][T23386] RSP: 002b:00007ffdcd154490 EFLAGS: 00010206 [ 2830.809561][T23386] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2830.817608][T23386] RDX: 0000000000c22930 RSI: 0000000000c2a970 RDI: 0000000000000003 [ 2830.825567][T23386] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000000c21940 [ 2830.833542][T23386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2830.841757][T23386] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2830.857789][T23397] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2830.859000][T23386] memory: usage 796kB, limit 0kB, failcnt 1114 [ 2830.872240][T23386] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2830.879461][T23386] Memory cgroup stats for /syz5: [ 2830.879593][T23386] anon 53248 [ 2830.879593][T23386] file 90112 [ 2830.879593][T23386] kernel_stack 0 [ 2830.879593][T23386] slab 696320 [ 2830.879593][T23386] sock 0 [ 2830.879593][T23386] shmem 0 [ 2830.879593][T23386] file_mapped 0 [ 2830.879593][T23386] file_dirty 0 [ 2830.879593][T23386] file_writeback 0 [ 2830.879593][T23386] anon_thp 0 [ 2830.879593][T23386] inactive_anon 0 [ 2830.879593][T23386] active_anon 53248 [ 2830.879593][T23386] inactive_file 135168 [ 2830.879593][T23386] active_file 0 [ 2830.879593][T23386] unevictable 0 [ 2830.879593][T23386] slab_reclaimable 135168 [ 2830.879593][T23386] slab_unreclaimable 561152 [ 2830.879593][T23386] pgfault 20196 [ 2830.879593][T23386] pgmajfault 0 [ 2830.879593][T23386] workingset_refault 0 [ 2830.879593][T23386] workingset_activate 0 [ 2830.879593][T23386] workingset_nodereclaim 0 [ 2830.879593][T23386] pgrefill 166 [ 2830.879593][T23386] pgscan 165 [ 2830.879593][T23386] pgsteal 35 [ 2830.879593][T23386] pgactivate 132 [ 2830.884683][T23386] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23386,uid=0 16:23:28 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) 16:23:28 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r1 = socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:23:28 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) [ 2831.010446][T23386] Memory cgroup out of memory: Killed process 23386 (syz-executor.5) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2831.028634][ T1065] oom_reaper: reaped process 23386 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2831.062713][T23387] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2831.082119][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2831.099124][ T3335] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2831.120394][T23387] CPU: 1 PID: 23387 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2831.127973][T23387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2831.138041][T23387] Call Trace: [ 2831.141345][T23387] dump_stack+0x172/0x1f0 [ 2831.145686][T23387] dump_header+0x10b/0x82d [ 2831.150108][T23387] ? oom_kill_process+0x94/0x3f0 [ 2831.155084][T23387] oom_kill_process.cold+0x10/0x15 [ 2831.160208][T23387] out_of_memory+0x334/0x1340 [ 2831.164890][T23387] ? lock_downgrade+0x920/0x920 [ 2831.169745][T23387] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2831.175714][T23387] ? oom_killer_disable+0x280/0x280 [ 2831.180938][T23387] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2831.186505][T23387] ? memcg_stat_show+0xc40/0xc40 [ 2831.191463][T23387] ? do_raw_spin_unlock+0x57/0x270 [ 2831.196600][T23387] ? _raw_spin_unlock+0x2d/0x50 [ 2831.201476][T23387] try_charge+0xf4b/0x1440 [ 2831.205913][T23387] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2831.211474][T23387] ? percpu_ref_tryget_live+0x111/0x290 [ 2831.217043][T23387] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2831.223302][T23387] ? __kasan_check_read+0x11/0x20 [ 2831.228334][T23387] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2831.233898][T23387] mem_cgroup_try_charge+0x136/0x590 [ 2831.239203][T23387] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2831.244845][T23387] wp_page_copy+0x407/0x1860 [ 2831.249445][T23387] ? find_held_lock+0x35/0x130 [ 2831.254238][T23387] ? do_wp_page+0x53b/0x15c0 [ 2831.258839][T23387] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2831.264676][T23387] ? lock_downgrade+0x920/0x920 [ 2831.269532][T23387] ? swp_swapcount+0x540/0x540 [ 2831.274307][T23387] ? __kasan_check_read+0x11/0x20 [ 2831.279333][T23387] ? do_raw_spin_unlock+0x57/0x270 [ 2831.284449][T23387] do_wp_page+0x543/0x15c0 [ 2831.288882][T23387] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2831.294269][T23387] __handle_mm_fault+0x23ec/0x4040 [ 2831.299392][T23387] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2831.304962][T23387] ? handle_mm_fault+0x292/0xaa0 [ 2831.309909][T23387] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2831.316160][T23387] ? __kasan_check_read+0x11/0x20 [ 2831.321205][T23387] handle_mm_fault+0x3b7/0xaa0 [ 2831.325977][T23387] __do_page_fault+0x536/0xdd0 [ 2831.330750][T23387] do_page_fault+0x38/0x590 [ 2831.335264][T23387] page_fault+0x39/0x40 [ 2831.339421][T23387] RIP: 0033:0x430b36 [ 2831.343439][T23387] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2831.363086][T23387] RSP: 002b:00007ffcd711f450 EFLAGS: 00010206 [ 2831.369164][T23387] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2831.377167][T23387] RDX: 0000000001260930 RSI: 0000000001268970 RDI: 0000000000000003 [ 2831.385154][T23387] RBP: 0000000000008041 R08: 0000000000000001 R09: 000000000125f940 [ 2831.393159][T23387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2831.401143][T23387] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2831.448493][T23387] memory: usage 10300kB, limit 0kB, failcnt 232 [ 2831.454908][T23387] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2831.463913][T23387] Memory cgroup stats for /syz0: [ 2831.464003][T23387] anon 45056 [ 2831.464003][T23387] file 0 [ 2831.464003][T23387] kernel_stack 0 [ 2831.464003][T23387] slab 10526720 [ 2831.464003][T23387] sock 0 [ 2831.464003][T23387] shmem 0 [ 2831.464003][T23387] file_mapped 0 [ 2831.464003][T23387] file_dirty 0 [ 2831.464003][T23387] file_writeback 0 [ 2831.464003][T23387] anon_thp 0 [ 2831.464003][T23387] inactive_anon 0 [ 2831.464003][T23387] active_anon 45056 [ 2831.464003][T23387] inactive_file 0 [ 2831.464003][T23387] active_file 0 [ 2831.464003][T23387] unevictable 0 [ 2831.464003][T23387] slab_reclaimable 9732096 [ 2831.464003][T23387] slab_unreclaimable 794624 [ 2831.464003][T23387] pgfault 45540 [ 2831.464003][T23387] pgmajfault 0 [ 2831.464003][T23387] workingset_refault 0 [ 2831.464003][T23387] workingset_activate 0 [ 2831.464003][T23387] workingset_nodereclaim 0 [ 2831.464003][T23387] pgrefill 249 [ 2831.464003][T23387] pgscan 231 [ 2831.464003][T23387] pgsteal 34 [ 2831.464003][T23387] pgactivate 198 [ 2831.570437][T23387] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23387,uid=0 [ 2831.600434][T23387] Memory cgroup out of memory: Killed process 23387 (syz-executor.0) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2831.623421][ T1065] oom_reaper: reaped process 23387 (syz-executor.0), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2832.143821][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2832.153340][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2832.234274][T19850] device bridge_slave_1 left promiscuous mode [ 2832.243713][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2832.322124][T19850] device bridge_slave_0 left promiscuous mode [ 2832.328396][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2832.385517][T19850] device bridge_slave_1 left promiscuous mode [ 2832.392600][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2832.431807][T19850] device bridge_slave_0 left promiscuous mode [ 2832.438029][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2832.513565][T19850] device bridge_slave_1 left promiscuous mode [ 2832.519823][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2832.621891][T19850] device bridge_slave_0 left promiscuous mode [ 2832.628134][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2832.693099][T19850] device bridge_slave_1 left promiscuous mode [ 2832.699338][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2832.761711][T19850] device bridge_slave_0 left promiscuous mode [ 2832.767957][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2832.833324][T19850] device bridge_slave_1 left promiscuous mode [ 2832.839585][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2832.942893][T19850] device bridge_slave_0 left promiscuous mode [ 2832.949131][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2833.033231][T19850] device bridge_slave_1 left promiscuous mode [ 2833.039463][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2833.201182][ C0] neighbour: ndisc_cache: neighbor table overflow! [ 2833.221699][T19850] device bridge_slave_0 left promiscuous mode [ 2833.227938][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2850.921057][T19850] device hsr_slave_0 left promiscuous mode [ 2850.970681][T19850] device hsr_slave_1 left promiscuous mode [ 2851.055965][T19850] team0 (unregistering): Port device team_slave_1 removed [ 2851.077096][T19850] team0 (unregistering): Port device team_slave_0 removed [ 2851.096818][T19850] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2851.144865][T19850] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2851.297579][T19850] bond0 (unregistering): Released all slaves [ 2851.601342][T19850] device hsr_slave_0 left promiscuous mode [ 2851.680730][T19850] device hsr_slave_1 left promiscuous mode [ 2851.785669][T19850] team0 (unregistering): Port device team_slave_1 removed [ 2851.810056][T19850] team0 (unregistering): Port device team_slave_0 removed [ 2851.836433][T19850] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2851.892756][T19850] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2852.099838][T19850] bond0 (unregistering): Released all slaves [ 2852.571342][T19850] device hsr_slave_0 left promiscuous mode [ 2852.670587][T19850] device hsr_slave_1 left promiscuous mode [ 2852.755803][T19850] team0 (unregistering): Port device team_slave_1 removed [ 2852.782091][T19850] team0 (unregistering): Port device team_slave_0 removed [ 2852.805298][T19850] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2852.867839][T19850] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2853.108914][T19850] bond0 (unregistering): Released all slaves [ 2853.370944][T19850] device hsr_slave_0 left promiscuous mode [ 2853.431292][T19850] device hsr_slave_1 left promiscuous mode [ 2853.505867][T19850] team0 (unregistering): Port device team_slave_1 removed [ 2853.532728][T19850] team0 (unregistering): Port device team_slave_0 removed [ 2853.557082][T19850] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2853.704727][T19850] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2853.989521][T19850] bond0 (unregistering): Released all slaves [ 2854.221928][T19850] device hsr_slave_0 left promiscuous mode [ 2854.270477][T19850] device hsr_slave_1 left promiscuous mode [ 2854.347252][T19850] team0 (unregistering): Port device team_slave_1 removed [ 2854.369661][T19850] team0 (unregistering): Port device team_slave_0 removed [ 2854.392481][T19850] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2854.461785][T19850] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2854.619585][T19850] bond0 (unregistering): Released all slaves [ 2854.811469][T19850] device hsr_slave_0 left promiscuous mode [ 2854.850896][T19850] device hsr_slave_1 left promiscuous mode [ 2854.916359][T19850] team0 (unregistering): Port device team_slave_1 removed [ 2854.937140][T19850] team0 (unregistering): Port device team_slave_0 removed [ 2854.958135][T19850] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2855.045713][T19850] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2855.210941][T19850] bond0 (unregistering): Released all slaves 16:23:53 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, 0xffffffffffffffff, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:23:53 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) [ 2855.373630][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2855.385221][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2855.397200][T23395] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2855.427245][T23435] IPVS: ftp: loaded support on port[0] = 21 [ 2855.497612][T23437] IPVS: ftp: loaded support on port[0] = 21 [ 2855.614147][T23395] 8021q: adding VLAN 0 to HW filter on device batadv0 16:23:53 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, 0xffffffffffffffff, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2855.798418][T23441] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2855.861997][T23441] CPU: 0 PID: 23441 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2855.869685][T23441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2855.879756][T23441] Call Trace: [ 2855.883164][T23441] dump_stack+0x172/0x1f0 [ 2855.887522][T23441] dump_header+0x10b/0x82d [ 2855.891954][T23441] oom_kill_process.cold+0x10/0x15 [ 2855.897076][T23441] out_of_memory+0x334/0x1340 [ 2855.901761][T23441] ? __sched_text_start+0x8/0x8 [ 2855.906620][T23441] ? oom_killer_disable+0x280/0x280 [ 2855.911922][T23441] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2855.917484][T23441] ? memcg_stat_show+0xc40/0xc40 [ 2855.922435][T23441] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2855.928250][T23441] ? cgroup_file_notify+0x140/0x1b0 [ 2855.933463][T23441] memory_max_write+0x262/0x3a0 [ 2855.938324][T23441] ? mem_cgroup_write+0x370/0x370 [ 2855.943354][T23441] ? lock_acquire+0x190/0x410 [ 2855.948033][T23441] ? kernfs_fop_write+0x227/0x480 [ 2855.953099][T23441] cgroup_file_write+0x241/0x790 [ 2855.958044][T23441] ? mem_cgroup_write+0x370/0x370 [ 2855.963070][T23441] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2855.968720][T23441] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2855.974362][T23441] kernfs_fop_write+0x2b8/0x480 [ 2855.979224][T23441] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2855.985482][T23441] __vfs_write+0x8a/0x110 [ 2855.989822][T23441] ? kernfs_fop_open+0xd80/0xd80 [ 2855.994775][T23441] vfs_write+0x268/0x5d0 [ 2855.999037][T23441] ksys_write+0x14f/0x290 [ 2856.003467][T23441] ? __ia32_sys_read+0xb0/0xb0 [ 2856.008261][T23441] ? do_syscall_64+0x26/0x760 [ 2856.013202][T23441] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2856.019275][T23441] ? do_syscall_64+0x26/0x760 [ 2856.023967][T23441] __x64_sys_write+0x73/0xb0 [ 2856.028569][T23441] do_syscall_64+0xfa/0x760 [ 2856.033085][T23441] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2856.038986][T23441] RIP: 0033:0x459a59 [ 2856.042887][T23441] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2856.062612][T23441] RSP: 002b:00007f34d6619c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2856.071125][T23441] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2856.079397][T23441] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2856.087605][T23441] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 2856.095623][T23441] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f34d661a6d4 [ 2856.103615][T23441] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2856.125270][T23435] chnl_net:caif_netlink_parms(): no params data found [ 2856.162721][T23441] memory: usage 5428kB, limit 0kB, failcnt 898 [ 2856.169103][T23441] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2856.180028][T23441] Memory cgroup stats for /syz3: [ 2856.180143][T23441] anon 4313088 [ 2856.180143][T23441] file 16384 [ 2856.180143][T23441] kernel_stack 65536 [ 2856.180143][T23441] slab 1077248 [ 2856.180143][T23441] sock 0 [ 2856.180143][T23441] shmem 0 [ 2856.180143][T23441] file_mapped 0 [ 2856.180143][T23441] file_dirty 0 [ 2856.180143][T23441] file_writeback 0 [ 2856.180143][T23441] anon_thp 4194304 [ 2856.180143][T23441] inactive_anon 0 [ 2856.180143][T23441] active_anon 4313088 [ 2856.180143][T23441] inactive_file 0 [ 2856.180143][T23441] active_file 0 [ 2856.180143][T23441] unevictable 0 [ 2856.180143][T23441] slab_reclaimable 270336 [ 2856.180143][T23441] slab_unreclaimable 806912 [ 2856.180143][T23441] pgfault 31746 [ 2856.180143][T23441] pgmajfault 0 [ 2856.180143][T23441] workingset_refault 0 [ 2856.180143][T23441] workingset_activate 0 [ 2856.180143][T23441] workingset_nodereclaim 0 [ 2856.180143][T23441] pgrefill 100 [ 2856.180143][T23441] pgscan 99 [ 2856.180143][T23441] pgsteal 0 [ 2856.180143][T23441] pgactivate 66 [ 2856.428900][T23441] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23438,uid=0 [ 2856.463290][T23441] Memory cgroup out of memory: Killed process 23441 (syz-executor.3) total-vm:72708kB, anon-rss:4240kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2856.464416][T23435] bridge0: port 1(bridge_slave_0) entered blocking state [ 2856.491160][T23435] bridge0: port 1(bridge_slave_0) entered disabled state [ 2856.501062][T23435] device bridge_slave_0 entered promiscuous mode [ 2856.507633][ T1065] oom_reaper: reaped process 23441 (syz-executor.3), now anon-rss:0kB, file-rss:34872kB, shmem-rss:0kB [ 2856.519035][T23449] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2856.531422][T23449] CPU: 0 PID: 23449 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2856.539014][T23449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2856.549090][T23449] Call Trace: [ 2856.552395][T23449] dump_stack+0x172/0x1f0 [ 2856.556735][T23449] dump_header+0x10b/0x82d [ 2856.561157][T23449] oom_kill_process.cold+0x10/0x15 [ 2856.561180][T23449] out_of_memory+0x334/0x1340 [ 2856.561212][T23449] ? oom_killer_disable+0x280/0x280 [ 2856.561253][T23449] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2856.561272][T23449] ? memcg_stat_show+0xc40/0xc40 [ 2856.561307][T23449] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2856.561329][T23449] ? cgroup_file_notify+0x140/0x1b0 [ 2856.561355][T23449] memory_max_write+0x262/0x3a0 [ 2856.582135][T23449] ? mem_cgroup_write+0x370/0x370 [ 2856.592834][T23449] ? lock_acquire+0x190/0x410 [ 2856.592853][T23449] ? kernfs_fop_write+0x227/0x480 [ 2856.592885][T23449] cgroup_file_write+0x241/0x790 [ 2856.592911][T23449] ? mem_cgroup_write+0x370/0x370 [ 2856.612616][T23449] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2856.622548][T23449] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2856.622569][T23449] kernfs_fop_write+0x2b8/0x480 [ 2856.622599][T23449] __vfs_write+0x8a/0x110 [ 2856.622615][T23449] ? kernfs_fop_open+0xd80/0xd80 [ 2856.622640][T23449] vfs_write+0x268/0x5d0 [ 2856.622670][T23449] ksys_write+0x14f/0x290 [ 2856.622693][T23449] ? __ia32_sys_read+0xb0/0xb0 [ 2856.622730][T23449] __x64_sys_write+0x73/0xb0 [ 2856.644283][T23449] ? do_syscall_64+0x5b/0x760 [ 2856.653776][T23449] do_syscall_64+0xfa/0x760 [ 2856.653805][T23449] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2856.653820][T23449] RIP: 0033:0x459a59 [ 2856.653839][T23449] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2856.653848][T23449] RSP: 002b:00007fcd1977bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2856.653863][T23449] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2856.653873][T23449] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2856.653883][T23449] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2856.653894][T23449] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcd1977c6d4 [ 2856.653905][T23449] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2856.682117][T23449] memory: usage 5180kB, limit 0kB, failcnt 1042 [ 2856.738809][T23449] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2857.006320][T23437] chnl_net:caif_netlink_parms(): no params data found [ 2857.057732][T23449] Memory cgroup stats for /syz2: [ 2857.062910][T23449] anon 4354048 [ 2857.062910][T23449] file 86016 [ 2857.062910][T23449] kernel_stack 65536 [ 2857.062910][T23449] slab 671744 [ 2857.062910][T23449] sock 0 [ 2857.062910][T23449] shmem 0 [ 2857.062910][T23449] file_mapped 0 [ 2857.062910][T23449] file_dirty 0 [ 2857.062910][T23449] file_writeback 0 [ 2857.062910][T23449] anon_thp 4194304 [ 2857.062910][T23449] inactive_anon 0 [ 2857.062910][T23449] active_anon 4354048 [ 2857.062910][T23449] inactive_file 0 [ 2857.062910][T23449] active_file 0 [ 2857.062910][T23449] unevictable 0 [ 2857.062910][T23449] slab_reclaimable 135168 [ 2857.062910][T23449] slab_unreclaimable 536576 [ 2857.062910][T23449] pgfault 35805 [ 2857.062910][T23449] pgmajfault 0 [ 2857.062910][T23449] workingset_refault 0 [ 2857.062910][T23449] workingset_activate 0 [ 2857.062910][T23449] workingset_nodereclaim 0 [ 2857.062910][T23449] pgrefill 166 [ 2857.062910][T23449] pgscan 167 [ 2857.062910][T23449] pgsteal 0 [ 2857.062910][T23449] pgactivate 99 [ 2857.158526][T23449] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23448,uid=0 [ 2857.178474][T23449] Memory cgroup out of memory: Killed process 23448 (syz-executor.2) total-vm:72576kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2857.206649][ T1065] oom_reaper: reaped process 23448 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2857.218121][T23397] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2857.231363][T23397] CPU: 0 PID: 23397 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2857.238925][T23397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2857.248994][T23397] Call Trace: [ 2857.252308][T23397] dump_stack+0x172/0x1f0 [ 2857.252328][T23397] dump_header+0x10b/0x82d [ 2857.252339][T23397] ? oom_kill_process+0x94/0x3f0 [ 2857.252355][T23397] oom_kill_process.cold+0x10/0x15 [ 2857.252372][T23397] out_of_memory+0x334/0x1340 [ 2857.252388][T23397] ? lock_downgrade+0x920/0x920 [ 2857.252406][T23397] ? oom_killer_disable+0x280/0x280 [ 2857.252434][T23397] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2857.252448][T23397] ? memcg_stat_show+0xc40/0xc40 [ 2857.252465][T23397] ? do_raw_spin_unlock+0x57/0x270 [ 2857.252486][T23397] ? _raw_spin_unlock+0x2d/0x50 [ 2857.266173][T23397] try_charge+0xf4b/0x1440 [ 2857.266197][T23397] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2857.285977][T23397] ? percpu_ref_tryget_live+0x111/0x290 [ 2857.285999][T23397] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2857.286016][T23397] ? __kasan_check_read+0x11/0x20 [ 2857.306866][T23397] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2857.306887][T23397] mem_cgroup_try_charge+0x136/0x590 [ 2857.322436][T23397] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2857.339308][T23397] wp_page_copy+0x407/0x1860 [ 2857.339328][T23397] ? find_held_lock+0x35/0x130 [ 2857.362405][T23397] ? do_wp_page+0x53b/0x15c0 [ 2857.366996][T23397] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2857.372866][T23397] ? lock_downgrade+0x920/0x920 [ 2857.372886][T23397] ? swp_swapcount+0x540/0x540 [ 2857.372901][T23397] ? __kasan_check_read+0x11/0x20 [ 2857.372914][T23397] ? do_raw_spin_unlock+0x57/0x270 [ 2857.372930][T23397] do_wp_page+0x543/0x15c0 [ 2857.372947][T23397] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2857.372972][T23397] __handle_mm_fault+0x23ec/0x4040 [ 2857.372992][T23397] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2857.373007][T23397] ? handle_mm_fault+0x292/0xaa0 [ 2857.373037][T23397] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2857.373053][T23397] ? __kasan_check_read+0x11/0x20 [ 2857.392770][T23397] handle_mm_fault+0x3b7/0xaa0 [ 2857.392797][T23397] __do_page_fault+0x536/0xdd0 [ 2857.402570][T23397] do_page_fault+0x38/0x590 [ 2857.402591][T23397] page_fault+0x39/0x40 [ 2857.402602][T23397] RIP: 0033:0x430b36 [ 2857.402617][T23397] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2857.402624][T23397] RSP: 002b:00007ffe26115620 EFLAGS: 00010206 [ 2857.402635][T23397] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2857.402642][T23397] RDX: 000000000160f930 RSI: 0000000001617970 RDI: 0000000000000003 [ 2857.402649][T23397] RBP: 0000000000008041 R08: 0000000000000001 R09: 000000000160e940 [ 2857.402657][T23397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2857.402665][T23397] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2857.690661][T23435] bridge0: port 2(bridge_slave_1) entered blocking state [ 2857.697765][T23435] bridge0: port 2(bridge_slave_1) entered disabled state [ 2857.734573][T23435] device bridge_slave_1 entered promiscuous mode 16:23:55 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) [ 2857.786068][T23397] memory: usage 1004kB, limit 0kB, failcnt 906 [ 2857.792792][T23397] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2857.799657][T23397] Memory cgroup stats for /syz3: [ 2857.799760][T23397] anon 98304 [ 2857.799760][T23397] file 16384 [ 2857.799760][T23397] kernel_stack 0 [ 2857.799760][T23397] slab 1077248 [ 2857.799760][T23397] sock 0 [ 2857.799760][T23397] shmem 0 [ 2857.799760][T23397] file_mapped 0 [ 2857.799760][T23397] file_dirty 0 [ 2857.799760][T23397] file_writeback 0 [ 2857.799760][T23397] anon_thp 0 [ 2857.799760][T23397] inactive_anon 0 [ 2857.799760][T23397] active_anon 98304 [ 2857.799760][T23397] inactive_file 0 [ 2857.799760][T23397] active_file 0 [ 2857.799760][T23397] unevictable 0 [ 2857.799760][T23397] slab_reclaimable 270336 [ 2857.799760][T23397] slab_unreclaimable 806912 [ 2857.799760][T23397] pgfault 31746 [ 2857.799760][T23397] pgmajfault 0 [ 2857.799760][T23397] workingset_refault 0 [ 2857.799760][T23397] workingset_activate 0 [ 2857.799760][T23397] workingset_nodereclaim 0 [ 2857.799760][T23397] pgrefill 100 [ 2857.799760][T23397] pgscan 99 16:23:55 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x0, 0x0, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:23:55 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, 0xffffffffffffffff, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2857.799760][T23397] pgsteal 0 [ 2857.799760][T23397] pgactivate 66 [ 2857.950992][T23452] IPVS: ftp: loaded support on port[0] = 21 [ 2857.995889][T23435] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2858.026981][T23435] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2858.046967][T23437] bridge0: port 1(bridge_slave_0) entered blocking state [ 2858.061687][T23437] bridge0: port 1(bridge_slave_0) entered disabled state [ 2858.084778][T23437] device bridge_slave_0 entered promiscuous mode [ 2858.095916][T23437] bridge0: port 2(bridge_slave_1) entered blocking state [ 2858.103097][T23437] bridge0: port 2(bridge_slave_1) entered disabled state [ 2858.110364][T23397] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23397,uid=0 [ 2858.127736][T23437] device bridge_slave_1 entered promiscuous mode [ 2858.142593][T23397] Memory cgroup out of memory: Killed process 23397 (syz-executor.3) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2858.161714][ T1065] oom_reaper: reaped process 23397 (syz-executor.3), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2858.173054][T23395] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2858.183524][T23395] CPU: 0 PID: 23395 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2858.191133][T23395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2858.191138][T23395] Call Trace: [ 2858.191159][T23395] dump_stack+0x172/0x1f0 [ 2858.191180][T23395] dump_header+0x10b/0x82d [ 2858.191191][T23395] ? oom_kill_process+0x94/0x3f0 [ 2858.191206][T23395] oom_kill_process.cold+0x10/0x15 [ 2858.191223][T23395] out_of_memory+0x334/0x1340 [ 2858.191239][T23395] ? lock_downgrade+0x920/0x920 [ 2858.191259][T23395] ? oom_killer_disable+0x280/0x280 [ 2858.191291][T23395] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2858.223527][T23395] ? memcg_stat_show+0xc40/0xc40 [ 2858.233207][T23395] ? do_raw_spin_unlock+0x57/0x270 [ 2858.233229][T23395] ? _raw_spin_unlock+0x2d/0x50 [ 2858.233249][T23395] try_charge+0xf4b/0x1440 [ 2858.233273][T23395] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2858.233285][T23395] ? percpu_ref_tryget_live+0x111/0x290 [ 2858.233308][T23395] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2858.233326][T23395] ? __kasan_check_read+0x11/0x20 [ 2858.233346][T23395] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2858.233366][T23395] mem_cgroup_try_charge+0x136/0x590 [ 2858.233386][T23395] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2858.233402][T23395] wp_page_copy+0x407/0x1860 [ 2858.233419][T23395] ? find_held_lock+0x35/0x130 [ 2858.233433][T23395] ? do_wp_page+0x53b/0x15c0 [ 2858.233450][T23395] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2858.233467][T23395] ? lock_downgrade+0x920/0x920 [ 2858.233486][T23395] ? swp_swapcount+0x540/0x540 [ 2858.233499][T23395] ? __kasan_check_read+0x11/0x20 [ 2858.233510][T23395] ? do_raw_spin_unlock+0x57/0x270 [ 2858.233530][T23395] do_wp_page+0x543/0x15c0 [ 2858.233548][T23395] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2858.233573][T23395] __handle_mm_fault+0x23ec/0x4040 [ 2858.233592][T23395] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2858.233610][T23395] ? handle_mm_fault+0x292/0xaa0 [ 2858.263601][T23395] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2858.274660][T23395] ? __kasan_check_read+0x11/0x20 [ 2858.274679][T23395] handle_mm_fault+0x3b7/0xaa0 [ 2858.274700][T23395] __do_page_fault+0x536/0xdd0 [ 2858.274723][T23395] do_page_fault+0x38/0x590 [ 2858.274742][T23395] page_fault+0x39/0x40 [ 2858.274753][T23395] RIP: 0033:0x430b36 [ 2858.274769][T23395] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2858.274775][T23395] RSP: 002b:00007ffc457ba790 EFLAGS: 00010206 [ 2858.274785][T23395] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2858.274791][T23395] RDX: 00000000023d1930 RSI: 00000000023d9970 RDI: 0000000000000003 [ 2858.274805][T23395] RBP: 0000000000008041 R08: 0000000000000001 R09: 00000000023d0940 [ 2858.302430][T23395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2858.311738][T23395] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2858.473722][T23395] memory: usage 804kB, limit 0kB, failcnt 1050 [ 2858.479915][T23395] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2858.479926][T23395] Memory cgroup stats for /syz2: [ 2858.480026][T23395] anon 49152 [ 2858.480026][T23395] file 86016 [ 2858.480026][T23395] kernel_stack 0 [ 2858.480026][T23395] slab 671744 [ 2858.480026][T23395] sock 0 [ 2858.480026][T23395] shmem 0 [ 2858.480026][T23395] file_mapped 0 [ 2858.480026][T23395] file_dirty 0 [ 2858.480026][T23395] file_writeback 0 [ 2858.480026][T23395] anon_thp 0 [ 2858.480026][T23395] inactive_anon 0 [ 2858.480026][T23395] active_anon 49152 [ 2858.480026][T23395] inactive_file 0 [ 2858.480026][T23395] active_file 0 [ 2858.480026][T23395] unevictable 0 [ 2858.480026][T23395] slab_reclaimable 135168 [ 2858.480026][T23395] slab_unreclaimable 536576 [ 2858.480026][T23395] pgfault 35805 [ 2858.480026][T23395] pgmajfault 0 [ 2858.480026][T23395] workingset_refault 0 [ 2858.480026][T23395] workingset_activate 0 [ 2858.480026][T23395] workingset_nodereclaim 0 [ 2858.480026][T23395] pgrefill 166 [ 2858.480026][T23395] pgscan 167 [ 2858.480026][T23395] pgsteal 0 [ 2858.480026][T23395] pgactivate 99 [ 2858.582873][T23395] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23395,uid=0 [ 2858.598947][T23395] Memory cgroup out of memory: Killed process 23395 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2858.617367][ T1065] oom_reaper: reaped process 23395 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2858.946952][T23435] team0: Port device team_slave_0 added 16:23:57 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, 0xffffffffffffffff, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:23:57 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x0, 0x0, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) [ 2859.324164][T23435] team0: Port device team_slave_1 added [ 2859.335236][T23437] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2859.351929][T23437] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2859.394902][T23454] IPVS: ftp: loaded support on port[0] = 21 16:23:57 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x0, 0x0, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:23:57 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x0, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2859.528647][T23437] team0: Port device team_slave_0 added [ 2859.674537][T23435] device hsr_slave_0 entered promiscuous mode [ 2859.731657][T23435] device hsr_slave_1 entered promiscuous mode [ 2859.779790][T23437] team0: Port device team_slave_1 added [ 2860.084611][T23437] device hsr_slave_0 entered promiscuous mode [ 2860.142831][T23437] device hsr_slave_1 entered promiscuous mode [ 2860.180497][T23437] debugfs: Directory 'hsr0' with parent '/' already present! [ 2860.268808][T23452] chnl_net:caif_netlink_parms(): no params data found [ 2860.556677][T23452] bridge0: port 1(bridge_slave_0) entered blocking state [ 2860.570494][T23452] bridge0: port 1(bridge_slave_0) entered disabled state [ 2860.582825][T23452] device bridge_slave_0 entered promiscuous mode [ 2860.592269][T23452] bridge0: port 2(bridge_slave_1) entered blocking state [ 2860.599325][T23452] bridge0: port 2(bridge_slave_1) entered disabled state [ 2860.608309][T23452] device bridge_slave_1 entered promiscuous mode [ 2860.636203][T23454] chnl_net:caif_netlink_parms(): no params data found [ 2860.682354][T23452] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2860.743208][T23452] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2860.886052][T23435] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2860.913965][T23454] bridge0: port 1(bridge_slave_0) entered blocking state [ 2860.921719][T23454] bridge0: port 1(bridge_slave_0) entered disabled state [ 2860.941936][T23454] device bridge_slave_0 entered promiscuous mode [ 2860.966653][T23452] team0: Port device team_slave_0 added [ 2860.976291][T23462] IPVS: ftp: loaded support on port[0] = 21 [ 2861.013233][T23454] bridge0: port 2(bridge_slave_1) entered blocking state [ 2861.030394][T23454] bridge0: port 2(bridge_slave_1) entered disabled state [ 2861.039574][T23454] device bridge_slave_1 entered promiscuous mode [ 2861.064740][T23452] team0: Port device team_slave_1 added [ 2861.085765][T23437] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2861.137725][T23463] IPVS: ftp: loaded support on port[0] = 21 [ 2861.214834][T23454] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2861.261776][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2861.281559][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2861.374712][T23452] device hsr_slave_0 entered promiscuous mode [ 2861.441589][T23452] device hsr_slave_1 entered promiscuous mode [ 2861.502503][T23452] debugfs: Directory 'hsr0' with parent '/' already present! [ 2861.531670][T23454] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2861.562209][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2861.571146][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2861.612540][T23437] 8021q: adding VLAN 0 to HW filter on device team0 [ 2861.623307][T23435] 8021q: adding VLAN 0 to HW filter on device team0 [ 2861.633761][T23454] team0: Port device team_slave_0 added [ 2861.676915][T23454] team0: Port device team_slave_1 added [ 2861.694476][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2861.711901][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2861.730802][T21272] bridge0: port 1(bridge_slave_0) entered blocking state [ 2861.737889][T21272] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2861.815862][T19457] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2861.826499][T19457] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2861.837208][T19457] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2861.847044][T19457] bridge0: port 2(bridge_slave_1) entered blocking state [ 2861.854164][T19457] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2861.863678][T19457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2861.873357][T19457] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2861.882481][T19457] bridge0: port 1(bridge_slave_0) entered blocking state [ 2861.889539][T19457] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2861.898818][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2861.999744][T23454] device hsr_slave_0 entered promiscuous mode [ 2862.041980][T23454] device hsr_slave_1 entered promiscuous mode [ 2862.080661][T23454] debugfs: Directory 'hsr0' with parent '/' already present! [ 2862.114019][T21816] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2862.132106][T21816] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2862.151478][T21816] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2862.160193][T21816] bridge0: port 2(bridge_slave_1) entered blocking state [ 2862.167478][T21816] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2862.248135][T23457] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2862.374525][T23457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2862.392463][T23457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2862.412176][T23457] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2862.441998][T23457] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2862.502598][T23463] chnl_net:caif_netlink_parms(): no params data found [ 2862.572170][T21816] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2862.592028][T21816] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2862.611547][T21816] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2862.630741][T21816] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2862.639877][T21816] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2862.700117][T23457] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2862.711466][T23457] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2862.792320][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2862.812372][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2862.822205][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2862.844144][T23437] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2862.874278][T23463] bridge0: port 1(bridge_slave_0) entered blocking state [ 2862.882257][T23463] bridge0: port 1(bridge_slave_0) entered disabled state [ 2862.902132][T23463] device bridge_slave_0 entered promiscuous mode [ 2862.922127][T23462] chnl_net:caif_netlink_parms(): no params data found [ 2862.976885][T23463] bridge0: port 2(bridge_slave_1) entered blocking state [ 2862.991631][T23463] bridge0: port 2(bridge_slave_1) entered disabled state [ 2863.011630][T23463] device bridge_slave_1 entered promiscuous mode [ 2863.067657][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2863.082932][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2863.147402][T23452] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2863.173674][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2863.184355][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2863.193921][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2863.205347][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2863.220206][T23463] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2863.241105][T23462] bridge0: port 1(bridge_slave_0) entered blocking state [ 2863.248186][T23462] bridge0: port 1(bridge_slave_0) entered disabled state [ 2863.273498][T23462] device bridge_slave_0 entered promiscuous mode [ 2863.304369][T23462] bridge0: port 2(bridge_slave_1) entered blocking state [ 2863.320412][T23462] bridge0: port 2(bridge_slave_1) entered disabled state [ 2863.329299][T23462] device bridge_slave_1 entered promiscuous mode [ 2863.371763][T23435] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2863.402564][T23463] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2863.429141][T23437] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2863.475716][T23462] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2863.558637][T23462] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2863.663095][T23463] team0: Port device team_slave_0 added [ 2863.669578][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2863.693165][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2863.727009][T23454] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2863.763655][T23463] team0: Port device team_slave_1 added [ 2863.866600][T23452] 8021q: adding VLAN 0 to HW filter on device team0 [ 2863.888718][T23462] team0: Port device team_slave_0 added [ 2863.913457][T23435] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2863.954233][T23462] team0: Port device team_slave_1 added [ 2863.967622][T23473] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2864.000566][T23473] CPU: 1 PID: 23473 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 2864.008159][T23473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2864.018216][T23473] Call Trace: [ 2864.021603][T23473] dump_stack+0x172/0x1f0 [ 2864.025942][T23473] dump_header+0x10b/0x82d [ 2864.030363][T23473] oom_kill_process.cold+0x10/0x15 [ 2864.035477][T23473] out_of_memory+0x334/0x1340 [ 2864.040156][T23473] ? __sched_text_start+0x8/0x8 [ 2864.045012][T23473] ? oom_killer_disable+0x280/0x280 [ 2864.050227][T23473] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2864.055778][T23473] ? memcg_stat_show+0xc40/0xc40 [ 2864.060729][T23473] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2864.066542][T23473] ? cgroup_file_notify+0x140/0x1b0 [ 2864.071751][T23473] memory_max_write+0x262/0x3a0 [ 2864.076614][T23473] ? mem_cgroup_write+0x370/0x370 [ 2864.081649][T23473] ? cgroup_file_write+0x86/0x790 [ 2864.086688][T23473] cgroup_file_write+0x241/0x790 [ 2864.091632][T23473] ? mem_cgroup_write+0x370/0x370 [ 2864.096749][T23473] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2864.102398][T23473] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2864.108035][T23473] kernfs_fop_write+0x2b8/0x480 [ 2864.112901][T23473] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2864.119156][T23473] __vfs_write+0x8a/0x110 [ 2864.123614][T23473] ? kernfs_fop_open+0xd80/0xd80 [ 2864.128558][T23473] vfs_write+0x268/0x5d0 [ 2864.132812][T23473] ksys_write+0x14f/0x290 [ 2864.137147][T23473] ? __ia32_sys_read+0xb0/0xb0 [ 2864.141918][T23473] ? do_syscall_64+0x26/0x760 [ 2864.146599][T23473] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2864.152755][T23473] ? do_syscall_64+0x26/0x760 [ 2864.157449][T23473] __x64_sys_write+0x73/0xb0 [ 2864.162044][T23473] do_syscall_64+0xfa/0x760 [ 2864.166712][T23473] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2864.172613][T23473] RIP: 0033:0x459a59 [ 2864.176513][T23473] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2864.196329][T23473] RSP: 002b:00007f91216c7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2864.204759][T23473] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2864.212744][T23473] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2864.220717][T23473] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2864.228696][T23473] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f91216c86d4 [ 2864.236672][T23473] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2864.254672][T23473] memory: usage 6188kB, limit 0kB, failcnt 1148 [ 2864.266514][T23463] device hsr_slave_0 entered promiscuous mode [ 2864.272827][T23473] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2864.280130][T23473] Memory cgroup stats for /syz4: [ 2864.281808][T23473] anon 4288512 [ 2864.281808][T23473] file 0 [ 2864.281808][T23473] kernel_stack 65536 [ 2864.281808][T23473] slab 1900544 [ 2864.281808][T23473] sock 0 [ 2864.281808][T23473] shmem 0 [ 2864.281808][T23473] file_mapped 0 [ 2864.281808][T23473] file_dirty 135168 [ 2864.281808][T23473] file_writeback 0 [ 2864.281808][T23473] anon_thp 4194304 [ 2864.281808][T23473] inactive_anon 0 [ 2864.281808][T23473] active_anon 4288512 [ 2864.281808][T23473] inactive_file 0 [ 2864.281808][T23473] active_file 0 [ 2864.281808][T23473] unevictable 0 [ 2864.281808][T23473] slab_reclaimable 675840 [ 2864.281808][T23473] slab_unreclaimable 1224704 [ 2864.281808][T23473] pgfault 22671 [ 2864.281808][T23473] pgmajfault 0 [ 2864.281808][T23473] workingset_refault 0 [ 2864.281808][T23473] workingset_activate 0 [ 2864.281808][T23473] workingset_nodereclaim 0 [ 2864.281808][T23473] pgrefill 132 [ 2864.281808][T23473] pgscan 216 [ 2864.281808][T23473] pgsteal 105 [ 2864.281808][T23473] pgactivate 99 [ 2864.378501][T23473] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23472,uid=0 [ 2864.404013][T23473] Memory cgroup out of memory: Killed process 23472 (syz-executor.4) total-vm:72576kB, anon-rss:4184kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2864.423838][T23463] device hsr_slave_1 entered promiscuous mode [ 2864.434883][ T1065] oom_reaper: reaped process 23472 (syz-executor.4), now anon-rss:0kB, file-rss:34872kB, shmem-rss:0kB [ 2864.530641][T23463] debugfs: Directory 'hsr0' with parent '/' already present! [ 2864.551372][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2864.568702][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2864.586247][T13846] bridge0: port 1(bridge_slave_0) entered blocking state [ 2864.593403][T13846] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2864.618533][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2864.628362][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2864.637483][T13846] bridge0: port 2(bridge_slave_1) entered blocking state [ 2864.644620][T13846] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2864.671500][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2864.674134][T23437] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2864.680149][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2864.691952][T23437] CPU: 1 PID: 23437 Comm: syz-executor.4 Not tainted 5.3.0+ #0 [ 2864.704038][T23437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2864.714094][T23437] Call Trace: [ 2864.717395][T23437] dump_stack+0x172/0x1f0 [ 2864.721728][T23437] dump_header+0x10b/0x82d [ 2864.726138][T23437] ? oom_kill_process+0x94/0x3f0 [ 2864.731075][T23437] oom_kill_process.cold+0x10/0x15 [ 2864.736199][T23437] out_of_memory+0x334/0x1340 [ 2864.740886][T23437] ? lock_downgrade+0x920/0x920 [ 2864.745741][T23437] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2864.751541][T23437] ? oom_killer_disable+0x280/0x280 [ 2864.751564][T23437] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2864.751577][T23437] ? memcg_stat_show+0xc40/0xc40 [ 2864.751603][T23437] ? do_raw_spin_unlock+0x57/0x270 [ 2864.772584][T23437] ? _raw_spin_unlock+0x2d/0x50 [ 2864.777433][T23437] try_charge+0xf4b/0x1440 [ 2864.781863][T23437] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2864.781875][T23437] ? percpu_ref_tryget_live+0x111/0x290 [ 2864.781896][T23437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2864.799179][T23437] ? __kasan_check_read+0x11/0x20 [ 2864.804201][T23437] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2864.809747][T23437] mem_cgroup_try_charge+0x136/0x590 [ 2864.815027][T23437] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2864.815045][T23437] wp_page_copy+0x407/0x1860 [ 2864.815061][T23437] ? find_held_lock+0x35/0x130 [ 2864.829994][T23437] ? do_wp_page+0x53b/0x15c0 [ 2864.834682][T23437] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2864.840503][T23437] ? lock_downgrade+0x920/0x920 [ 2864.845359][T23437] ? swp_swapcount+0x540/0x540 [ 2864.850115][T23437] ? __kasan_check_read+0x11/0x20 [ 2864.855130][T23437] ? do_raw_spin_unlock+0x57/0x270 [ 2864.855148][T23437] do_wp_page+0x543/0x15c0 [ 2864.855165][T23437] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2864.855189][T23437] __handle_mm_fault+0x23ec/0x4040 [ 2864.875164][T23437] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2864.880711][T23437] ? handle_mm_fault+0x292/0xaa0 [ 2864.886022][T23437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2864.892266][T23437] ? __kasan_check_read+0x11/0x20 [ 2864.892285][T23437] handle_mm_fault+0x3b7/0xaa0 [ 2864.892304][T23437] __do_page_fault+0x536/0xdd0 [ 2864.892326][T23437] do_page_fault+0x38/0x590 [ 2864.911389][T23437] page_fault+0x39/0x40 [ 2864.915542][T23437] RIP: 0033:0x430b36 [ 2864.919425][T23437] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 66 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 2c 44 64 00 85 c0 0f 84 [ 2864.939026][T23437] RSP: 002b:00007ffddab11000 EFLAGS: 00010206 [ 2864.939036][T23437] RAX: 0000000000019691 RBX: 0000000000716640 RCX: 0000000000008041 [ 2864.939043][T23437] RDX: 0000000000c0b930 RSI: 0000000000c13970 RDI: 0000000000000003 [ 2864.939050][T23437] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000000000c0a940 [ 2864.939057][T23437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000716698 [ 2864.939064][T23437] R13: 0000000000716698 R14: 0000000000000000 R15: 0000000000002710 [ 2864.989217][T23437] memory: usage 1816kB, limit 0kB, failcnt 1156 [ 2864.996026][T23437] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2865.003376][T23437] Memory cgroup stats for /syz4: [ 2865.003489][T23437] anon 53248 [ 2865.003489][T23437] file 0 [ 2865.003489][T23437] kernel_stack 0 [ 2865.003489][T23437] slab 1900544 [ 2865.003489][T23437] sock 0 [ 2865.003489][T23437] shmem 0 [ 2865.003489][T23437] file_mapped 0 [ 2865.003489][T23437] file_dirty 135168 [ 2865.003489][T23437] file_writeback 0 [ 2865.003489][T23437] anon_thp 0 [ 2865.003489][T23437] inactive_anon 0 [ 2865.003489][T23437] active_anon 53248 [ 2865.003489][T23437] inactive_file 0 [ 2865.003489][T23437] active_file 0 [ 2865.003489][T23437] unevictable 0 [ 2865.003489][T23437] slab_reclaimable 675840 [ 2865.003489][T23437] slab_unreclaimable 1224704 [ 2865.003489][T23437] pgfault 22671 [ 2865.003489][T23437] pgmajfault 0 [ 2865.003489][T23437] workingset_refault 0 [ 2865.003489][T23437] workingset_activate 0 [ 2865.003489][T23437] workingset_nodereclaim 0 [ 2865.003489][T23437] pgrefill 132 [ 2865.003489][T23437] pgscan 216 [ 2865.003489][T23437] pgsteal 105 [ 2865.003489][T23437] pgactivate 99 [ 2865.099368][T23437] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=23437,uid=0 [ 2865.119266][T23437] Memory cgroup out of memory: Killed process 23437 (syz-executor.4) total-vm:72444kB, anon-rss:68kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2865.138206][ T1065] oom_reaper: reaped process 23437 (syz-executor.4), now anon-rss:0kB, file-rss:33936kB, shmem-rss:0kB [ 2865.187711][T23454] 8021q: adding VLAN 0 to HW filter on device team0 [ 2865.206683][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2865.221840][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2865.303722][T23462] device hsr_slave_0 entered promiscuous mode [ 2865.342129][T23462] device hsr_slave_1 entered promiscuous mode [ 2865.390517][T23462] debugfs: Directory 'hsr0' with parent '/' already present! [ 2865.683441][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2865.693316][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2865.702686][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2865.711372][T16115] bridge0: port 1(bridge_slave_0) entered blocking state [ 2865.718434][T16115] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2865.756822][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2865.766302][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2865.776057][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2865.786108][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2865.796185][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2865.828679][T13846] bridge0: port 2(bridge_slave_1) entered blocking state [ 2865.835847][T13846] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2865.891921][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2865.936962][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2865.970072][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 16:24:03 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r1 = socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:24:03 executing program 4: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r5, 0x0, 0x0) [ 2866.037353][T23457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2866.048195][T23457] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2866.082116][T23457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2866.122405][T23457] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2866.167331][T23457] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2866.235759][T23452] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2866.260652][T21816] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 16:24:04 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, 0x0, 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2866.327814][T21816] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2866.344069][T21816] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2866.407668][T21816] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2866.463765][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2866.481919][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2866.535689][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2866.555247][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 16:24:04 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, 0x0, 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2866.599042][T23454] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2866.635769][T23454] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2866.665583][T23452] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2867.077148][T23454] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2867.336742][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2867.356785][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2867.422688][T23463] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2867.549701][T23462] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2867.617962][T23463] 8021q: adding VLAN 0 to HW filter on device team0 [ 2867.637339][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2867.649484][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 16:24:05 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, 0x0, 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2867.699922][T23481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2867.714182][T23481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2867.754905][T23481] bridge0: port 1(bridge_slave_0) entered blocking state [ 2867.762064][T23481] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2867.802843][T23481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2867.819175][T23481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2867.832169][T23481] bridge0: port 2(bridge_slave_1) entered blocking state [ 2867.839271][T23481] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2867.942191][T23522] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2867.953925][T23462] 8021q: adding VLAN 0 to HW filter on device team0 [ 2867.965293][T23522] CPU: 1 PID: 23522 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2867.972867][T23522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2867.973365][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2867.982918][T23522] Call Trace: [ 2867.982941][T23522] dump_stack+0x172/0x1f0 [ 2867.982964][T23522] dump_header+0x10b/0x82d [ 2867.982983][T23522] oom_kill_process.cold+0x10/0x15 [ 2867.983002][T23522] out_of_memory+0x334/0x1340 [ 2868.001588][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2868.002349][T23522] ? __this_cpu_preempt_check+0x3a/0x210 [ 2868.008540][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2868.012102][T23522] ? retint_kernel+0x2b/0x2b [ 2868.012121][T23522] ? oom_killer_disable+0x280/0x280 [ 2868.012148][T23522] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2868.012166][T23522] ? memcg_stat_show+0xc40/0xc40 [ 2868.022216][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2868.024972][T23522] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2868.066007][T23522] ? cgroup_file_notify+0x140/0x1b0 [ 2868.071214][T23522] memory_max_write+0x262/0x3a0 [ 2868.076070][T23522] ? mem_cgroup_write+0x370/0x370 [ 2868.081096][T23522] ? __this_cpu_preempt_check+0x3a/0x210 [ 2868.086729][T23522] ? retint_kernel+0x2b/0x2b [ 2868.091332][T23522] cgroup_file_write+0x241/0x790 [ 2868.096268][T23522] ? mem_cgroup_write+0x370/0x370 [ 2868.101291][T23522] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2868.107023][T23522] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2868.112655][T23522] kernfs_fop_write+0x2b8/0x480 [ 2868.117505][T23522] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2868.123761][T23522] __vfs_write+0x8a/0x110 [ 2868.128091][T23522] ? kernfs_fop_open+0xd80/0xd80 [ 2868.133035][T23522] vfs_write+0x268/0x5d0 [ 2868.137284][T23522] ksys_write+0x14f/0x290 [ 2868.141670][T23522] ? __ia32_sys_read+0xb0/0xb0 [ 2868.146454][T23522] ? do_syscall_64+0x26/0x760 [ 2868.151147][T23522] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2868.157247][T23522] ? do_syscall_64+0x26/0x760 [ 2868.161945][T23522] __x64_sys_write+0x73/0xb0 [ 2868.166540][T23522] do_syscall_64+0xfa/0x760 [ 2868.171049][T23522] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2868.176941][T23522] RIP: 0033:0x459a59 [ 2868.180839][T23522] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2868.200456][T23522] RSP: 002b:00007f542dc60c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2868.208880][T23522] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2868.216863][T23522] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2868.224846][T23522] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2868.232815][T23522] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f542dc616d4 [ 2868.240765][T23522] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2868.270420][T23522] memory: usage 11060kB, limit 0kB, failcnt 233 [ 2868.276829][T23522] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2868.284032][T23522] Memory cgroup stats for /syz0: [ 2868.284631][T23522] anon 4292608 [ 2868.284631][T23522] file 0 [ 2868.284631][T23522] kernel_stack 65536 [ 2868.284631][T23522] slab 6877184 [ 2868.284631][T23522] sock 0 [ 2868.284631][T23522] shmem 0 [ 2868.284631][T23522] file_mapped 0 [ 2868.284631][T23522] file_dirty 0 [ 2868.284631][T23522] file_writeback 0 [ 2868.284631][T23522] anon_thp 4194304 [ 2868.284631][T23522] inactive_anon 0 [ 2868.284631][T23522] active_anon 4292608 [ 2868.284631][T23522] inactive_file 0 [ 2868.284631][T23522] active_file 0 [ 2868.284631][T23522] unevictable 0 [ 2868.284631][T23522] slab_reclaimable 6082560 [ 2868.284631][T23522] slab_unreclaimable 794624 [ 2868.284631][T23522] pgfault 45639 [ 2868.284631][T23522] pgmajfault 0 [ 2868.284631][T23522] workingset_refault 0 [ 2868.284631][T23522] workingset_activate 0 [ 2868.284631][T23522] workingset_nodereclaim 0 [ 2868.284631][T23522] pgrefill 249 [ 2868.284631][T23522] pgscan 231 [ 2868.284631][T23522] pgsteal 34 [ 2868.284631][T23522] pgactivate 198 [ 2868.286448][T23525] IPVS: ftp: loaded support on port[0] = 21 [ 2868.292567][T23522] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23520,uid=0 [ 2868.402026][T23481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2868.426080][T23481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2868.442877][T23481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2868.461594][T23481] bridge0: port 1(bridge_slave_0) entered blocking state [ 2868.468728][T23481] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2868.493921][T23522] Memory cgroup out of memory: Killed process 23520 (syz-executor.0) total-vm:72576kB, anon-rss:4188kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2868.525850][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2868.534972][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2868.574011][ T1065] oom_reaper: reaped process 23520 (syz-executor.0), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 2868.596749][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2868.729835][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2868.739329][T16115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2868.748343][T16115] bridge0: port 2(bridge_slave_1) entered blocking state [ 2868.755484][T16115] bridge0: port 2(bridge_slave_1) entered forwarding state 16:24:07 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r4, 0x0, 0x0) 16:24:07 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, 0xffffffffffffffff, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:24:07 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2869.344392][T23454] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2869.384715][T23454] CPU: 0 PID: 23454 Comm: syz-executor.0 Not tainted 5.3.0+ #0 [ 2869.392312][T23454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2869.402380][T23454] Call Trace: [ 2869.405684][T23454] dump_stack+0x172/0x1f0 [ 2869.410032][T23454] dump_header+0x10b/0x82d [ 2869.414453][T23454] ? oom_kill_process+0x94/0x3f0 [ 2869.419394][T23454] oom_kill_process.cold+0x10/0x15 [ 2869.424518][T23454] out_of_memory+0x334/0x1340 [ 2869.429297][T23454] ? lock_downgrade+0x920/0x920 [ 2869.434166][T23454] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2869.439982][T23454] ? oom_killer_disable+0x280/0x280 [ 2869.445204][T23454] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2869.450755][T23454] ? memcg_stat_show+0xc40/0xc40 [ 2869.455696][T23454] ? do_raw_spin_unlock+0x57/0x270 [ 2869.460816][T23454] ? _raw_spin_unlock+0x2d/0x50 [ 2869.465673][T23454] try_charge+0xf4b/0x1440 [ 2869.470107][T23454] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2869.475651][T23454] ? percpu_ref_tryget_live+0x111/0x290 [ 2869.481207][T23454] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2869.487461][T23454] ? __kasan_check_read+0x11/0x20 [ 2869.492495][T23454] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2869.498047][T23454] mem_cgroup_try_charge+0x136/0x590 [ 2869.503352][T23454] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2869.508991][T23454] wp_page_copy+0x407/0x1860 [ 2869.513587][T23454] ? find_held_lock+0x35/0x130 [ 2869.518349][T23454] ? do_wp_page+0x53b/0x15c0 [ 2869.522947][T23454] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2869.528760][T23454] ? lock_downgrade+0x920/0x920 [ 2869.533621][T23454] ? swp_swapcount+0x540/0x540 [ 2869.538411][T23454] ? __kasan_check_read+0x11/0x20 [ 2869.543449][T23454] ? do_raw_spin_unlock+0x57/0x270 [ 2869.548570][T23454] do_wp_page+0x543/0x15c0 [ 2869.553001][T23454] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2869.558391][T23454] __handle_mm_fault+0x23ec/0x4040 [ 2869.563513][T23454] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2869.569059][T23454] ? handle_mm_fault+0x292/0xaa0 [ 2869.574972][T23454] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2869.581222][T23454] ? __kasan_check_read+0x11/0x20 [ 2869.586253][T23454] handle_mm_fault+0x3b7/0xaa0 [ 2869.591033][T23454] __do_page_fault+0x536/0xdd0 [ 2869.595817][T23454] do_page_fault+0x38/0x590 [ 2869.600336][T23454] page_fault+0x39/0x40 [ 2869.604494][T23454] RIP: 0033:0x403522 [ 2869.608388][T23454] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2869.628000][T23454] RSP: 002b:00007ffc063b7b50 EFLAGS: 00010246 [ 2869.634069][T23454] RAX: 0000000000000000 RBX: 00000000002bc29d RCX: 0000000000413660 [ 2869.642737][T23454] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffc063b8c80 [ 2869.650709][T23454] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000002391940 [ 2869.658683][T23454] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc063b8c80 [ 2869.666762][T23454] R13: 00007ffc063b8c70 R14: 0000000000000000 R15: 00007ffc063b8c80 [ 2869.686255][T23454] memory: usage 6624kB, limit 0kB, failcnt 241 [ 2869.693047][T23454] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2869.700184][T23454] Memory cgroup stats for /syz0: [ 2869.700754][T23454] anon 32768 [ 2869.700754][T23454] file 0 [ 2869.700754][T23454] kernel_stack 65536 [ 2869.700754][T23454] slab 6877184 [ 2869.700754][T23454] sock 0 [ 2869.700754][T23454] shmem 0 [ 2869.700754][T23454] file_mapped 0 [ 2869.700754][T23454] file_dirty 0 [ 2869.700754][T23454] file_writeback 0 [ 2869.700754][T23454] anon_thp 0 [ 2869.700754][T23454] inactive_anon 0 [ 2869.700754][T23454] active_anon 32768 [ 2869.700754][T23454] inactive_file 0 [ 2869.700754][T23454] active_file 0 [ 2869.700754][T23454] unevictable 0 [ 2869.700754][T23454] slab_reclaimable 6082560 [ 2869.700754][T23454] slab_unreclaimable 794624 [ 2869.700754][T23454] pgfault 45639 [ 2869.700754][T23454] pgmajfault 0 [ 2869.700754][T23454] workingset_refault 0 [ 2869.700754][T23454] workingset_activate 0 [ 2869.700754][T23454] workingset_nodereclaim 0 [ 2869.700754][T23454] pgrefill 249 [ 2869.700754][T23454] pgscan 231 [ 2869.700754][T23454] pgsteal 34 [ 2869.700754][T23454] pgactivate 198 [ 2869.811546][T23454] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=23454,uid=0 [ 2869.829662][T23454] Memory cgroup out of memory: Killed process 23454 (syz-executor.0) total-vm:72444kB, anon-rss:72kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2869.848196][ T1065] oom_reaper: reaped process 23454 (syz-executor.0), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2869.859842][T23529] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2869.880806][T23529] CPU: 1 PID: 23529 Comm: syz-executor.1 Not tainted 5.3.0+ #0 [ 2869.888381][T23529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2869.898439][T23529] Call Trace: [ 2869.901737][T23529] dump_stack+0x172/0x1f0 [ 2869.906093][T23529] dump_header+0x10b/0x82d [ 2869.910522][T23529] oom_kill_process.cold+0x10/0x15 [ 2869.915637][T23529] out_of_memory+0x334/0x1340 [ 2869.920333][T23529] ? oom_killer_disable+0x280/0x280 [ 2869.925550][T23529] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2869.931097][T23529] ? memcg_stat_show+0xc40/0xc40 [ 2869.936049][T23529] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2869.941858][T23529] ? cgroup_file_notify+0x140/0x1b0 [ 2869.947162][T23529] memory_max_write+0x262/0x3a0 [ 2869.952022][T23529] ? mem_cgroup_write+0x370/0x370 [ 2869.957051][T23529] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2869.962519][T23529] cgroup_file_write+0x241/0x790 [ 2869.967459][T23529] ? mem_cgroup_write+0x370/0x370 [ 2869.972483][T23529] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2869.978118][T23529] ? kernfs_ops+0xd6/0x120 [ 2869.982537][T23529] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2869.988168][T23529] kernfs_fop_write+0x2b8/0x480 [ 2869.993031][T23529] __vfs_write+0x8a/0x110 [ 2869.997372][T23529] ? kernfs_fop_open+0xd80/0xd80 [ 2870.002310][T23529] vfs_write+0x268/0x5d0 [ 2870.006567][T23529] ksys_write+0x14f/0x290 [ 2870.010988][T23529] ? __ia32_sys_read+0xb0/0xb0 [ 2870.015752][T23529] ? do_syscall_64+0x26/0x760 [ 2870.020428][T23529] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2870.026495][T23529] ? do_syscall_64+0x26/0x760 [ 2870.031180][T23529] __x64_sys_write+0x73/0xb0 [ 2870.035769][T23529] do_syscall_64+0xfa/0x760 [ 2870.040286][T23529] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2870.046258][T23529] RIP: 0033:0x459a59 [ 2870.050155][T23529] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2870.069852][T23529] RSP: 002b:00007f6123b80c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2870.078276][T23529] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2870.086259][T23529] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2870.094315][T23529] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2870.102298][T23529] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6123b816d4 [ 2870.110272][T23529] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2870.123092][T23529] memory: usage 5756kB, limit 0kB, failcnt 931 [ 2870.129689][T23529] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2870.136906][T23529] Memory cgroup stats for /syz1: [ 2870.137721][T23529] anon 4427776 [ 2870.137721][T23529] file 40960 [ 2870.137721][T23529] kernel_stack 65536 [ 2870.137721][T23529] slab 1105920 [ 2870.137721][T23529] sock 0 [ 2870.137721][T23529] shmem 0 [ 2870.137721][T23529] file_mapped 0 [ 2870.137721][T23529] file_dirty 0 [ 2870.137721][T23529] file_writeback 0 [ 2870.137721][T23529] anon_thp 4194304 [ 2870.137721][T23529] inactive_anon 0 [ 2870.137721][T23529] active_anon 4349952 [ 2870.137721][T23529] inactive_file 135168 [ 2870.137721][T23529] active_file 0 [ 2870.137721][T23529] unevictable 0 [ 2870.137721][T23529] slab_reclaimable 270336 [ 2870.137721][T23529] slab_unreclaimable 835584 [ 2870.137721][T23529] pgfault 30063 [ 2870.137721][T23529] pgmajfault 0 [ 2870.137721][T23529] workingset_refault 0 [ 2870.137721][T23529] workingset_activate 0 [ 2870.137721][T23529] workingset_nodereclaim 0 [ 2870.137721][T23529] pgrefill 100 [ 2870.137721][T23529] pgscan 100 [ 2870.137721][T23529] pgsteal 0 [ 2870.137721][T23529] pgactivate 66 16:24:08 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2870.251127][T23529] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=23527,uid=0 [ 2870.273225][T23529] Memory cgroup out of memory: Killed process 23527 (syz-executor.1) total-vm:72572kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 2870.296946][ T1065] oom_reaper: reaped process 23527 (syz-executor.1), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 2870.320398][T23452] syz-executor.5 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 2870.340417][T23452] CPU: 0 PID: 23452 Comm: syz-executor.5 Not tainted 5.3.0+ #0 16:24:08 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2870.348007][T23452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2870.358072][T23452] Call Trace: [ 2870.361374][T23452] dump_stack+0x172/0x1f0 [ 2870.365718][T23452] dump_header+0x10b/0x82d [ 2870.370249][T23452] ? oom_kill_process+0x94/0x3f0 [ 2870.375204][T23452] oom_kill_process.cold+0x10/0x15 [ 2870.380323][T23452] out_of_memory+0x334/0x1340 [ 2870.385001][T23452] ? lock_downgrade+0x920/0x920 [ 2870.389844][T23452] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2870.395760][T23452] ? oom_killer_disable+0x280/0x280 [ 2870.400980][T23452] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2870.406616][T23452] ? memcg_stat_show+0xc40/0xc40 [ 2870.411573][T23452] ? do_raw_spin_unlock+0x57/0x270 [ 2870.416723][T23452] ? _raw_spin_unlock+0x2d/0x50 [ 2870.421587][T23452] try_charge+0xf4b/0x1440 [ 2870.426021][T23452] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2870.431575][T23452] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2870.437133][T23452] ? cache_grow_begin+0x122/0xd20 [ 2870.442158][T23452] ? find_held_lock+0x35/0x130 [ 2870.446922][T23452] ? cache_grow_begin+0x122/0xd20 [ 2870.451958][T23452] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2870.457498][T23452] ? lock_downgrade+0x920/0x920 [ 2870.462349][T23452] ? memcg_kmem_put_cache+0x50/0x50 [ 2870.467978][T23452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2870.474227][T23452] ? __kasan_check_read+0x11/0x20 [ 2870.479286][T23452] cache_grow_begin+0x629/0xd20 [ 2870.484151][T23452] ? write_comp_data+0x61/0x70 [ 2870.488915][T23452] ? mempolicy_slab_node+0x139/0x390 [ 2870.494204][T23452] fallback_alloc+0x1fd/0x2d0 [ 2870.498886][T23452] ____cache_alloc_node+0x1bc/0x1d0 [ 2870.504084][T23452] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2870.510326][T23452] kmem_cache_alloc+0x1ef/0x710 [ 2870.515174][T23452] ? lock_downgrade+0x920/0x920 [ 2870.520029][T23452] ? rwlock_bug.part.0+0x90/0x90 [ 2870.524970][T23452] ? ratelimit_state_init+0xb0/0xb0 [ 2870.530164][T23452] ext4_alloc_inode+0x1f/0x640 [ 2870.534924][T23452] ? ratelimit_state_init+0xb0/0xb0 [ 2870.540119][T23452] alloc_inode+0x68/0x1e0 [ 2870.544450][T23452] iget_locked+0x1a6/0x4b0 [ 2870.548871][T23452] __ext4_iget+0x265/0x3e20 [ 2870.553373][T23452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2870.559625][T23452] ? ext4_get_projid+0x190/0x190 [ 2870.564562][T23452] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2870.570199][T23452] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2870.576176][T23452] ? d_alloc_parallel+0xa78/0x1c30 [ 2870.581306][T23452] ext4_lookup+0x3b1/0x7a0 [ 2870.585721][T23452] ? ext4_cross_rename+0x1430/0x1430 [ 2870.591002][T23452] ? __lock_acquire+0x16f2/0x4a00 [ 2870.596022][T23452] ? __kasan_check_read+0x11/0x20 [ 2870.601053][T23452] ? lockdep_init_map+0x1be/0x6d0 [ 2870.606086][T23452] __lookup_slow+0x279/0x500 [ 2870.610677][T23452] ? vfs_unlink+0x620/0x620 [ 2870.615208][T23452] lookup_slow+0x58/0x80 [ 2870.619452][T23452] path_mountpoint+0x5d2/0x1e60 [ 2870.624308][T23452] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2870.629858][T23452] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2870.635856][T23452] ? path_openat+0x46d0/0x46d0 [ 2870.640633][T23452] filename_mountpoint+0x18e/0x390 [ 2870.645829][T23452] ? filename_parentat.isra.0+0x410/0x410 [ 2870.651547][T23452] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2870.657798][T23452] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2870.664036][T23452] ? __phys_addr_symbol+0x30/0x70 [ 2870.669057][T23452] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2870.674794][T23452] ? __check_object_size+0x3d/0x437 [ 2870.679997][T23452] ? strncpy_from_user+0x2b4/0x400 [ 2870.685116][T23452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2870.691353][T23452] ? getname_flags+0x277/0x5b0 [ 2870.696134][T23452] user_path_mountpoint_at+0x3a/0x50 [ 2870.701430][T23452] ksys_umount+0x164/0xf00 [ 2870.705848][T23452] ? __ia32_sys_rmdir+0x40/0x40 [ 2870.710703][T23452] ? __detach_mounts+0x2a0/0x2a0 [ 2870.715642][T23452] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2870.721893][T23452] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2870.727352][T23452] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2870.732815][T23452] ? do_syscall_64+0x26/0x760 [ 2870.737491][T23452] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2870.743551][T23452] ? do_syscall_64+0x26/0x760 [ 2870.748232][T23452] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2870.753522][T23452] __x64_sys_umount+0x54/0x80 [ 2870.758195][T23452] do_syscall_64+0xfa/0x760 [ 2870.762776][T23452] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2870.768660][T23452] RIP: 0033:0x45c487 [ 2870.772562][T23452] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2870.792260][T23452] RSP: 002b:00007ffe00287448 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 2870.800671][T23452] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c487 [ 2870.808637][T23452] RDX: 0000000000403550 RSI: 0000000000000002 RDI: 00007ffe002874f0 [ 2870.816616][T23452] RBP: 0000000000000005 R08: 0000000000000000 R09: 000000000000000e [ 2870.824608][T23452] R10: 000000000000000a R11: 0000000000000202 R12: 00007ffe00288580 [ 2870.832576][T23452] R13: 00000000027a6940 R14: 0000000000000000 R15: 00007ffe00288580 [ 2870.846857][T23452] memory: usage 872kB, limit 0kB, failcnt 1127 [ 2870.853107][T23452] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2870.859943][T23452] Memory cgroup stats for /syz5: [ 2870.860066][T23452] anon 172032 [ 2870.860066][T23452] file 90112 [ 2870.860066][T23452] kernel_stack 0 [ 2870.860066][T23452] slab 831488 [ 2870.860066][T23452] sock 0 [ 2870.860066][T23452] shmem 0 [ 2870.860066][T23452] file_mapped 0 [ 2870.860066][T23452] file_dirty 0 [ 2870.860066][T23452] file_writeback 0 [ 2870.860066][T23452] anon_thp 0 [ 2870.860066][T23452] inactive_anon 0 [ 2870.860066][T23452] active_anon 90112 [ 2870.860066][T23452] inactive_file 135168 [ 2870.860066][T23452] active_file 0 [ 2870.860066][T23452] unevictable 0 [ 2870.860066][T23452] slab_reclaimable 135168 [ 2870.860066][T23452] slab_unreclaimable 696320 [ 2870.860066][T23452] pgfault 20361 [ 2870.860066][T23452] pgmajfault 0 [ 2870.860066][T23452] workingset_refault 0 [ 2870.860066][T23452] workingset_activate 0 [ 2870.860066][T23452] workingset_nodereclaim 0 [ 2870.860066][T23452] pgrefill 166 [ 2870.860066][T23452] pgscan 165 [ 2870.860066][T23452] pgsteal 35 [ 2870.860066][T23452] pgactivate 132 [ 2870.956941][T23452] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23452,uid=0 [ 2870.973717][T23452] Memory cgroup out of memory: Killed process 23452 (syz-executor.5) total-vm:72440kB, anon-rss:96kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2870.992749][ T1065] oom_reaper: reaped process 23452 (syz-executor.5), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2871.003959][T23435] syz-executor.1 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 2871.020454][T23435] CPU: 0 PID: 23435 Comm: syz-executor.1 Not tainted 5.3.0+ #0 [ 2871.028034][T23435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2871.038606][T23435] Call Trace: [ 2871.041901][T23435] dump_stack+0x172/0x1f0 [ 2871.046234][T23435] dump_header+0x10b/0x82d [ 2871.050664][T23435] ? oom_kill_process+0x94/0x3f0 [ 2871.055605][T23435] oom_kill_process.cold+0x10/0x15 [ 2871.060718][T23435] out_of_memory+0x334/0x1340 [ 2871.065480][T23435] ? lock_downgrade+0x920/0x920 [ 2871.070333][T23435] ? oom_killer_disable+0x280/0x280 [ 2871.075539][T23435] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2871.081088][T23435] ? memcg_stat_show+0xc40/0xc40 [ 2871.086041][T23435] ? do_raw_spin_unlock+0x57/0x270 [ 2871.091174][T23435] ? _raw_spin_unlock+0x2d/0x50 [ 2871.096047][T23435] try_charge+0xf4b/0x1440 [ 2871.100469][T23435] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2871.106018][T23435] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2871.111575][T23435] ? cache_grow_begin+0x122/0xd20 [ 2871.116599][T23435] ? find_held_lock+0x35/0x130 [ 2871.121364][T23435] ? cache_grow_begin+0x122/0xd20 [ 2871.126398][T23435] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2871.131942][T23435] ? lock_downgrade+0x920/0x920 [ 2871.136801][T23435] ? memcg_kmem_put_cache+0x50/0x50 [ 2871.142009][T23435] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2871.148250][T23435] ? __kasan_check_read+0x11/0x20 [ 2871.153366][T23435] cache_grow_begin+0x629/0xd20 [ 2871.158216][T23435] ? write_comp_data+0x61/0x70 [ 2871.162979][T23435] ? mempolicy_slab_node+0x139/0x390 [ 2871.168267][T23435] fallback_alloc+0x1fd/0x2d0 [ 2871.172955][T23435] ____cache_alloc_node+0x1bc/0x1d0 [ 2871.178151][T23435] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2871.184409][T23435] kmem_cache_alloc+0x1ef/0x710 [ 2871.189258][T23435] ? lock_downgrade+0x920/0x920 [ 2871.194116][T23435] ? rwlock_bug.part.0+0x90/0x90 [ 2871.199059][T23435] ? ratelimit_state_init+0xb0/0xb0 [ 2871.204255][T23435] ext4_alloc_inode+0x1f/0x640 [ 2871.209040][T23435] ? ratelimit_state_init+0xb0/0xb0 [ 2871.214245][T23435] alloc_inode+0x68/0x1e0 [ 2871.218583][T23435] iget_locked+0x1a6/0x4b0 [ 2871.223012][T23435] __ext4_iget+0x265/0x3e20 [ 2871.227529][T23435] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2871.233785][T23435] ? ext4_get_projid+0x190/0x190 [ 2871.238750][T23435] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2871.244323][T23435] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2871.250301][T23435] ? d_alloc_parallel+0xa78/0x1c30 [ 2871.255420][T23435] ext4_lookup+0x3b1/0x7a0 [ 2871.259835][T23435] ? ext4_cross_rename+0x1430/0x1430 [ 2871.265141][T23435] ? __lock_acquire+0x16f2/0x4a00 [ 2871.270165][T23435] ? __kasan_check_read+0x11/0x20 [ 2871.275200][T23435] ? lockdep_init_map+0x1be/0x6d0 [ 2871.280250][T23435] __lookup_slow+0x279/0x500 [ 2871.284843][T23435] ? vfs_unlink+0x620/0x620 [ 2871.289398][T23435] lookup_slow+0x58/0x80 [ 2871.293670][T23435] path_mountpoint+0x5d2/0x1e60 [ 2871.298523][T23435] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2871.304074][T23435] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2871.310060][T23435] ? path_openat+0x46d0/0x46d0 [ 2871.314836][T23435] filename_mountpoint+0x18e/0x390 [ 2871.319973][T23435] ? filename_parentat.isra.0+0x410/0x410 [ 2871.325692][T23435] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2871.331859][T23435] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2871.338099][T23435] ? __phys_addr_symbol+0x30/0x70 [ 2871.343123][T23435] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2871.349021][T23435] ? __check_object_size+0x3d/0x437 [ 2871.354245][T23435] ? strncpy_from_user+0x2b4/0x400 [ 2871.359368][T23435] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2871.365629][T23435] ? getname_flags+0x277/0x5b0 [ 2871.370429][T23435] user_path_mountpoint_at+0x3a/0x50 [ 2871.375740][T23435] ksys_umount+0x164/0xf00 [ 2871.380159][T23435] ? __ia32_sys_rmdir+0x40/0x40 [ 2871.385019][T23435] ? __detach_mounts+0x2a0/0x2a0 [ 2871.390154][T23435] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2871.396484][T23435] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2871.402033][T23435] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2871.407491][T23435] ? do_syscall_64+0x26/0x760 [ 2871.412164][T23435] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2871.418225][T23435] ? do_syscall_64+0x26/0x760 [ 2871.422895][T23435] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2871.428168][T23435] __x64_sys_umount+0x54/0x80 [ 2871.432833][T23435] do_syscall_64+0xfa/0x760 [ 2871.437326][T23435] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2871.443197][T23435] RIP: 0033:0x45c487 [ 2871.447076][T23435] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2871.466663][T23435] RSP: 002b:00007ffc380cfaa8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 2871.475056][T23435] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c487 [ 2871.483009][T23435] RDX: 0000000000403550 RSI: 0000000000000002 RDI: 00007ffc380cfb50 [ 2871.490991][T23435] RBP: 000000000000000d R08: 0000000000000000 R09: 000000000000000e [ 2871.498958][T23435] R10: 000000000000000a R11: 0000000000000202 R12: 00007ffc380d0be0 [ 2871.506912][T23435] R13: 0000000000d89940 R14: 0000000000000000 R15: 00007ffc380d0be0 [ 2871.531073][T23435] memory: usage 1364kB, limit 0kB, failcnt 943 [ 2871.537266][T23435] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2871.560359][T23435] Memory cgroup stats for /syz1: [ 2871.560566][T23435] anon 61440 [ 2871.560566][T23435] file 40960 [ 2871.560566][T23435] kernel_stack 0 [ 2871.560566][T23435] slab 1105920 [ 2871.560566][T23435] sock 0 [ 2871.560566][T23435] shmem 0 [ 2871.560566][T23435] file_mapped 0 [ 2871.560566][T23435] file_dirty 0 [ 2871.560566][T23435] file_writeback 0 [ 2871.560566][T23435] anon_thp 0 [ 2871.560566][T23435] inactive_anon 0 [ 2871.560566][T23435] active_anon 61440 [ 2871.560566][T23435] inactive_file 135168 [ 2871.560566][T23435] active_file 0 [ 2871.560566][T23435] unevictable 0 [ 2871.560566][T23435] slab_reclaimable 270336 [ 2871.560566][T23435] slab_unreclaimable 835584 [ 2871.560566][T23435] pgfault 30063 [ 2871.560566][T23435] pgmajfault 0 [ 2871.560566][T23435] workingset_refault 0 [ 2871.560566][T23435] workingset_activate 0 [ 2871.560566][T23435] workingset_nodereclaim 0 [ 2871.560566][T23435] pgrefill 100 [ 2871.560566][T23435] pgscan 100 [ 2871.560566][T23435] pgsteal 0 [ 2871.560566][T23435] pgactivate 66 [ 2871.750414][T23435] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=23435,uid=0 [ 2871.780578][T23435] Memory cgroup out of memory: Killed process 23435 (syz-executor.1) total-vm:72440kB, anon-rss:96kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:126976kB oom_score_adj:0 [ 2871.811071][ T1065] oom_reaper: reaped process 23435 (syz-executor.1), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 2893.491812][T23481] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2893.501182][T23481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2893.512215][T23481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2893.522798][T23481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2894.371168][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2894.380149][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2894.393261][T13846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2894.435022][T23463] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2894.447902][T23463] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2894.471370][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2894.481407][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2894.500498][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2894.509942][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2894.533625][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2894.551943][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2894.576973][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2894.586049][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2894.619910][T23462] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2894.635860][T23462] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2894.661715][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2894.680736][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2894.701772][T21272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2894.752237][T23463] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2906.134220][T23462] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2906.515035][T23540] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2906.534393][T23540] CPU: 0 PID: 23540 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2906.541986][T23540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2906.552060][T23540] Call Trace: [ 2906.555371][T23540] dump_stack+0x172/0x1f0 [ 2906.559807][T23540] dump_header+0x10b/0x82d [ 2906.564255][T23540] oom_kill_process.cold+0x10/0x15 [ 2906.569380][T23540] out_of_memory+0x334/0x1340 [ 2906.574076][T23540] ? retint_kernel+0x2b/0x2b [ 2906.578681][T23540] ? oom_killer_disable+0x280/0x280 [ 2906.583896][T23540] ? mem_cgroup_out_of_memory+0x16a/0x240 [ 2906.589646][T23540] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2906.595204][T23540] ? memcg_stat_show+0xc40/0xc40 [ 2906.600324][T23540] ? retint_kernel+0x2b/0x2b [ 2906.604971][T23540] memory_max_write+0x262/0x3a0 [ 2906.609839][T23540] ? mem_cgroup_write+0x370/0x370 [ 2906.614891][T23540] ? lock_acquire+0x190/0x410 [ 2906.619577][T23540] ? kernfs_fop_write+0x227/0x480 [ 2906.624642][T23540] cgroup_file_write+0x241/0x790 [ 2906.629597][T23540] ? mem_cgroup_write+0x370/0x370 [ 2906.634640][T23540] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2906.640306][T23540] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2906.645953][T23540] kernfs_fop_write+0x2b8/0x480 [ 2906.650840][T23540] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2906.657113][T23540] __vfs_write+0x8a/0x110 [ 2906.661454][T23540] ? kernfs_fop_open+0xd80/0xd80 [ 2906.666434][T23540] vfs_write+0x268/0x5d0 [ 2906.670697][T23540] ksys_write+0x14f/0x290 [ 2906.675040][T23540] ? __ia32_sys_read+0xb0/0xb0 [ 2906.679833][T23540] __x64_sys_write+0x73/0xb0 [ 2906.684431][T23540] ? do_syscall_64+0x5b/0x760 [ 2906.689121][T23540] do_syscall_64+0xfa/0x760 [ 2906.693641][T23540] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2906.699551][T23540] RIP: 0033:0x459a59 [ 2906.703464][T23540] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2906.724296][T23540] RSP: 002b:00007fbafcfd5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2906.732731][T23540] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2906.740802][T23540] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2906.748883][T23540] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2906.756874][T23540] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbafcfd66d4 [ 2906.764857][T23540] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2906.778954][T23540] memory: usage 5300kB, limit 0kB, failcnt 907 [ 2906.802982][T23540] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2906.813797][T23540] Memory cgroup stats for /syz3: [ 2906.820261][T23540] anon 4366336 [ 2906.820261][T23540] file 16384 [ 2906.820261][T23540] kernel_stack 0 [ 2906.820261][T23540] slab 802816 [ 2906.820261][T23540] sock 0 [ 2906.820261][T23540] shmem 0 [ 2906.820261][T23540] file_mapped 0 [ 2906.820261][T23540] file_dirty 0 [ 2906.820261][T23540] file_writeback 0 [ 2906.820261][T23540] anon_thp 4194304 [ 2906.820261][T23540] inactive_anon 0 [ 2906.820261][T23540] active_anon 4366336 [ 2906.820261][T23540] inactive_file 0 [ 2906.820261][T23540] active_file 0 [ 2906.820261][T23540] unevictable 0 [ 2906.820261][T23540] slab_reclaimable 135168 [ 2906.820261][T23540] slab_unreclaimable 667648 [ 2906.820261][T23540] pgfault 31812 [ 2906.820261][T23540] pgmajfault 0 [ 2906.820261][T23540] workingset_refault 0 [ 2906.820261][T23540] workingset_activate 0 [ 2906.820261][T23540] workingset_nodereclaim 0 [ 2906.820261][T23540] pgrefill 100 [ 2906.820261][T23540] pgscan 99 [ 2906.820261][T23540] pgsteal 0 [ 2906.820261][T23540] pgactivate 66 [ 2906.966977][T23540] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23538,uid=0 [ 2906.987638][T23540] Memory cgroup out of memory: Killed process 23538 (syz-executor.3) total-vm:72576kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2907.023072][ T1065] oom_reaper: reaped process 23538 (syz-executor.3), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 2908.462745][T23463] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2908.480797][T23463] CPU: 0 PID: 23463 Comm: syz-executor.3 Not tainted 5.3.0+ #0 [ 2908.488361][T23463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2908.498410][T23463] Call Trace: [ 2908.501702][T23463] dump_stack+0x172/0x1f0 [ 2908.506038][T23463] dump_header+0x10b/0x82d [ 2908.510473][T23463] ? oom_kill_process+0x94/0x3f0 [ 2908.515510][T23463] oom_kill_process.cold+0x10/0x15 [ 2908.520660][T23463] out_of_memory+0x334/0x1340 [ 2908.525348][T23463] ? lock_downgrade+0x920/0x920 [ 2908.530204][T23463] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2908.536008][T23463] ? oom_killer_disable+0x280/0x280 [ 2908.541215][T23463] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2908.546760][T23463] ? memcg_stat_show+0xc40/0xc40 [ 2908.551708][T23463] ? do_raw_spin_unlock+0x57/0x270 [ 2908.556821][T23463] ? _raw_spin_unlock+0x2d/0x50 [ 2908.561673][T23463] try_charge+0xf4b/0x1440 [ 2908.566097][T23463] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2908.571641][T23463] ? percpu_ref_tryget_live+0x111/0x290 [ 2908.577185][T23463] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2908.583445][T23463] ? __kasan_check_read+0x11/0x20 [ 2908.588477][T23463] ? get_mem_cgroup_from_mm+0x156/0x320 [ 2908.594028][T23463] mem_cgroup_try_charge+0x136/0x590 [ 2908.599328][T23463] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2908.604969][T23463] wp_page_copy+0x407/0x1860 [ 2908.609578][T23463] ? find_held_lock+0x35/0x130 [ 2908.614448][T23463] ? do_wp_page+0x53b/0x15c0 [ 2908.619039][T23463] ? pmd_devmap_trans_unstable+0x220/0x220 [ 2908.624844][T23463] ? lock_downgrade+0x920/0x920 [ 2908.629696][T23463] ? swp_swapcount+0x540/0x540 [ 2908.634461][T23463] ? __kasan_check_read+0x11/0x20 [ 2908.639487][T23463] ? do_raw_spin_unlock+0x57/0x270 [ 2908.644607][T23463] do_wp_page+0x543/0x15c0 [ 2908.649032][T23463] ? finish_mkwrite_fault+0x6a0/0x6a0 [ 2908.654415][T23463] __handle_mm_fault+0x23ec/0x4040 [ 2908.659535][T23463] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2908.665101][T23463] ? handle_mm_fault+0x292/0xaa0 [ 2908.670071][T23463] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2908.676316][T23463] ? __kasan_check_read+0x11/0x20 [ 2908.681342][T23463] handle_mm_fault+0x3b7/0xaa0 [ 2908.686123][T23463] __do_page_fault+0x536/0xdd0 [ 2908.690909][T23463] do_page_fault+0x38/0x590 [ 2908.695418][T23463] page_fault+0x39/0x40 [ 2908.699569][T23463] RIP: 0033:0x403522 [ 2908.703464][T23463] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 59 8f 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 79 44 05 00 48 [ 2908.723066][T23463] RSP: 002b:00007fff4a7ecd30 EFLAGS: 00010246 [ 2908.729128][T23463] RAX: 0000000000000000 RBX: 00000000002c5915 RCX: 0000000000413660 [ 2908.737104][T23463] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff4a7ede60 [ 2908.745118][T23463] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000001783940 [ 2908.753087][T23463] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff4a7ede60 [ 2908.761055][T23463] R13: 00007fff4a7ede50 R14: 0000000000000000 R15: 00007fff4a7ede60 [ 2908.774841][T23463] memory: usage 932kB, limit 0kB, failcnt 915 [ 2908.781419][T23463] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2908.788284][T23463] Memory cgroup stats for /syz3: [ 2908.788394][T23463] anon 106496 [ 2908.788394][T23463] file 16384 [ 2908.788394][T23463] kernel_stack 0 [ 2908.788394][T23463] slab 802816 [ 2908.788394][T23463] sock 0 [ 2908.788394][T23463] shmem 0 [ 2908.788394][T23463] file_mapped 0 [ 2908.788394][T23463] file_dirty 0 [ 2908.788394][T23463] file_writeback 0 [ 2908.788394][T23463] anon_thp 0 [ 2908.788394][T23463] inactive_anon 0 [ 2908.788394][T23463] active_anon 106496 [ 2908.788394][T23463] inactive_file 0 [ 2908.788394][T23463] active_file 0 [ 2908.788394][T23463] unevictable 0 [ 2908.788394][T23463] slab_reclaimable 135168 [ 2908.788394][T23463] slab_unreclaimable 667648 [ 2908.788394][T23463] pgfault 31812 [ 2908.788394][T23463] pgmajfault 0 [ 2908.788394][T23463] workingset_refault 0 [ 2908.788394][T23463] workingset_activate 0 [ 2908.788394][T23463] workingset_nodereclaim 0 [ 2908.788394][T23463] pgrefill 100 [ 2908.788394][T23463] pgscan 99 [ 2908.788394][T23463] pgsteal 0 [ 2908.788394][T23463] pgactivate 66 [ 2908.883498][T23463] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=23463,uid=0 [ 2908.899558][T23463] Memory cgroup out of memory: Killed process 23463 (syz-executor.3) total-vm:72444kB, anon-rss:76kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2908.918858][ T1065] oom_reaper: reaped process 23463 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 16:24:57 executing program 2: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0x0, 0x3632}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() r5 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r5, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r4, 0x0, 0x0) 16:24:57 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) socket$kcm(0xa, 0x922000000003, 0x11) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x41100, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r2, r3, 0x2, 0x3}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) write$cgroup_int(r4, 0x0, 0x0) 16:24:57 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup\x00', 0x200002, 0x0) socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$kcm(0xa, 0x922000000003, 0x11) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0x1, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0x39}], &(0x7f0000000140)='syzkaller\x00', 0x7, 0xd9, &(0x7f0000000300)=""/217, 0x0, 0x4, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x4, 0xd, 0x3632, 0x4}, 0x10}, 0x70) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000480)={r3, r4, 0x2, 0x3}, 0x10) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r5 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) gettid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x8000) write$cgroup_int(r5, 0x0, 0x0) [ 2919.704137][T23550] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2919.725628][T23550] CPU: 1 PID: 23550 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2919.733228][T23550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2919.743326][T23550] Call Trace: [ 2919.746666][T23550] dump_stack+0x172/0x1f0 [ 2919.751014][T23550] dump_header+0x10b/0x82d [ 2919.755449][T23550] oom_kill_process.cold+0x10/0x15 [ 2919.760576][T23550] out_of_memory+0x334/0x1340 [ 2919.765270][T23550] ? retint_kernel+0x2b/0x2b [ 2919.769874][T23550] ? oom_killer_disable+0x280/0x280 [ 2919.775102][T23550] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2919.780666][T23550] ? memcg_stat_show+0xc40/0xc40 [ 2919.785645][T23550] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 2919.791468][T23550] ? cgroup_file_notify+0x140/0x1b0 [ 2919.796684][T23550] memory_max_write+0x262/0x3a0 [ 2919.801553][T23550] ? mem_cgroup_write+0x370/0x370 [ 2919.806595][T23550] ? lock_acquire+0x190/0x410 [ 2919.811291][T23550] ? kernfs_fop_write+0x227/0x480 [ 2919.816334][T23550] cgroup_file_write+0x241/0x790 [ 2919.821290][T23550] ? mem_cgroup_write+0x370/0x370 [ 2919.826330][T23550] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2919.831989][T23550] ? cgroup_migrate_add_task+0x8a0/0x8a0 [ 2919.837635][T23550] kernfs_fop_write+0x2b8/0x480 [ 2919.842500][T23550] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2919.848760][T23550] __vfs_write+0x8a/0x110 [ 2919.853108][T23550] ? kernfs_fop_open+0xd80/0xd80 [ 2919.858084][T23550] vfs_write+0x268/0x5d0 [ 2919.862346][T23550] ksys_write+0x14f/0x290 [ 2919.866687][T23550] ? __ia32_sys_read+0xb0/0xb0 [ 2919.871554][T23550] __x64_sys_write+0x73/0xb0 [ 2919.876151][T23550] ? do_syscall_64+0x5b/0x760 [ 2919.880840][T23550] do_syscall_64+0xfa/0x760 [ 2919.885355][T23550] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2919.891250][T23550] RIP: 0033:0x459a59 [ 2919.895154][T23550] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2919.915115][T23550] RSP: 002b:00007fa8f0712c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2919.923538][T23550] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 2919.931610][T23550] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b [ 2919.939587][T23550] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2919.947570][T23550] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa8f07136d4 [ 2919.955545][T23550] R13: 00000000004c9e7e R14: 00000000004e1a90 R15: 00000000ffffffff [ 2920.041792][T23550] memory: usage 5204kB, limit 0kB, failcnt 1051 [ 2920.059284][T23550] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2920.135538][T23550] Memory cgroup stats for /syz2: [ 2920.139001][T23550] anon 4321280 [ 2920.139001][T23550] file 86016 [ 2920.139001][T23550] kernel_stack 0 [ 2920.139001][T23550] slab 671744 [ 2920.139001][T23550] sock 0 [ 2920.139001][T23550] shmem 0 [ 2920.139001][T23550] file_mapped 0 [ 2920.139001][T23550] file_dirty 0 [ 2920.139001][T23550] file_writeback 0 [ 2920.139001][T23550] anon_thp 4194304 [ 2920.139001][T23550] inactive_anon 0 [ 2920.139001][T23550] active_anon 4321280 [ 2920.139001][T23550] inactive_file 0 [ 2920.139001][T23550] active_file 0 [ 2920.139001][T23550] unevictable 0 [ 2920.139001][T23550] slab_reclaimable 135168 [ 2920.139001][T23550] slab_unreclaimable 536576 [ 2920.139001][T23550] pgfault 35970 [ 2920.139001][T23550] pgmajfault 0 [ 2920.139001][T23550] workingset_refault 0 [ 2920.139001][T23550] workingset_activate 0 [ 2920.139001][T23550] workingset_nodereclaim 0 [ 2920.139001][T23550] pgrefill 166 [ 2920.139001][T23550] pgscan 167 [ 2920.139001][T23550] pgsteal 0 [ 2920.139001][T23550] pgactivate 99 [ 2920.356959][T23550] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23549,uid=0 [ 2920.379079][T23550] Memory cgroup out of memory: Killed process 23549 (syz-executor.2) total-vm:72572kB, anon-rss:4192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 2920.408036][ T1065] oom_reaper: reaped process 23549 (syz-executor.2), now anon-rss:0kB, file-rss:34872kB, shmem-rss:0kB [ 2920.528221][T23462] syz-executor.2 invoked oom-killer: gfp_mask=0x40c50(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=0 [ 2920.550685][T23462] CPU: 1 PID: 23462 Comm: syz-executor.2 Not tainted 5.3.0+ #0 [ 2920.558263][T23462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2920.568316][T23462] Call Trace: [ 2920.571612][T23462] dump_stack+0x172/0x1f0 [ 2920.575955][T23462] dump_header+0x10b/0x82d [ 2920.580369][T23462] ? oom_kill_process+0x94/0x3f0 [ 2920.585303][T23462] oom_kill_process.cold+0x10/0x15 [ 2920.590416][T23462] out_of_memory+0x334/0x1340 [ 2920.595090][T23462] ? lock_downgrade+0x920/0x920 [ 2920.599941][T23462] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2920.605756][T23462] ? oom_killer_disable+0x280/0x280 [ 2920.611486][T23462] mem_cgroup_out_of_memory+0x1d8/0x240 [ 2920.617029][T23462] ? memcg_stat_show+0xc40/0xc40 [ 2920.621980][T23462] ? do_raw_spin_unlock+0x57/0x270 [ 2920.627099][T23462] ? _raw_spin_unlock+0x2d/0x50 [ 2920.631958][T23462] try_charge+0xf4b/0x1440 [ 2920.636382][T23462] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2920.641926][T23462] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2920.647568][T23462] ? cache_grow_begin+0x122/0xd20 [ 2920.652594][T23462] ? find_held_lock+0x35/0x130 [ 2920.657357][T23462] ? cache_grow_begin+0x122/0xd20 [ 2920.662397][T23462] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2920.667941][T23462] ? lock_downgrade+0x920/0x920 [ 2920.672800][T23462] ? memcg_kmem_put_cache+0x50/0x50 [ 2920.677999][T23462] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2920.684252][T23462] ? __kasan_check_read+0x11/0x20 [ 2920.689289][T23462] cache_grow_begin+0x629/0xd20 [ 2920.694144][T23462] ? write_comp_data+0x61/0x70 [ 2920.698905][T23462] ? mempolicy_slab_node+0x139/0x390 [ 2920.704199][T23462] fallback_alloc+0x1fd/0x2d0 [ 2920.708970][T23462] ____cache_alloc_node+0x1bc/0x1d0 [ 2920.714334][T23462] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2920.720595][T23462] kmem_cache_alloc+0x1ef/0x710 [ 2920.725451][T23462] ? lock_downgrade+0x920/0x920 [ 2920.730301][T23462] ? rwlock_bug.part.0+0x90/0x90 [ 2920.735333][T23462] ? ratelimit_state_init+0xb0/0xb0 [ 2920.740539][T23462] ext4_alloc_inode+0x1f/0x640 [ 2920.745301][T23462] ? ratelimit_state_init+0xb0/0xb0 [ 2920.750494][T23462] alloc_inode+0x68/0x1e0 [ 2920.754822][T23462] iget_locked+0x1a6/0x4b0 [ 2920.759294][T23462] __ext4_iget+0x265/0x3e20 [ 2920.763806][T23462] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2920.770753][T23462] ? ext4_get_projid+0x190/0x190 [ 2920.775692][T23462] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2920.781238][T23462] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2920.787223][T23462] ? d_alloc_parallel+0xa78/0x1c30 [ 2920.792350][T23462] ext4_lookup+0x3b1/0x7a0 [ 2920.796773][T23462] ? ext4_cross_rename+0x1430/0x1430 [ 2920.802073][T23462] ? __lock_acquire+0x16f2/0x4a00 [ 2920.807095][T23462] ? __kasan_check_read+0x11/0x20 [ 2920.812903][T23462] ? lockdep_init_map+0x1be/0x6d0 [ 2920.817966][T23462] __lookup_slow+0x279/0x500 [ 2920.822562][T23462] ? vfs_unlink+0x620/0x620 [ 2920.828570][T23462] lookup_slow+0x58/0x80 [ 2920.832816][T23462] path_mountpoint+0x5d2/0x1e60 [ 2920.837668][T23462] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 2920.843216][T23462] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 2920.849202][T23462] ? path_openat+0x46d0/0x46d0 [ 2920.853979][T23462] filename_mountpoint+0x18e/0x390 [ 2920.859180][T23462] ? filename_parentat.isra.0+0x410/0x410 [ 2920.864913][T23462] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 2920.871087][T23462] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2920.877329][T23462] ? __phys_addr_symbol+0x30/0x70 [ 2920.882352][T23462] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2920.888071][T23462] ? __check_object_size+0x3d/0x437 [ 2920.893276][T23462] ? strncpy_from_user+0x2b4/0x400 [ 2920.898395][T23462] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2920.904642][T23462] ? getname_flags+0x277/0x5b0 [ 2920.909410][T23462] user_path_mountpoint_at+0x3a/0x50 [ 2920.914698][T23462] ksys_umount+0x164/0xf00 [ 2920.919113][T23462] ? __ia32_sys_rmdir+0x40/0x40 [ 2920.923969][T23462] ? __detach_mounts+0x2a0/0x2a0 [ 2920.929092][T23462] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2920.935333][T23462] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2920.940817][T23462] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 2920.946270][T23462] ? do_syscall_64+0x26/0x760 [ 2920.950945][T23462] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2920.957007][T23462] ? do_syscall_64+0x26/0x760 [ 2920.961706][T23462] ? lockdep_hardirqs_on+0x421/0x5e0 [ 2920.966994][T23462] __x64_sys_umount+0x54/0x80 [ 2920.971670][T23462] do_syscall_64+0xfa/0x760 [ 2920.976174][T23462] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2920.982064][T23462] RIP: 0033:0x45c487 [ 2920.985959][T23462] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2921.005586][T23462] RSP: 002b:00007ffef2f8ef48 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 2921.014002][T23462] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c487 [ 2921.021976][T23462] RDX: 0000000000403550 RSI: 0000000000000002 RDI: 00007ffef2f8eff0 [ 2921.029947][T23462] RBP: 0000000000000005 R08: 0000000000000000 R09: 000000000000000e [ 2921.037916][T23462] R10: 000000000000000a R11: 0000000000000202 R12: 00007ffef2f90080 [ 2921.045886][T23462] R13: 0000000001a29940 R14: 0000000000000000 R15: 00007ffef2f90080 [ 2921.060252][T23462] memory: usage 820kB, limit 0kB, failcnt 1063 [ 2921.067435][T23462] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2921.074789][T23462] Memory cgroup stats for /syz2: [ 2921.074893][T23462] anon 53248 [ 2921.074893][T23462] file 86016 [ 2921.074893][T23462] kernel_stack 0 [ 2921.074893][T23462] slab 671744 [ 2921.074893][T23462] sock 0 [ 2921.074893][T23462] shmem 0 [ 2921.074893][T23462] file_mapped 0 [ 2921.074893][T23462] file_dirty 0 [ 2921.074893][T23462] file_writeback 0 [ 2921.074893][T23462] anon_thp 0 [ 2921.074893][T23462] inactive_anon 0 [ 2921.074893][T23462] active_anon 53248 [ 2921.074893][T23462] inactive_file 0 [ 2921.074893][T23462] active_file 0 [ 2921.074893][T23462] unevictable 0 [ 2921.074893][T23462] slab_reclaimable 135168 [ 2921.074893][T23462] slab_unreclaimable 536576 [ 2921.074893][T23462] pgfault 35970 [ 2921.074893][T23462] pgmajfault 0 [ 2921.074893][T23462] workingset_refault 0 [ 2921.074893][T23462] workingset_activate 0 [ 2921.074893][T23462] workingset_nodereclaim 0 [ 2921.074893][T23462] pgrefill 166 [ 2921.074893][T23462] pgscan 167 [ 2921.074893][T23462] pgsteal 0 [ 2921.074893][T23462] pgactivate 99 [ 2921.260641][T23462] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23462,uid=0 [ 2921.290838][T23462] Memory cgroup out of memory: Killed process 23462 (syz-executor.2) total-vm:72440kB, anon-rss:96kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:122880kB oom_score_adj:0 [ 2931.986997][T23554] IPVS: ftp: loaded support on port[0] = 21 [ 2932.002612][T23552] IPVS: ftp: loaded support on port[0] = 21 [ 2943.821631][T23552] chnl_net:caif_netlink_parms(): no params data found [ 2943.836715][T23558] IPVS: ftp: loaded support on port[0] = 21 [ 2943.859990][T23554] chnl_net:caif_netlink_parms(): no params data found [ 2943.993794][T23552] bridge0: port 1(bridge_slave_0) entered blocking state [ 2944.001842][T23552] bridge0: port 1(bridge_slave_0) entered disabled state [ 2944.021163][T23552] device bridge_slave_0 entered promiscuous mode [ 2955.392264][T23554] bridge0: port 1(bridge_slave_0) entered blocking state [ 2955.399350][T23554] bridge0: port 1(bridge_slave_0) entered disabled state [ 2955.409248][T23554] device bridge_slave_0 entered promiscuous mode [ 2955.419325][T23552] bridge0: port 2(bridge_slave_1) entered blocking state [ 2955.427469][T23552] bridge0: port 2(bridge_slave_1) entered disabled state [ 2955.437096][T23552] device bridge_slave_1 entered promiscuous mode [ 2955.455880][T23554] bridge0: port 2(bridge_slave_1) entered blocking state [ 2955.463846][T23554] bridge0: port 2(bridge_slave_1) entered disabled state [ 2955.472785][T23554] device bridge_slave_1 entered promiscuous mode [ 2955.502716][T23552] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2955.545851][T23554] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2955.558061][T23552] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2967.085374][T23554] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2978.603177][T23552] team0: Port device team_slave_0 added [ 2978.613550][T23554] team0: Port device team_slave_0 added [ 2978.656145][T23554] team0: Port device team_slave_1 added [ 2978.672536][T23552] team0: Port device team_slave_1 added [ 2978.766276][T23554] device hsr_slave_0 entered promiscuous mode [ 2978.801709][T23554] device hsr_slave_1 entered promiscuous mode [ 2978.860646][T23554] debugfs: Directory 'hsr0' with parent '/' already present! [ 2978.887058][T23558] chnl_net:caif_netlink_parms(): no params data found [ 2990.284537][T23552] device hsr_slave_0 entered promiscuous mode [ 2990.341850][T23552] device hsr_slave_1 entered promiscuous mode [ 2990.390939][T23552] debugfs: Directory 'hsr0' with parent '/' already present! [ 2990.471055][T23558] bridge0: port 1(bridge_slave_0) entered blocking state [ 2990.478232][T23558] bridge0: port 1(bridge_slave_0) entered disabled state [ 2990.502682][T23558] device bridge_slave_0 entered promiscuous mode [ 2990.533817][T23558] bridge0: port 2(bridge_slave_1) entered blocking state [ 2990.550457][T23558] bridge0: port 2(bridge_slave_1) entered disabled state [ 2990.586143][T23558] device bridge_slave_1 entered promiscuous mode [ 2990.693544][T23558] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2990.723077][T23558] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2990.827460][T23558] team0: Port device team_slave_0 added [ 2990.907834][T23558] team0: Port device team_slave_1 added [ 2991.007376][T19850] device bridge_slave_1 left promiscuous mode [ 2991.014071][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2991.085023][T19850] device bridge_slave_0 left promiscuous mode [ 2991.091860][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2991.153304][T19850] device bridge_slave_1 left promiscuous mode [ 2991.159526][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2991.212282][T19850] device bridge_slave_0 left promiscuous mode [ 2991.218513][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2991.383359][T19850] device bridge_slave_1 left promiscuous mode [ 2991.389596][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2991.432217][T19850] device bridge_slave_0 left promiscuous mode [ 2991.439751][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2991.505224][T19850] device bridge_slave_1 left promiscuous mode [ 2991.512378][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2991.632204][T19850] device bridge_slave_0 left promiscuous mode [ 2991.638428][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2991.703102][T19850] device bridge_slave_1 left promiscuous mode [ 2991.709428][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2991.802153][T19850] device bridge_slave_0 left promiscuous mode [ 2991.808405][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2991.884544][T19850] device bridge_slave_1 left promiscuous mode [ 2991.892584][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2991.943612][T19850] device bridge_slave_0 left promiscuous mode [ 2991.960627][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2992.013241][T19850] device bridge_slave_1 left promiscuous mode [ 2992.019516][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2992.072581][T19850] device bridge_slave_0 left promiscuous mode [ 2992.078821][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2992.144558][T19850] device bridge_slave_1 left promiscuous mode [ 2992.151602][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2992.272208][T19850] device bridge_slave_0 left promiscuous mode [ 2992.278490][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2992.323300][T19850] device bridge_slave_1 left promiscuous mode [ 2992.329734][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2992.402061][T19850] device bridge_slave_0 left promiscuous mode [ 2992.408440][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2992.493193][T19850] device bridge_slave_1 left promiscuous mode [ 2992.499704][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2992.612088][T19850] device bridge_slave_0 left promiscuous mode [ 2992.618320][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2992.714405][T19850] device bridge_slave_1 left promiscuous mode [ 2992.721359][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2992.812161][T19850] device bridge_slave_0 left promiscuous mode [ 2992.818412][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2992.883280][T19850] device bridge_slave_1 left promiscuous mode [ 2992.889515][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2992.993831][T19850] device bridge_slave_0 left promiscuous mode [ 2993.000064][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2993.093209][T19850] device bridge_slave_1 left promiscuous mode [ 2993.099434][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2993.172189][T19850] device bridge_slave_0 left promiscuous mode [ 2993.178418][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2993.272648][T19850] device bridge_slave_1 left promiscuous mode [ 2993.282972][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2993.362077][T19850] device bridge_slave_0 left promiscuous mode [ 2993.368312][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2993.493176][T19850] device bridge_slave_1 left promiscuous mode [ 2993.499398][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2993.562147][T19850] device bridge_slave_0 left promiscuous mode [ 2993.568384][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2993.633166][T19850] device bridge_slave_1 left promiscuous mode [ 2993.639411][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2993.682086][T19850] device bridge_slave_0 left promiscuous mode [ 2993.688313][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2993.753219][T19850] device bridge_slave_1 left promiscuous mode [ 2993.759619][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2993.831140][T19850] device bridge_slave_0 left promiscuous mode [ 2993.837370][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2993.892407][T19850] device bridge_slave_1 left promiscuous mode [ 2993.898636][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2993.962176][T19850] device bridge_slave_0 left promiscuous mode [ 2993.968414][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2994.083256][T19850] device bridge_slave_1 left promiscuous mode [ 2994.089492][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2994.202060][T19850] device bridge_slave_0 left promiscuous mode [ 2994.208426][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2994.282348][T19850] device bridge_slave_1 left promiscuous mode [ 2994.290961][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2994.372030][T19850] device bridge_slave_0 left promiscuous mode [ 2994.378280][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2994.503291][T19850] device bridge_slave_1 left promiscuous mode [ 2994.509521][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2994.602133][T19850] device bridge_slave_0 left promiscuous mode [ 2994.608384][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2994.703467][T19850] device bridge_slave_1 left promiscuous mode [ 2994.709704][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2994.761945][T19850] device bridge_slave_0 left promiscuous mode [ 2994.768278][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2994.833154][T19850] device bridge_slave_1 left promiscuous mode [ 2994.839392][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2994.922078][T19850] device bridge_slave_0 left promiscuous mode [ 2994.928304][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2995.093124][T19850] device bridge_slave_1 left promiscuous mode [ 2995.099362][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2995.222268][T19850] device bridge_slave_0 left promiscuous mode [ 2995.228526][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2995.283202][T19850] device bridge_slave_1 left promiscuous mode [ 2995.289514][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2995.401962][T19850] device bridge_slave_0 left promiscuous mode [ 2995.408205][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2995.463103][T19850] device bridge_slave_1 left promiscuous mode [ 2995.469326][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2995.591882][T19850] device bridge_slave_0 left promiscuous mode [ 2995.598110][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2995.703219][T19850] device bridge_slave_1 left promiscuous mode [ 2995.709456][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2995.761903][T19850] device bridge_slave_0 left promiscuous mode [ 2995.768307][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2995.843200][T19850] device bridge_slave_1 left promiscuous mode [ 2995.849434][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2995.942333][T19850] device bridge_slave_0 left promiscuous mode [ 2995.948813][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2996.073534][T19850] device bridge_slave_1 left promiscuous mode [ 2996.079821][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2996.182187][T19850] device bridge_slave_0 left promiscuous mode [ 2996.188481][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2996.253557][T19850] device bridge_slave_1 left promiscuous mode [ 2996.260168][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2996.372336][T19850] device bridge_slave_0 left promiscuous mode [ 2996.378618][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2996.473494][T19850] device bridge_slave_1 left promiscuous mode [ 2996.479784][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2996.532340][T19850] device bridge_slave_0 left promiscuous mode [ 2996.538616][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2996.603628][T19850] device bridge_slave_1 left promiscuous mode [ 2996.609880][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2996.702494][T19850] device bridge_slave_0 left promiscuous mode [ 2996.708741][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2996.803599][T19850] device bridge_slave_1 left promiscuous mode [ 2996.809953][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2996.872265][T19850] device bridge_slave_0 left promiscuous mode [ 2996.878882][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2996.993314][T19850] device bridge_slave_1 left promiscuous mode [ 2996.999638][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2997.082003][T19850] device bridge_slave_0 left promiscuous mode [ 2997.088232][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2997.143149][T19850] device bridge_slave_1 left promiscuous mode [ 2997.149381][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2997.241982][T19850] device bridge_slave_0 left promiscuous mode [ 2997.248218][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2997.453098][T19850] device bridge_slave_1 left promiscuous mode [ 2997.460115][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2997.521805][T19850] device bridge_slave_0 left promiscuous mode [ 2997.528041][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2997.593088][T19850] device bridge_slave_1 left promiscuous mode [ 2997.599495][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2997.701938][T19850] device bridge_slave_0 left promiscuous mode [ 2997.708168][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2997.773031][T19850] device bridge_slave_1 left promiscuous mode [ 2997.779268][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2997.841832][T19850] device bridge_slave_0 left promiscuous mode [ 2997.848064][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2997.962990][T19850] device bridge_slave_1 left promiscuous mode [ 2997.969225][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2998.043315][T19850] device bridge_slave_0 left promiscuous mode [ 2998.049540][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2998.093047][T19850] device bridge_slave_1 left promiscuous mode [ 2998.099366][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2998.171871][T19850] device bridge_slave_0 left promiscuous mode [ 2998.178096][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2998.223393][T19850] device bridge_slave_1 left promiscuous mode [ 2998.229632][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2998.271885][T19850] device bridge_slave_0 left promiscuous mode [ 2998.278229][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2998.343122][T19850] device bridge_slave_1 left promiscuous mode [ 2998.349344][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2998.521941][T19850] device bridge_slave_0 left promiscuous mode [ 2998.528177][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2998.592992][T19850] device bridge_slave_1 left promiscuous mode [ 2998.599241][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2998.660931][T19850] device bridge_slave_0 left promiscuous mode [ 2998.667255][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2998.733061][T19850] device bridge_slave_1 left promiscuous mode [ 2998.739298][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2998.821879][T19850] device bridge_slave_0 left promiscuous mode [ 2998.828112][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2998.912991][T19850] device bridge_slave_1 left promiscuous mode [ 2998.919449][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2998.992035][T19850] device bridge_slave_0 left promiscuous mode [ 2998.998324][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2999.092048][T19850] device bridge_slave_1 left promiscuous mode [ 2999.098588][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2999.172184][T19850] device bridge_slave_0 left promiscuous mode [ 2999.178460][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2999.293447][T19850] device bridge_slave_1 left promiscuous mode [ 2999.299762][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2999.362173][T19850] device bridge_slave_0 left promiscuous mode [ 2999.368438][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2999.423634][T19850] device bridge_slave_1 left promiscuous mode [ 2999.430196][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2999.502252][T19850] device bridge_slave_0 left promiscuous mode [ 2999.508524][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2999.573392][T19850] device bridge_slave_1 left promiscuous mode [ 2999.579656][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2999.632074][T19850] device bridge_slave_0 left promiscuous mode [ 2999.638339][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2999.713437][T19850] device bridge_slave_1 left promiscuous mode [ 2999.719885][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 2999.862024][T19850] device bridge_slave_0 left promiscuous mode [ 2999.868294][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 2999.943197][T19850] device bridge_slave_1 left promiscuous mode [ 2999.949444][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3000.031721][T19850] device bridge_slave_0 left promiscuous mode [ 3000.037948][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3000.114384][T19850] device bridge_slave_1 left promiscuous mode [ 3000.121546][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3000.241958][T19850] device bridge_slave_0 left promiscuous mode [ 3000.248184][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3000.343143][T19850] device bridge_slave_1 left promiscuous mode [ 3000.349355][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3000.391908][T19850] device bridge_slave_0 left promiscuous mode [ 3000.398130][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3000.512933][T19850] device bridge_slave_1 left promiscuous mode [ 3000.519154][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3000.601751][T19850] device bridge_slave_0 left promiscuous mode [ 3000.607977][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3000.673022][T19850] device bridge_slave_1 left promiscuous mode [ 3000.679272][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3000.841673][T19850] device bridge_slave_0 left promiscuous mode [ 3000.847904][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3000.903035][T19850] device bridge_slave_1 left promiscuous mode [ 3000.909266][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3000.971719][T19850] device bridge_slave_0 left promiscuous mode [ 3000.977945][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3001.092249][T19850] device bridge_slave_1 left promiscuous mode [ 3001.098475][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3001.151944][T19850] device bridge_slave_0 left promiscuous mode [ 3001.158187][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3001.212938][T19850] device bridge_slave_1 left promiscuous mode [ 3001.219174][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3001.311758][T19850] device bridge_slave_0 left promiscuous mode [ 3001.318151][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3001.432944][T19850] device bridge_slave_1 left promiscuous mode [ 3001.439191][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3001.551855][T19850] device bridge_slave_0 left promiscuous mode [ 3001.558100][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3001.643081][T19850] device bridge_slave_1 left promiscuous mode [ 3001.649412][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3001.702124][T19850] device bridge_slave_0 left promiscuous mode [ 3001.708372][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3001.823644][T19850] device bridge_slave_1 left promiscuous mode [ 3001.829891][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3001.922101][T19850] device bridge_slave_0 left promiscuous mode [ 3001.928397][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3001.983658][T19850] device bridge_slave_1 left promiscuous mode [ 3001.989922][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3002.111885][T19850] device bridge_slave_0 left promiscuous mode [ 3002.118154][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3002.233518][T19850] device bridge_slave_1 left promiscuous mode [ 3002.239792][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3002.292071][T19850] device bridge_slave_0 left promiscuous mode [ 3002.298342][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3002.394281][T19850] device bridge_slave_1 left promiscuous mode [ 3002.401477][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3002.512018][T19850] device bridge_slave_0 left promiscuous mode [ 3002.518309][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3002.634001][T19850] device bridge_slave_1 left promiscuous mode [ 3002.640280][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3002.751965][T19850] device bridge_slave_0 left promiscuous mode [ 3002.758228][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3002.833670][T19850] device bridge_slave_1 left promiscuous mode [ 3002.839939][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3002.931660][T19850] device bridge_slave_0 left promiscuous mode [ 3002.937909][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3003.053077][T19850] device bridge_slave_1 left promiscuous mode [ 3003.059327][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3003.161576][T19850] device bridge_slave_0 left promiscuous mode [ 3003.167818][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3003.213074][T19850] device bridge_slave_1 left promiscuous mode [ 3003.219317][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3003.291875][T19850] device bridge_slave_0 left promiscuous mode [ 3003.298108][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3003.373182][T19850] device bridge_slave_1 left promiscuous mode [ 3003.379429][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3003.441799][T19850] device bridge_slave_0 left promiscuous mode [ 3003.448023][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3003.523428][T19850] device bridge_slave_1 left promiscuous mode [ 3003.529669][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3003.601693][T19850] device bridge_slave_0 left promiscuous mode [ 3003.607976][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3003.683125][T19850] device bridge_slave_1 left promiscuous mode [ 3003.689370][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3003.761801][T19850] device bridge_slave_0 left promiscuous mode [ 3003.768039][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3003.892925][T19850] device bridge_slave_1 left promiscuous mode [ 3003.899163][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3003.972117][T19850] device bridge_slave_0 left promiscuous mode [ 3003.978354][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3004.067862][T19850] device bridge_slave_1 left promiscuous mode [ 3004.076497][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3004.151801][T19850] device bridge_slave_0 left promiscuous mode [ 3004.158037][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3004.242884][T19850] device bridge_slave_1 left promiscuous mode [ 3004.249222][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3004.351625][T19850] device bridge_slave_0 left promiscuous mode [ 3004.357927][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3004.432944][T19850] device bridge_slave_1 left promiscuous mode [ 3004.439198][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3004.551755][T19850] device bridge_slave_0 left promiscuous mode [ 3004.557999][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3004.612871][T19850] device bridge_slave_1 left promiscuous mode [ 3004.619443][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3004.681583][T19850] device bridge_slave_0 left promiscuous mode [ 3004.687913][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3004.742960][T19850] device bridge_slave_1 left promiscuous mode [ 3004.749200][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3004.811642][T19850] device bridge_slave_0 left promiscuous mode [ 3004.818081][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3004.893092][T19850] device bridge_slave_1 left promiscuous mode [ 3004.899334][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3004.951752][T19850] device bridge_slave_0 left promiscuous mode [ 3004.958123][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3005.114215][T19850] device bridge_slave_1 left promiscuous mode [ 3005.121144][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3005.211771][T19850] device bridge_slave_0 left promiscuous mode [ 3005.218023][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3005.334587][T19850] device bridge_slave_1 left promiscuous mode [ 3005.347487][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3005.412325][T19850] device bridge_slave_0 left promiscuous mode [ 3005.418552][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3005.542931][T19850] device bridge_slave_1 left promiscuous mode [ 3005.549181][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3005.641792][T19850] device bridge_slave_0 left promiscuous mode [ 3005.648093][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3005.712969][T19850] device bridge_slave_1 left promiscuous mode [ 3005.719363][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3005.771767][T19850] device bridge_slave_0 left promiscuous mode [ 3005.778013][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3005.853062][T19850] device bridge_slave_1 left promiscuous mode [ 3005.859303][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3005.901742][T19850] device bridge_slave_0 left promiscuous mode [ 3005.907979][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3005.963136][T19850] device bridge_slave_1 left promiscuous mode [ 3005.969381][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3006.021706][T19850] device bridge_slave_0 left promiscuous mode [ 3006.027944][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3006.102983][T19850] device bridge_slave_1 left promiscuous mode [ 3006.109255][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3006.161748][T19850] device bridge_slave_0 left promiscuous mode [ 3006.167987][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3006.322926][T19850] device bridge_slave_1 left promiscuous mode [ 3006.329175][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3006.451580][T19850] device bridge_slave_0 left promiscuous mode [ 3006.457819][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3006.543006][T19850] device bridge_slave_1 left promiscuous mode [ 3006.549246][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3006.601712][T19850] device bridge_slave_0 left promiscuous mode [ 3006.607941][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3006.672903][T19850] device bridge_slave_1 left promiscuous mode [ 3006.679128][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3006.761484][T19850] device bridge_slave_0 left promiscuous mode [ 3006.768065][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3006.843121][T19850] device bridge_slave_1 left promiscuous mode [ 3006.849366][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3006.942913][T19850] device bridge_slave_0 left promiscuous mode [ 3006.949171][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3007.003128][T19850] device bridge_slave_1 left promiscuous mode [ 3007.009449][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3007.091731][T19850] device bridge_slave_0 left promiscuous mode [ 3007.097959][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3007.212914][T19850] device bridge_slave_1 left promiscuous mode [ 3007.219157][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3007.271648][T19850] device bridge_slave_0 left promiscuous mode [ 3007.277870][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3007.382833][T19850] device bridge_slave_1 left promiscuous mode [ 3007.389067][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3007.571471][T19850] device bridge_slave_0 left promiscuous mode [ 3007.577707][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3007.632921][T19850] device bridge_slave_1 left promiscuous mode [ 3007.639151][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3007.731506][T19850] device bridge_slave_0 left promiscuous mode [ 3007.737735][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3007.812981][T19850] device bridge_slave_1 left promiscuous mode [ 3007.819216][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3007.931761][T19850] device bridge_slave_0 left promiscuous mode [ 3007.938029][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3008.033294][T19850] device bridge_slave_1 left promiscuous mode [ 3008.039566][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3008.091743][T19850] device bridge_slave_0 left promiscuous mode [ 3008.097996][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3008.154292][T19850] device bridge_slave_1 left promiscuous mode [ 3008.161389][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3008.232205][T19850] device bridge_slave_0 left promiscuous mode [ 3008.238470][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3008.333307][T19850] device bridge_slave_1 left promiscuous mode [ 3008.339599][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3008.391879][T19850] device bridge_slave_0 left promiscuous mode [ 3008.398131][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3008.463437][T19850] device bridge_slave_1 left promiscuous mode [ 3008.469708][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3008.542222][T19850] device bridge_slave_0 left promiscuous mode [ 3008.548485][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3008.603425][T19850] device bridge_slave_1 left promiscuous mode [ 3008.609743][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3008.691828][T19850] device bridge_slave_0 left promiscuous mode [ 3008.698091][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3008.833351][T19850] device bridge_slave_1 left promiscuous mode [ 3008.839597][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3008.911735][T19850] device bridge_slave_0 left promiscuous mode [ 3008.918041][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3009.003031][T19850] device bridge_slave_1 left promiscuous mode [ 3009.009275][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3009.071557][T19850] device bridge_slave_0 left promiscuous mode [ 3009.077789][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3009.172935][T19850] device bridge_slave_1 left promiscuous mode [ 3009.179175][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3009.241611][T19850] device bridge_slave_0 left promiscuous mode [ 3009.248364][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3009.302833][T19850] device bridge_slave_1 left promiscuous mode [ 3009.309340][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3009.361569][T19850] device bridge_slave_0 left promiscuous mode [ 3009.367809][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3009.442852][T19850] device bridge_slave_1 left promiscuous mode [ 3009.449087][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 3009.561758][T19850] device bridge_slave_0 left promiscuous mode [ 3009.567985][T19850] bridge0: port 1(bridge_slave_0) entered disabled state [ 3151.260873][ T1064] INFO: task kworker/0:7:13846 blocked for more than 143 seconds. [ 3151.268742][ T1064] Not tainted 5.3.0+ #0 [ 3151.280329][ T1064] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3151.289021][ T1064] kworker/0:7 D26288 13846 2 0x80004000 [ 3151.320431][ T1064] Workqueue: events switchdev_deferred_process_work [ 3151.327065][ T1064] Call Trace: [ 3151.340725][ T1064] __schedule+0x94f/0x1e70 [ 3151.345192][ T1064] ? __sched_text_start+0x8/0x8 [ 3151.350058][ T1064] ? __kasan_check_read+0x11/0x20 [ 3151.361423][ T1064] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3151.367628][ T1064] schedule+0xd9/0x260 [ 3151.390355][ T1064] schedule_preempt_disabled+0x13/0x20 [ 3151.395872][ T1064] __mutex_lock+0x7b0/0x13c0 [ 3151.410348][ T1064] ? rtnl_lock+0x17/0x20 [ 3151.414637][ T1064] ? mutex_trylock+0x2d0/0x2d0 [ 3151.419414][ T1064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3151.440421][ T1064] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 3151.446636][ T1064] mutex_lock_nested+0x16/0x20 [ 3151.460407][ T1064] ? mutex_lock_nested+0x16/0x20 [ 3151.465390][ T1064] rtnl_lock+0x17/0x20 [ 3151.469467][ T1064] switchdev_deferred_process_work+0xe/0x20 [ 3151.491245][ T1064] process_one_work+0x9af/0x1740 [ 3151.496233][ T1064] ? pwq_dec_nr_in_flight+0x320/0x320 [ 3151.510358][ T1064] ? lock_acquire+0x190/0x410 [ 3151.515085][ T1064] worker_thread+0x98/0xe40 [ 3151.519590][ T1064] ? trace_hardirqs_on+0x67/0x240 [ 3151.540422][ T1064] kthread+0x361/0x430 [ 3151.544530][ T1064] ? process_one_work+0x1740/0x1740 [ 3151.549724][ T1064] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3151.570350][ T1064] ret_from_fork+0x24/0x30 [ 3151.590389][ T1064] INFO: task kworker/0:2:21272 blocked for more than 143 seconds. [ 3151.598282][ T1064] Not tainted 5.3.0+ #0 [ 3151.603750][ T1064] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3151.612789][ T1064] kworker/0:2 D25904 21272 2 0x80004000 [ 3151.619144][ T1064] Workqueue: events linkwatch_event [ 3151.627255][ T1064] Call Trace: [ 3151.630956][ T1064] __schedule+0x94f/0x1e70 [ 3151.635394][ T1064] ? __sched_text_start+0x8/0x8 [ 3151.640237][ T1064] ? __kasan_check_read+0x11/0x20 [ 3151.645720][ T1064] ? _raw_spin_unlock_irq+0x5e/0x90 [ 3151.651261][ T1064] schedule+0xd9/0x260 [ 3151.655333][ T1064] schedule_preempt_disabled+0x13/0x20 [ 3151.661585][ T1064] __mutex_lock+0x7b0/0x13c0 [ 3151.666192][ T1064] ? rtnl_lock+0x17/0x20 [ 3151.670804][ T1064] ? mutex_trylock+0x2d0/0x2d0 [ 3151.675668][ T1064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3151.682304][ T1064] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 3151.688474][ T1064] mutex_lock_nested+0x16/0x20 [ 3151.693599][ T1064] ? mutex_lock_nested+0x16/0x20 [ 3151.698572][ T1064] rtnl_lock+0x17/0x20 [ 3151.710532][ T1064] linkwatch_event+0xf/0x70 [ 3151.715064][ T1064] process_one_work+0x9af/0x1740 [ 3151.720010][ T1064] ? pwq_dec_nr_in_flight+0x320/0x320 [ 3151.741358][ T1064] ? lock_acquire+0x190/0x410 [ 3151.746099][ T1064] worker_thread+0x98/0xe40 [ 3151.770362][ T1064] ? trace_hardirqs_on+0x67/0x240 [ 3151.775454][ T1064] kthread+0x361/0x430 [ 3151.779523][ T1064] ? process_one_work+0x1740/0x1740 [ 3151.800350][ T1064] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3151.806638][ T1064] ret_from_fork+0x24/0x30 [ 3151.811238][ T1064] INFO: task syz-executor.4:23558 blocked for more than 143 seconds. [ 3151.819301][ T1064] Not tainted 5.3.0+ #0 [ 3151.840326][ T1064] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3151.849046][ T1064] syz-executor.4 D24568 23558 1 0x00004004 [ 3151.855827][ T1064] Call Trace: [ 3151.859144][ T1064] __schedule+0x94f/0x1e70 [ 3151.863910][ T1064] ? __sched_text_start+0x8/0x8 [ 3151.868764][ T1064] ? lock_downgrade+0x920/0x920 [ 3151.873992][ T1064] ? rwlock_bug.part.0+0x90/0x90 [ 3151.878942][ T1064] schedule+0xd9/0x260 [ 3151.883327][ T1064] schedule_preempt_disabled+0x13/0x20 [ 3151.888788][ T1064] __mutex_lock+0x7b0/0x13c0 [ 3151.893739][ T1064] ? rtnetlink_rcv_msg+0x40a/0xb00 [ 3151.898865][ T1064] ? mutex_trylock+0x2d0/0x2d0 [ 3151.905395][ T1064] ? find_held_lock+0x35/0x130 [ 3151.910174][ T1064] ? rtnetlink_rcv_msg+0x3d0/0xb00 [ 3151.915871][ T1064] ? lock_downgrade+0x920/0x920 [ 3151.921014][ T1064] ? rcu_read_lock_held_common+0x130/0x130 [ 3151.926830][ T1064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3151.934517][ T1064] mutex_lock_nested+0x16/0x20 [ 3151.939299][ T1064] ? mutex_lock_nested+0x16/0x20 [ 3151.960352][ T1064] rtnetlink_rcv_msg+0x40a/0xb00 [ 3151.965343][ T1064] ? rtnl_bridge_getlink+0x910/0x910 [ 3151.980481][ T1064] ? lock_downgrade+0x920/0x920 [ 3151.985379][ T1064] ? netlink_deliver_tap+0x22d/0xbf0 [ 3152.000373][ T1064] ? find_held_lock+0x35/0x130 [ 3152.005183][ T1064] netlink_rcv_skb+0x177/0x450 [ 3152.009953][ T1064] ? rtnl_bridge_getlink+0x910/0x910 [ 3152.030410][ T1064] ? netlink_ack+0xb50/0xb50 [ 3152.035041][ T1064] ? __kasan_check_read+0x11/0x20 [ 3152.040069][ T1064] ? netlink_deliver_tap+0x254/0xbf0 [ 3152.060923][ T1064] rtnetlink_rcv+0x1d/0x30 [ 3152.065423][ T1064] netlink_unicast+0x531/0x710 [ 3152.070195][ T1064] ? netlink_attachskb+0x7c0/0x7c0 [ 3152.090428][ T1064] ? _copy_from_iter_full+0x25d/0x8c0 [ 3152.095847][ T1064] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3152.102142][ T1064] ? __check_object_size+0x3d/0x437 [ 3152.107361][ T1064] netlink_sendmsg+0x8a5/0xd60 [ 3152.112524][ T1064] ? netlink_unicast+0x710/0x710 [ 3152.117468][ T1064] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 3152.123453][ T1064] ? apparmor_socket_sendmsg+0x2a/0x30 [ 3152.128924][ T1064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3152.135781][ T1064] ? security_socket_sendmsg+0x8d/0xc0 [ 3152.141878][ T1064] ? netlink_unicast+0x710/0x710 [ 3152.146839][ T1064] sock_sendmsg+0xd7/0x130 [ 3152.152630][ T1064] __sys_sendto+0x262/0x380 [ 3152.157151][ T1064] ? __ia32_sys_getpeername+0xb0/0xb0 [ 3152.162993][ T1064] ? lock_downgrade+0x920/0x920 [ 3152.167856][ T1064] ? lockdep_hardirqs_on+0x421/0x5e0 [ 3152.173612][ T1064] ? __blkcg_punt_bio_submit+0x1e0/0x1e0 [ 3152.179266][ T1064] ? unlock_page_memcg+0x40/0x40 [ 3152.184688][ T1064] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3152.190245][ T1064] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3152.200416][ T1064] ? do_syscall_64+0x26/0x760 [ 3152.205425][ T1064] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3152.220451][ T1064] __x64_sys_sendto+0xe1/0x1a0 [ 3152.225377][ T1064] do_syscall_64+0xfa/0x760 [ 3152.229894][ T1064] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3152.250490][ T1064] RIP: 0033:0x4138a3 [ 3152.254440][ T1064] Code: 30 44 00 b9 11 00 00 00 48 89 ee f3 a6 75 0c 48 c7 03 b0 39 41 00 e9 1a ff ff ff bf b5 30 44 00 b9 18 00 00 00 48 89 ee f3 a6 <75> 0c 48 c7 03 10 37 41 00 e9 fd fe ff ff bf cd 30 44 00 b9 0a 00 [ 3152.300492][ T1064] RSP: 002b:00007fff828173f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 3152.308953][ T1064] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004138a3 [ 3152.330499][ T1064] RDX: 0000000000000048 RSI: 0000000000a70070 RDI: 0000000000000003 [ 3152.338519][ T1064] RBP: 000000000000000a R08: 00007fff82817400 R09: 000000000000000c [ 3152.347361][ T1064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 3152.355841][ T1064] R13: 00000000004beb52 R14: 00007fff82817530 R15: 0000000000000006 [ 3152.364445][ T1064] INFO: task syz-executor.0:23561 blocked for more than 144 seconds. [ 3152.373251][ T1064] Not tainted 5.3.0+ #0 [ 3152.377929][ T1064] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3152.400344][ T1064] syz-executor.0 D28160 23561 1 0x00000004 [ 3152.406749][ T1064] Call Trace: [ 3152.410077][ T1064] __schedule+0x94f/0x1e70 [ 3152.416150][ T1064] ? __sched_text_start+0x8/0x8 [ 3152.421438][ T1064] ? lock_downgrade+0x920/0x920 [ 3152.426303][ T1064] ? rwlock_bug.part.0+0x90/0x90 [ 3152.431782][ T1064] schedule+0xd9/0x260 [ 3152.435866][ T1064] schedule_preempt_disabled+0x13/0x20 [ 3152.441811][ T1064] __mutex_lock+0x7b0/0x13c0 [ 3152.446435][ T1064] ? rtnetlink_rcv_msg+0x40a/0xb00 [ 3152.460507][ T1064] ? mutex_trylock+0x2d0/0x2d0 [ 3152.465313][ T1064] ? find_held_lock+0x35/0x130 [ 3152.470749][ T1064] ? rtnetlink_rcv_msg+0x3d0/0xb00 [ 3152.475939][ T1064] ? lock_downgrade+0x920/0x920 [ 3152.481498][ T1064] ? rcu_read_lock_held_common+0x130/0x130 [ 3152.487324][ T1064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3152.494122][ T1064] mutex_lock_nested+0x16/0x20 [ 3152.498904][ T1064] ? mutex_lock_nested+0x16/0x20 [ 3152.504331][ T1064] rtnetlink_rcv_msg+0x40a/0xb00 [ 3152.509380][ T1064] ? rtnl_bridge_getlink+0x910/0x910 [ 3152.515561][ T1064] ? lock_downgrade+0x920/0x920 [ 3152.520912][ T1064] ? netlink_deliver_tap+0x22d/0xbf0 [ 3152.526215][ T1064] ? find_held_lock+0x35/0x130 [ 3152.531639][ T1064] netlink_rcv_skb+0x177/0x450 [ 3152.536426][ T1064] ? rtnl_bridge_getlink+0x910/0x910 [ 3152.543481][ T1064] ? netlink_ack+0xb50/0xb50 [ 3152.548095][ T1064] ? __kasan_check_read+0x11/0x20 [ 3152.553677][ T1064] ? netlink_deliver_tap+0x254/0xbf0 [ 3152.558990][ T1064] rtnetlink_rcv+0x1d/0x30 [ 3152.563847][ T1064] netlink_unicast+0x531/0x710 [ 3152.568630][ T1064] ? netlink_attachskb+0x7c0/0x7c0 [ 3152.574275][ T1064] ? _copy_from_iter_full+0x25d/0x8c0 [ 3152.579667][ T1064] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3152.585903][ T1064] ? __check_object_size+0x3d/0x437 [ 3152.591811][ T1064] netlink_sendmsg+0x8a5/0xd60 [ 3152.596605][ T1064] ? netlink_unicast+0x710/0x710 [ 3152.602027][ T1064] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 3152.607591][ T1064] ? apparmor_socket_sendmsg+0x2a/0x30 [ 3152.613653][ T1064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3152.619914][ T1064] ? security_socket_sendmsg+0x8d/0xc0 [ 3152.625876][ T1064] ? netlink_unicast+0x710/0x710 [ 3152.631275][ T1064] sock_sendmsg+0xd7/0x130 [ 3152.635703][ T1064] __sys_sendto+0x262/0x380 [ 3152.640785][ T1064] ? __ia32_sys_getpeername+0xb0/0xb0 [ 3152.646633][ T1064] ? lock_downgrade+0x920/0x920 [ 3152.652110][ T1064] ? lockdep_hardirqs_on+0x421/0x5e0 [ 3152.657419][ T1064] ? __blkcg_punt_bio_submit+0x1e0/0x1e0 [ 3152.663561][ T1064] ? unlock_page_memcg+0x40/0x40 [ 3152.668647][ T1064] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3152.675612][ T1064] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3152.681479][ T1064] ? do_syscall_64+0x26/0x760 [ 3152.686168][ T1064] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3152.692749][ T1064] __x64_sys_sendto+0xe1/0x1a0 [ 3152.697968][ T1064] do_syscall_64+0xfa/0x760 [ 3152.702997][ T1064] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3152.708898][ T1064] RIP: 0033:0x4138a3 [ 3152.713658][ T1064] Code: 30 44 00 b9 11 00 00 00 48 89 ee f3 a6 75 0c 48 c7 03 b0 39 41 00 e9 1a ff ff ff bf b5 30 44 00 b9 18 00 00 00 48 89 ee f3 a6 <75> 0c 48 c7 03 10 37 41 00 e9 fd fe ff ff bf cd 30 44 00 b9 0a 00 [ 3152.734083][ T1064] RSP: 002b:00007fff36f70268 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 3152.743063][ T1064] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004138a3 [ 3152.751639][ T1064] RDX: 0000000000000028 RSI: 0000000000a70070 RDI: 0000000000000003 [ 3152.759624][ T1064] RBP: 00007fff36f702d0 R08: 00007fff36f70270 R09: 000000000000000c [ 3152.768105][ T1064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 3152.776806][ T1064] R13: 00007fff36f705d8 R14: 0000000000000000 R15: 0000000000000000 [ 3152.786626][ T1064] INFO: task syz-executor.5:23563 blocked for more than 144 seconds. [ 3152.795232][ T1064] Not tainted 5.3.0+ #0 [ 3152.799933][ T1064] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3152.810029][ T1064] syz-executor.5 D28136 23563 1 0x00004004 [ 3152.816874][ T1064] Call Trace: [ 3152.820194][ T1064] __schedule+0x94f/0x1e70 [ 3152.825092][ T1064] ? __sched_text_start+0x8/0x8 [ 3152.829959][ T1064] ? lock_downgrade+0x920/0x920 [ 3152.835307][ T1064] ? rwlock_bug.part.0+0x90/0x90 [ 3152.840272][ T1064] schedule+0xd9/0x260 [ 3152.844820][ T1064] schedule_preempt_disabled+0x13/0x20 [ 3152.850712][ T1064] __mutex_lock+0x7b0/0x13c0 [ 3152.855318][ T1064] ? rtnetlink_rcv_msg+0x40a/0xb00 [ 3152.861100][ T1064] ? mutex_trylock+0x2d0/0x2d0 [ 3152.865902][ T1064] ? find_held_lock+0x35/0x130 [ 3152.871138][ T1064] ? rtnetlink_rcv_msg+0x3d0/0xb00 [ 3152.876272][ T1064] ? lock_downgrade+0x920/0x920 [ 3152.881593][ T1064] ? rcu_read_lock_held_common+0x130/0x130 [ 3152.887417][ T1064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3152.900418][ T1064] mutex_lock_nested+0x16/0x20 [ 3152.905232][ T1064] ? mutex_lock_nested+0x16/0x20 [ 3152.910178][ T1064] rtnetlink_rcv_msg+0x40a/0xb00 [ 3152.941746][ T1064] ? rtnl_bridge_getlink+0x910/0x910 [ 3152.947103][ T1064] ? lock_downgrade+0x920/0x920 [ 3152.960394][ T1064] ? netlink_deliver_tap+0x22d/0xbf0 [ 3152.965739][ T1064] ? find_held_lock+0x35/0x130 [ 3152.980380][ T1064] netlink_rcv_skb+0x177/0x450 [ 3152.985218][ T1064] ? rtnl_bridge_getlink+0x910/0x910 [ 3153.000845][ T1064] ? netlink_ack+0xb50/0xb50 [ 3153.005477][ T1064] ? __kasan_check_read+0x11/0x20 [ 3153.020910][ T1064] ? netlink_deliver_tap+0x254/0xbf0 [ 3153.026249][ T1064] rtnetlink_rcv+0x1d/0x30 [ 3153.040374][ T1064] netlink_unicast+0x531/0x710 [ 3153.045193][ T1064] ? netlink_attachskb+0x7c0/0x7c0 [ 3153.050956][ T1064] ? _copy_from_iter_full+0x25d/0x8c0 [ 3153.056358][ T1064] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3153.062838][ T1064] ? __check_object_size+0x3d/0x437 [ 3153.068082][ T1064] netlink_sendmsg+0x8a5/0xd60 [ 3153.073397][ T1064] ? netlink_unicast+0x710/0x710 [ 3153.078355][ T1064] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 3153.084479][ T1064] ? apparmor_socket_sendmsg+0x2a/0x30 [ 3153.089962][ T1064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3153.096764][ T1064] ? security_socket_sendmsg+0x8d/0xc0 [ 3153.102604][ T1064] ? netlink_unicast+0x710/0x710 [ 3153.107561][ T1064] sock_sendmsg+0xd7/0x130 [ 3153.112441][ T1064] __sys_sendto+0x262/0x380 [ 3153.116972][ T1064] ? __ia32_sys_getpeername+0xb0/0xb0 [ 3153.122915][ T1064] ? lock_downgrade+0x920/0x920 [ 3153.127785][ T1064] ? lockdep_hardirqs_on+0x421/0x5e0 [ 3153.133551][ T1064] ? __blkcg_punt_bio_submit+0x1e0/0x1e0 [ 3153.139200][ T1064] ? unlock_page_memcg+0x40/0x40 [ 3153.144586][ T1064] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3153.150060][ T1064] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 3153.156045][ T1064] ? do_syscall_64+0x26/0x760 [ 3153.161219][ T1064] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3153.167317][ T1064] __x64_sys_sendto+0xe1/0x1a0 [ 3153.172512][ T1064] do_syscall_64+0xfa/0x760 [ 3153.177031][ T1064] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3153.183504][ T1064] RIP: 0033:0x4138a3 [ 3153.187407][ T1064] Code: 30 44 00 b9 11 00 00 00 48 89 ee f3 a6 75 0c 48 c7 03 b0 39 41 00 e9 1a ff ff ff bf b5 30 44 00 b9 18 00 00 00 48 89 ee f3 a6 <75> 0c 48 c7 03 10 37 41 00 e9 fd fe ff ff bf cd 30 44 00 b9 0a 00 [ 3153.207560][ T1064] RSP: 002b:00007ffe2d8d29e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 3153.216399][ T1064] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004138a3 [ 3153.224754][ T1064] RDX: 0000000000000028 RSI: 0000000000a70070 RDI: 0000000000000003 [ 3153.233044][ T1064] RBP: 00007ffe2d8d2a50 R08: 00007ffe2d8d29f0 R09: 000000000000000c [ 3153.241548][ T1064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 3153.249700][ T1064] R13: 00007ffe2d8d2d58 R14: 0000000000000000 R15: 0000000000000000 [ 3153.258128][ T1064] [ 3153.258128][ T1064] Showing all locks held in the system: [ 3153.266565][ T1064] 1 lock held by khungtaskd/1064: [ 3153.271897][ T1064] #0: ffffffff88faad00 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e [ 3153.281651][ T1064] 1 lock held by rsyslogd/8893: [ 3153.286498][ T1064] #0: ffff8880939de3a0 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 [ 3153.295551][ T1064] 2 locks held by getty/8983: [ 3153.310351][ T1064] #0: ffff88809270cb10 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3153.319702][ T1064] #1: ffffc90005f392e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3153.340381][ T1064] 2 locks held by getty/8984: [ 3153.345079][ T1064] #0: ffff8880a1481210 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3153.370512][ T1064] #1: ffffc90005f212e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3153.380133][ T1064] 2 locks held by getty/8985: [ 3153.400368][ T1064] #0: ffff8880a18600d0 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3153.409362][ T1064] #1: ffffc90005f1d2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3153.440428][ T1064] 2 locks held by getty/8986: [ 3153.445132][ T1064] #0: ffff88809c8e1590 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3153.480325][ T1064] #1: ffffc90005f412e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3153.489945][ T1064] 2 locks held by getty/8987: [ 3153.510330][ T1064] #0: ffff88808e816b50 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3153.519323][ T1064] #1: ffffc90005f3d2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3153.540345][ T1064] 2 locks held by getty/8988: [ 3153.545044][ T1064] #0: ffff88808e8173d0 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3153.570349][ T1064] #1: ffffc90005f352e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3153.580668][ T1064] 2 locks held by getty/8989: [ 3153.585347][ T1064] #0: ffff888091ea5590 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3153.599215][ T1064] #1: ffffc90005f092e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1c10 [ 3153.609178][ T1064] 3 locks held by kworker/0:7/13846: [ 3153.614761][ T1064] #0: ffff8880aa4278e8 ((wq_completion)events){+.+.}, at: process_one_work+0x88b/0x1740 [ 3153.624939][ T1064] #1: ffff8880705efdc0 (deferred_process_work){+.+.}, at: process_one_work+0x8c1/0x1740 [ 3153.635055][ T1064] #2: ffffffff89997ce0 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 3153.643396][ T1064] 2 locks held by kworker/u4:7/16881: [ 3153.648764][ T1064] 5 locks held by kworker/u4:0/19850: [ 3153.654861][ T1064] #0: ffff8880a99abe68 ((wq_completion)netns){+.+.}, at: process_one_work+0x88b/0x1740 [ 3153.665009][ T1064] #1: ffff88808d71fdc0 (net_cleanup_work){+.+.}, at: process_one_work+0x8c1/0x1740 [ 3153.674683][ T1064] #2: ffffffff8998aa88 (pernet_ops_rwsem){++++}, at: cleanup_net+0xae/0xa60 [ 3153.683934][ T1064] #3: ffffffff89997ce0 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 3153.692375][ T1064] #4: ffffffff88faeab8 (rcu_state.exp_mutex){+.+.}, at: synchronize_rcu_expedited+0x4d6/0x5f0 [ 3153.703083][ T1064] 3 locks held by kworker/0:2/21272: [ 3153.708359][ T1064] #0: ffff8880aa4278e8 ((wq_completion)events){+.+.}, at: process_one_work+0x88b/0x1740 [ 3153.718514][ T1064] #1: ffff888087d2fdc0 ((linkwatch_work).work){+.+.}, at: process_one_work+0x8c1/0x1740 [ 3153.729599][ T1064] #2: ffffffff89997ce0 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 3153.737936][ T1064] 3 locks held by kworker/0:4/23481: [ 3153.743946][ T1064] #0: ffff88809c833ba8 ((wq_completion)ipv6_addrconf){+.+.}, at: process_one_work+0x88b/0x1740 [ 3153.754849][ T1064] #1: ffff888031dc7dc0 ((addr_chk_work).work){+.+.}, at: process_one_work+0x8c1/0x1740 [ 3153.764962][ T1064] #2: ffffffff89997ce0 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 3153.773258][ T1064] 2 locks held by kworker/1:10/23507: [ 3153.778621][ T1064] #0: ffff8880aa435ba8 ((wq_completion)rcu_gp){+.+.}, at: process_one_work+0x88b/0x1740 [ 3153.788818][ T1064] #1: ffff88802c3a7dc0 ((work_completion)(&rew.rew_work)){+.+.}, at: process_one_work+0x8c1/0x1740 [ 3153.799920][ T1064] 1 lock held by syz-executor.4/23558: [ 3153.805714][ T1064] #0: ffffffff89997ce0 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40a/0xb00 [ 3153.814972][ T1064] 1 lock held by syz-executor.0/23561: [ 3153.827726][ T1064] #0: ffffffff89997ce0 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40a/0xb00 [ 3153.836974][ T1064] 1 lock held by syz-executor.5/23563: [ 3153.842779][ T1064] #0: ffffffff89997ce0 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40a/0xb00 [ 3153.852978][ T1064] [ 3153.855313][ T1064] ============================================= [ 3153.855313][ T1064] [ 3153.864216][ T1064] NMI backtrace for cpu 0 [ 3153.868551][ T1064] CPU: 0 PID: 1064 Comm: khungtaskd Not tainted 5.3.0+ #0 [ 3153.875754][ T1064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3153.885811][ T1064] Call Trace: [ 3153.889105][ T1064] dump_stack+0x172/0x1f0 [ 3153.893438][ T1064] nmi_cpu_backtrace.cold+0x70/0xb2 [ 3153.898642][ T1064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3153.904883][ T1064] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 3153.910512][ T1064] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 3153.916489][ T1064] arch_trigger_cpumask_backtrace+0x14/0x20 [ 3153.922382][ T1064] watchdog+0x9d0/0xef0 [ 3153.926547][ T1064] kthread+0x361/0x430 [ 3153.930613][ T1064] ? reset_hung_task_detector+0x30/0x30 [ 3153.936154][ T1064] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3153.942398][ T1064] ret_from_fork+0x24/0x30 [ 3153.947175][ T1064] Sending NMI from CPU 0 to CPUs 1: [ 3153.952989][ C1] NMI backtrace for cpu 1 [ 3153.952994][ C1] CPU: 1 PID: 19850 Comm: kworker/u4:0 Not tainted 5.3.0+ #0 [ 3153.952999][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3153.953002][ C1] Workqueue: netns cleanup_net [ 3153.953008][ C1] RIP: 0010:write_comp_data+0x9/0x70 [ 3153.953018][ C1] Code: 13 00 00 8b 80 fc 12 00 00 48 8b 11 48 83 c2 01 48 39 d0 76 07 48 89 34 d1 48 89 11 5d c3 0f 1f 00 65 4c 8b 04 25 40 fe 01 00 <65> 8b 05 58 f6 8e 7e a9 00 01 1f 00 75 51 41 8b 80 f8 12 00 00 83 [ 3153.953021][ C1] RSP: 0018:ffff88808d71f6a0 EFLAGS: 00000246 [ 3153.953028][ C1] RAX: 0000000000000000 RBX: 0000000000009132 RCX: ffffffff85d9cb1b [ 3153.953033][ C1] RDX: 0000000000010000 RSI: 0000000000009132 RDI: 0000000000000004 [ 3153.953037][ C1] RBP: ffff88808d71f6a8 R08: ffff8880a6156180 R09: fffffbfff14ee130 [ 3153.953042][ C1] R10: fffffbfff14ee12f R11: ffffffff8a77097f R12: 0000000000010000 [ 3153.953046][ C1] R13: ffffffff88e5ed78 R14: 0000000000000001 R15: dffffc0000000000 [ 3153.953051][ C1] FS: 0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 3153.953055][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3153.953060][ C1] CR2: 000000c4226ae6b0 CR3: 000000009f6d3000 CR4: 00000000001406e0 [ 3153.953065][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 3153.953069][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 3153.953072][ C1] Call Trace: [ 3153.953075][ C1] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 3153.953079][ C1] nf_ct_iterate_cleanup+0x23b/0x4e0 [ 3153.953082][ C1] ? nf_ct_alloc_hashtable+0x150/0x150 [ 3153.953086][ C1] nf_ct_iterate_cleanup_net+0x133/0x190 [ 3153.953089][ C1] ? nf_nat_redirect_ipv6+0x470/0x470 [ 3153.953092][ C1] ? nf_ct_iterate_cleanup+0x4e0/0x4e0 [ 3153.953096][ C1] ? nf_nat_redirect_ipv6+0x470/0x470 [ 3153.953099][ C1] masq_device_event+0xb5/0xe0 [ 3153.953102][ C1] notifier_call_chain+0xc2/0x230 [ 3153.953106][ C1] raw_notifier_call_chain+0x2e/0x40 [ 3153.953109][ C1] call_netdevice_notifiers_info+0x3f/0x90 [ 3153.953112][ C1] dev_close_many+0x32a/0x6c0 [ 3153.953116][ C1] ? netdev_master_upper_dev_link+0x50/0x50 [ 3153.953119][ C1] rollback_registered_many+0x42e/0x10d0 [ 3153.953123][ C1] ? generic_xdp_install+0x4a0/0x4a0 [ 3153.953126][ C1] ? __kasan_check_read+0x11/0x20 [ 3153.953129][ C1] ? mutex_is_locked+0x12/0x50 [ 3153.953132][ C1] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 3153.953136][ C1] ? __kasan_check_read+0x11/0x20 [ 3153.953139][ C1] unregister_netdevice_many.part.0+0x1b/0x1f0 [ 3153.953143][ C1] default_device_exit_batch+0x34e/0x410 [ 3153.953146][ C1] ? unregister_netdevice_many+0x50/0x50 [ 3153.953150][ C1] ? default_device_exit+0x24f/0x2f0 [ 3153.953154][ C1] ? prepare_to_wait_exclusive+0x320/0x320 [ 3153.953157][ C1] ? rtnl_unlock+0xe/0x10 [ 3153.953161][ C1] ? unregister_netdevice_many+0x50/0x50 [ 3153.953164][ C1] ? dev_change_net_namespace+0xca0/0xca0 [ 3153.953168][ C1] ops_exit_list.isra.0+0xfc/0x150 [ 3153.953171][ C1] cleanup_net+0x4e2/0xa60 [ 3153.953174][ C1] ? netns_install+0x1d0/0x1d0 [ 3153.953177][ C1] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 3153.953181][ C1] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 3153.953184][ C1] ? trace_hardirqs_on+0x67/0x240 [ 3153.953187][ C1] process_one_work+0x9af/0x1740 [ 3153.953190][ C1] ? pwq_dec_nr_in_flight+0x320/0x320 [ 3153.953193][ C1] ? lock_acquire+0x190/0x410 [ 3153.953197][ C1] worker_thread+0x98/0xe40 [ 3153.953200][ C1] ? trace_hardirqs_on+0x67/0x240 [ 3153.953203][ C1] kthread+0x361/0x430 [ 3153.953206][ C1] ? process_one_work+0x1740/0x1740 [ 3153.953209][ C1] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3153.953212][ C1] ret_from_fork+0x24/0x30 [ 3153.955910][ T1064] Kernel panic - not syncing: hung_task: blocked tasks [ 3154.323127][ T1064] CPU: 0 PID: 1064 Comm: khungtaskd Not tainted 5.3.0+ #0 [ 3154.330237][ T1064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3154.340292][ T1064] Call Trace: [ 3154.343595][ T1064] dump_stack+0x172/0x1f0 [ 3154.347929][ T1064] panic+0x2dc/0x755 [ 3154.351883][ T1064] ? add_taint.cold+0x16/0x16 [ 3154.356742][ T1064] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 3154.362404][ T1064] ? ___preempt_schedule+0x16/0x20 [ 3154.367644][ T1064] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 3154.373822][ T1064] ? nmi_trigger_cpumask_backtrace+0x24c/0x28b [ 3154.379987][ T1064] ? nmi_trigger_cpumask_backtrace+0x256/0x28b [ 3154.386153][ T1064] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 3154.392317][ T1064] watchdog+0x9e1/0xef0 [ 3154.396485][ T1064] kthread+0x361/0x430 [ 3154.400558][ T1064] ? reset_hung_task_detector+0x30/0x30 [ 3154.406102][ T1064] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3154.412346][ T1064] ret_from_fork+0x24/0x30 [ 3154.418560][ T1064] Kernel Offset: disabled [ 3154.423023][ T1064] Rebooting in 86400 seconds..