Trace:
[  715.107006][T16810]  dump_stack+0x172/0x1f0
[  715.111365][T16810]  dump_header+0x10f/0xb6c
[  715.115805][T16810]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  715.121643][T16810]  ? ___ratelimit+0x60/0x595
[  715.126778][T16810]  ? do_raw_spin_unlock+0x57/0x270
[  715.131923][T16810]  oom_kill_process.cold+0x10/0x15
[  715.137058][T16810]  out_of_memory+0x79a/0x1280
[  715.141756][T16810]  ? lock_downgrade+0x880/0x880
[  715.146624][T16810]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  715.152885][T16810]  ? oom_killer_disable+0x280/0x280
[  715.158097][T16810]  ? find_held_lock+0x35/0x130
[  715.162890][T16810]  mem_cgroup_out_of_memory+0x1ca/0x230
[  715.168475][T16810]  ? memcg_event_wake+0x230/0x230
[  715.173529][T16810]  ? do_raw_spin_unlock+0x57/0x270
[  715.178927][T16810]  ? _raw_spin_unlock+0x2d/0x50
[  715.183790][T16810]  try_charge+0x102c/0x15c0
[  715.188307][T16810]  ? find_held_lock+0x35/0x130
[  715.193074][T16810]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  715.198639][T16810]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  715.204872][T16810]  ? kasan_check_read+0x11/0x20
[  715.209728][T16810]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  715.215269][T16810]  mem_cgroup_try_charge+0x24d/0x5e0
[  715.220558][T16810]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  715.226210][T16810]  wp_page_copy+0x416/0x1770
[  715.230795][T16810]  ? do_wp_page+0x486/0x1500
[  715.235378][T16810]  ? pmd_pfn+0x1d0/0x1d0
[  715.239614][T16810]  ? lock_downgrade+0x880/0x880
[  715.244464][T16810]  ? swp_swapcount+0x540/0x540
[  715.249259][T16810]  ? kasan_check_read+0x11/0x20
[  715.254110][T16810]  ? do_raw_spin_unlock+0x57/0x270
[  715.259227][T16810]  do_wp_page+0x48e/0x1500
[  715.263640][T16810]  ? finish_mkwrite_fault+0x540/0x540
[  715.269025][T16810]  __handle_mm_fault+0x22e3/0x3eb0
[  715.274135][T16810]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  715.279677][T16810]  ? find_held_lock+0x35/0x130
[  715.284472][T16810]  ? handle_mm_fault+0x292/0xa90
[  715.289426][T16810]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  715.295669][T16810]  ? kasan_check_read+0x11/0x20
[  715.300526][T16810]  handle_mm_fault+0x3b7/0xa90
[  715.305298][T16810]  __do_page_fault+0x5ef/0xda0
[  715.310061][T16810]  do_page_fault+0x71/0x57d
[  715.314559][T16810]  ? page_fault+0x8/0x30
[  715.318789][T16810]  page_fault+0x1e/0x30
[  715.323191][T16810] RIP: 0033:0x403672
[  715.327089][T16810] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 29 86 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 49 3b 05 00 48
[  715.346685][T16810] RSP: 002b:00007ffd71d99bd0 EFLAGS: 00010246
[  715.352747][T16810] RAX: 0000000000000000 RBX: 00000000000ae6a9 RCX: 0000000000412e80
[  715.360712][T16810] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd71d9ad00
[  715.368684][T16810] RBP: 0000000000000002 R08: 0000000000000001 R09: 00005555555d3940
[  715.376667][T16810] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd71d9ad00
[  715.384625][T16810] R13: 00007ffd71d9acf0 R14: 0000000000000000 R15: 00007ffd71d9ad00
[  715.395517][T16810] memory: usage 808kB, limit 0kB, failcnt 455
[  715.401618][T16810] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  715.409519][T16810] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  715.416993][T16810] Memory cgroup stats for /syz5: cache:176KB rss:56KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:56KB inactive_file:132KB active_file:0KB unevictable:0KB
[  715.438629][T16810] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16810,uid=0
[  715.455751][T16810] Memory cgroup out of memory: Killed process 16810 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34828kB, shmem-rss:0kB
[  715.471927][ T1044] oom_reaper: reaped process 16810 (syz-executor.5), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
[  715.483166][T16858] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  715.505256][T16858] CPU: 1 PID: 16858 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  715.513282][T16858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  715.513290][T16858] Call Trace:
[  715.513316][T16858]  dump_stack+0x172/0x1f0
[  715.513341][T16858]  dump_header+0x10f/0xb6c
[  715.526734][T16858]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  715.526752][T16858]  ? ___ratelimit+0x60/0x595
[  715.526769][T16858]  ? do_raw_spin_unlock+0x57/0x270
[  715.526793][T16858]  oom_kill_process.cold+0x10/0x15
[  715.535538][T16858]  out_of_memory+0x79a/0x1280
[  715.535560][T16858]  ? oom_killer_disable+0x280/0x280
[  715.535574][T16858]  ? find_held_lock+0x35/0x130
[  715.535609][T16858]  mem_cgroup_out_of_memory+0x1ca/0x230
[  715.546024][T16858]  ? memcg_event_wake+0x230/0x230
[  715.546048][T16858]  ? do_raw_spin_unlock+0x57/0x270
[  715.546065][T16858]  ? _raw_spin_unlock+0x2d/0x50
[  715.546085][T16858]  try_charge+0x102c/0x15c0
[  715.546119][T16858]  ? find_held_lock+0x35/0x130
[  715.556425][T16858]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  715.556444][T16858]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  715.556462][T16858]  ? kasan_check_read+0x11/0x20
[  715.556482][T16858]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  715.566348][T16858]  mem_cgroup_try_charge+0x24d/0x5e0
[  715.566369][T16858]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  715.566388][T16858]  __handle_mm_fault+0x1e1a/0x3eb0
[  715.566409][T16858]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  715.566430][T16858]  ? find_held_lock+0x35/0x130
[  715.576734][T16858]  ? handle_mm_fault+0x292/0xa90
[  715.576759][T16858]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  715.576776][T16858]  ? kasan_check_read+0x11/0x20
[  715.576794][T16858]  handle_mm_fault+0x3b7/0xa90
[  715.576816][T16858]  __do_page_fault+0x5ef/0xda0
[  715.586959][T16858]  do_page_fault+0x71/0x57d
[  715.586977][T16858]  ? page_fault+0x8/0x30
[  715.586991][T16858]  page_fault+0x1e/0x30
[  715.587004][T16858] RIP: 0033:0x410bbf
[  715.587024][T16858] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[  715.596367][T16858] RSP: 002b:00007ffd7fb8f660 EFLAGS: 00010206
[  715.596380][T16858] RAX: 00007fb5f3310000 RBX: 0000000000020000 RCX: 00000000004592ca
[  715.596388][T16858] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[  715.596396][T16858] RBP: 00007ffd7fb8f740 R08: ffffffffffffffff R09: 0000000000000000
[  715.596404][T16858] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd7fb8f830
[  715.596412][T16858] R13: 00007fb5f3330700 R14: 0000000000000001 R15: 000000000075bfcc
[  715.602416][T16858] memory: usage 3276kB, limit 0kB, failcnt 229506
[  715.618751][T16858] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  715.629500][T16858] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  715.646055][T16858] Memory cgroup stats for /syz2: cache:0KB rss:2148KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:132KB swap:0KB inactive_anon:0KB active_anon:2148KB inactive_file:0KB active_file:0KB unevictable:0KB
15:48:27 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:48:27 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006000004000000201000000005000000000000000500000005000000020000000900000009000000ff07000004000000010000004cbb00001000000000000000040004000b0000000300200002000000007f00"], &(0x7f0000000480)=""/222, 0x6f, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:48:27 executing program 4:
r0 = socket$kcm(0x2b, 0x1, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, <r1=>0xffffffffffffff9c, 0x0, 0x2, &(0x7f0000000040)='/\x00', 0xffffffffffffffff}, 0x30)
ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f00000000c0))

15:48:27 executing program 3:
socket$kcm(0x2b, 0x1, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x16, &(0x7f0000000000)='posix_acl_access,[lo6\x00'}, 0x30)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuset.memory_pressure\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x9)

[  715.656001][T16858] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=16858,uid=0
[  715.675088][T16858] Memory cgroup out of memory: Killed process 16858 (syz-executor.2) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[  715.688036][ T1044] oom_reaper: reaped process 16858 (syz-executor.2), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB
[  715.845936][T16812] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  715.856202][T16812] CPU: 0 PID: 16812 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  715.864209][T16812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  715.874274][T16812] Call Trace:
[  715.877588][T16812]  dump_stack+0x172/0x1f0
[  715.881939][T16812]  dump_header+0x10f/0xb6c
[  715.886376][T16812]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  715.892205][T16812]  ? ___ratelimit+0x60/0x595
[  715.896812][T16812]  ? do_raw_spin_unlock+0x57/0x270
[  715.901944][T16812]  oom_kill_process.cold+0x10/0x15
[  715.907078][T16812]  out_of_memory+0x79a/0x1280
[  715.911768][T16812]  ? lock_downgrade+0x880/0x880
[  715.916659][T16812]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  715.923006][T16812]  ? oom_killer_disable+0x280/0x280
[  715.928231][T16812]  ? find_held_lock+0x35/0x130
[  715.933028][T16812]  mem_cgroup_out_of_memory+0x1ca/0x230
[  715.938595][T16812]  ? memcg_event_wake+0x230/0x230
[  715.943644][T16812]  ? do_raw_spin_unlock+0x57/0x270
[  715.948859][T16812]  ? _raw_spin_unlock+0x2d/0x50
[  715.953732][T16812]  try_charge+0x102c/0x15c0
15:48:27 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='rdma.current\x00', 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpu.stat\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='cpu.stat\x00', r1}, 0x10)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0xfffffffffffffffe)

[  715.958250][T16812]  ? find_held_lock+0x35/0x130
[  715.963050][T16812]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  715.968608][T16812]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  715.974864][T16812]  ? kasan_check_read+0x11/0x20
[  715.979739][T16812]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  715.985304][T16812]  mem_cgroup_try_charge+0x24d/0x5e0
[  715.990615][T16812]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  715.996282][T16812]  wp_page_copy+0x416/0x1770
[  716.000917][T16812]  ? do_wp_page+0x486/0x1500
[  716.005541][T16812]  ? pmd_pfn+0x1d0/0x1d0
[  716.009804][T16812]  ? lock_downgrade+0x880/0x880
[  716.014680][T16812]  ? swp_swapcount+0x540/0x540
[  716.020982][T16812]  ? do_raw_spin_unlock+0x57/0x270
[  716.026384][T16812]  ? kasan_check_read+0x11/0x20
[  716.031253][T16812]  ? do_raw_spin_unlock+0x57/0x270
[  716.036390][T16812]  do_wp_page+0x48e/0x1500
[  716.040852][T16812]  ? finish_mkwrite_fault+0x540/0x540
[  716.046345][T16812]  __handle_mm_fault+0x22e3/0x3eb0
[  716.051516][T16812]  ? vmf_insert_mixed_mkwrite+0x40/0x40
15:48:27 executing program 3:
r0 = openat$cgroup(0xffffffffffffff9c, &(0x7f00000002c0)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r0, &(0x7f0000000300)='memory.current\x00', 0x0, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000380)={&(0x7f0000000340)='./file0\x00'}, 0x10)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8904, 0x0)
socket$kcm(0x29, 0x5, 0x0)
socketpair(0xc, 0x3, 0xf2, &(0x7f00000003c0))
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000200)={0xffffffffffffffff, 0xc0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=0x9, 0x0, <r2=>0x0, 0x0, &(0x7f0000000040)={0xa, 0x3}, 0x0, 0x0, &(0x7f0000000080)={0x1, 0xb, 0x3ff, 0x7ff}, &(0x7f00000000c0)=0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=0x80}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000240)=r2, 0x4)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000280)=r2, 0x4)
socket$kcm(0x29, 0x5, 0x0)

[  716.057075][T16812]  ? find_held_lock+0x35/0x130
[  716.057092][T16812]  ? handle_mm_fault+0x292/0xa90
[  716.057116][T16812]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  716.057131][T16812]  ? kasan_check_read+0x11/0x20
[  716.057150][T16812]  handle_mm_fault+0x3b7/0xa90
[  716.057169][T16812]  __do_page_fault+0x5ef/0xda0
[  716.057198][T16812]  do_page_fault+0x71/0x57d
[  716.057216][T16812]  ? page_fault+0x8/0x30
[  716.057232][T16812]  page_fault+0x1e/0x30
[  716.057245][T16812] RIP: 0033:0x430356
[  716.057261][T16812] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 46 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 4c 64 00 85 c0 0f 84
[  716.057269][T16812] RSP: 002b:00007ffd7fb8e670 EFLAGS: 00010206
[  716.057280][T16812] RAX: 0000000000019691 RBX: 0000000000714640 RCX: 0000000000008041
[  716.057289][T16812] RDX: 0000555556d9e930 RSI: 0000555556da6970 RDI: 0000000000000003
[  716.057297][T16812] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556d9d940
[  716.057313][T16812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000714698
[  716.124824][T16812] R13: 0000000000714698 R14: 0000000000000000 R15: 0000000000002710
[  716.161297][T16812] memory: usage 948kB, limit 0kB, failcnt 229515
[  716.178133][T16812] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  716.186116][T16812] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  716.193137][T16812] Memory cgroup stats for /syz2: cache:0KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:132KB swap:0KB inactive_anon:0KB active_anon:52KB inactive_file:0KB active_file:0KB unevictable:0KB
[  716.221942][T16812] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=16812,uid=0
[  716.240113][T16812] Memory cgroup out of memory: Killed process 16812 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34828kB, shmem-rss:0kB
15:48:28 executing program 3:
socket$kcm(0x2b, 0x1, 0x0)
r0 = gettid()
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x1, 0x271487e0, 0x0, 0x1ff, 0x0, 0x8, 0x22a0, 0x1, 0x3ff, 0x3, 0x10000, 0x800, 0xb00, 0x40, 0x3ff, 0x4, 0x38c000000000000, 0x0, 0xff, 0x3, 0x69, 0x2, 0xca, 0x5, 0xfc6, 0xc1a, 0x0, 0x2, 0xfff, 0x1ff, 0x8000, 0x8, 0x9, 0x7, 0x5, 0x4, 0x0, 0x1, 0x0, @perf_config_ext={0x0, 0x9}, 0x22420, 0x4, 0x9, 0x7, 0x8001, 0x8001, 0x7f}, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x8)
perf_event_open(&(0x7f0000000080)={0x7, 0x70, 0x0, 0x4, 0x0, 0x1, 0x0, 0x8, 0x8250, 0x1, 0x9, 0x4, 0x1c0000000000000, 0x3, 0x5, 0xfffffffffffffff8, 0x8, 0x5, 0x0, 0x3, 0x400, 0xa911, 0x51bd, 0x4f6d, 0x8, 0x1619, 0x9, 0x0, 0x8, 0x400, 0x4, 0x6, 0xac, 0x9386, 0x20, 0x8, 0xd32d, 0x0, 0x0, 0x7fffffff, 0x4, @perf_config_ext={0x20}, 0x0, 0x1000, 0x0, 0x4, 0x100000000, 0x2, 0x2}, r0, 0x8, r1, 0xa)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x50800, 0x0)
ioctl$TUNGETSNDBUF(r2, 0x800454d3, &(0x7f0000000040))
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8904, 0x3)

15:48:28 executing program 3:
r0 = socket$kcm(0x2b, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)

15:48:28 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={<r1=>0x0, 0xffffffffffffffff, 0x0, 0x1, &(0x7f00000000c0)='\x00', <r2=>0xffffffffffffffff}, 0x30)
r3 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x65, 0x400, 0x1ff, 0x6, 0x0, 0xb3, 0x400, 0x4, 0xffff, 0x2, 0x101, 0x81, 0x4c3, 0x8, 0x4, 0x3f665aaf, 0x4, 0xbec1, 0x3, 0xf077, 0x9, 0xfffffffffffffff8, 0xdad0, 0xffffffff, 0xfffffffffffffffa, 0x2, 0x8000, 0x6, 0x9, 0x6, 0x2, 0x88, 0x0, 0x5, 0x42, 0x7, 0x0, 0x7ff, 0x4, @perf_bp={&(0x7f0000000140), 0x9}, 0xc8, 0x5, 0x10000, 0x0, 0x3, 0x200, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$kcm(r0, &(0x7f00000005c0)={&(0x7f0000000200)=@rc={0x1f, {0x8, 0x3ff, 0x1, 0xfffffffffffffeff, 0x3, 0x8000}, 0x9}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000280)="c7e483cb0752ef30597b4700679016dad8230b7350ac75ee1ab9e8c149519187b0f0767702e424b46ca29212490ea161af400468407dad650ece4d9218427855cc75a8bd40363777c429271621d58e7e6698a4a5815f2de8a20e24ed5b2e2160765e48baed37dec5b5707401e239608c5c5a95630b5a201f530b5495b6aba28e206cf646fc1397170dd743e52c69cee2cb877b00f631805acb3ff76bcae00993fad861fb6d124f40c935ac0a0073362ef5d5e557ec56d78fcdbe683a3cdb1a0625efecaca5e631dfb9ff398a752e824f529c87086d5d4136761cfab421a5a7867be1853156f76453cd49276c673513070b", 0xf1}], 0x1, &(0x7f00000003c0)=[{0x108, 0x116, 0x2, "2e1a8fb1755c6a3fade8a12a2e5e36855a62a5393645bdff4b6bd4130bd9406294ccb80bb2fe4562629db636f9043ed3e2363b0272d4f4844f6cd376a49cc6f407a11d018839646e828d0ba4276d9629fe78aaabbd541093e2ca5d21eb4a3729a829ee021f99fd6827d5eb5a1c0371fd61e981e372fef19a49da9aa5e104b7c77ac15158d774bd2d388c9a17b43b8688b86df1033e52df8e35c8f72c6d692012e4a8ff6f20aa023b74b234463e47a7e9fb7a6d34ec893f642be2aacfc48c9fbdff38bc9182c9975d602a64fb1963f444d9b3edad99831f2dc082a5a221a6cb67c06e17658b795b9bb0cc872e44e0f3ea641ef728"}, {0xc0, 0x19f, 0x2, "06721c5b8d15599968e516ba5e5874d1e99527e0f80829f089986eed5d10d559db90facfbfb2ceb20d077d3c7288f38c27a40c56b072fc6315fa18b87e7f20477071a3b9fa10f24053923c1a0a36c4797e1c08be86deb89dbfd58559e69736f3f03f8e2e885c62831324d868ebb2c83f8201110d93e9aade15f0a543de4dc28fe89a7259e900d6bffe473c38f44ec568dc71915c40b43bdb9d9b69644754c9000d3a67acfb9316c6ad8c2053848a"}], 0x1c8}, 0x4)
perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x6, 0x9, 0x7, 0xcc, 0x0, 0x7, 0x4, 0xd, 0x9, 0x401, 0x101, 0x1, 0x80000001, 0x7fffffff, 0xfffffffffffffffa, 0x6, 0x8836, 0x4, 0x3, 0x21d, 0x40, 0x2, 0xffff, 0xfffffffffffffffd, 0x100, 0x20, 0xffffffffffffff7f, 0x3, 0x3ff, 0x7, 0x7, 0x1, 0x2, 0x5, 0x8001, 0x3, 0x0, 0x4, 0x6, @perf_config_ext={0x46, 0x7ff}, 0xa00, 0x7ff, 0xeb, 0xf, 0xfffffffffffffffe, 0x7, 0x8}, r1, 0x7, r3, 0xa)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x28000, 0x0)
r5 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000600)=r2, 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={r5, 0xc0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)=0x1, 0x0, 0x0, 0x0, &(0x7f0000000680)={0x1, 0x1}, 0x0, 0x0, &(0x7f00000006c0)={0x1, 0x2, 0x5}, &(0x7f0000000700)=0x9, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)=0xf3}}, 0x10)
ioctl$TUNSETOFFLOAD(r4, 0x400454d0, 0x6)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000880)='/dev/net/tun\x00', 0x2000, 0x0)

[  717.199732][T16844] 8021q: adding VLAN 0 to HW filter on device bond0
[  717.213478][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  717.221750][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  717.323087][T16844] 8021q: adding VLAN 0 to HW filter on device team0
[  717.333705][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  717.342589][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  717.351155][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  717.358333][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  717.429287][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  717.445606][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  717.454201][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  717.463237][ T8828] bridge0: port 2(bridge_slave_1) entered blocking state
[  717.470369][ T8828] bridge0: port 2(bridge_slave_1) entered forwarding state
[  717.478167][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  717.488088][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  717.569419][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  717.578805][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  717.587581][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  717.596147][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  717.604815][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  717.613307][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  717.622022][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  717.697901][T16844] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  717.709594][T16844] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  717.718292][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  717.726776][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  717.745643][T16844] 8021q: adding VLAN 0 to HW filter on device batadv0
[  717.761734][   T45] device bridge_slave_1 left promiscuous mode
[  717.768745][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  717.845471][   T45] device bridge_slave_0 left promiscuous mode
[  717.851688][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  719.508103][   T45] device hsr_slave_1 left promiscuous mode
[  719.570766][   T45] device hsr_slave_0 left promiscuous mode
[  719.631065][   T45] team0 (unregistering): Port device team_slave_1 removed
[  719.643708][   T45] team0 (unregistering): Port device team_slave_0 removed
[  719.658413][   T45] bond0 (unregistering): Releasing backup interface bond_slave_1
[  719.702494][   T45] bond0 (unregistering): Releasing backup interface bond_slave_0
[  719.773484][   T45] bond0 (unregistering): Released all slaves
[  720.036103][T16905] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  720.047552][T16905] CPU: 1 PID: 16905 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  720.055561][T16905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  720.065667][T16905] Call Trace:
[  720.068968][T16905]  dump_stack+0x172/0x1f0
[  720.073311][T16905]  dump_header+0x10f/0xb6c
[  720.077755][T16905]  oom_kill_process.cold+0x10/0x15
[  720.082870][T16905]  out_of_memory+0x79a/0x1280
[  720.087583][T16905]  ? __sched_text_start+0x8/0x8
[  720.092449][T16905]  ? oom_killer_disable+0x280/0x280
[  720.097663][T16905]  mem_cgroup_out_of_memory+0x1ca/0x230
[  720.103238][T16905]  ? memcg_event_wake+0x230/0x230
[  720.108286][T16905]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  720.114085][T16905]  ? cgroup_file_notify+0x140/0x1b0
[  720.119301][T16905]  memory_max_write+0x169/0x300
[  720.124171][T16905]  ? mem_cgroup_write+0x360/0x360
[  720.129216][T16905]  ? lock_acquire+0x16f/0x3f0
[  720.133886][T16905]  ? kernfs_fop_write+0x227/0x480
[  720.138921][T16905]  cgroup_file_write+0x241/0x790
[  720.143954][T16905]  ? mem_cgroup_write+0x360/0x360
[  720.150507][T16905]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  720.156149][T16905]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  720.161785][T16905]  kernfs_fop_write+0x2b8/0x480
[  720.166629][T16905]  __vfs_write+0x8a/0x110
[  720.170947][T16905]  ? kernfs_fop_open+0xd80/0xd80
[  720.175890][T16905]  vfs_write+0x20c/0x580
[  720.180144][T16905]  ksys_write+0x14f/0x290
[  720.184632][T16905]  ? __ia32_sys_read+0xb0/0xb0
[  720.189423][T16905]  ? do_syscall_64+0x26/0x680
[  720.194114][T16905]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  720.200170][T16905]  ? do_syscall_64+0x26/0x680
[  720.204859][T16905]  __x64_sys_write+0x73/0xb0
[  720.209455][T16905]  do_syscall_64+0xfd/0x680
[  720.213950][T16905]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  720.219825][T16905] RIP: 0033:0x459279
[  720.223710][T16905] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  720.243301][T16905] RSP: 002b:00007f4ed7487c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  720.251872][T16905] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  720.259847][T16905] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  720.267917][T16905] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  720.275881][T16905] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4ed74886d4
[  720.283866][T16905] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  720.301075][T16905] memory: usage 3156kB, limit 0kB, failcnt 381148
[  720.308198][T16905] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  720.317365][T16905] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  720.324269][T16905] Memory cgroup stats for /syz1: cache:4KB rss:2256KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2256KB inactive_file:0KB active_file:0KB unevictable:0KB
[  720.349936][T16905] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=16903,uid=0
[  720.366550][T16905] Memory cgroup out of memory: Killed process 16903 (syz-executor.1) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[  720.383042][ T1044] oom_reaper: reaped process 16903 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB
15:48:32 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r2, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:48:32 executing program 4:
r0 = socket$kcm(0x2b, 0x1, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
socket$kcm(0x29, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)

15:48:32 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r1 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r2, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r3 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:48:32 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006000004000000201000000005000000000000000500000005000000020000000900000009000000ff07000004000000010000004cbb00001000000000000000040004000b0000000300200002000000007f00"], &(0x7f0000000480)=""/222, 0x6f, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:48:32 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:48:32 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0xffffffffffffff9c, 0x28, &(0x7f0000000040)={0x0, <r1=>0x0}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={r1, 0x1, 0x8}, 0xc)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x41, 0x0)

[  720.587246][T16844] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  720.619770][T16844] CPU: 0 PID: 16844 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  720.627815][T16844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  720.627823][T16844] Call Trace:
[  720.627850][T16844]  dump_stack+0x172/0x1f0
[  720.627873][T16844]  dump_header+0x10f/0xb6c
[  720.627890][T16844]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  720.627905][T16844]  ? ___ratelimit+0x60/0x595
[  720.627921][T16844]  ? do_raw_spin_unlock+0x57/0x270
[  720.627939][T16844]  oom_kill_process.cold+0x10/0x15
[  720.627958][T16844]  out_of_memory+0x79a/0x1280
[  720.627974][T16844]  ? lock_downgrade+0x880/0x880
[  720.627989][T16844]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  720.628005][T16844]  ? oom_killer_disable+0x280/0x280
[  720.628016][T16844]  ? find_held_lock+0x35/0x130
[  720.628041][T16844]  mem_cgroup_out_of_memory+0x1ca/0x230
[  720.628057][T16844]  ? memcg_event_wake+0x230/0x230
[  720.628078][T16844]  ? do_raw_spin_unlock+0x57/0x270
[  720.628100][T16844]  ? _raw_spin_unlock+0x2d/0x50
[  720.650248][T16844]  try_charge+0x102c/0x15c0
[  720.650266][T16844]  ? find_held_lock+0x35/0x130
[  720.650291][T16844]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  720.650316][T16844]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  720.660711][T16844]  ? kasan_check_read+0x11/0x20
[  720.660736][T16844]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  720.660756][T16844]  mem_cgroup_try_charge+0x24d/0x5e0
[  720.717138][T16844]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  720.731956][T16844]  wp_page_copy+0x416/0x1770
[  720.731973][T16844]  ? do_wp_page+0x486/0x1500
[  720.731994][T16844]  ? pmd_pfn+0x1d0/0x1d0
[  720.772910][T16844]  ? lock_downgrade+0x880/0x880
[  720.777790][T16844]  ? swp_swapcount+0x540/0x540
[  720.782581][T16844]  ? do_raw_spin_unlock+0x57/0x270
15:48:32 executing program 4:
r0 = socket$kcm(0x2b, 0x5, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000180)={r0})

15:48:32 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000840)='cpuset.effective_cpus\x00', 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000900)={r0, 0xf, 0x1, 0x1, &(0x7f00000008c0)=[0x0, 0x0, 0x0], 0x3}, 0x20)
ioctl$TUNGETFEATURES(r0, 0x800454cf, &(0x7f0000000880))
openat$tun(0xffffffffffffff9c, &(0x7f0000000940)='/dev/net/tun\x00', 0x10000, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8904, 0x1)
sendmsg$kcm(r1, &(0x7f0000000800)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x15}}, 0x2, 0x3, 0x2, 0x1}}, 0x80, &(0x7f0000000600)=[{&(0x7f0000000080)="30f8caeb0c474e6e4f429274ebd9fee9556686def9cbc0af37c8e642c2d6fa705342abb9f7bbbc8e75e023ce786b8bad321e8f652e32112f533755b77146dc2904be8c3f62ca6f41c151dc967a1ffb8dea9a6fe36c8be4140c7e189832abd638d20dd86b11ad836eb5fbbc04fee60619b7dd36125a49e3c6e43f5051d60ecd99a64d612c0559c976a63f08b6ce9b3c7cea9f866f7e119810db9695244f07733974e77c84a80933ba5e71ff72643f73df92ad", 0xb2}, {&(0x7f0000000140)="a7dd74dddb9717c8046bdaf84b913bba93db95aeab3ba8992e32b993baa66bd74267174b883e4a20953c0cd04e7431108a6d52b6153aaed762f465c4ce2992f93586bb3ab5d5d462a2399cda6d3904e464824f596242ad056828a1f9a0696da5075740aea3d5cf8ff60fc263d3838e9d80a9794cf79e6b9ba86d316344823ae780181f128905fc37641d54edb520a073c11bbb0d6928fafa50939eb9ed58fe984cca4500bf9919ce6e6dc1f5c60c0140ad4020efaa1981fc", 0xb8}, {&(0x7f0000000200)="39e0473f180d4099356288dd588270fcba19ebce2621744530419493bc02b1a2a4023e2da9acd140b997d723fb940b159b76349d9665e68a8e5b130674ff211320dcbad6288889667f36027c586c12a81635e70eef44176991e7735e3c78af3fceef6461c5cc0d37f295b54a455819998371b6ef6c89bcd34874bee2c91430719ba75dfa459d285cad8558d3564f3533bd6efc5614d26296ca2339f94c5336", 0x9f}, {&(0x7f00000002c0)="11bf966c6becb1104587ed2a4eddd5481c1fc063b9779ae3090cb327f573a16c0315f3c646351b8ce1a34f2b1460c9fc6ef80fd408c0ee69af35ade0b264e8e643d4afc6b76703a2b612a47b02c49783d86545e7ba1a88933384f2cd58c2277ba505cc015c77e9d6eddb57f7ea53e1e5993efbd49cb67a59310149e430a31b497e1a003751c87c85f805d9992cb5613042a1f718ee9291952d5242f621f5af0a5aa1287b79f309a6f346b24a37f420f848cc83acf63f623c3a00625e86c9854c484257d30bfca9e138496d0911558d2f1c6abb8f43b476fa4c84e682d504390ae03501059a9769de980dea3d4d", 0xed}, {&(0x7f00000003c0)="2c0503795787cdadf8bc12ca2fc7e12c7cb5fdf1473f71", 0x17}, {&(0x7f0000000400)="fdb8", 0x2}, {&(0x7f0000000440)="c828cb5271011997ecb8dfb520e3e1977cb3f361277a04ffd92e29a2f033c6c2169d14a06019fd4b553ab9064390d92ef38e682d958f4375c43e12d7e77c8dd222eb2739311511c9464fbb7bcd1dfc6500f07e6d9d2769bd5e63c37b018fbb96ab094286757aa96f88418884c5284d97631f81be13f4ae3f7f55686567381e583beaf1db1cf25e31a480f2556d38e5a2ba2edbeec25eef522baefcc0b0b816bcbb0b9a4e689b689e2228f0bfb2ea71d5683760", 0xb3}, {&(0x7f0000000500)="2ca1eb1a9383d35b41e3711a6f63cc193b3d3d75f54c1eacb558cb5dc5168cd0fc4b4e1d4718f197717a6da7779ae79028f37de40c0c0c506e8213ed558e8de0d7bdd02a50", 0x45}, {&(0x7f0000000580)="45fdc83b6cf9155bd827e5c0777aadf7fc1e182aee9860a8f3af4c36fe38cfb967534e6b207d1efbc278bdbbf73ed361ce6e1f10e3b1c9bcc782a32890093b774e472a49a33a902c5a66afbd8b650d4fb27be3e18194a41ec6220fcd3ce6c9aaf3458120b1e12714c24dc66a17ea71753127", 0x72}], 0x9, &(0x7f00000006c0)=[{0x70, 0x117, 0x4, "2e56c7d3e217efb4034818cb21049b0f9ab79384f501e7b7246e5831cf687b2074c2a8dce78285b0a0c91973df9261c1d79babe0853e8bfe80e8aa06cb566fa63335757ac085d2ec6377b476768a628b1ba7b49595c035424e8f78"}, {0xb0, 0x11f, 0x4, "603e39e6477bd50ed0f213db99cfe7c3965744017166cbe0710184cc4214f8d18cafafeef791460a9340041104ba5f2e2d808c02842b3a82e57edb141feefbd01d800dd4f27234836c2617b665a111cba6348c78b9e69b25145c09508a757b603b5a3803587bc4df479482d09ebca1b1bb43933c027ba3ae33f295beb5b3dbee835cc9ab416ff97581d85b2b149b7bf00c071e373747c5ad605d23caf6eb6f09"}], 0x120}, 0x8040)

[  720.787715][T16844]  ? kasan_check_read+0x11/0x20
[  720.792578][T16844]  ? do_raw_spin_unlock+0x57/0x270
[  720.797704][T16844]  do_wp_page+0x48e/0x1500
[  720.802140][T16844]  ? finish_mkwrite_fault+0x540/0x540
[  720.807527][T16844]  __handle_mm_fault+0x22e3/0x3eb0
[  720.812695][T16844]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  720.818250][T16844]  ? find_held_lock+0x35/0x130
[  720.823027][T16844]  ? handle_mm_fault+0x292/0xa90
[  720.827981][T16844]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  720.834235][T16844]  ? kasan_check_read+0x11/0x20
[  720.839101][T16844]  handle_mm_fault+0x3b7/0xa90
[  720.843880][T16844]  __do_page_fault+0x5ef/0xda0
[  720.848657][T16844]  do_page_fault+0x71/0x57d
[  720.853169][T16844]  ? page_fault+0x8/0x30
[  720.853185][T16844]  page_fault+0x1e/0x30
[  720.853211][T16844] RIP: 0033:0x430356
[  720.865502][T16844] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 46 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 4c 64 00 85 c0 0f 84
[  720.885124][T16844] RSP: 002b:00007ffd6a709600 EFLAGS: 00010206
[  720.891214][T16844] RAX: 0000000000019691 RBX: 0000000000714640 RCX: 0000000000008041
[  720.899215][T16844] RDX: 0000555556a99930 RSI: 0000555556aa1970 RDI: 0000000000000003
[  720.907211][T16844] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556a98940
[  720.915211][T16844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000714698
[  720.923206][T16844] R13: 0000000000714698 R14: 0000000000000000 R15: 0000000000002710
15:48:32 executing program 3:
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000740)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xb4, 0xb4, 0x4, [@func_proto={0x0, 0x4, 0x0, 0xd, 0x0, [{0xf, 0x4}, {0xd, 0x4}, {0x6}, {0x6, 0x4}]}, @const={0xa, 0x0, 0x0, 0xa, 0x2}, @union={0x2, 0x8, 0x0, 0x5, 0x4, 0xfffffffffffffffc, [{0x6, 0x0, 0x8}, {0x8, 0x5, 0x6}, {0xf, 0x2, 0x8001}, {0x7, 0x3}, {0x3, 0x5, 0x1}, {0xc, 0x2, 0x7ff}, {0x3, 0x0, 0x7}, {0x8, 0x3, 0x436}]}, @var={0x7, 0x0, 0x0, 0xe, 0x2}]}, {0x0, [0x30, 0x30]}}, &(0x7f0000000840)=""/149, 0xd0, 0x95}, 0x20)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000940)='+{!system)]}}-\x00')
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.current\x00', 0x0, 0x0)
sendmsg$kcm(r1, &(0x7f0000000700)={&(0x7f0000000040)=@in={0x2, 0x4e20, @multicast2}, 0x80, &(0x7f0000000240)=[{&(0x7f00000000c0)="c75d75c714755b163cf4718d40756110f650a203866f5d388e7c79bcf7d7834941b5d6d99e2cba3647b16e2d2e8b54600af0d268acb56e60593f4e412f547b4c2d415b50890098714ed75f6d0c43e90e187f4e6019ab1e54b740a9e2861ed8b285fafbcdd3f0b3a23ce00d5a9fcb8960cd7e0120b631d95cef5bf7837d182c683a905a1aa59146939a896d01ead926531631ff90db19f3a0d41ea4d156732ee069eda65758a85f2919ea4d9a1400126d4c93ba7f2f7ba91af04171f8", 0xbc}, {&(0x7f0000000180)="993a772181247057edea94c75d098e89fd9c7f9a18f00adbb426ac6060affd339c178afca34b98ad15f9ac89a03912c81c6c0341a48ba4482c1a0b3ba8f4dd836b96d0d76bc10f0cfabc8f14aef26597f1ee97c6f1e7893804f22377f63de03f7a84d6e204c55e", 0x67}, {&(0x7f0000000200)="14bb04ba78bf2d4f0d0b467fd16130b00736411a910208d780", 0x19}], 0x3, &(0x7f0000000280)=[{0x90, 0x113, 0x9, "e3f3203a27f6bddddf9d90b069d80d6c8122f460fa236fe99e312f510f91a61d761db3f660c6ad45f1386e7ef4052b2b7a384fc410472b4a71dd6df41557b2ab99b86bbfbc959c8a1022a7b97769d2075a342709a3331347400b5739c0b69dfda8ba5823d3417d6d046879a45fc8fa505b4b70a40e7e5e76102bea8ffd12"}, {0xb8, 0x13f, 0xfffffffffffffffc, "4c8ceb52a8deef938e72e337e03a47dc50bc0552d44ed2c151acf5d1dff098f9a96be70d8fc0e81a1214692f3664b292aa80c848113414c62f0adbd99f0acb65512557234584681fea759b22168c685d406982984f8d617ea80dab215d68213c183dbed025ed3c8138e5188b546a47107c6c5cb2dba632f0885a00f636bb2a41ad1d3bab5196023c6b18f41b91013ea94e6e7d777397638093cc222daea80d07682a66"}, {0x38, 0x115, 0x3382, "91808c8429212dbdfd99aacb1dbc3545ab2df7c6fac60f459635fc5efa072783acbb15"}, {0x108, 0x6, 0x9, "4b011c46d476b02eb454f0a731300f414887fffe9383b028ca72c5c5af37d20086e2127b2ad6885f8b3058985777ebfe7619a1327d73df0184a76ecaad8113b756850c9e507e9c6e3f7aa62b6ab0d50fbb2d8aacf9bcd833a0493f1796bb2f5a70a85c1674121a03bf33b5383786f7c56e6667d4f3da23f3a2df9d592ac629c1ce77ec185a73069a234b30ac165622a4cde6095a4ee05a2bd36791c7268011329790133cee00d7f283b212f3ff9454bc864a6a1ca7440e29431787eac6a31ce73f08f87b8a8de9014e569b28df9ed53c4169adc87f2858b6c4ded150d055972c40201dc6b493896305a45521855abb9fba1e41bac48f2017"}, {0x20, 0x0, 0x0, "63df34f02dde0ad3ae9ad8a67e64cb"}, {0x38, 0x11, 0x0, "151b9eec23697dc03d8d2b2a0ebcffeddabaf00f211540f49c39c426c48ff31f47c5f42367"}, {0xa0, 0x11f, 0x8000, "6af1163ba99bf939f59112bb23986f184fb31bf584fd550849d8afc79e8ea6e619e96eba0635990def40b3f8e6909a74a364b609b460df2dccd191732bcc0dfd0afb16533dd55fc6dae8f60d81590c27029565e0b3c535eee9ebbc82a3dc90af48964922bdbdb748e926977941fddb6ef3c651b0bb42ff6754adab37725f61c63373a86638e40d26388eafd4"}, {0xd8, 0x0, 0x0, "063ef87ea301600935e8e0eb9688319a321146650a3795de7b8551f25be45feed7ff3b72ad035e28e51791648e4e0d2ea36da552a1372f2da5c9ac12745762faedca0266eef5140e05685c535a6c601eabb793e5201a98b88abaec32fc2ae2e4f11d8a89ba2e8c5b2a20c6939adf712f2f4e4b5c7c74e4bab4aee6d76b0d5c101f4b27ee4982b9ed54a8b061d7b21a8908ad7dd2bb9e7577d661a66dfbfce9e5ddbdf89820984c505d7c98eabd05e8862840e0b173405b20addfc5538f07b4a3bc71ce0555"}], 0x458}, 0x20004000)
r2 = socket$kcm(0x2b, 0x1, 0x0)
socket$kcm(0x29, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8904, 0x0)

15:48:32 executing program 4:
r0 = socket$kcm(0x2b, 0x1, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00', 0x0, 0x8}, 0x10)

15:48:32 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006000004000000201000000005000000000000000500000005000000020000000900000009000000ff07000004000000010000004cbb00001000000000000000040004000b0000000300200002000000007f00"], &(0x7f0000000480)=""/222, 0x6f, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:48:33 executing program 3:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x42000, 0x0)
r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x1, 0x56a, 0x1, 0x43, 0x0, 0x5, 0x2400, 0x4, 0x97, 0x2, 0x7, 0x0, 0xc7, 0xeb, 0x4, 0x3, 0x7, 0x7ff, 0x8, 0xffffffffffffff00, 0xedb, 0x7, 0x5, 0x190, 0x8001, 0x80000001, 0x4ba3, 0x6, 0x100000001, 0xffffffff, 0x9, 0x2, 0x8, 0x10000, 0x1, 0xed4, 0x0, 0x8, 0x4, @perf_bp={&(0x7f0000000080), 0x1}, 0x0, 0x0, 0x5, 0x7, 0xc066, 0x364, 0x1}, 0xffffffffffffffff, 0x8, 0xffffffffffffff9c, 0x2)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000140)='vmnet0,\x00')
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>r1, 0x0, 0xd, &(0x7f0000000200)='/dev/net/tun\x00'}, 0x30)
perf_event_open(&(0x7f0000000180)={0x3, 0x70, 0x8, 0x0, 0x9, 0x3eda, 0x0, 0x3, 0x420, 0x7, 0x4, 0x3, 0x1000, 0x4, 0x80, 0x3, 0x200, 0x5, 0x243e, 0xfffffffffffffff8, 0x5, 0x39, 0xaa4f, 0xffffffffffffffff, 0x105, 0x1ff, 0x8, 0xee4, 0x3, 0x7, 0x8, 0x9, 0x209, 0xf7, 0xfffffffffffffff8, 0x7, 0xffff, 0x388, 0x0, 0xfffffffffffffffb, 0x4, @perf_config_ext={0x0, 0x1ce}, 0x4, 0x6, 0x484c, 0xd, 0x4, 0x1ff, 0x1f}, r2, 0x0, r1, 0x2)
openat$cgroup_ro(r3, &(0x7f0000000280)='cpuacct.usage_sys\x00', 0x0, 0x0)
ioctl$TUNGETFILTER(r0, 0x801054db, &(0x7f0000000040)=""/6)
r4 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8904, 0x0)

[  721.251443][T16844] memory: usage 820kB, limit 0kB, failcnt 381157
[  721.259026][T16844] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  721.325047][T16844] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  721.342214][T16844] Memory cgroup stats for /syz1: cache:4KB rss:100KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:100KB inactive_file:0KB active_file:0KB unevictable:0KB
[  721.404632][T16844] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=16844,uid=0
[  721.454730][T16844] Memory cgroup out of memory: Killed process 16844 (syz-executor.1) total-vm:72444kB, anon-rss:68kB, file-rss:34828kB, shmem-rss:0kB
15:48:33 executing program 4:
r0 = socket$kcm(0x2b, 0x1, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
unlink(&(0x7f0000000040)='./file0\x00')
r2 = openat$cgroup_ro(r1, &(0x7f0000000080)='pids.events\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f00000002c0)='./cgroup.cpu/syz0\x00')
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f00000000c0)={r0, r2})
socket$kcm(0x29, 0x2, 0x0)
sendmsg(r0, &(0x7f0000000480)={&(0x7f0000000100)=@rc={0x1f, {0x10000, 0x40, 0x10000, 0x9, 0x9, 0x8}, 0x7}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000180)="7535926cbbece42014ffdd1ec66f97a6dd1725c2e0655faed8e4611fb1d7f019c4d5af79810146a85ac566977590a096ca4636b99c7fdef77a66eb06ce0f237512ba9595bfa2ee4b11396ae4bc92c7db9da86ccfc5ea403e840522b4e51fe1a2b9757f69a162c47280ef3fa9a1af94ba7cc7862dd43898e3c5d41a466f28d8be0faccea7a3cce4e48ca565e4763d8e19e4fa8e9f9a97ea68491f5aa107cec9dbcb324f7455d3c8c6b9e1c072e04ecff5ebca97359f662993a2a1c5a6993408915aa0d577b4f83092c1aae2960b77fb116db0699676b3c583e2a8dfa3c595e52a", 0xe0}], 0x1, &(0x7f00000004c0)=ANY=[@ANYBLOB="e0000000000000000100000005000000ba81380eb5d44a4356066bd4277dbf0db08272e7686fca8ce0ca522a045ed107094932d3dd778f7f6d90960c41c024438c39b5a5217856896b1a1da2aec21ecf9af99d0392b03965c85fc818c90cc87776f7172508654192930724b5da48ab2488cc3813d5959800cdd5660b6499b8965932e45f3e88c42d786a6b67471bae0700e9664df2f9b32962a03d30bb3945da81c0bd26a31f3445e773dc964846cff10084c073a259263eb48223555ab1dcdbd2512fbb90d0616eed3a9d55e219b1e2ca8a88addd15282b5d58dab9a5e6f10020000000000000000701000085490000a60704a49f9d02a43c7d00000000000018000000000000000701000084000000fca075f095370000780000000000000000000000008000005d9d23efbeb03a1159c93cbe1faba4b599847da7e11934a118670bce6388f66ffdebed9c93213065b8ead179070db2941e472db81aff67dac992360a31b35def5a5987b96d44512593d91a62ef1e98e5dca5dc24744d4029b1f214d29c74b3866c850000000000001000000000000000100100004d6800002b22a272342ba94997f522d0ba6b2156876ddad9d1c5c66a57fc334d9d0124f9d32d38efe6e0a3ce358fc495986e9a2ccd64fda027592e78215b05ce9602ab2c"], 0x1a0}, 0x80c4)

15:48:33 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r2, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  722.401474][T16943] IPVS: ftp: loaded support on port[0] = 21
[  722.489592][T16943] chnl_net:caif_netlink_parms(): no params data found
[  722.534020][T16943] bridge0: port 1(bridge_slave_0) entered blocking state
[  722.542572][T16943] bridge0: port 1(bridge_slave_0) entered disabled state
[  722.550949][T16943] device bridge_slave_0 entered promiscuous mode
[  722.559827][T16943] bridge0: port 2(bridge_slave_1) entered blocking state
[  722.567412][T16943] bridge0: port 2(bridge_slave_1) entered disabled state
[  722.575584][T16943] device bridge_slave_1 entered promiscuous mode
[  722.595433][T16943] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  722.605782][T16943] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  722.628348][T16943] team0: Port device team_slave_0 added
[  722.635921][T16943] team0: Port device team_slave_1 added
[  722.714391][T16943] device hsr_slave_0 entered promiscuous mode
[  722.765015][T16943] device hsr_slave_1 entered promiscuous mode
[  722.812919][T16946] IPVS: ftp: loaded support on port[0] = 21
[  722.823715][T16943] bridge0: port 2(bridge_slave_1) entered blocking state
[  722.830835][T16943] bridge0: port 2(bridge_slave_1) entered forwarding state
[  722.838286][T16943] bridge0: port 1(bridge_slave_0) entered blocking state
[  722.845462][T16943] bridge0: port 1(bridge_slave_0) entered forwarding state
[  722.962828][T16946] chnl_net:caif_netlink_parms(): no params data found
[  723.372099][    T5] bridge0: port 1(bridge_slave_0) entered disabled state
[  723.380559][    T5] bridge0: port 2(bridge_slave_1) entered disabled state
[  723.401465][T16943] 8021q: adding VLAN 0 to HW filter on device bond0
[  723.416759][T16946] bridge0: port 1(bridge_slave_0) entered blocking state
[  723.424081][T16946] bridge0: port 1(bridge_slave_0) entered disabled state
[  723.432380][T16946] device bridge_slave_0 entered promiscuous mode
[  723.441026][T16946] bridge0: port 2(bridge_slave_1) entered blocking state
[  723.448628][T16946] bridge0: port 2(bridge_slave_1) entered disabled state
[  723.457346][T16946] device bridge_slave_1 entered promiscuous mode
[  723.672448][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  723.680306][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  723.692110][T16943] 8021q: adding VLAN 0 to HW filter on device team0
[  723.702680][T16946] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  723.898761][T16946] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  723.921754][T16946] team0: Port device team_slave_0 added
[  723.929360][T16946] team0: Port device team_slave_1 added
[  723.938772][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  723.947908][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  723.956588][ T8918] bridge0: port 1(bridge_slave_0) entered blocking state
[  723.963639][ T8918] bridge0: port 1(bridge_slave_0) entered forwarding state
[  723.978549][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  723.987938][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  723.996557][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  724.003628][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  724.276526][T16946] device hsr_slave_0 entered promiscuous mode
[  724.325055][T16946] device hsr_slave_1 entered promiscuous mode
[  724.382560][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  724.391798][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  724.589811][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  724.599552][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  724.608360][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  724.617415][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  724.833649][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  724.842087][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  724.851209][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  724.863563][T16943] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  724.876428][T16943] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  724.887305][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  724.896394][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  725.117073][T16943] 8021q: adding VLAN 0 to HW filter on device batadv0
[  725.140664][T16946] 8021q: adding VLAN 0 to HW filter on device bond0
[  725.355646][T16946] 8021q: adding VLAN 0 to HW filter on device team0
[  725.363966][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  725.372373][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  725.577975][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  725.586969][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  725.595635][ T3542] bridge0: port 1(bridge_slave_0) entered blocking state
[  725.602712][ T3542] bridge0: port 1(bridge_slave_0) entered forwarding state
[  725.610719][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  725.620001][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  725.628658][ T3542] bridge0: port 2(bridge_slave_1) entered blocking state
[  725.635802][ T3542] bridge0: port 2(bridge_slave_1) entered forwarding state
[  725.643464][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  725.653028][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  725.674128][ T8859] device bridge_slave_1 left promiscuous mode
[  725.688654][ T8859] bridge0: port 2(bridge_slave_1) entered disabled state
[  725.747289][ T8859] device bridge_slave_0 left promiscuous mode
[  725.753486][ T8859] bridge0: port 1(bridge_slave_0) entered disabled state
[  725.798426][ T8859] device bridge_slave_1 left promiscuous mode
[  725.804879][ T8859] bridge0: port 2(bridge_slave_1) entered disabled state
[  725.823912][T16954] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  725.835025][T16954] CPU: 1 PID: 16954 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  725.843113][T16954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  725.853190][T16954] Call Trace:
[  725.856490][T16954]  dump_stack+0x172/0x1f0
[  725.860822][T16954]  dump_header+0x10f/0xb6c
[  725.865258][T16954]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  725.871081][T16954]  ? ___ratelimit+0x60/0x595
[  725.875661][T16954]  ? do_raw_spin_unlock+0x57/0x270
[  725.880771][T16954]  oom_kill_process.cold+0x10/0x15
[  725.885877][T16954]  out_of_memory+0x79a/0x1280
[  725.890546][T16954]  ? __sched_text_start+0x8/0x8
[  725.895388][T16954]  ? oom_killer_disable+0x280/0x280
[  725.900837][T16954]  mem_cgroup_out_of_memory+0x1ca/0x230
[  725.906382][T16954]  ? memcg_event_wake+0x230/0x230
[  725.911411][T16954]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  725.917242][T16954]  ? cgroup_file_notify+0x140/0x1b0
[  725.922440][T16954]  memory_max_write+0x169/0x300
[  725.927295][T16954]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  725.932745][T16954]  ? mem_cgroup_write+0x360/0x360
[  725.937763][T16954]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  725.943234][T16954]  cgroup_file_write+0x241/0x790
[  725.948169][T16954]  ? mem_cgroup_write+0x360/0x360
[  725.953197][T16954]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  725.958850][T16954]  ? kernfs_ops+0x9f/0x120
[  725.963259][T16954]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  725.968892][T16954]  kernfs_fop_write+0x2b8/0x480
[  725.973761][T16954]  __vfs_write+0x8a/0x110
[  725.978092][T16954]  ? kernfs_fop_open+0xd80/0xd80
[  725.983031][T16954]  vfs_write+0x20c/0x580
[  725.987280][T16954]  ksys_write+0x14f/0x290
[  725.991612][T16954]  ? __ia32_sys_read+0xb0/0xb0
[  725.996379][T16954]  ? do_syscall_64+0x26/0x680
[  726.001074][T16954]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  726.007154][T16954]  ? do_syscall_64+0x26/0x680
[  726.011884][T16954]  __x64_sys_write+0x73/0xb0
[  726.016493][T16954]  do_syscall_64+0xfd/0x680
[  726.021993][T16954]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  726.027918][T16954] RIP: 0033:0x459279
[  726.031810][T16954] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  726.051415][T16954] RSP: 002b:00007f87c534ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  726.059831][T16954] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  726.067825][T16954] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  726.076038][T16954] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  726.084010][T16954] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f87c534b6d4
[  726.091978][T16954] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  726.107045][T16954] memory: usage 3212kB, limit 0kB, failcnt 229519
[  726.113767][T16954] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  726.121902][T16954] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  726.130395][T16954] Memory cgroup stats for /syz2: cache:0KB rss:2156KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:132KB swap:0KB inactive_anon:0KB active_anon:2156KB inactive_file:0KB active_file:0KB unevictable:0KB
[  726.152461][T16954] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=16953,uid=0
[  726.153407][ T8859] device bridge_slave_0 left promiscuous mode
[  726.168839][T16954] Memory cgroup out of memory: Killed process 16953 (syz-executor.2) total-vm:72708kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB
[  726.182876][ T8859] bridge0: port 1(bridge_slave_0) entered disabled state
[  726.194627][ T1044] oom_reaper: reaped process 16953 (syz-executor.2), now anon-rss:0kB, file-rss:34776kB, shmem-rss:0kB
[  726.241733][ T8859] device bridge_slave_1 left promiscuous mode
[  726.254766][ T8859] bridge0: port 2(bridge_slave_1) entered disabled state
[  726.337409][ T8859] device bridge_slave_0 left promiscuous mode
[  726.343750][ T8859] bridge0: port 1(bridge_slave_0) entered disabled state
[  726.365982][T16943] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  726.376418][T16943] CPU: 1 PID: 16943 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  726.384436][T16943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  726.394534][T16943] Call Trace:
[  726.397841][T16943]  dump_stack+0x172/0x1f0
[  726.402177][T16943]  dump_header+0x10f/0xb6c
[  726.406612][T16943]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  726.412415][T16943]  ? ___ratelimit+0x60/0x595
[  726.417011][T16943]  ? do_raw_spin_unlock+0x57/0x270
[  726.422115][T16943]  oom_kill_process.cold+0x10/0x15
[  726.427240][T16943]  out_of_memory+0x79a/0x1280
[  726.431916][T16943]  ? lock_downgrade+0x880/0x880
[  726.436763][T16943]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  726.442996][T16943]  ? oom_killer_disable+0x280/0x280
[  726.448203][T16943]  ? find_held_lock+0x35/0x130
[  726.452990][T16943]  mem_cgroup_out_of_memory+0x1ca/0x230
[  726.458527][T16943]  ? memcg_event_wake+0x230/0x230
[  726.463547][T16943]  ? do_raw_spin_unlock+0x57/0x270
[  726.468647][T16943]  ? _raw_spin_unlock+0x2d/0x50
[  726.473494][T16943]  try_charge+0x102c/0x15c0
[  726.477986][T16943]  ? find_held_lock+0x35/0x130
[  726.482766][T16943]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  726.488317][T16943]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  726.494550][T16943]  ? kasan_check_read+0x11/0x20
[  726.499392][T16943]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  726.504930][T16943]  mem_cgroup_try_charge+0x24d/0x5e0
[  726.510211][T16943]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  726.515845][T16943]  wp_page_copy+0x416/0x1770
[  726.520442][T16943]  ? do_wp_page+0x486/0x1500
[  726.525032][T16943]  ? pmd_pfn+0x1d0/0x1d0
[  726.529270][T16943]  ? lock_downgrade+0x880/0x880
[  726.534137][T16943]  ? swp_swapcount+0x540/0x540
[  726.538907][T16943]  ? kasan_check_read+0x11/0x20
[  726.543760][T16943]  ? do_raw_spin_unlock+0x57/0x270
[  726.548883][T16943]  do_wp_page+0x48e/0x1500
[  726.553310][T16943]  ? finish_mkwrite_fault+0x540/0x540
[  726.558715][T16943]  __handle_mm_fault+0x22e3/0x3eb0
[  726.563825][T16943]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  726.569362][T16943]  ? find_held_lock+0x35/0x130
[  726.574213][T16943]  ? handle_mm_fault+0x292/0xa90
[  726.579150][T16943]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  726.585402][T16943]  ? kasan_check_read+0x11/0x20
[  726.590245][T16943]  handle_mm_fault+0x3b7/0xa90
[  726.595001][T16943]  __do_page_fault+0x5ef/0xda0
[  726.599773][T16943]  do_page_fault+0x71/0x57d
[  726.604268][T16943]  ? page_fault+0x8/0x30
[  726.608525][T16943]  page_fault+0x1e/0x30
[  726.612672][T16943] RIP: 0033:0x403672
[  726.616590][T16943] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 29 86 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 49 3b 05 00 48
[  726.636214][T16943] RSP: 002b:00007ffe33393dd0 EFLAGS: 00010246
[  726.642277][T16943] RAX: 0000000000000000 RBX: 00000000000b1309 RCX: 0000000000412e80
[  726.650247][T16943] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffe33394f00
[  726.658236][T16943] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555555fd4940
[  726.666201][T16943] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe33394f00
[  726.674166][T16943] R13: 00007ffe33394ef0 R14: 0000000000000000 R15: 00007ffe33394f00
[  726.685675][T16943] memory: usage 884kB, limit 0kB, failcnt 229533
[  726.692042][T16943] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  726.699666][T16943] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  726.706600][T16943] Memory cgroup stats for /syz2: cache:0KB rss:56KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:132KB swap:0KB inactive_anon:0KB active_anon:56KB inactive_file:0KB active_file:0KB unevictable:0KB
[  726.706686][T16943] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=16943,uid=0
[  726.743537][T16943] Memory cgroup out of memory: Killed process 16943 (syz-executor.2) total-vm:72444kB, anon-rss:76kB, file-rss:34828kB, shmem-rss:0kB
[  726.758358][ T1044] oom_reaper: reaped process 16943 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB
[  731.687897][ T8859] device hsr_slave_1 left promiscuous mode
[  731.738342][ T8859] device hsr_slave_0 left promiscuous mode
[  731.790438][ T8859] team0 (unregistering): Port device team_slave_1 removed
[  731.802348][ T8859] team0 (unregistering): Port device team_slave_0 removed
[  731.815212][ T8859] bond0 (unregistering): Releasing backup interface bond_slave_1
[  731.889689][ T8859] bond0 (unregistering): Releasing backup interface bond_slave_0
[  731.963749][ T8859] bond0 (unregistering): Released all slaves
[  732.108335][ T8859] device hsr_slave_1 left promiscuous mode
[  732.178220][ T8859] device hsr_slave_0 left promiscuous mode
[  732.259916][ T8859] team0 (unregistering): Port device team_slave_1 removed
[  732.273630][ T8859] team0 (unregistering): Port device team_slave_0 removed
[  732.285737][ T8859] bond0 (unregistering): Releasing backup interface bond_slave_1
[  732.319018][ T8859] bond0 (unregistering): Releasing backup interface bond_slave_0
[  732.424971][ T8859] bond0 (unregistering): Released all slaves
[  732.558351][ T8859] device hsr_slave_1 left promiscuous mode
[  732.600353][ T8859] device hsr_slave_0 left promiscuous mode
[  732.658967][ T8859] team0 (unregistering): Port device team_slave_1 removed
[  732.674650][ T8859] team0 (unregistering): Port device team_slave_0 removed
[  732.686346][ T8859] bond0 (unregistering): Releasing backup interface bond_slave_1
[  732.721471][ T8859] bond0 (unregistering): Releasing backup interface bond_slave_0
[  732.813398][ T8859] bond0 (unregistering): Released all slaves
[  732.907868][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  732.920022][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  732.928982][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  732.937831][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  732.946624][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  733.121374][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  733.129682][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  733.138280][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  733.146821][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  733.155982][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  733.165399][T16946] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  733.192944][T16946] 8021q: adding VLAN 0 to HW filter on device batadv0
15:48:45 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r1 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r2, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r3 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:48:45 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)
r1 = openat$cgroup_int(0xffffffffffffff9c, &(0x7f0000000000)='cpuset.cpu_exclusive\x00', 0x2, 0x0)
write$cgroup_int(r1, &(0x7f0000000040)=0x7fffffff800000, 0x12)

15:48:45 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006000004000000201000000005000000000000000500000005000000020000000900000009000000ff07000004000000010000004cbb00001000000000000000040004000b0000000300200002000000007f00"], &(0x7f0000000480)=""/222, 0x6f, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:48:45 executing program 4:
r0 = socket$kcm(0x2b, 0x1, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0), 0x4)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000100)={&(0x7f0000000080)='./file0\x00', r2}, 0x10)
openat$cgroup_ro(r1, &(0x7f0000000040)='cgroup.controllers\x00', 0x0, 0x0)

15:48:45 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r2, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:48:45 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:48:45 executing program 4:
socket$kcm(0x2b, 0x1, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r0 = perf_event_open(&(0x7f0000000080)={0x5, 0x70, 0x1, 0x8, 0x70, 0x10000, 0x0, 0x40, 0x80630, 0x4, 0x9, 0x2, 0xff, 0x4, 0x3, 0x800, 0xe417, 0x3, 0x8001, 0x0, 0x5, 0x4, 0x3a, 0x4, 0x0, 0x22a, 0x0, 0xa4f7, 0x6b, 0x8000, 0x3, 0xbc6, 0x9, 0x8, 0x2, 0xbd, 0x4, 0x1, 0x0, 0x9, 0x1, @perf_bp={&(0x7f0000000040), 0x2}, 0x1, 0x0, 0x7, 0x7, 0x81, 0x1f, 0x2}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x7fffffff)

15:48:45 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:48:45 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$kcm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="032705ca1b4dcf33290c773c2e5a3c9456987705a5984fb7200866393e48464fac8223e374187a7987cdfb7bd118c31d711ea19e28b985abd8ac5310979eea54fe8a29857fd50ae54a3ee95a701b379c3c478a798eac03c4aa7043b56d397088c30fd9079ca198644a092e0ef207d1b10bff3d81c970b0b1b7cca94c02331f2f5f2cd7808667b963bd5d34d3af92adb617e8ed83a331f8a761ba770a8e8b0c21ae8de672728a0e22ce6c229e7a4d81c235ddbeaeca9c8fee337fcbd7a2577afecfe46f997185d27213938ab4d4464f60cc916aea46e7d1409fd976cb2d7b76585786c64238676722b8f5127ab79c4dc7", 0xf0}, {&(0x7f0000000100)="a35e27f70ce538f037917255fa99ecd738abb7e05d33e083561f1d718782307ac7b2d853a51fedb9e866f10d7e900c5ffeeae30dca44d8670a086c575fcddbef06aaa6e83d67253241bbc821fcd3b92f0ef9fb6194534ec7581abefc48ddfb61ed298b5903f76074a87134517b5d9f88e913ba1cdf6e3dff07182ddb53cadf218f45f124bda8f6d7e6d8bb3fab5f5542cd18eeb464473e052e98141a3632", 0x9e}, {&(0x7f00000001c0)}], 0x3, &(0x7f0000000240)=[{0xd8, 0x0, 0x1, "2651f27ae8a3ef4f38e8f4bb0fcfe1d94325acfd60a78aa6a76db5fdacca9b76899bb31da9b78e7fc6e3bd1b46f0e6a7d0ecd32bfc532a82fa2995d2beaaa9c6ac8cd0e8c11cd0fce0563f8befbb229d1fec1529f94fb9e93a8f0beb5674db63618389b30e25fad57eb5eccf9770df31f84e4bb68139c4a017c521a629fe8d82b9bb74081a4d55f7e48f894a4db916511eb4320848d74a70c7159660e8adc3271f9890ee1ee3528cc10568784cf862a6b61d9bcd29ff1f2a8a22e4fd1f48ae006fe2c57d3af9be"}], 0xd8}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)
sendmsg$kcm(r0, &(0x7f0000000a00)={&(0x7f0000000380)=@generic={0xb, "95a8bf6aac8ba472a9fe9cd8b1ca00f46a879d998c109b4e9ccc826819c05b5cbb711374fcb2ab7613c07563c60eb0cb8127ec6799bf7b9e62f57f57a4e81c2d489ef80cd5afd67ca8057d7ba676c71c7d8d5969464b7030c04e652046d3a86c5a93b5b6e8df2efd45656c61c0ae990f741ab9c432b75761cd17fbdcd12b"}, 0x80, &(0x7f00000004c0)=[{&(0x7f00000001c0)="7188555c2e8539d8", 0x8}, {&(0x7f0000000a40)="1f32534f9e142d544a8c8f26116eae1668e7bd3c54abd833a17af5ec785f5a1423a5baf0ec8ef5d15a5bb7c6c3126ed8e5f66b70b0f9280265d9904dfd3575481cbdf7708cf8747ec4158a9bfe8cb9d2932c39bb43a0d4f6ecdfdfc4ef79bbc4515f6156cd1e2dc5769d6c709468899229495c02efd92d214223fc7817ae8e8cbb423f3afd646f442b3cd9d68169b1b9f18d6c6632b099e97d60a8504aa5de30a8e28ab79e", 0xa5}, {&(0x7f0000000480)="15f037c4b13dfaeba2f3fc938d564684095c520a0e", 0x15}], 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="a00000000000000014010000080000009ede70ca570394102c58b373d390118f2db61450df7fa9a7bf4a63c5f46e3b91fdd2d1bde62d722098ac6bfa0fed66e832eddad7f3695bc9ca451422488547ca176b5c2654e84712f0c066979ade3b43cbd5d6be83b690d1d222840aac733ac3b6b5cc87bc54634529dbfbb894356b41beb084519fc8d4689b531d104476e8442a780481d33a0bef348712a11400000008010000000000001701000004000000d51ff7d703bf2f3eae19f50a5adb50d44ec0acf43cdb0bde1ddb111265d2800db93e9be994e41066d6a501c97439a0963e0be6e50c66d7c1e86f4c10e64a72e961325aed0ff0ba299a339270c5e6c1d998d6cca6714a1410ea6eedb180d46acad4ec4adf44d77f48a974172cb5a203a91489eba4f2c4c6ab85836df914a4bdab614b0de67c1c675bfff4cbaab0c72c6dcfdee2f3b412518e1dbed83a353226d4c64eca06c738ec8512bd10bfd513b109c93a28daa0837e064d27d9f9c9579610b904950bc51c41ad80b4aa4dfcd3160d59a810489f5433a570415a3e31bbf03cf6f3dbf0231bd305cdce4cd3ed6c4b3c815cae79ccb5895cc80000000000000002010000030000004338dd233be37ea2c878b90d08eff49dbe3c2420a2b83c145eef71b35f59cc7ac588c972ca357425694c41d2b338a0538ce708442799c74fb5d4ff0ed9a50157eda4f559261f94ab4ca4addefd454fba8c38b975c3f82cb2f090c1f6febef9ebd9f6fffac0e8293e3eb97a40a7e5d979ea54329c802b2b20dd159222a21b620329ad905ee2b055a156ddc8b0da68cf1a39310351eccd605e64ce5bf8aefca2b5ec9c1ee2ca2842c6e26f153521d519d15adb204d4b42000010010000000000008d0100000800000023d353f6101de4bef131fc5e68c2696d78689bd6ac6f63950489cca57bd557bc6e05b6dbe5307842fe406ca3db89e861eeebdd890306f3a8a63f3c49351682967ef7ff137fa0c79d047962dca6a02e1ddad3bc5f7faf547887fb709dd9c21622c8e9985a656ef2e0e6abc616a582a8767e1cffdd0bf425aabaeb0aa61bd4f3709d2b7e2c6bc43f5337a73919c9da89698fb9ed712f28980e4ada1d7af61b6fb1643b79a502a645a7fbea9d47d20db998ce33db059f05044f501e4dc0b49f1815d4e816ade701d122a68acbc238596eea0eb9f735a399c4ed67c31323c4c901742740f40c166793f1d59342ba87947882920d68f7da12b1b39400000000000000e000000000000000000100000000008094ecbeef49812dc79ab80b269e16981aa295a052b806d5b909c90e7653f5850332ac632f40b551f9124ab33ab02218086903ef507c34739378a2d7b268b523ca0f16c303687c53ee52fe50ab701f7a7d19cdc8a196cdd1f9ec5fa5c4299ff0fd0cff64ffc583ce86ab336b276a673dcb00d5b04d1f1767b6529b768467a138d3e3d9c2717da85756e39c31a2ea69e00788ada164cdcc3be988801dc147b2f4d1f0d1f110c758e30d6f93d9acd684dd31e116053419ae4af6134dd3426240fd107ac56e509123d18561082cff1d00000088000000000000001501000080000000c38f4713e068df17d096388b9a45c159727e56392e9c04ec38c85824b3cb9201b3726e6e818dce502018516a2dd498cf7866935a4ed6a123f9b5c9d4816c23482a9ee2b8b7fcf8496f43ec7e1b69e13e8823033f7aa5e153639111328a38634d9bc8374f5893ec404a2fe65f65b25549ad00000000000000"], 0x4e8}, 0x48000)

15:48:45 executing program 4:
socket$kcm(0x2b, 0x1, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, <r0=>0xffffffffffffff9c, 0x0, 0x12, &(0x7f0000000040)='./cgroup.cpu/syz0\x00'}, 0x30)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)

15:48:45 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

[  733.831243][T16981] device nr0
 entered promiscuous mode
15:48:45 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuset.memory_pressure\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x5)
r1 = socket$kcm(0x2b, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8904, 0x0)

15:48:45 executing program 4:
r0 = socket$kcm(0x2b, 0x5, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
recvmsg$kcm(r0, &(0x7f0000000480)={&(0x7f0000000040)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000000300)=[{&(0x7f00000000c0)=""/144, 0x90}, {&(0x7f0000000180)=""/90, 0x5a}, {&(0x7f0000000200)=""/60, 0x3c}, {&(0x7f0000000240)=""/18, 0x12}, {&(0x7f0000000280)=""/102, 0x66}], 0x5, &(0x7f0000000380)=""/214, 0xd6}, 0x2140)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)

15:48:46 executing program 4:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000480)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNGETIFF(r0, 0x800454d2, &(0x7f00000004c0))
r1 = socket$kcm(0x2b, 0x1, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={<r3=>0xffffffffffffffff, r2, 0x0, 0x12, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', <r4=>0x0}, 0x30)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='\xb2em1@\x00', 0xffffffffffffff9c}, 0x10)
r6 = openat$cgroup_ro(r2, &(0x7f0000000400)='memory.swap.current\x00', 0x0, 0x0)
openat$cgroup_ro(r6, &(0x7f0000000440)='cpuacct.usage_user\x00', 0x0, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000500)=r4, 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={0xffffffffffffff9c, 0xc0, &(0x7f00000002c0)={0x0, <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=0xfffffffffffffffc, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x4, 0x4}, 0x0, 0x0, &(0x7f0000000200)={0x3, 0xa, 0x100000000, 0x4}, &(0x7f0000000240)=0x8, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=0x64bd}}, 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000003c0)={r3, r5, 0x0, 0x17, &(0x7f0000000140)='nodev^selinuxppp1nodev\x00', r7}, 0x30)

15:48:46 executing program 3:
r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0)='cgroup.clone_children\x00', 0x2, 0x0)
close(r0)
r1 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x7f, 0x6, 0x6, 0x6, 0x0, 0x8, 0x8000, 0x8, 0x8001, 0xfef7, 0x5, 0x2, 0x7, 0x0, 0x6278, 0x0, 0x35af, 0x69c41566, 0x5, 0x6, 0xffff, 0x8, 0x1400000000000, 0x1, 0x81, 0xfffffffffffffffd, 0x0, 0x0, 0x2, 0x0, 0x1000, 0x8000, 0x3, 0x3, 0x2, 0xffffffff00000001, 0x0, 0xfff, 0x2, @perf_config_ext={0x8001, 0x9}, 0x2b00, 0x6, 0x101, 0x1, 0x7fffffff, 0x0, 0x100000000}, 0x0, 0x7, 0xffffffffffffff9c, 0x2)
ioctl$PERF_EVENT_IOC_QUERY_BPF(r1, 0xc008240a, &(0x7f0000000080)={0x5, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$PERF_EVENT_IOC_DISABLE(r1, 0x2401, 0xfdc)
r2 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8904, 0x0)

[  734.214803][T16990] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  734.291708][T16990] CPU: 1 PID: 16990 Comm: syz-executor.5 Not tainted 5.2.0-rc2+ #14
[  734.300175][T16990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  734.310256][T16990] Call Trace:
[  734.313572][T16990]  dump_stack+0x172/0x1f0
[  734.317923][T16990]  dump_header+0x10f/0xb6c
[  734.322354][T16990]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  734.328179][T16990]  ? ___ratelimit+0x60/0x595
[  734.332780][T16990]  ? do_raw_spin_unlock+0x57/0x270
[  734.337909][T16990]  oom_kill_process.cold+0x10/0x15
[  734.343045][T16990]  out_of_memory+0x79a/0x1280
[  734.347745][T16990]  ? lock_downgrade+0x880/0x880
[  734.352609][T16990]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  734.358867][T16990]  ? oom_killer_disable+0x280/0x280
[  734.364072][T16990]  ? find_held_lock+0x35/0x130
[  734.368867][T16990]  mem_cgroup_out_of_memory+0x1ca/0x230
[  734.374430][T16990]  ? memcg_event_wake+0x230/0x230
[  734.379475][T16990]  ? do_raw_spin_unlock+0x57/0x270
[  734.384598][T16990]  ? _raw_spin_unlock+0x2d/0x50
[  734.389463][T16990]  try_charge+0x102c/0x15c0
[  734.393986][T16990]  ? find_held_lock+0x35/0x130
[  734.398764][T16990]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  734.404351][T16990]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  734.410622][T16990]  ? kasan_check_read+0x11/0x20
[  734.415495][T16990]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  734.421058][T16990]  mem_cgroup_try_charge+0x24d/0x5e0
[  734.426484][T16990]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  734.432312][T16990]  __handle_mm_fault+0x1e1a/0x3eb0
[  734.437446][T16990]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  734.443005][T16990]  ? find_held_lock+0x35/0x130
[  734.447781][T16990]  ? handle_mm_fault+0x292/0xa90
[  734.452746][T16990]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  734.458998][T16990]  ? kasan_check_read+0x11/0x20
[  734.463871][T16990]  handle_mm_fault+0x3b7/0xa90
[  734.468654][T16990]  __do_page_fault+0x5ef/0xda0
[  734.473438][T16990]  do_page_fault+0x71/0x57d
[  734.477957][T16990]  ? page_fault+0x8/0x30
[  734.482221][T16990]  page_fault+0x1e/0x30
[  734.486384][T16990] RIP: 0033:0x410bbf
[  734.490286][T16990] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[  734.509912][T16990] RSP: 002b:00007ffea2d19ca0 EFLAGS: 00010206
[  734.516042][T16990] RAX: 00007f04cc396000 RBX: 0000000000020000 RCX: 00000000004592ca
[  734.524153][T16990] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[  734.532141][T16990] RBP: 00007ffea2d19d80 R08: ffffffffffffffff R09: 0000000000000000
[  734.540124][T16990] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffea2d19e70
[  734.548109][T16990] R13: 00007f04cc3b6700 R14: 0000000000000001 R15: 000000000075bfcc
[  734.590669][T16990] memory: usage 3296kB, limit 0kB, failcnt 464
[  734.609420][T16990] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  734.624485][T16990] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
15:48:46 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0xfffffffffffffff8)
r1 = perf_event_open$cgroup(&(0x7f0000000000)={0x0, 0x70, 0x6, 0xffffffff7fffffff, 0x4df2, 0x0, 0x0, 0x240, 0x20044, 0x0, 0x7, 0x4749, 0x5, 0x6, 0x5, 0x7, 0x7, 0x20, 0x8, 0x4008974c, 0x5, 0x6, 0x4, 0x1, 0x4, 0x5, 0xfd45, 0x8, 0x4993, 0x8001, 0xb7, 0x4, 0x9f8e, 0x8, 0xd2, 0x3, 0x8, 0x4, 0x0, 0x2, 0x0, @perf_config_ext={0x400, 0x34dba8d8}, 0x400, 0xd3a, 0x6, 0x7, 0x7f, 0x6, 0x2}, 0xffffffffffffffff, 0x8, 0xffffffffffffff9c, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x0)
recvmsg$kcm(r0, &(0x7f0000002880)={&(0x7f0000001140)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, &(0x7f00000026c0)=[{&(0x7f00000011c0)=""/92, 0x5c}, {&(0x7f0000001240)=""/219, 0xdb}, {&(0x7f0000001340)=""/56, 0x38}, {&(0x7f0000001380)=""/1, 0x1}, {&(0x7f00000013c0)=""/4096, 0x1000}, {&(0x7f00000023c0)=""/79, 0x4f}, {&(0x7f0000002440)=""/226, 0xe2}, {&(0x7f0000002540)=""/142, 0x8e}, {&(0x7f0000002600)=""/130, 0x82}], 0x9, &(0x7f0000002780)=""/232, 0xe8}, 0x40000000)
r2 = openat$cgroup(0xffffffffffffff9c, &(0x7f00000028c0)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_ro(r2, &(0x7f0000002900)='cgroup.events\x00', 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000002980)={r3, 0x28, &(0x7f0000002940)}, 0x10)
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, &(0x7f00000029c0)='md5sumsystem\x00')
socket$kcm(0x29, 0x2, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_percpu_user\x00', 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000001100)={r4, &(0x7f00000000c0)="83a618c51d42802b60fc9a3946ee60f2308ab678edc023bc40c9f8ff6b093a4f96bc55beafda70be879a7d997a3d80e1189e8a9fb14cf7f9043e240a5bac93841abca7459cbf3fe6fee96cc1d6ecb0b830615b54b56c3e2edd6ca82e61b92ae08010216bf81d2120c5e2b1c1f26fed3ded6f42805926acb34d16c74e06ad1c25600ba5b54699bd0e552fa7b2f8adff8914f72a45b7a907543ba5606074f5d16321f9f6affdaecb192989d800dbd3af22a226a5039d883abf8ebe46893dd2e7443296c5d892f7a0c7a286479a489f724f264839d8fd4137e5417a6c4a87064a6f5a568c492ca88718bb6783cdec70bec1d40ac296f8cb2c46430d498bdb8928ecbc6ea42c8abef0b81daec8640b7b90649adcf8dec84f5d3ef7f8002238694c24baf70e1262aed43ff2f322c6a4c95abc1cede766699080d7ced6819c6422c38e942514781dfc679e51ee722829023fc8eead3e089396ccf952ac8a529730f3ba00f6576180efc64159eaedd05465858a75b3f9a8e0d42a6c4e0c1bfc8e6e51b8fc098b3ca47cadd91c6369c366d7324eb6c8f044b8dc54e7d2cbcf9197e4bc4d32a0044eb346b25522decb857a19d5e63f6245ece555dfcbc9cb4861d62c5b04d11345791276ec6b82348067e9518f23d680453125af6b5cbe2ae9b36956ecd2f46be16ff90d6ce16be44d71e03d063a92d07422c424bb0da9252ccb8dcee7f2cfa3a66a08a56d19f8d99d91e728588ca7f13373b63808bc7672a0b86d4b604fdcd21058e43425fb627b51bb1f19be645e29009900c9e03a6979b8e0a3b631e7e045d880ce3ad8c8c65abab629c046b2dfacb7128c651ff2a4f70701cfe133c26e07725c4a13c22df6ece6d040f8232444b76f4521a4ab070a51e959da8eb51b46cb71a9835192b106cca5953a0e506a5786a93d889c75b218406ec56ffa5b4d0a5e0e8c04f7c252d13e8da57e479decae8df5babaf17590c1ca0c2c3fa4fa55f661ce3e090775a5ad7b8c3ad1c469497314939fa0bf293981498386150677f02f7b358ccae2bec18b66dce26069df01c91fb099190061a887cb44c267b2a12734898072d08f3ee5968226089e3df18a1874a744f34265fbd73f63da63ce6c8a226dcac66a57ffaa42bd0de858e09b869716ab0e9a1b196676cec6d9c16a8918baeb732d4188e29ca1ec46a550627706f2a3dbd04bfa811bd50fe5963f51ac032183d942d07d1d3ca16c5b137d5f45ce9f67e63baca852ba25f70f1e3a8d1ddd1c53c9d1f4f5e39efa2c188e22344bd1092e32db3904286187886809b8fe9ce4906cffc63af03bc6a08a6998c8afc24afa4966a123d1f114ff5b9124d671019de306ee76a98133cf7aae9b6092c42f7008f00aae123373c4b2c8771ba9227d6652ff50381b4d99459ceb0ce95e47542db81fc0ed681ec9908c5bf774c61cb612a1cd6d64dfcb5684865251bfdb3c98e08a797566c7b05a08b1dfe4fd34fa42c39d5deebabadfaee73058a64c2bf2f2430b689eef75d6b3bed52c70773e45b28ff17985a41b07fc854ac440a716c8a51ce92f0d3751fd968bc2ceb7d474385447a9990de476b8137af572a0cdbf98dd54f555f6907bd93993af4125c95fddaf22a1afc0ca6fd1a4b53676b22f38f8f17b071cecca9ad4304c17b30cbb45531c2b16e1ae001612cceebb423e91caffb07b90477e8b2b5ae3dfbea88c397afb7231516da5b1b5e6fee801e52cd11cf9954655524b101a55883d21640775ef47e0753b7a998d00a5e57990585eb229f98cd5ecfc3dd9d490ffb1860bb07ce4b9945f8cc7abc5e52a719bcf190176bc6409659f96872756555b174e937e9064d6918f4259b77f6d3d5508833e1ab5c19d43b6d830fc8f79e4182f31b4dfbb52a2e221be40f469d234973f25b10ed1e01d467baea2129fa57daf83508f86a759b8f0d9a569a1dec78fe32c0ee8d6561265c26cbc51de0127dbb4ebb9584c039b2c2300c1bf1b61e77b837c51bc297da9fb6447394cbd5ae688381a84fc50749ac211ac667a4a2e527c71d1395e595d1dbd5a0fcff2b1fafa972ea1fea1d97ee37603d2ff6a8a4f084997844b1abc0998c0ca119838a9515a07a024df1104675f39d6b2991e233f06fef3836a39f32aa93a19e9a46d56d39128076c02f86217b0c5de1c41ecc377c90f57a03bf0a3792ca7038fa8f369cf96d63f71f7603ed7e7be02ed6b8e0c31a98924d6c6e9f4105593469a7f4c08cab3e10107d0fb59c3d73e0396b5286917dc1329b51b3d9e3d03a7d09b407f2e5d889cc5249b1d26d5ee962fe7491b07f26afb0136d5a24e62e3f1997b531bcf698e2297940cf2e60a50542960c9aa0b98e0d5c3e5445fa578f68e6f2e6860af91379b3a58a8c23468c35c8a56c0bff1d961e20d82dec4a3663c3fdefbdb74b29b2ce908349ff133cd95710404a9ddd627b30d1123149f6f9816c1caf827f6fa052941dc46c670e41ce648e26bc158021823febcd69b91403d6050b5decf86e8be13364a0b3777f4387dc66630ca536d6de55e17c3af408a2c1660416f64bf77efd1acef1549c8291d759ed855fd4ea51eb595be405623325bd07d04573fb69f278631c7453bce5fe4583609821519d9086f985b915f2fad82bd6414f092f2023da8dcc5b0c1ccba82f697075c63ec441388fa37943d9c93e239f8fccf7ed1435d47c61350c95433b2387581dbd40b9b3da6e42a1bd226a7a7a7940a0191c63a857df904f499231bf81ad8af2d6e5dc982c5cfda5f0ab794148509d738f9d35e965610665e12656cfd1f2d1983647d52792b0f16161d7547453358ddc05587defd0367f9cb7c61a20bc439c18cb84257e180adbe2e03f0ee8e174b8f1bb77fb3e8a05b1840d3eb05dbff71fc1c5919b43b3b8508846990d511f5d8d636227c4d670414ff156488be6da2193240d9ee0f7f3868313b3005d1c2de3fb0718da6a0ff2556b99d515a8b9195a72f9d7663f5a5257ab5317e2ef8081e721fadef6ced6b3177055d8ac1465d489b8055dc566acb4dff7d01a16445e629fa27b050ccbcdbeac76b2ef57c737ba03be5675e8b02ece66b9dd93abe6588467f100027dcd54e1ea8ebfb162be97fe6ab2abf2afade1799a7af203237611fa0ea74f0ad9dba521e8af3757d318c82abb5f1215400c6c99258473c0160c750efb8a86c9f34e7e09bc3a32208038098995cb8a76b6120bfd2c64d3d2a22d9999933672aec67d48f7cba0666f13758b1eaa1a150daa85914cbaedef7057752421add6cd8900bb4e02444b9a8759d5d6b82fadc7f13f8a40175163814b4d421d42f6d115a36d3f338c115aff7ab1522b80bc0aa72c98fbec3fde22c552f9298ebe14a85fe235e2209dc7085eda9726776cf85a2ea015dd9d3c9483ab49d14ee5dbe890ae51554453b783d15c6c9ca82ba85014f24fef5ea7170a808c25227d744f8a493241efdb2891eadb0d9a899a2bdbe4f01251a01e545e6793a4b2ac3aea6e3fa9cbcb22c3886f35e5770ececb958b7a747d7ddf2b0434c551f31121013c67aa78570f2985d0d8fa5a81090341300c570947c783a718ec4c6de7548b0aa282ca45d496ea5e69db8d7bae660461af3724961d687b6e99a5e571a101d854cdebbc2da9a24383faf25310df05c7174716f3461d155e285dff03a5ad61ebce291c360ba3106f1f6a7696fe1b57557dfe60df1f9ca9d8eb574e57f43b2e79aa339039bdc62f17c785f1f15230040356d975dde66df17d89a5e8fe5f4ef7d7e845d4ea5bbc5674fc5dee7c95e9f3c5b829076f1cae4d324d47da4a97846cc9a8d60fa3572dccb9ff410c82a465a1dddb96ceb2842098813a3d803d4df2f08a0a2c030defdf092076d16bcebd7c50d7021f642645079121cf88686715ff8d532d3e352de5797a499cd9a0ab88414ad858cb4025f0fe3fbf58543792d7fe2cef5bc5a7fd671bb594e888f36b0c1f4a1322f91d3566388444cbc7f4468f8ec1ec266bbdee6390f734208082552cd9741aa07f793ade32f9bea02d2086c6d0e5124c1642a17a100053dc321a3935d63d99e557ced7c08269227b0c96db6ac0cd74ef07819751be531711d322febe634ea3f4c8ddaa5ebb70a4a91440efd0d297793788874c9b6f7ebccb9bfa2488d698cdbe906572a24cfbe0b503bf41fdd13735e30b2fe884b00b8c75d959353a0245bee529921a4a73c6c8962f1f3f47f76ecb5c89bb771266668ab1d7f4888c189a26f167146d2c9fe4e6bdb365ef7a074dafbcddf7f4d4965cd585870c39b3828c358ed59e5a203568c8e0b3e43127bd63c84c9845896842de0ae7fa4f12a07277b71b37ba981fb8cbc3e936f0971fcebb84fd9128c701316b47cd3b0de9cd8e4d9d81a1d6225be17012485555d4483dfa85571829f191dd6c7f8f79277b07dfe42652487d4be94193b76cb87e78109a51484c681204bc676cc79c569a1289d0d53f24262c17b4ba39b1b0b7c8a49fc04b9361d0850b54010f04afab6761cee699bec05e7bdd69b0cd970aca9fafd1fac266f6cad67115c2bc1b4b2b9aad6d5526a52443ea3f752e88f6d3c4215d60687befe275634fd0699b9e5e9820717f5c0ab5a4c25791d503e3e0309ac643c773f0726cc65170298304d1349c200bd96dcd05c8c44d049311d89a1d5fc193be204c251b9e78e587ecef5819ed368896c98b4f5f1b5ad9b9f0d4183868278d1590fc81e32e35aa6728e942954505be0360a5cd9451b76dce92633ad0259223d95ae17adbb6cfbbabd62b0cfbe900ee1593165340974e2aefc19cb4c3c71bff7934cf4ffbfa45d467aed67c4060138a976aad843169ad884d30ac388f909d19914bbcfb9ad2049fb8abfe5a42331ce57e13eafc12eb1b533e4dbfaf21c0223e42a408d5c502fff5ed7a04a9c924f3d5761f94a7ceb5a296f38ef53727e1f7056e3aca15bcb5db3bedd845aaca06b2efb0bf0c70b8c02fb1fb511e34a29f78014406c5323e3c1ef30153b0af8c2abf5f2a6031af12d24903cd2563b9e4e3ee2ded00a3a010f8bcd1b4ae9e5e637694fba603df315eada8b3694eb58587292c8e800594e7c91a826d30108b85e03cf0b3a5afb7fdf8f78b623a5c0f96f60b348fb55100629b9c568c041b67e8b1dc6f55a6659070406a00efe104af1bc0d01a289b896b52fb9620a66dbddc84af12e9bc61f0fbda77b692559d2362bfb33107334942efab155a20aec9b88869639d7a6aa7eee94e9d6104607128ce36bf98175513789932043cecad209acd4f28494b3a0e26da6b2e425ee9478121715247ad046fd757e11fe0ca5f0e5046818db1f470e64379fe3be8cd9ff6179a065282ab52a00c527e413dcb83b2fa55bde019f136e7edb59580ba0988b3defacb6a1bca8159ecd72879e9436ec67930aed57f915b7313b5c7f3fb2832004d95721294c3f55411f3c1b6b1ed892cf4dd141da7aa9bea8abb49ba20bc67712400bc10b680b827961224c44a67b4e53f2d443326170ded8266d936e890e9addcb5754873701d85e28aac0eb95f88dcd06cb9090768b0f226c8ca7e466fdaa731d614ecd69fff4d6e72def8bd50f98e76660804c8ff1a93ff00840cdcc7ef312ce3589f05b153b59959b4f56d2cb036ac35ba1fb0763cf839cbe9c95257cc7ebd5f91063448c46edd66d6656426b6881dfd61e175c2346f1d5b894acd69079faa88d6222adb95cca34f04d03078864be471dc496f7829668af865696c8109d172a9778e124833eaf0b38aa880bff6f2c878c3f05de14090ee9495ee1c8036edbbb", &(0x7f00000010c0)="c850f864d29627ddf37160a45e", 0x4}, 0x20)
openat$cgroup_subtree(r4, &(0x7f0000002a00)='cgroup.subtree_control\x00', 0x2, 0x0)

[  734.631395][T16990] Memory cgroup stats for /syz5: cache:176KB rss:2184KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2184KB inactive_file:132KB active_file:0KB unevictable:0KB
[  734.653624][T16990] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16990,uid=0
[  734.670153][T16990] Memory cgroup out of memory: Killed process 16990 (syz-executor.5) total-vm:72704kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB
[  734.723793][ T1044] oom_reaper: reaped process 16990 (syz-executor.5), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB
[  735.197489][T17018] IPVS: ftp: loaded support on port[0] = 21
[  735.412841][T17018] chnl_net:caif_netlink_parms(): no params data found
[  735.503073][T17018] bridge0: port 1(bridge_slave_0) entered blocking state
[  735.531404][T17018] bridge0: port 1(bridge_slave_0) entered disabled state
[  735.560874][T17018] device bridge_slave_0 entered promiscuous mode
[  735.586597][T17018] bridge0: port 2(bridge_slave_1) entered blocking state
[  735.593703][T17018] bridge0: port 2(bridge_slave_1) entered disabled state
[  735.616096][T17018] device bridge_slave_1 entered promiscuous mode
[  735.679304][T17018] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  735.697476][T17018] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  735.739391][T17018] team0: Port device team_slave_0 added
[  735.766537][T17018] team0: Port device team_slave_1 added
[  735.857936][T17018] device hsr_slave_0 entered promiscuous mode
[  735.894937][T17018] device hsr_slave_1 entered promiscuous mode
[  735.962412][T17021] IPVS: ftp: loaded support on port[0] = 21
[  736.113068][T17018] 8021q: adding VLAN 0 to HW filter on device bond0
[  736.173250][T17018] 8021q: adding VLAN 0 to HW filter on device team0
[  736.190891][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  736.203895][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  736.236481][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  736.245757][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  736.254268][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  736.261442][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  736.292461][T17021] chnl_net:caif_netlink_parms(): no params data found
[  736.305146][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  736.313982][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  736.352807][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  736.391160][ T8918] bridge0: port 2(bridge_slave_1) entered blocking state
[  736.402357][ T8918] bridge0: port 2(bridge_slave_1) entered forwarding state
[  736.437924][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  736.458534][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  736.503089][T17018] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  736.523463][T17018] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  736.545952][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  736.562730][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  736.573014][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  736.592359][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  736.603003][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  736.619623][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  736.632422][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  736.649282][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  736.690009][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  736.707242][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  736.733837][T17018] 8021q: adding VLAN 0 to HW filter on device batadv0
[  736.787039][T17021] bridge0: port 1(bridge_slave_0) entered blocking state
[  736.794218][T17021] bridge0: port 1(bridge_slave_0) entered disabled state
[  736.803091][T17021] device bridge_slave_0 entered promiscuous mode
[  736.827036][T17021] bridge0: port 2(bridge_slave_1) entered blocking state
[  736.834216][T17021] bridge0: port 2(bridge_slave_1) entered disabled state
[  736.853026][T17021] device bridge_slave_1 entered promiscuous mode
[  736.938674][T17021] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  736.992518][T17021] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  737.101958][T17021] team0: Port device team_slave_0 added
[  737.132117][T17021] team0: Port device team_slave_1 added
[  737.180820][T17029] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  737.195550][T17029] CPU: 0 PID: 17029 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  737.203554][T17029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  737.213632][T17029] Call Trace:
[  737.213659][T17029]  dump_stack+0x172/0x1f0
[  737.213684][T17029]  dump_header+0x10f/0xb6c
[  737.225716][T17029]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  737.231538][T17029]  ? ___ratelimit+0x60/0x595
[  737.236136][T17029]  ? do_raw_spin_unlock+0x57/0x270
[  737.236160][T17029]  oom_kill_process.cold+0x10/0x15
[  737.236180][T17029]  out_of_memory+0x79a/0x1280
[  737.236206][T17029]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  737.236225][T17029]  ? retint_kernel+0x2b/0x2b
[  737.236244][T17029]  ? trace_hardirqs_on_caller+0x6a/0x220
[  737.236262][T17029]  ? oom_killer_disable+0x280/0x280
[  737.236277][T17029]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  737.236304][T17029]  mem_cgroup_out_of_memory+0x1ca/0x230
[  737.236320][T17029]  ? memcg_event_wake+0x230/0x230
[  737.236345][T17029]  ? cgroup_file_notify+0x144/0x1b0
[  737.236369][T17029]  memory_max_write+0x169/0x300
[  737.236383][T17029]  ? retint_kernel+0x2b/0x2b
[  737.236401][T17029]  ? mem_cgroup_write+0x360/0x360
[  737.236416][T17029]  ? cgroup_file_write+0x86/0x790
[  737.236435][T17029]  cgroup_file_write+0x241/0x790
[  737.236452][T17029]  ? mem_cgroup_write+0x360/0x360
[  737.236467][T17029]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  737.236490][T17029]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  737.261588][T17029]  kernfs_fop_write+0x2b8/0x480
[  737.261614][T17029]  __vfs_write+0x8a/0x110
[  737.288908][T17029]  ? kernfs_fop_open+0xd80/0xd80
[  737.308535][T17029]  vfs_write+0x20c/0x580
[  737.323516][T17029]  ksys_write+0x14f/0x290
[  737.343908][T17029]  ? __ia32_sys_read+0xb0/0xb0
[  737.362153][T17029]  ? do_syscall_64+0x26/0x680
[  737.366836][T17029]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  737.366852][T17029]  ? do_syscall_64+0x26/0x680
[  737.366875][T17029]  __x64_sys_write+0x73/0xb0
[  737.366893][T17029]  do_syscall_64+0xfd/0x680
[  737.366913][T17029]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  737.366926][T17029] RIP: 0033:0x459279
[  737.366944][T17029] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  737.366952][T17029] RSP: 002b:00007f59fddfdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  737.366968][T17029] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  737.366984][T17029] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  737.416234][T17029] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  737.416245][T17029] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f59fddfe6d4
[  737.416253][T17029] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  737.421232][T17029] memory: usage 3156kB, limit 0kB, failcnt 381166
[  737.433493][T17029] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  737.463498][T17029] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  737.492009][T17029] Memory cgroup stats for /syz1: cache:4KB rss:2128KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2128KB inactive_file:0KB active_file:0KB unevictable:0KB
[  737.514848][T17029] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17028,uid=0
[  737.531366][T17029] Memory cgroup out of memory: Killed process 17028 (syz-executor.1) total-vm:72708kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB
[  737.549611][ T1044] oom_reaper: reaped process 17028 (syz-executor.1), now anon-rss:0kB, file-rss:34776kB, shmem-rss:0kB
[  737.563500][T17021] device hsr_slave_0 entered promiscuous mode
[  737.634942][T17021] device hsr_slave_1 entered promiscuous mode
15:48:49 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  737.832047][T17021] 8021q: adding VLAN 0 to HW filter on device bond0
[  737.846343][T17018] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  737.875471][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  737.884061][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  737.884694][T17018] CPU: 0 PID: 17018 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  737.899400][T17018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  737.909494][T17018] Call Trace:
[  737.912797][T17018]  dump_stack+0x172/0x1f0
[  737.917151][T17018]  dump_header+0x10f/0xb6c
[  737.921581][T17018]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  737.927396][T17018]  ? ___ratelimit+0x60/0x595
[  737.932001][T17018]  ? do_raw_spin_unlock+0x57/0x270
[  737.937152][T17018]  oom_kill_process.cold+0x10/0x15
[  737.942277][T17018]  out_of_memory+0x79a/0x1280
[  737.946965][T17018]  ? lock_downgrade+0x880/0x880
[  737.951804][T17018]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  737.958051][T17018]  ? oom_killer_disable+0x280/0x280
[  737.963249][T17018]  ? find_held_lock+0x35/0x130
[  737.968011][T17018]  mem_cgroup_out_of_memory+0x1ca/0x230
[  737.973544][T17018]  ? memcg_event_wake+0x230/0x230
[  737.989372][T17018]  ? do_raw_spin_unlock+0x57/0x270
[  737.994496][T17018]  ? _raw_spin_unlock+0x2d/0x50
[  737.999357][T17018]  try_charge+0x102c/0x15c0
[  738.003869][T17018]  ? find_held_lock+0x35/0x130
[  738.008631][T17018]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  738.014168][T17018]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  738.020404][T17018]  ? kasan_check_read+0x11/0x20
[  738.025265][T17018]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  738.030815][T17018]  mem_cgroup_try_charge+0x24d/0x5e0
[  738.036121][T17018]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  738.041755][T17018]  wp_page_copy+0x416/0x1770
[  738.046340][T17018]  ? do_wp_page+0x486/0x1500
[  738.050927][T17018]  ? pmd_pfn+0x1d0/0x1d0
[  738.055172][T17018]  ? lock_downgrade+0x880/0x880
[  738.060027][T17018]  ? swp_swapcount+0x540/0x540
[  738.064790][T17018]  ? kasan_check_read+0x11/0x20
[  738.069641][T17018]  ? do_raw_spin_unlock+0x57/0x270
[  738.074756][T17018]  do_wp_page+0x48e/0x1500
[  738.079174][T17018]  ? finish_mkwrite_fault+0x540/0x540
[  738.084560][T17018]  __handle_mm_fault+0x22e3/0x3eb0
[  738.089698][T17018]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  738.095257][T17018]  ? find_held_lock+0x35/0x130
[  738.100045][T17018]  ? handle_mm_fault+0x292/0xa90
[  738.105009][T17018]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  738.111249][T17018]  ? kasan_check_read+0x11/0x20
[  738.116109][T17018]  handle_mm_fault+0x3b7/0xa90
[  738.120879][T17018]  __do_page_fault+0x5ef/0xda0
[  738.126504][T17018]  do_page_fault+0x71/0x57d
[  738.131004][T17018]  ? page_fault+0x8/0x30
[  738.135244][T17018]  page_fault+0x1e/0x30
[  738.139393][T17018] RIP: 0033:0x403672
[  738.143273][T17018] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 29 86 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 49 3b 05 00 48
[  738.162887][T17018] RSP: 002b:00007ffc2bd31be0 EFLAGS: 00010246
[  738.168945][T17018] RAX: 0000000000000000 RBX: 00000000000b3f5d RCX: 0000000000412e80
[  738.176915][T17018] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffc2bd32d10
[  738.185072][T17018] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555555e7a940
[  738.193040][T17018] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc2bd32d10
[  738.200997][T17018] R13: 00007ffc2bd32d00 R14: 0000000000000000 R15: 00007ffc2bd32d10
[  738.210179][T17018] memory: usage 820kB, limit 0kB, failcnt 381175
[  738.214235][T17021] 8021q: adding VLAN 0 to HW filter on device team0
[  738.216973][T17018] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  738.230974][T17018] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  738.236399][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  738.237891][T17018] Memory cgroup stats for /syz1: cache:4KB rss:56KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:56KB inactive_file:0KB active_file:0KB unevictable:0KB
[  738.253948][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  738.267003][T17018] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17018,uid=0
[  738.267110][T17018] Memory cgroup out of memory: Killed process 17018 (syz-executor.1) total-vm:72444kB, anon-rss:76kB, file-rss:34828kB, shmem-rss:0kB
[  738.283205][ T8828] bridge0: port 1(bridge_slave_0) entered blocking state
[  738.311348][ T8828] bridge0: port 1(bridge_slave_0) entered forwarding state
[  738.342262][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  738.353630][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  738.370510][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  738.382899][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  738.390047][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  738.404947][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  738.413933][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  739.143953][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  739.165853][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  739.184711][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  739.193749][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  739.215988][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  739.234847][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  739.243394][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  739.252446][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  739.261136][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  739.427859][T17021] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  739.619386][T17021] 8021q: adding VLAN 0 to HW filter on device batadv0
[  740.067607][T17035] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000
[  740.082484][T17035] CPU: 0 PID: 17035 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  740.082501][T17035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  740.100647][T17035] Call Trace:
[  740.100675][T17035]  dump_stack+0x172/0x1f0
[  740.100700][T17035]  dump_header+0x10f/0xb6c
[  740.108328][T17035]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  740.118537][T17035]  ? ___ratelimit+0x60/0x595
[  740.118554][T17035]  ? do_raw_spin_unlock+0x57/0x270
[  740.118574][T17035]  oom_kill_process.cold+0x10/0x15
[  740.118593][T17035]  out_of_memory+0x79a/0x1280
[  740.118610][T17035]  ? lock_downgrade+0x880/0x880
[  740.118624][T17035]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  740.118641][T17035]  ? oom_killer_disable+0x280/0x280
[  740.118654][T17035]  ? find_held_lock+0x35/0x130
[  740.118680][T17035]  mem_cgroup_out_of_memory+0x1ca/0x230
[  740.118694][T17035]  ? memcg_event_wake+0x230/0x230
[  740.118715][T17035]  ? do_raw_spin_unlock+0x57/0x270
[  740.118732][T17035]  ? _raw_spin_unlock+0x2d/0x50
[  740.118752][T17035]  try_charge+0x102c/0x15c0
[  740.118766][T17035]  ? find_held_lock+0x35/0x130
[  740.118790][T17035]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  740.118806][T17035]  ? get_mem_cgroup_from_mm+0x10b/0x2b0
[  740.118825][T17035]  ? find_held_lock+0x35/0x130
[  740.135103][T17035]  ? get_mem_cgroup_from_mm+0x10b/0x2b0
[  740.135128][T17035]  __memcg_kmem_charge_memcg+0x7c/0x130
[  740.135142][T17035]  ? memcg_kmem_put_cache+0xb0/0xb0
[  740.135162][T17035]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  740.135179][T17035]  __memcg_kmem_charge+0x136/0x300
[  740.135211][T17035]  __alloc_pages_nodemask+0x4bd/0x8d0
[  740.144743][T17035]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  740.144762][T17035]  ? __alloc_pages_slowpath+0x28f0/0x28f0
[  740.144783][T17035]  ? __lock_acquire+0x54f/0x5490
[  740.144796][T17035]  ? find_held_lock+0x35/0x130
[  740.144810][T17035]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  740.144823][T17035]  ? do_huge_pmd_anonymous_page+0x420/0x1660
[  740.144838][T17035]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[  740.144860][T17035]  alloc_pages_current+0x107/0x210
[  740.144882][T17035]  pte_alloc_one+0x1b/0x1a0
[  740.144907][T17035]  __pte_alloc+0x20/0x310
[  740.161087][T17035]  __handle_mm_fault+0x3386/0x3eb0
[  740.161119][T17035]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  740.176802][T17035]  ? find_held_lock+0x35/0x130
[  740.176822][T17035]  ? handle_mm_fault+0x292/0xa90
[  740.176848][T17035]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  740.176866][T17035]  ? kasan_check_read+0x11/0x20
[  740.176886][T17035]  handle_mm_fault+0x3b7/0xa90
[  740.176906][T17035]  __do_page_fault+0x5ef/0xda0
[  740.176927][T17035]  do_page_fault+0x71/0x57d
[  740.176945][T17035]  ? page_fault+0x8/0x30
[  740.176960][T17035]  page_fault+0x1e/0x30
[  740.176972][T17035] RIP: 0033:0x410bbf
[  740.176989][T17035] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[  740.176996][T17035] RSP: 002b:00007ffdd1cd92e0 EFLAGS: 00010206
[  740.177007][T17035] RAX: 00007ff9d41c7000 RBX: 0000000000020000 RCX: 00000000004592ca
[  740.177014][T17035] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[  740.177022][T17035] RBP: 00007ffdd1cd93c0 R08: ffffffffffffffff R09: 0000000000000000
[  740.177030][T17035] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdd1cd94b0
[  740.177037][T17035] R13: 00007ff9d41e7700 R14: 0000000000000001 R15: 000000000075bfcc
[  740.194489][T17035] memory: usage 3220kB, limit 0kB, failcnt 229542
[  740.207416][T17035] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  740.218558][T17035] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  740.218568][T17035] Memory cgroup stats for /syz2: cache:0KB rss:2172KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:132KB swap:0KB inactive_anon:0KB active_anon:2172KB inactive_file:0KB active_file:0KB unevictable:0KB
15:48:52 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r2, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:48:52 executing program 4:
r0 = socket$kcm(0x2b, 0x1, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, <r1=>0xffffffffffffffff, 0x0, 0x22, &(0x7f0000000040)='vboxnet0]posix_acl_access((^eth1}\x00', 0xffffffffffffffff}, 0x30)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x7f)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)

15:48:52 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:48:52 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:48:52 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:48:52 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$kcm(r0, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002480)=[{&(0x7f0000000080)}, {&(0x7f00000000c0)="e9cf7c9b3d9faddb0a2e8a91b875eb870e36b7c32c02813fc739c858374a5e1dc75d4a0f9af1a1b217450c49b91ffcd0ca24609b1a49eb1c1b0c94c466ac55bd1ccf769f7781449db0bad625127e8dfb486a87b8e97244d3e1a855d6b43003b555b4b6f2d2da45c4af21428248106ded3ea6d6a26e330092999a4cc90cc4", 0x7e}, {&(0x7f0000000140)="38f41d79ca5fd3da8a1416fa80f91bf1e3a6c04ae1b07ce81c97cc717c4592672fa15ba932dae3dbdbfd2c3381516da9b474099bdb4a6639b8cb1708371c0b8b2816824c3fbeed87cd295a1cbb13a20b63e3914ca72c240823a472636d28d8884b14d06a8a01e6e18a51be14a440218436e9f29ee219eb0fe02fadb387f1e0afdefc4a00750602ed543ef3e193839a09bedf1483a4002e279a1f34d0a97e2c54dab4aad6fa380a2f224e04b1cde6ae7499284e795d4d43ad1ea8dccc55dd9865f0a12887ef43fb806098dbb23c19bb145e3bde21575862b40ddd1d17e73721a81efb01b29100a6f68f62b2a0e82050b95c3d1bb11af7095ba6a3d8eaf897c38406b673b999ca7873bd1e8b7918fd2edde737644a01569fd9b99e1e25e4ca57fdbae7149c06e7398ab16c903143136d6f5ba0020008b9d270332448733cab1a8b10f302ad4f73459f9347b5420407b4681e64f13569788b598929dce1b00e6212df463136db384fa71c63e55b7795a4f7c3f06d542c3c90a4b87bb3d366e2d5bcfb02766bc340570d683fbb1523710f30ba18fbfd2cf16c20c5f797e4375a40024cb7946d6479c161bb2566ee15c33f318b67745567548c5915d8ca991266889ed86b049bd5ddb6e74bb0c44105215597067cf9cd3b102d3a7f6b44315dbb038b90fa787ecf3363913e9e9692026f45585fe1270434d1c7e0bfe799fdff06e8ae036cd70c53cc0e4e67ef5df8e7c862e8e4a2d0bda5b5e68407828437ced619fe5387afe68e9e0759afdeb09db2df12c28572d087e0d9c9e2e08720c034f96822264d73dc45cc68f4b3b56d59e02aeac161b36235ade10de0ec5d5479c659e3ec5d3cddbc953d53166e9f235ddacc0046b9a09112e657216b3ee9d461a009fdd4981f9aa02f10186ca1e5ae3425d38c8a31059d52b62a790fd98048f2322ffc37463d653bbb1979394a201452f7d965a4e6dd033b998981e4052e89d416ee4c8b465bd2ff564e3616aad3ed6ed933ebbf87cb09e6b5c0ec9716f8634b33e5d13394517c6fd33efe8178724cd7b4f7c4c16aa57d1d7efd5afdb0736f3f102fc4200d0ab8223d3e00ea2fc39966e3ad7a82d751e53459967a2df744bbb3d57f2e52890c29c000a036461de234c1518aea783932a9073ef0521437ccf598d4d48731be8725628887d05944922809e185b2c55f41ff8dd44e270e988ba065f1a4aef077d56dfb002654cbfe77d66c77f536ca24c186df1334160cb48dc5072732c9ba2dce3d97fa1fe2d2d7cf1a18750d7958749a1fa25901814c90ea59eae0405e9d7e33b3ecc5fbc90d568ec24cfae6981b9b3772ceb4477302632702c5615aec45ea1714de74e9319e48ea89006abbe5107cb3b0ff3ce7f2ef925da75350aff0e7c1fe37cd270cce55d7d10e87bc42158c4c904ea9613f5fc37910578432f4fa1179fe12e2973f5f16231762850350604f88815f1f77c99816c3f95daccd6c4c53eddbedbb11107dc5debb85c0d42b1734cf83da64d12edbb5b26213927c54167b72b2b0783aa18191b3cd5ff808192ce713e68b59334f678f40dd8f2810c933b631364d525ae39d8ffdf583872e538d9292489212b0e7ab5c4d83afa54290f38952d4a7147d1a8ec5eb652a78e739f54f2dfe561e71c301c25af8904f11dd2f9fa6e877656ec1f53402fd443a15ca01c050e06961ced3dcb66baa0888a5ded3f55879f4080b075de2a28684dd9161a0a5e57c2afa36955470881c4c2a0967907d2f1754df10545394d44192cc27dc3a22ec5f50edf7a11ba7d51fc440b7b9795bc9b1cb0ac3db79aae48e634f5e9799e0ef7c3aac6c18246444acec787350dca6ab5a81b56eaddf42e9b06737dfb82bd41ff6c2a27bfea894bd4107b9a6a65fac864cf3ada2cfb05428fe39c88941168020f0cf2e76959f3204230d7027cc3a3af1cb08c898343a9752da4473d58b4c0a07176ba7e9d41094d3b9a859075ca6169fbc0993b3e72ec83f824401302d092dbcfbdbe605d02fc592e1fefe4d6f6ab3d65361dea5411c4655830271d4c3a38fe0a5764bb496d08dc0a26235dec3bb7995bedb6987229eda2e41177f7ddca9f7b7de58073c2213126f688eac0f5b1cce742313251a18682c3fa334c13782c004184fb9aee191a0e37f2d2c730d8579b856a04c16e9c0af7235976cbe274fd515933c80805236deddd1e753c4a94add83f8035baf959db76c4fcdac56345860585a5b59bd9d609c72a09103b8e7d09fedd256c3eaae49547f65cbc9c4fcbb32ab3cd4f555ed01932a647f836bbc83528f7f33d2666ed5abc24a66a811c0881cc2bc50eb7f91304afd90b08611df21df39e6f5d27db7669aef4f59797d841f91759a7920dac18f9ce02a5214c15646a87be06c7316888761e393f1da06187a567d9961ad952e0dd05d23e4ab123b087ad4c52ef8d02e5125cd82442a90896c564ec127d18c51327fec5edde75a107166fbcb5ff3d622cbe8ff789ae175e504aa49cdca4185e81cdbc225d0f2459f672166ed90b5286fd6c6a2e0c468413d0f45ca98bf011ae9c5761a1d3d20129cfa442d8e87448c87af19816356c4e5254af0c20023fe9244ea0d40899bf7b5bec4d6906fae3b6911f0f571b4335e2a9521f38c4c2343bb8bcaf02a9f290c807e7617fc5c07dfb83067ab78b8c8cfe1035564410cbadf3f7f933aef6e36df1b619d2fc71c3d06592d717334adf8e866ca0bf6fe30a9984e7c5ffb573056121f24e4cb17c18d27c3a971e3c4df641b9e026cc7c96cb09beaab28b96606a06102d352b44749a22a45c968a423386858809e871282ec31d5e1a53fe6f9862b9d32ed2f82f50acaba85737ffbbe6ea2df1787199f22f6a745f8a652907ae076992ee450b8819d2ea9e6c6056230452742c70942f6020c63db69bf3f64874543fa4604f988db897329893d88a0a55b34bc9eee45f1fc0ce78f81ae9bc188e9f102d341421865e5144818abac174de3bd5d2f387ec9efdf295d1cfbb2d3759fe0a66bb00fda492c99392d7b3b3c26c20be833cf538baa39dd8731ee0f447d5f0c8c782ce0d95c45676975dd370089bd1b8d1474c1f5892376faa3bac9e413c5b1b0cf3769f8c854f4934798d0df6123fa1b0fdb568f07ecb6e215c53c9b484462d0d72155fc46fc3f170abf56ea04ccafb2228aef1570973422bc76146635d4be7a38a27dc1f877bfae8d483f2e365200a922527fa41c6f2ba57c140f5f26118363355e3095808f6abdcd800836236cba7db1a83ace51e24ac4d7f397638615f03a7dcf8317bc3104340abae40de6cb70d483b25a4849025a007abcbc74fe82428fcc105441bd5bffbdb14c969a3a23ca67e8d8ec8ce52f27993035866f3d1dd603fc975ae5b77f9452ccf3c255b4390722e47af6da73082eb323f2f2555963e21d852d14811a317d690fe10890a8d323f2b2c21ca3da7f43f9ae60ea788925b5d04bd94b5165385ee00c94af3a984723dc46f12af645ec98af1f1189fb7e8a307a9985f253ec0fcc6e137d70b454101343d32d86970800dc7e979ef946593baccb13bfbab732ad9e8d4f2de948132dbc254443987bf1a20f0d2aed43975f8d6520cd061e9666aa97ee4eedf8d43e8a2c2166a225f901302b5469f6396e3dc4cebc51045c8217f40d908e4098bb9bee6d71d905e10603ed07e5da49a1de941269a3c1b335505214bddf73f9b77be3a1625a16e6b0763764a0f86404dd107bb1bcf94b39906d2914d80d603697b6b4655f9d0d3e8e5df11b5bfd110c57499bf7334e26dd02d163e631b8f1ab9397b08e20810bcb1f108d01c1ff17aaa2907a9ad6f733f4db8289eec75ca55a78385c4782e409c9a23b318f957bdcbf6824d979ed8f8d55cc7322de26c52b5a4eafbd8a73634aec109c8cc997fd5d22c2ee13609d8c70b407e2dc7069525bce9f830374c8c040d5b544daa8a842471812fd0dc5de8c5cad3b61d0e53556a6facda4bb59a874fc249525831c8dacb38a894118a05b0443bb9e6bf640473514c0e03e3bec76f1474019cc1a4c16c907a2a6cd8f5a68a61456c6da7dc39b942d1978d73095bb8bf6405852c07eb939f48359de8c660597b8467b3006a2226e786c3a007d352e6ea18608e25074d9b001f89a1ecca59fdd6c91554a8ef65066b8f61a3e150cccb70081254cd4bee7ac74ad20921af31dec91600cdd6c8dbe734bad45ddb44501bfcf2080c1b1b087f8912bc9b555324b7f7c63af5abbc6e1626e9e141c5ee19bd109832f3f7c51914ab81dafa712a0a7f9915e6e2ace0a32a7de65b26ac237524f4f8d58e262206a18b2464728a8b845139a8b271b7c3989b4d6f753aa4430a2247e87a3804e689555682ff64c2febd341f9ee7781354f8ba02a243fdd512ce42f32c953a66cd2bfded40d063a79e8b789b101f74b7ab8d965f7f0eabafa4c80ace9add2b87c8dd1c68271b1d76496b5899214d7befd576d0827ec579769b9886c39dd407d6131f68b64b2da77c44bf27f72fd0920d65d0467f09ab3350d3a1779e34e97593895dc2ab05ad4ae507eaf8d6a36d27861929d5aa62c2903337c4d34d242d644420d85227728bec08e703e4df8608daad68abee82f29e27e1ab5d058bd0ac1a17517c4f26fc5e8b014912fc2ae0c559326ae0a83f64bb560363321b3c4b16ffb2c9009495181f62d05982e86442a0fe1d02a7c0f722b7ea3702b9d4fdd3cc758aa12b465733e1b2d2332bf2f7a4afbc65f742dc0afb6deb3d6a34e1e2e0a8b044bcd4ce9c3ec13533eefb954e33aac2f16d6251aad73910aaf41a8f75f6645d2f422fa217e09eef77fd9d9dc5a250ea29eb2e477c150156c310c0bb1ad283a5adb8a042193b12d7038c4bdcc27d84936bda9670b4b45f016643b3d39c08bca236ced260b099667439075e02bcfaa28151dd32a0944283105440c0aa6cec28992f61acc91ddff0bb56a3914067b4e72dde6647cfd8fb2293cf6bcdedfd40043de1eaf3abfe0c948ae24ba933de913554f97c57d7ce98903febce0483044d45929510d5a7e3116ded054541fb313d18edb88eb0355f7975eab720657fea7c5ecc09258220e3a3ce0d4d6bbaa1ab38c96821f8b752304885a790ebf03c9b2aa897718f1bee5de5f5ef1547e9cdf7c9c355a0e7d742b4f7657d58a913e08e13c1c0e4f81eed761f59c3ac3f55542838681c20b7dd7d018d2b3332821fe5764fea65d0a33074da6b79c4457054d04a024aa6fa9672b2e45d28e7f9d1df4ef967b7eb5097c883b1952806afe1bc5ee3ab8d745dc45521dfcf35162901022cad8a162a5a2ee9aad7bf500959bf9959cbaa58186e96422f37e3596746ef3a54ee3bbcbd30eddf0e1b06a2aee88e83c51dcdd201a3b23162b5994ff55e83b33768b816d8de573ef2dd6bd38547c6c6eb266164dbabbef6700ab5a19114da289f2f6ea16d0e90e0e7a7eb658ec1bb054505f346fc24b504052381cbbfa8aa7146824742d0c9ae37ee5e8ec386f0b3d81b2d6073daf252274b43194bf952475316091ec9861ea18c7c6ac46a35c6eb8188333f01dec38cb906003df980d656044337f4adf2cd5c0e34b0e3400d765e85078a25fc505d138f4b603856a72e7a5237c0f2b29f53cf650ee1b5925cc6e5672d72a43aa958b2e9736afaa5c2faca7132454808acb67d766d127ebebd13b69ed7defe744005787665bfd906131a1a6ab42c4f4ff5c10ee85b6a4aba5cf392cc0cd262cf2897d75e93c26a1808e29c522fddda7018c07622f20c1c1d890cbc9670220b4968a61", 0x1000}, {&(0x7f0000001140)="5608c27c6086123c75efa843d5878045ffb610844b61a8044168c7fd35650c9d2da7f24ea9fa8f2850a2128d718510211b80cbdf", 0x34}, {&(0x7f0000001180)="fe7b79c4c5d11760676feceaf44f536ec5872f318ebd80a1a5cb0f6414e9442944321fc8204ced6dbe5d0bf11563c6b7bf481fb1af455bdaca9de3b46fc8107af7bf16cdfeb74be3e7d369ae0e9669b203222cd6ddf6901ed2166276bef084859f1844863772b021a065722eb05ead5e53134651fa167906f82b4be41f2501ea96abd64296493fa87ea4da1e14f239c1517b95444e345ed40c1299d5b936efab4b676f63a9c33c1dca88332b42ec2d1c5648a5e2fb0505b1028fa70b7ea9efb35cb5b4ecddd259802b14132369a0ed933fa4825a3979fbbcf829569d5e76f623cce1f67692a8f87bfe7a962b7f77f0b08cc00c3cd5da2546bc0757957a37e54c6c0671bc4eb088b06ab61bd5b41be8936f7fe907a938c0453725a8406761be06d4dbd4eaed7d24804dffe421b1b67237202f48efb12f5a68eb75b5f70dc5b71616f3b7e1fc0086ae12e759de3e16dd789f6ced2267e13630ccd40cd8b94c171b880b5fdbfc006b454f67d5f79b3422e5168cb0a5704f3a76cee608cf9c687630924431338ac6a7da09d8c4584980693569e08a0218562c8ab6b2a4b283fd43b163b1409b16862815d8927c0cbd5f596bba779064a09f142b3823ae0099985e05469af23b6d299d3b60acebd7b726bc1308dd407f54b4382ba717ffe45fd38e6b8227e883b1c0df56b9898b883f052238e8c1e15387812dae20aa1f6664ab37bed6b9b396b94bc4626d5d87e5bf4059e3291307fec3b0dfa8722b8faba07d82ebb424157368b8b6f59b3fe825a1ee73fa7cc48418c075fe6a800410696c135f777888f64524163bf795926704a10855df67b80644538210a8ca92b338935bfbdbf31930b2f47f419e9fb9bf01280dbbdda3b83dee997ca210105fcbeae1df5e67173654d1f25ebdf9d4dad81e3263203579b1f6e178e6a07278ec8c33215afb61f480ae89ba633a135e2061b348edaf47d490881e92a6a4fb2b3a083bfc41e5f984fefec8d750c1b490ab525e5e47f7b2198ceced52e72f9566ab900bfcb91053bfdf20d6c8935cb7cf823514d79894e0e6186c37b81094ec68525f44be2eb06ea057248a17c39ef83754d5625391c78e067b9bae9cbefcc6f11469068faef3b598dd00e5d01d310bbc864ef84c8e10c28f377e4eed6475af1ef1dc479b971140dc733b17c0b9f0fde4172f8fe05dc3eb3885c5cb204a5df7ffec28e23b8754c1e6d97554f5dc337a5ee56767537bef6b5adc20d9eab5c478c447f92662e61490b877a32a6bbdfdef10f5817da054177e96602606004cc6a86e8ad2e5e4e97a36293093f3e1ff94b25ad1caca4affd29acee1a3166bf19307e76af91a0060083853346c841efdebf4630131a4701f26fc8535a46f1712c7909b997befc7d47889f74ac076b3f9c1386e2a04da8b65ee7a344ae2382df41e136a7334b9111b4af89127b482bde0266d7ee55f1ca4189a6be630bcc52a2beed71ce5546ffbb1960e28f9b708d839fa5d72ddeb202d4cc2fc93d95d54990949d922bc6aaecbdaf992e978bb300fccba2e38aa7a1b4cbed0fa01bdc6c298ed6711a7047e933a181b9aa4eb1b7f17e4adcb5587d2e822946a7dd5edd73805d485a5a5ed9108e5d666a48f70508992a1aa5fb7ac6c9b14d5e190553d8f639f6a287ef3205eee91ffcb8f078ca54a1d3b445c3bd68e73ee39c9e1ef2f75e775f1a75e440d0a5d2645dac6b3fe939795ad8f33c0a66b2228bb3dabf190220501c00efc542feb1284ce863e32da0796cdd40b9c6a74b7ad52e70af13bed2c395d536b3a25fa5e263487c7e3fae2d39c9b68087c34cb277da6c1621f881946462862dc52a787215b5d89121e69e4f99416ece07f826e44b3b6f364af9a14e609ef07cf600903e8e8da3d9f82dbb3af26e8f6c1185b57d1414760bae0ab55af7341a4b8238197ef394afc2c70512648dd8537e59f657d66d12502a722163f9ab73e13aa9edfbe8d6197164a035ad6d2a85637df422bf4e5dd97f598f6db0ebf3ded0750c85194f308332616bd039054501d90670c9623af3f4c55eb0415cd58c6957a33434864b8cafa42fbafbb64846ac4a86c0544ac755dd816b035a2d4d87e4c5925537abaccce093c4bf62394ba8ec3feb01ef1d5ac8c679b4d1c9e58e008e2947d79263c599b97cc1d3322cee00d38f205c60befc5a925072295c59ef83e8d2f6fefe72ee627ddaffab653f49e654414574053d92b917b848597540e5311a6dd7c7c18fe5e0b872e7d5bfa5b8b9902b1403d8b0dde744dc9b7d4ccbdebdd1b070a2c8c8f11e35d91594c085fd76d5467113609e0b49351e56712a10eeb7309740e0184b9ec6282bc10d01bcd4872f138701d7bcbdfbaae5a12dddcb82b6cb19f1002ff96a2b1b79088816e963ece0aa7358973cbb040c60320177ac952ed3d85a10f1014b7ea5867ef8ff0304c6fab424588ca1a4cdb5e65c0d19d929d893e494e11f3d5b55a333fba40a6f35d6a20f6b9dd00e756e1a4eacca034b2f85af8eb7da33f50c33e8c322b55a844a3fd4427f0b850b5b048d561ae0d6297b656ffdf514ad3154debefffcdd69458358deb1d62309653500ee21b5beb4675fa9f265210ab6f3fecaf6001c2b7725ba421e5b17ae6f0d0abb0f29120b8492694e9ec6eeb6538e93313fb15adb2b6a05a864523833ff8b30db7a4c0b1e2664fa600d030b9b8be2a3c121c6304d1f69aa2015fe9f49170c86ca355e76babe402d63779c099792164b3b9f84ddcee908bde136373b86b59d0d8e911727133d71e097f73c2cbb7216204fb3cf274723ec3a7d8242324068d77e5dcecff8a05cf8ae88b8356e12546587ce4f1a9681ba7703af4c01e8c7a06d8b34c50cc35964e65314a7171bf0a72f4ef8907baa8d030890215ea60f713c7ef8f0f9377374022010a3878776a391c087faa8ad0116971e6017aff6be495f7497326029f3570aa6dd782e71170dcea63215a4b2d127e800104bd9ed67102801ccc534bae1d6110526387b6632ba0234a6c437d10c442872a34ccdbf234f755fd93591a1eab7250afdfe8b5b4136b6ddedaea669e7604d704b4ea1527700d91e9bbb796a1fb58df4aab48dfdb650d8fced4f4d2d2436606709cd9e9bafe248700d80183af21a9ac7c68f91b6e9f44fb6bb3357b6abf7a93af8c5de684f9d497d6f556e0a40416812936b04d3225a9c07ad96898fccfa6d217fcd9c4f4735cf125132a3e038744d3d2ddec93d0208b11a9896bddd84da42c8c343bf2a7fb32d62234b58c28d2239a8376409b8c6f08287ed9e777830727716f70b57bbd00345469e3de0f4ba1aefc0f7040c44e7dd86baca4a765bce0db6307d7f778a0ef71c44044c54417cd4630785bfca81c7ab052445a58857603c6a5b350a7aea71b7b55d39241a42b1d27d93d8133ac2c3d080ca3e98259e7f440cb863dcb0518e4a9bebdedbd06c28abc7ad1a4da3d25d3e04d7e991cb859596eb3846c91fa59c256de3b7fc686f28b8c8d9b598947d520360ebb13d4173062d8490603ae1c9ead97f8082258f52c4c25c93aaf5d8ea03db7fed4e812bae476fbb0232b959a41c495712d1d2f5004a8b4a8a94f769a5d6d95c1a4df0b781bf117d0b1e6415f4b3c7a5be9939bdd4e0c25c3360ca7fdbd5e1c94db1e71a8019b10e6415b9b63bf93fd800e5ac5e70288d6b159faf40b5ce2468cd04dd5877866481f3703315e50c883b01ef9f4739b522e409552496938ab6165b3c94c80ede8fecf338e465ca030419fe154eed0bdb625c7afecc81f19e03884d47e1d12b5958f0edbb8809e91c2345180c9eb228e579eada20824dd76f4cf0cdf1738ea18400abd7e8e43b1ae2753fc1ad1e4cad6ba69c1170c22f526fae6a04a7efcd74b3412b7c167357b7ccc7534a1142ef3c3a2b28829eeb9622f0a1a76d3f389f76b31242a7d24c585ffaecfa1ba8c7fb4b63c56465c6c0b71004e53644522ef01936aae24448238309882f5959aa663bb9ac49e9439aa01afff9037e50f1e0e069dc8a0d45094f32cf791f6f38a32fe15ad171c3a1df2a9ce886853775a76f3c2b6a85bedad33bee87fb9d36ca0fb8bd80ebc391bfd2397027fdbda2d3a8ad6ccc1407fbb75d044f0646b82849969567552108381467429d2cca958bf79c9cc71d7e42894386567861f4d35a168b28e68b464919f7e1b7cce1c692ee1f5272fa80269bba6849a81c5cce7b81050a55c50b85e7183197a375f2c5f79985672575acd9c5f1c11bfbbc910a150b9328c2228f5730e5038f41361b984d9191d246d16e7036d38c5f4f3d147d9c8d86390f94b8128abf5cf5862ea58dffc4d3ad644d80d24f0dab2ee676534562d8ee30ca9e28c1ff8497ecdca0e50cf90b0a96fbd931d720ea497e7c7a05c96893f0867133b52c292da84ae239369ae8fcbdb9cece28ba8c83f65b38cea921eda819489c6f76a6b50043d23cd1c56147a784bab73a6ca268ceb023e83e33ef937c3c0d66724d9e604b6c71dce014f81ff5ea30b11571063f6c5dde2d7e965ca29661a3fb0cefaad95818f2c70c46866da05ee3d3a06cffc83c8a2b07acc97a0194ddae99bcbfb31aa50f8cd03b9712e4c6cd99d264939b72ea4125fd7d7906dff5bec45431411f3640f09dadfd4aa492624384f9fd7bd8581e909b893a424eed659e20946fc6e85b11041ead169c617e5a8f09c7b118c8ce6298312091012acdc161e1ea11b9277e508e7d4e38d5f1af6770ddfe4f5169fd6b9b1b34946dac60332c5d7628136d0fa3793504af7aa770c5c33925f7f6c76ed10fe49332242384f4a575a50a21fe1ef25ac71248d39e68220a4848b5a62199095877554669e4baa141faf660d6b68bac69603ed827376df46e1cfdc05ed79bb544aba49c59246748a90a120be6e2c9d14b786b06051b94183dd0d016776569b43b54e14f07d3cd27a017a1648c2081880ec3ab2faa871cd54d7b0b65c0b7bec20213cbe6724f4b3e6d53012785abc3874183c31a480e82d7824b9b71af839889d747060fe22dfeb8ed7c6b8533b4e2400058587af0e52cfcb8012b14866292c35aac2b09e517f27364e4cec3470fd0fffa4bb7235708c44338975796fb8f294f6c8a29ef42fafd429042f07d96825ef0fadc51502cab3df205733ee4984a309c02b872291d0724f70ed2cdee1a7176cbc6861348c023e858a219c325ec610bca11313d659e36775652c4e6617795a620e635183a4352ffc5383dd428380790d52ad5da44a19fdb6e7aef50a2ec7805340026d4eb27422114f267c84ac67366c03c74471437e2b3bd50da4056cd2c75bd866826a6b04f8b51e267421e06e4ff41abe6f1df1f4df348d2a3fd58f430f31b33def3e0de8245256f1e78723dc50811656f025966eaa4f48b7d487b1c88ebb18c9e534c964fde5d9cc12cc8750bf17c7b080521e4f279faab51cddad79117a2403ae7c21cc9deb00d3749625eb9ea2215f7b9202a370e73178cc898b621c019dd1a777493e55d40c79a307c55fea0ff9c7416a39f0a00dc2299d2f5ccf35b44aaafdf1e8a9b61b3f0c683d6a6d8d41f0ce72724738df54a4a8c2b7c5d6ab18a476f7a13573dade824511437db7501314c2ac975e6b3861c12be65e78537bb0a0a2f7554fc12659e9790d7477a5b4905289369090ebc36d68a9771fa48e565c1874ebd1ab29014bdf5a98fe6785635ce24ebbe908b6af0cd4cd8c828d4929158a1eacf29167d326165d0644c308fe647c6e86b4d1535caee2f812a6f64f7965389c07517650af2e2d55b93cfe0764d1", 0x1000}, {&(0x7f0000002180)="d5b2063777e654e25a8f9068400301637afb901c7c765b6b78e92866319b61c216a1158084c131e6edf0e12313bb5d902013ebd1e80ceb2fe782c4ebb9750e31a5992829e4acd331f6421383ea147e4ff0788cc06c8ed5dbe69686fb6b5f0d5b9b4267d0ec698cf99dae677d8de5ab41a8e2d37d12dd1922316fb86aa2e04614ecd0e44803e3b14deaaca2a75fc1d9d7af62124a58b8f5192fe21c5d3bdc27c48925c21196471557ef1b8f1271f8b3bec293cf714d8e04dcd6e5b44bf86f2c4a44b5129f66782dc0b078c2e872bf33d25f1e37b30290b110100206567bc3", 0xde}, {&(0x7f0000002280)="0b8e1dbad40b67350c435c3f67eabc3928f364acd55f7cbe0e2dbc7d2c7d0e4ad0a28b853bd15a250fc5633d38f3d049d9aabb559d5b76c3c9de8483ff731e546fdac4aaa7b531fbbcf8591a6e8aa0cfffc668d775a8b809c941623a69ab83278fbd3a19a0e172e1b0108003835a42fa0a960e03b0be9fb947022b4b9b95d16d40a02b6a22aab28860a700206f0d8a7d68df52d1c0dd221e884c099fec603d434c52bbaf8aaaa3ad948cb9087387bd5d2a26b9557c87b8124996b1a0270244119f031f0d82562575ff18d0a7e6d918ad32dbdd50a3b053c25ca9d0023f6b2505fb722315f651bca2ac91cdef6e67ce80b88ff121ac89", 0xf6}, {&(0x7f0000002380)="c8d5fd346ccb30cb5699742e761089647db7f71ebb3d12b832e80734e280dfdbc0d4aec89d7a4d24ec61cd564d7e214d6589d4f1174fba74d1ed6be0d3d0c2ab7221458bf3dcd80088b790232add030cf3f40ea2ab66afbc4200db07aef9f404bb5cd588f53f71", 0x67}, {&(0x7f0000002400)="4bcf874faf5942a69bd671fcf9773feb686f591d70e914e2f169622ff500410ef45893192f49b0422f4cfe10ccfe5d1da2c68e229bb1c6d89c8231242b93e8641402a7ca1300ac5fc4fd7c81512e1d3bc79aba9125727f462f16a52d5786540b6528ae7efb26cd80c61f76f3bc9d6070ade25e3cbb", 0x75}], 0x9, &(0x7f0000002540)=[{0xb0, 0x118, 0x0, "4d0129da36b5ad801308d97885012e19822c5a1634ae3683549f650192d4d3f9741de00e2897d60c1b2e4215af526a47a6f2a6c1b9941ee34562d4c9c82f1d8cd19c6eed31cc6287600e1c953aefd2322364d5985df9013c5c04cc13386698a183488494e4e1795e53fb10b38b4742333be00a636eb8f665a2723edafdd5e76fe3053860fac3c0452e686587084baa4c465ddc15bfd218e5bbcc9b03"}, {0xb0, 0x11f, 0x80000001, "bc97ac4fce56e20ece3341a26b527fa7c307c457f789de940ae04727220023f2fbbfd9bdbbb0935463e6c97080a4100e6937dca80c9b4136f282ca8a599f38ed9457bc23c867c5fd51181b5bf0e4345cc9cb925795e79c62fc1bf33d3fbfdc3b67d3882400bad54e33792216ebc45f5b942710acd1c617b8141ea835f3e17fc51e570e5b8c0bbeb392af509a1b1dbb31622332a88fbda50b7768a06d379077"}, {0x58, 0x117, 0x1, "3ff07138888c5c8140aa31408ed5cff6a387cb60d0bc1593be35e4ef0adfeb115a91194d458f1e51a927b9be52bd9f5ec15a8d7333785aa426e132b7674fbfc60c0fc3613b"}, {0x80, 0x10f, 0x4, "93c266eab1ea679f309e896ea5fa0a8c2b9f5891dd0fc212ab92564dbbd62dd162d502ddd6ed081b0ec1a79e0f7251ec8d99f1e0683c6693237f67468e610c6a0ad6fbfebd3a6d791c4ffad1a636c67d855618e4ec2cba4ea079fb89af4f3cf7b175408065196cbde291796b91"}, {0x80, 0x107, 0x7f, "52c59f7bd630ef13bb82adf7769f973cf27d975bc2ca3df73997ff44354d634b67d3d18380bcda87318b3458cec68ed7bb1ba10f0590e54ab9a08fa71ee2e292a57a07f9f7072d7278087bf49ef24b9065d40642d94ac3ba30e62b51bd4fb56f2117259208dd6427bffa3a"}, {0x10, 0x0, 0xfff}, {0x60, 0x108, 0x10000, "236c55febe8903beadf8d9714ac249afe88fb52791bb8e432c1f5fecee476b6c44d6f007467e5310bf83390b3b62bd235e1d9e8fef110ddbc544bbd33c8f7a59e8bf7d857f565724ee94b5a0"}, {0xf0, 0x6, 0x8, "a86a471f96cd17a2f63a151f14210b70b6f3b3d1a834c925d7c4ed5c11a8d97ea51f057fa88223d16ceb64a5993ec388a958c5a34381bfc025855d4d84793991e183681e687767f643a84b5cb47304cf667f2d2b19c9ce8eed9b38fc2b8ea748249f8583a450b4bfaac23484e633669a7881acb5bb83e45da1bfcd0c4e901df8c203c1ab829e0b89b6abecfafc17eeaa11da734405d487b1303435406e34ee94e822db52a98a8c834324a5345732a421bf0a51dac9b8c3b00130d5ff3ed8356f0db849fd9d6a11f9d71ecbf092c1f6b5678b85e6b4ebc0bcaa5dff"}, {0xb0, 0x115, 0x12, "8750cb810ecc86d75de1acb16b9d1fd22e07b4e91e80caf134edce151e31fd5717db41bd23bf00e74b1b483c2cad0a48b87f4226d89f8db91c16fce1920b6385438b38835644a9cc7f064f08f5085c7f6f2bec7bad0c43a9b0147437f2b683acbe26534904c59413da45fbeb5a631d25b2d4705ff8452e5ba9ca4cebd6461006f589dc8e153486dbdde440d514c6030a6a217c8d53aeef7854e0cb10"}], 0x4c8}, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x40000, 0x0)
ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, &(0x7f0000000040))
mkdir(&(0x7f0000000080)='./file0\x00', 0x181)
r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000002ac0)={&(0x7f0000002a80)='./file0\x00', 0x0, 0x10}, 0x10)
recvmsg(r0, &(0x7f0000008200)={&(0x7f0000007ec0)=@xdp={0x2c, 0x0, <r3=>0x0}, 0x80, &(0x7f0000008140)=[{&(0x7f0000007f40)=""/205, 0xcd}, {&(0x7f0000008040)=""/234, 0xea}], 0x2, &(0x7f0000008180)=""/89, 0x59}, 0x40000021)
bpf$MAP_CREATE(0x0, &(0x7f0000008240)={0x15, 0x10000, 0x9, 0x8, 0x10, r2, 0x8, [], r3, r0}, 0x3c)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)

[  740.218648][T17035] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17035,uid=0
[  740.234826][T17035] Memory cgroup out of memory: Killed process 17035 (syz-executor.2) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[  740.285866][ T1044] oom_reaper: reaped process 17035 (syz-executor.2), now anon-rss:0kB, file-rss:34776kB, shmem-rss:0kB
[  740.536703][T17021] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  740.550431][T17021] CPU: 0 PID: 17021 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  740.558432][T17021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  740.568497][T17021] Call Trace:
[  740.571797][T17021]  dump_stack+0x172/0x1f0
[  740.576152][T17021]  dump_header+0x10f/0xb6c
[  740.580589][T17021]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  740.586407][T17021]  ? ___ratelimit+0x60/0x595
[  740.591007][T17021]  ? do_raw_spin_unlock+0x57/0x270
[  740.596134][T17021]  oom_kill_process.cold+0x10/0x15
[  740.601261][T17021]  out_of_memory+0x79a/0x1280
[  740.605947][T17021]  ? lock_downgrade+0x880/0x880
[  740.610808][T17021]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  740.617068][T17021]  ? oom_killer_disable+0x280/0x280
[  740.622282][T17021]  ? find_held_lock+0x35/0x130
[  740.627072][T17021]  mem_cgroup_out_of_memory+0x1ca/0x230
[  740.632628][T17021]  ? memcg_event_wake+0x230/0x230
[  740.637667][T17021]  ? do_raw_spin_unlock+0x57/0x270
[  740.642792][T17021]  ? _raw_spin_unlock+0x2d/0x50
[  740.647665][T17021]  try_charge+0x102c/0x15c0
[  740.652172][T17021]  ? find_held_lock+0x35/0x130
[  740.656958][T17021]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  740.662513][T17021]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  740.668768][T17021]  ? kasan_check_read+0x11/0x20
[  740.673629][T17021]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  740.679182][T17021]  mem_cgroup_try_charge+0x24d/0x5e0
[  740.684491][T17021]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  740.690138][T17021]  wp_page_copy+0x416/0x1770
[  740.694746][T17021]  ? do_wp_page+0x486/0x1500
[  740.699367][T17021]  ? pmd_pfn+0x1d0/0x1d0
[  740.703628][T17021]  ? lock_downgrade+0x880/0x880
[  740.708499][T17021]  ? swp_swapcount+0x540/0x540
[  740.713277][T17021]  ? do_raw_spin_unlock+0x57/0x270
[  740.718427][T17021]  ? kasan_check_read+0x11/0x20
[  740.723292][T17021]  ? do_raw_spin_unlock+0x57/0x270
[  740.728595][T17021]  do_wp_page+0x48e/0x1500
[  740.733027][T17021]  ? finish_mkwrite_fault+0x540/0x540
[  740.738420][T17021]  __handle_mm_fault+0x22e3/0x3eb0
[  740.743555][T17021]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  740.749119][T17021]  ? find_held_lock+0x35/0x130
[  740.753897][T17021]  ? handle_mm_fault+0x292/0xa90
[  740.758857][T17021]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  740.765118][T17021]  ? kasan_check_read+0x11/0x20
[  740.769984][T17021]  handle_mm_fault+0x3b7/0xa90
[  740.774764][T17021]  __do_page_fault+0x5ef/0xda0
[  740.779543][T17021]  do_page_fault+0x71/0x57d
[  740.784054][T17021]  ? page_fault+0x8/0x30
[  740.788301][T17021]  page_fault+0x1e/0x30
[  740.792464][T17021] RIP: 0033:0x430356
[  740.796426][T17021] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 46 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 4c 64 00 85 c0 0f 84
[  740.816052][T17021] RSP: 002b:00007ffdd1cd82f0 EFLAGS: 00010206
[  740.822136][T17021] RAX: 0000000000019691 RBX: 0000000000714640 RCX: 0000000000008041
[  740.830113][T17021] RDX: 0000555556473930 RSI: 000055555647b970 RDI: 0000000000000003
15:48:52 executing program 4:
r0 = socket$kcm(0x2b, 0x1, 0x0)
r1 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000040)='syz1\x00', 0x200002, 0x0)
openat$cgroup_procs(r1, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r2 = openat$cgroup_ro(r1, &(0x7f00000000c0)='rdma.current\x00', 0x0, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000100)={[{0x2d, 'memory'}]}, 0x8)

[  740.838104][T17021] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556472940
[  740.846081][T17021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000714698
[  740.854059][T17021] R13: 0000000000714698 R14: 0000000000000000 R15: 0000000000002710
[  740.872280][T17021] memory: usage 884kB, limit 0kB, failcnt 229553
[  740.898096][T17021] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  740.914887][T17021] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  740.943222][T17021] Memory cgroup stats for /syz2: cache:0KB rss:68KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:132KB swap:0KB inactive_anon:0KB active_anon:68KB inactive_file:0KB active_file:0KB unevictable:0KB
[  740.987259][T17021] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17021,uid=0
[  741.003506][T17021] Memory cgroup out of memory: Killed process 17021 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34828kB, shmem-rss:0kB
[  741.018867][ T1044] oom_reaper: reaped process 17021 (syz-executor.2), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
15:48:52 executing program 3:
socket$kcm(0x2b, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_all\x00', 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, <r0=>0xffffffffffffff9c, 0x0, 0x29, &(0x7f0000000040)='mime_typelo\xf8!/vboxnet1vboxnet0vboxnet0lo\x00', 0xffffffffffffffff}, 0x30)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)

15:48:53 executing program 3:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg(r0, &(0x7f0000000600)={&(0x7f0000000040)=@x25={0x9, @null='               \x00'}, 0x80, &(0x7f0000000540)=[{&(0x7f00000000c0)="6614370e2ae83d051469d10d426d3a98cd78eadb3bb748441873004b630b38bd763a8a60811d6879f8f0e137746bdde0922f721d38cdb2e15dead9e4696fa72505cf77f2b2ccbf8c285828674c401b68427fc8ed0cf23870e7c5c62e5ebeb6f71c8acb23de83009ce5180cf674c3a036bfdcf01539e9b30bcfe7250cc68350c7", 0x80}, {&(0x7f0000000140)="2004be656450a40e94f35c66", 0xc}, {&(0x7f0000000180)="4eb23cb753c851baed76969dc776352c4837d527346d18d0ecd51cc007b18debd7b91498df5fe043573438a024db348216869232e0a59e9b6a1b0f724f77ea7c68a15dc981b389303e729fce8ac34df1ff7cbf0dac0d30ea7d3b1e2c233920ec13d43ca0a08bbc32f98dafcb4eb868065564b1a7aa2003b267d1d14a75349b1423e2867b02980354b0156b06f7a61078596bc3d65d8bebc34ff882436e1b4337ff7c9cde7af2b6ebc315a380254d7703e0aa8f7343deaed20f976701b3e00b696fd3ab74bd842ade67f180250342785402bc864fdad671f5509cf70e7ca884dfa1d691805c258d8acb821eeeca4ac22829fd0c6fe99eba3a", 0xf8}, {&(0x7f0000000280)="c61ebad4e265528fc565aec03219f1ceafed7ad45a3312e3f8b5f90fb5277740bfa3330f5bb3b45c304f28ba0d5d645b0a44b6f498dc08eedc41eee55f50be6e0400e2dbf1009160bdff2e6f88c2477a68f653bd3f3ab0c939a08e94bb1d2a24a0ccc3550119688ad8db773472f363fcd4ceb4adbcdafade2b21ec9dc20ff0e73d13fb88df9391bb7ab7305598e6fc3d0960ddd639688342bc77df27867a2abf6342", 0xa2}, {&(0x7f0000000340)="debed10913c39b9dbdbc0eb0e5d5bf747b627962f18368eedbac37b99dba31537a666ab2deee3ebbb569437e8219f442779abbe97ad1edfcecaa5fbabed0", 0x3e}, {&(0x7f0000000380)="3e74cf94f24a7241b4a830ccf3e20e4023f4f9f954166ec23feefbce5c7a354662cbbe514689931fff2449ec23894cd4", 0x30}, {&(0x7f00000003c0)="528d06e89a6631e9182ffa9d483f041b689dbfd5e48635f7b6c0bedb7e91375ccc3541c703d227fc410493e5ae15f2a1e811d50a6c1742becb4232e8110550c52250d37d1db6a3e112824c0bf27768", 0x4f}, {&(0x7f0000000440)="498132b4c7ec1601f09d38ef90be45f44720480f2303865b9f8476ee93be8a012ff4f648910c18487d9f6525c39c1f55ccc0b3f56e8d804a5a3fdbc54dc370010f65f81af94a278ff4bebb9ecb7d1644ad19d9dbe932ea06c1d349b7031aeeaeb5617b8a77867206c186b72c0d14d2e1a0a68d87b3b8b21d2e1825fd16be817e259e1157b05760ce4814cdf415d25a7fb5996ac3f7174b102be28add026eecb040da8465bf144946605be0d5d50f9dff19982a8600d82af78df81f808cdcd37c6b6eda1a8b342c9084fd5ace8fdff2d9921072db95b29f3b9f60b20f11948259c00c4922c0f247042cbde2ba85db40a24b6b", 0xf2}], 0x8, &(0x7f00000005c0)}, 0x4000000)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8904, 0x0)

[  741.302341][T17046] device nr0
 entered promiscuous mode
15:48:53 executing program 4:
r0 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$kcm(r0, &(0x7f00000001c0)={&(0x7f0000000040)=@vsock={0x28, 0x0, 0x2711, @hyper}, 0x80, &(0x7f0000000180)=[{&(0x7f00000000c0)="79093c5b127c24df29482bb881d2b6edaac1ccde6e191971b226012f2d12dd2e2b63a1ddce108a0be744279d2b289feb533214ceffa02cf936be4b55229b83290d5de0b0293b5ebe55ec3df74c5f7ad178f33b6c91d451a88cd7d7701fb7de92f9cc006303780d1f61b1dd44bd84d4fd08b40ea94d25d2f34ee772d8002442e43c181445bad925e4637beb2a4f3169d678f92227efb6e715c14d49fe499c39c76d0a1a33c0d83069614949e363", 0xad}], 0x1}, 0x20000040)
r1 = openat$cgroup(r0, &(0x7f0000000340)='syz0\x00', 0x200002, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000300)='cpuset.effective_mems\x00', 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0x400454d0, 0x1)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x40001, 0x0)
ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000240)=0x3)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)

15:48:53 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
r1 = gettid()
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0)
write$cgroup_pid(r2, &(0x7f0000000180)=r1, 0x12)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.stat\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x401, 0x3, 0x1, 0x0, 0x8, 0x0, 0x1, 0x80800000000000, 0x8, 0x0, 0xfffffffffffffe00, 0x100000001, 0xe02, 0x6, 0x6, 0x2, 0xffffffffffffffff, 0xfffffffffffffffb, 0x3, 0x100000000, 0x80000000, 0xffffffff, 0x9604, 0xef, 0x1, 0xfb, 0x2, 0x10001, 0x4000800000, 0x348a, 0x7, 0x3fe, 0x1ff, 0xcfb, 0x8, 0x0, 0x8, 0x2, @perf_bp={&(0x7f0000000000), 0x2}, 0x2000006008, 0x7, 0x9, 0x3, 0x10001, 0xf6, 0x9}, r1, 0xe, r3, 0x0)
ioctl$TUNSETVNETBE(r3, 0x400454de, &(0x7f0000000100)=0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)

15:48:53 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
socket$kcm(0x29, 0x7, 0x0)

15:48:54 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r2, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:48:54 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x0, 0x0)
write$cgroup_type(r1, &(0x7f0000000040)='threaded\x00', 0x9)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)

15:48:54 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f0000000040))

[  742.711101][T17077] IPVS: ftp: loaded support on port[0] = 21
[  742.980091][ T8859] device bridge_slave_1 left promiscuous mode
[  743.001412][ T8859] bridge0: port 2(bridge_slave_1) entered disabled state
[  743.075659][ T8859] device bridge_slave_0 left promiscuous mode
[  743.081900][ T8859] bridge0: port 1(bridge_slave_0) entered disabled state
[  746.497997][ T8859] device hsr_slave_1 left promiscuous mode
[  746.540777][ T8859] device hsr_slave_0 left promiscuous mode
[  746.600148][ T8859] team0 (unregistering): Port device team_slave_1 removed
[  746.624020][ T8859] team0 (unregistering): Port device team_slave_0 removed
[  746.651187][ T8859] bond0 (unregistering): Releasing backup interface bond_slave_1
[  746.725477][ T8859] bond0 (unregistering): Releasing backup interface bond_slave_0
[  746.863613][ T8859] bond0 (unregistering): Released all slaves
[  747.089047][T17077] chnl_net:caif_netlink_parms(): no params data found
[  747.142396][T17077] bridge0: port 1(bridge_slave_0) entered blocking state
[  747.150861][T17077] bridge0: port 1(bridge_slave_0) entered disabled state
[  747.159339][T17077] device bridge_slave_0 entered promiscuous mode
[  747.195786][T17077] bridge0: port 2(bridge_slave_1) entered blocking state
[  747.202884][T17077] bridge0: port 2(bridge_slave_1) entered disabled state
[  747.216810][T17077] device bridge_slave_1 entered promiscuous mode
[  747.259217][T17077] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  747.286992][T17077] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  747.345263][T17077] team0: Port device team_slave_0 added
[  747.352863][T17077] team0: Port device team_slave_1 added
[  747.437748][T17077] device hsr_slave_0 entered promiscuous mode
[  747.474859][T17077] device hsr_slave_1 entered promiscuous mode
[  747.536127][T17077] bridge0: port 2(bridge_slave_1) entered blocking state
[  747.543255][T17077] bridge0: port 2(bridge_slave_1) entered forwarding state
[  747.550683][T17077] bridge0: port 1(bridge_slave_0) entered blocking state
[  747.557795][T17077] bridge0: port 1(bridge_slave_0) entered forwarding state
[  747.723348][T17077] 8021q: adding VLAN 0 to HW filter on device bond0
[  747.754700][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  747.774823][    T5] bridge0: port 1(bridge_slave_0) entered disabled state
[  747.782960][    T5] bridge0: port 2(bridge_slave_1) entered disabled state
[  747.817807][T17077] 8021q: adding VLAN 0 to HW filter on device team0
[  747.840362][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  747.865655][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  747.872757][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  747.907752][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  747.916742][T14425] bridge0: port 2(bridge_slave_1) entered blocking state
[  747.923813][T14425] bridge0: port 2(bridge_slave_1) entered forwarding state
[  747.967634][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  747.976903][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  748.016600][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  748.040503][T17077] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  748.065564][T17077] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  748.074269][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  748.096666][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  748.130235][T17077] 8021q: adding VLAN 0 to HW filter on device batadv0
[  748.412016][T17095] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  748.424159][T17095] CPU: 0 PID: 17095 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  748.432165][T17095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  748.442229][T17095] Call Trace:
[  748.445538][T17095]  dump_stack+0x172/0x1f0
[  748.449889][T17095]  dump_header+0x10f/0xb6c
[  748.454318][T17095]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  748.460136][T17095]  ? ___ratelimit+0x60/0x595
[  748.464737][T17095]  ? do_raw_spin_unlock+0x57/0x270
[  748.469859][T17095]  oom_kill_process.cold+0x10/0x15
[  748.474977][T17095]  out_of_memory+0x79a/0x1280
[  748.479661][T17095]  ? lock_downgrade+0x880/0x880
[  748.484531][T17095]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  748.490778][T17095]  ? oom_killer_disable+0x280/0x280
[  748.495978][T17095]  ? find_held_lock+0x35/0x130
[  748.500759][T17095]  mem_cgroup_out_of_memory+0x1ca/0x230
[  748.506310][T17095]  ? memcg_event_wake+0x230/0x230
[  748.511350][T17095]  ? do_raw_spin_unlock+0x57/0x270
[  748.516472][T17095]  ? _raw_spin_unlock+0x2d/0x50
[  748.521336][T17095]  try_charge+0x102c/0x15c0
[  748.525844][T17095]  ? find_held_lock+0x35/0x130
[  748.530628][T17095]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  748.536184][T17095]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  748.542438][T17095]  ? kasan_check_read+0x11/0x20
[  748.547310][T17095]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  748.552867][T17095]  mem_cgroup_try_charge+0x24d/0x5e0
[  748.558172][T17095]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  748.563820][T17095]  __handle_mm_fault+0x1e1a/0x3eb0
[  748.568951][T17095]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  748.574506][T17095]  ? find_held_lock+0x35/0x130
[  748.579280][T17095]  ? handle_mm_fault+0x292/0xa90
[  748.584238][T17095]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  748.590488][T17095]  ? kasan_check_read+0x11/0x20
[  748.595348][T17095]  handle_mm_fault+0x3b7/0xa90
[  748.600125][T17095]  __do_page_fault+0x5ef/0xda0
[  748.604992][T17095]  do_page_fault+0x71/0x57d
[  748.609511][T17095]  ? page_fault+0x8/0x30
[  748.613760][T17095]  page_fault+0x1e/0x30
[  748.617918][T17095] RIP: 0033:0x410bbf
[  748.621818][T17095] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[  748.641427][T17095] RSP: 002b:00007ffdd2a17db0 EFLAGS: 00010206
[  748.647493][T17095] RAX: 00007f03b2e11000 RBX: 0000000000020000 RCX: 00000000004592ca
[  748.655468][T17095] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[  748.663443][T17095] RBP: 00007ffdd2a17e90 R08: ffffffffffffffff R09: 0000000000000000
[  748.671416][T17095] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdd2a17f80
[  748.679390][T17095] R13: 00007f03b2e31700 R14: 0000000000000001 R15: 000000000075bfcc
[  748.699783][T17095] memory: usage 3156kB, limit 0kB, failcnt 381184
[  748.711315][T17095] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  748.721262][T17095] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  748.733378][T17095] Memory cgroup stats for /syz1: cache:4KB rss:2144KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2144KB inactive_file:0KB active_file:0KB unevictable:0KB
[  748.755896][T17095] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17095,uid=0
[  748.771386][T17095] Memory cgroup out of memory: Killed process 17095 (syz-executor.1) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[  748.786137][ T1044] oom_reaper: reaped process 17095 (syz-executor.1), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB
[  748.877784][T17077] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  748.896606][T17077] CPU: 1 PID: 17077 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  748.904629][T17077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  748.914691][T17077] Call Trace:
[  748.918001][T17077]  dump_stack+0x172/0x1f0
[  748.922344][T17077]  dump_header+0x10f/0xb6c
[  748.926769][T17077]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  748.932582][T17077]  ? ___ratelimit+0x60/0x595
[  748.937178][T17077]  ? do_raw_spin_unlock+0x57/0x270
[  748.942303][T17077]  oom_kill_process.cold+0x10/0x15
[  748.947423][T17077]  out_of_memory+0x79a/0x1280
[  748.952109][T17077]  ? lock_downgrade+0x880/0x880
[  748.956966][T17077]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  748.963206][T17077]  ? oom_killer_disable+0x280/0x280
[  748.968404][T17077]  ? find_held_lock+0x35/0x130
[  748.973158][T17077]  mem_cgroup_out_of_memory+0x1ca/0x230
[  748.978686][T17077]  ? memcg_event_wake+0x230/0x230
[  748.983709][T17077]  ? do_raw_spin_unlock+0x57/0x270
[  748.989156][T17077]  ? _raw_spin_unlock+0x2d/0x50
[  748.993994][T17077]  try_charge+0x102c/0x15c0
[  748.998566][T17077]  ? find_held_lock+0x35/0x130
[  749.003494][T17077]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  749.009029][T17077]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  749.015308][T17077]  ? kasan_check_read+0x11/0x20
[  749.020151][T17077]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  749.025683][T17077]  mem_cgroup_try_charge+0x24d/0x5e0
[  749.030958][T17077]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  749.036577][T17077]  __handle_mm_fault+0x1e1a/0x3eb0
[  749.041675][T17077]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  749.047209][T17077]  ? find_held_lock+0x35/0x130
[  749.051970][T17077]  ? handle_mm_fault+0x292/0xa90
[  749.056896][T17077]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  749.063122][T17077]  ? kasan_check_read+0x11/0x20
[  749.067958][T17077]  handle_mm_fault+0x3b7/0xa90
[  749.072793][T17077]  __do_page_fault+0x5ef/0xda0
[  749.077567][T17077]  do_page_fault+0x71/0x57d
[  749.082057][T17077]  ? page_fault+0x8/0x30
[  749.086285][T17077]  page_fault+0x1e/0x30
[  749.090455][T17077] RIP: 0033:0x403672
[  749.094339][T17077] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 29 86 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 49 3b 05 00 48
[  749.113946][T17077] RSP: 002b:00007ffdd2a16f60 EFLAGS: 00010246
[  749.120017][T17077] RAX: 0000000000000000 RBX: 00000000000b6b2d RCX: 0000000000412e80
[  749.127984][T17077] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffdd2a18090
[  749.135950][T17077] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556f22940
[  749.143922][T17077] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdd2a18090
[  749.151896][T17077] R13: 00007ffdd2a18080 R14: 0000000000000000 R15: 00007ffdd2a18090
[  749.168036][T17077] memory: usage 824kB, limit 0kB, failcnt 381193
[  749.174391][T17077] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  749.188533][T17077] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  749.202966][T17077] Memory cgroup stats for /syz1: cache:4KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:48KB inactive_file:0KB active_file:0KB unevictable:0KB
[  749.232090][T17077] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17077,uid=0
[  749.254634][T17077] Memory cgroup out of memory: Killed process 17077 (syz-executor.1) total-vm:72444kB, anon-rss:72kB, file-rss:34828kB, shmem-rss:0kB
[  749.269366][ T1044] oom_reaper: reaped process 17077 (syz-executor.1), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
[  753.976942][ T8859] device bridge_slave_1 left promiscuous mode
[  753.983226][ T8859] bridge0: port 2(bridge_slave_1) entered disabled state
[  754.035822][ T8859] device bridge_slave_0 left promiscuous mode
[  754.042072][ T8859] bridge0: port 1(bridge_slave_0) entered disabled state
[  754.096664][ T8859] device bridge_slave_1 left promiscuous mode
[  754.103024][ T8859] bridge0: port 2(bridge_slave_1) entered disabled state
[  754.157468][ T8859] device bridge_slave_0 left promiscuous mode
[  754.163741][ T8859] bridge0: port 1(bridge_slave_0) entered disabled state
[  754.216785][ T8859] device bridge_slave_1 left promiscuous mode
[  754.223054][ T8859] bridge0: port 2(bridge_slave_1) entered disabled state
[  754.275764][ T8859] device bridge_slave_0 left promiscuous mode
[  754.282007][ T8859] bridge0: port 1(bridge_slave_0) entered disabled state
[  765.857917][ T8859] device hsr_slave_1 left promiscuous mode
[  765.900813][ T8859] device hsr_slave_0 left promiscuous mode
[  765.960154][ T8859] team0 (unregistering): Port device team_slave_1 removed
[  765.983530][ T8859] team0 (unregistering): Port device team_slave_0 removed
[  766.012125][ T8859] bond0 (unregistering): Releasing backup interface bond_slave_1
[  766.082017][ T8859] bond0 (unregistering): Releasing backup interface bond_slave_0
[  766.193519][ T8859] bond0 (unregistering): Released all slaves
[  766.338378][ T8859] device hsr_slave_1 left promiscuous mode
[  766.400253][ T8859] device hsr_slave_0 left promiscuous mode
[  766.459969][ T8859] team0 (unregistering): Port device team_slave_1 removed
[  766.483328][ T8859] team0 (unregistering): Port device team_slave_0 removed
[  766.504093][ T8859] bond0 (unregistering): Releasing backup interface bond_slave_1
[  766.570372][ T8859] bond0 (unregistering): Releasing backup interface bond_slave_0
[  766.722891][ T8859] bond0 (unregistering): Released all slaves
[  766.888260][ T8859] device hsr_slave_1 left promiscuous mode
[  766.940461][ T8859] device hsr_slave_0 left promiscuous mode
[  767.000083][ T8859] team0 (unregistering): Port device team_slave_1 removed
[  767.023052][ T8859] team0 (unregistering): Port device team_slave_0 removed
[  767.051539][ T8859] bond0 (unregistering): Releasing backup interface bond_slave_1
[  767.101172][ T8859] bond0 (unregistering): Releasing backup interface bond_slave_0
[  767.270814][ T8859] bond0 (unregistering): Released all slaves
15:49:52 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:49:52 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x8001, 0x7f, 0x1, 0x8, 0x0, 0x2, 0x62081, 0x6, 0x1, 0x7, 0x1d, 0x101, 0x10000, 0xffff, 0x401, 0x6, 0x3, 0xffffffffffff0001, 0x7f, 0x8001, 0x6de9, 0x9, 0x43a, 0x6, 0x1, 0x0, 0x7, 0x3ff, 0x7, 0x1, 0xc5b2, 0x5, 0x2, 0x1, 0x32800000, 0x1, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000000000), 0x4}, 0x1000, 0x7, 0x5, 0x5, 0x8, 0x7, 0x7}, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x2)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cgroup.stat\x00', 0x0, 0x0)
ioctl$TUNSETTXFILTER(r2, 0x400454d1, &(0x7f0000000100)={0x1, 0x5, [@broadcast, @local, @random="6d25b9126d08", @empty, @broadcast]})
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x0)

15:49:52 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r2, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:49:52 executing program 4:
socket$kcm(0x2b, 0x1, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz1\x00', 0x200002, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)

15:49:52 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:49:52 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:49:52 executing program 4:
r0 = socket$kcm(0x2b, 0x5, 0x0)
r1 = socket$kcm(0x29, 0x2, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={<r3=>0x0, <r4=>r2, 0x0, 0x12, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', <r5=>0xffffffffffffffff}, 0x30)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x2400, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
recvmsg$kcm(r1, &(0x7f0000000380)={&(0x7f00000001c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000240)=""/45, 0x2d}, {&(0x7f0000000280)=""/116, 0x74}], 0x2, &(0x7f0000000340)=""/10, 0xa}, 0x100)
perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x100000000, 0xfffffffffffffff7, 0x3, 0x5, 0x0, 0x0, 0x64, 0x8, 0x8, 0x7, 0x1, 0x7, 0x80, 0xfffffffffffffffc, 0x800, 0x800, 0x5, 0x9, 0x12d2, 0xffff, 0xeb, 0x1, 0x20, 0x7, 0x2, 0x7, 0x4, 0x1, 0x2, 0x9, 0x2, 0x10000, 0x3, 0x7, 0x0, 0x7, 0x0, 0x1, 0x4, @perf_config_ext={0x101, 0x94}, 0x8, 0x7, 0x3, 0x1, 0x7fffffff, 0xfffffffffffffff8, 0x8}, r3, 0xa, r4, 0x2)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r3, r4, 0x0, 0x15, &(0x7f0000000140)='trusted!%wlan0vmnet1\x00', r5}, 0x30)
getpid()

[  800.778041][T17104] device nr0
 entered promiscuous mode
15:49:52 executing program 3:
socketpair(0x10000000e, 0x5, 0x1, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000080))
recvmsg$kcm(r0, &(0x7f0000008700)={&(0x7f0000008380)=@can={0x1d, <r2=>0x0}, 0x80, &(0x7f0000008600)=[{&(0x7f0000008400)=""/71, 0x47}, {&(0x7f0000008480)=""/78, 0x4e}, {&(0x7f0000008500)=""/74, 0x4a}, {&(0x7f0000008580)=""/103, 0x67}], 0x4, &(0x7f0000008640)=""/185, 0xb9}, 0x20)
sendmsg$sock(r1, &(0x7f0000008940)={&(0x7f0000008740)=@can={0x1d, r2}, 0x80, &(0x7f00000088c0)=[{&(0x7f00000087c0)="cd96da125cf8920556f3dfcd54107f6eed0dcd63defcf6b0c5f6fedbc8913df4ace9bb2932ddf33773555b4f", 0x2c}, {&(0x7f0000008800)="0f6db88e3ce9b61624b6d156d4d92c92e4ad40351ed373e52db0e92246515a2d15ad388494f8be68cfefc920419de5731cad1f4a39057c9cfd8cb4dc08e27babf4bf9bf478ff75b698a88cd17023be76039933a3828d9c4bacc6af958934152d0ea851c7f726fff7646c3ccf088acdce3aee196b59cdf7ca6080fd3757c477859bc46477657a3e34d6974d95afa30ad0e001a1a17ea0f66affecafdc02414ae15af803a1113031cbbb3d9b37331f01a6", 0xb0}], 0x2, &(0x7f0000008900)=[@timestamping={{0x14, 0x1, 0x25, 0x100000000}}], 0x18}, 0x5)
r3 = socket$kcm(0x2b, 0x7f7ffbffffffbffc, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8904, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="2e0000002d000500d25a80648c63940d0200fc001000034002020000053582c137153e3709000180f0000000d1bd", 0x2e}], 0x1}, 0x0)
sendmsg$kcm(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)="d76db761512b0cf920875e99679db4204c5b857ad35623e5c4fec42c57ce975e65c3773367", 0x25}, {&(0x7f0000000200)="48f4b2900c25a31a23ca69de54c4d8bc83b489570002279a4ee88c261a2d6a3bf8e7cea9393da267732b5f4604a03bc4ed7f145e93680a09dd7017d55adbcae0115c29d625191944d99603fcede85cb16405572dd136a43c23bdfc1cfefde7fc9d", 0x61}, {&(0x7f0000000280)="7c0e7f88fb64b81b65502ae1688fae553a71a0d98c8001153b228f590e89a81cf7b7ade722365b82e26f61953848adcdd6c4433f441e4a2d2aa13cf805c50a09dc78c9d499cd478ccd4d783bc6eac1c7262df4f5107093e0e735f4b5287f6c877403ebf997c2f27a1da899f4dea8e1d04eabf0f55bb2f21c1a8c1ed0583c0d63f8b09c6619c0339b04d859f7706ec69acc56d8219d0844", 0x97}], 0x3, &(0x7f0000000380)=[{0xb8, 0x100, 0x6, "89568fdf2734db5f75aae2c15e75cdb751de4e09c2532f24f3b23143592f5d1d5e1b1cb0430bb8e336ad3c29f78ffbe282b5fe3fba3cb959a06ab7df6c4d18d15379c67e4758b41b5677bff9c59cdc6d3af2c459bd70da75228c1a0843c784a249e4c4c3248359e8a5ef5df517ab36ef3913226a37acb6cabb703c736a9ce959beeb53ce835fd2ee23953b13b50a4bbb576d0e96a885749f2612c774f108a00a93c3e4"}, {0x40, 0x11f, 0x1f, "d95b073b84b202eb88f8132933900b686c4910271114a4fe56e962667ca13281173a054c0d8d8bf070562acb4d114151"}, {0x110, 0x119, 0x0, "811e98bbb10df88bd84558477afd69101b173305544fd32d25535e030be9f2308f9ea65bd9b8e775730d453cccb8f9b808d8f07453f69345fc583fee1c6ad86620cae0da83f4cbd37d026f18b104be0cd59195431c2fde3a791310609e1e9f2ee4373be4763617f0fae5bbd415644b295005eb40f791055ca3ae824997f9d716720946ef1ef03270ebde52ee94e18dbd072f544e9d626572686ed8e77ab73b849b07d3a7f2362e0329295f2ab3007fbe1139ce248f95ed700b8490e125042b6af54627acdc2d51c00067921c051e8ba373e43d9c622c3d1422a0d4dde45317a66963a430e5f5ed4a266334a3fd0ddf917e5e334f1aa44d96882f7cef"}], 0x208}, 0x80)
r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000600)='cpuset.effective_mems\x00', 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000680)={r5, 0x0, 0x1, 0x1, &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20)
ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f00000006c0)=0x3)
r6 = perf_event_open$cgroup(&(0x7f0000000140)={0x6, 0x70, 0x5, 0x9, 0x1, 0x8, 0x0, 0xfffffffffffffffc, 0x100, 0xe, 0x0, 0x0, 0x7, 0xffffffffffffffe0, 0x4, 0x1, 0x20, 0x7ff, 0x100000001, 0x8, 0x2a56, 0x3, 0xb68, 0x8000, 0x5cf2606c, 0x0, 0x908, 0xb63f, 0x7, 0x2, 0x4, 0x6, 0x9, 0x9, 0xfff, 0x401, 0x0, 0x4, 0x0, 0x7fff, 0x4, @perf_bp={&(0x7f0000000040), 0x8}, 0x0, 0x1ff, 0x0, 0xf, 0x10001, 0x1ff, 0xc4ce}, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x2)
socket$kcm(0x29, 0x2, 0x0)
perf_event_open(&(0x7f00000000c0)={0x7, 0x70, 0xa1a4, 0x20, 0x20, 0x7f, 0x0, 0x5, 0x802, 0x1, 0x1, 0xff19, 0x4, 0x7, 0x38, 0x42ed, 0x7, 0x4, 0x5, 0x401, 0x4, 0x3c, 0x3, 0xffffffffffffffff, 0x80000001, 0x2, 0x3ff, 0xf88, 0x80, 0x2, 0x3, 0x8000, 0x10000, 0x9, 0xffffffffffff8000, 0x8, 0x8000, 0x5, 0x0, 0x100, 0x1, @perf_config_ext={0x2, 0x7}, 0x100, 0x8, 0x0, 0x3, 0xfffffffffffffff9, 0xde, 0x9}, 0x0, 0x2, r6, 0x2)

15:49:52 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={0x0, &(0x7f0000000480)=""/222, 0x0, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:49:52 executing program 3:
socket$kcm(0x2b, 0x1, 0x0)
perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x5, 0x5, 0x8, 0x100, 0x0, 0x88, 0x84, 0x1, 0x2, 0x9, 0x9, 0x6, 0x5, 0x7, 0x5, 0xfffffffffffffffa, 0x81, 0x180000000000, 0x0, 0x81, 0x1, 0x6, 0x9, 0xbcd, 0x51, 0x66d2, 0x8, 0x5, 0x40, 0x4e, 0x3ff, 0x5, 0x6adf, 0x0, 0x2, 0x4, 0x0, 0x77, 0x4, @perf_bp={&(0x7f0000000000), 0x4}, 0x800, 0xfffffffffffffffb, 0xcfd, 0x7, 0xac57, 0x101, 0xfffffffffffffff8}, 0x0, 0x8, 0xffffffffffffff9c, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x7, 0x70, 0x10001, 0x40, 0x7fffffff, 0xffffffffffffff3a, 0x0, 0x0, 0xa0, 0x8, 0x3, 0x80, 0x6, 0x7, 0x6, 0x1ff0000000000, 0x75caaa3b, 0x8, 0x7fffffff, 0x101, 0xc, 0x3, 0x13e, 0x2, 0x2, 0x1, 0x79, 0x3, 0xfffffffffffff800, 0x5, 0x0, 0x80000000, 0x6d8a, 0xfffffffffffffffa, 0x2, 0x3, 0x0, 0x4, 0x0, 0x0, 0x3, @perf_bp={&(0x7f00000000c0), 0xb}, 0x80, 0x7, 0x97, 0x3, 0x7d3, 0x100, 0x54db9afe}, 0xffffffffffffffff, 0x2, 0xffffffffffffffff, 0x3)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x479)

[  801.053542][T17118] device nr0
 entered promiscuous mode
15:49:53 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)
socket$kcm(0x29, 0x7, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x1, 0x1, 0x0, 0x80000000, 0x0, 0x4, 0x2, 0x2, 0x4, 0x100, 0x7, 0x10000, 0x5d0b, 0x80000001, 0x5, 0x7fff, 0x3, 0x5, 0x800, 0x8, 0x1, 0xe47e, 0x8, 0x1, 0x1ff, 0x3, 0x8, 0xfffffffffffffffa, 0x9, 0x0, 0x7, 0x0, 0x8, 0x4, 0x7fff, 0xf8, 0x0, 0x1, 0x2, @perf_bp={&(0x7f0000000000), 0xa}, 0x0, 0x0, 0x4f, 0xf, 0x5, 0x2, 0xa4f}, 0xffffffffffffffff, 0x0, r1, 0x9)

15:49:53 executing program 3:
socket$kcm(0x2b, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffff9c, 0x0, 0x3, &(0x7f0000000000)='-[\x00', 0xffffffffffffffff}, 0x30)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)

[  802.291456][T17137] IPVS: ftp: loaded support on port[0] = 21
[  802.413074][    T7] device bridge_slave_1 left promiscuous mode
[  802.419611][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[  802.475641][    T7] device bridge_slave_0 left promiscuous mode
[  802.481846][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[  804.057871][    T7] device hsr_slave_1 left promiscuous mode
[  804.099471][    T7] device hsr_slave_0 left promiscuous mode
[  804.159233][    T7] team0 (unregistering): Port device team_slave_1 removed
[  804.170892][    T7] team0 (unregistering): Port device team_slave_0 removed
[  804.182356][    T7] bond0 (unregistering): Releasing backup interface bond_slave_1
[  804.220408][    T7] bond0 (unregistering): Releasing backup interface bond_slave_0
[  804.311916][    T7] bond0 (unregistering): Released all slaves
[  804.420555][T17137] chnl_net:caif_netlink_parms(): no params data found
[  804.436238][T17141] IPVS: ftp: loaded support on port[0] = 21
[  804.439360][T17142] IPVS: ftp: loaded support on port[0] = 21
[  804.511277][T17137] bridge0: port 1(bridge_slave_0) entered blocking state
[  804.518598][T17137] bridge0: port 1(bridge_slave_0) entered disabled state
[  804.526792][T17137] device bridge_slave_0 entered promiscuous mode
[  804.561485][T17137] bridge0: port 2(bridge_slave_1) entered blocking state
[  804.569199][T17137] bridge0: port 2(bridge_slave_1) entered disabled state
[  804.577036][T17137] device bridge_slave_1 entered promiscuous mode
[  804.605678][T17137] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  804.616259][T17137] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  804.726087][T17137] team0: Port device team_slave_0 added
[  804.735534][T17141] chnl_net:caif_netlink_parms(): no params data found
[  804.753758][T17137] team0: Port device team_slave_1 added
[  804.809596][T17141] bridge0: port 1(bridge_slave_0) entered blocking state
[  804.817569][T17141] bridge0: port 1(bridge_slave_0) entered disabled state
[  804.826000][T17141] device bridge_slave_0 entered promiscuous mode
[  804.897717][T17137] device hsr_slave_0 entered promiscuous mode
[  804.944938][T17137] device hsr_slave_1 entered promiscuous mode
[  804.985001][T17141] bridge0: port 2(bridge_slave_1) entered blocking state
[  804.992134][T17141] bridge0: port 2(bridge_slave_1) entered disabled state
[  805.000939][T17141] device bridge_slave_1 entered promiscuous mode
[  805.081917][T17137] bridge0: port 2(bridge_slave_1) entered blocking state
[  805.089070][T17137] bridge0: port 2(bridge_slave_1) entered forwarding state
[  805.096506][T17137] bridge0: port 1(bridge_slave_0) entered blocking state
[  805.103589][T17137] bridge0: port 1(bridge_slave_0) entered forwarding state
[  805.151723][T17141] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  805.186166][T17141] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  805.203519][T17142] chnl_net:caif_netlink_parms(): no params data found
[  805.262288][T17141] team0: Port device team_slave_0 added
[  805.287263][T17141] team0: Port device team_slave_1 added
[  805.316062][T17137] 8021q: adding VLAN 0 to HW filter on device bond0
[  805.365729][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  805.380927][T14425] bridge0: port 1(bridge_slave_0) entered disabled state
[  805.388944][T14425] bridge0: port 2(bridge_slave_1) entered disabled state
[  805.405214][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  805.477944][T17141] device hsr_slave_0 entered promiscuous mode
[  805.555025][T17141] device hsr_slave_1 entered promiscuous mode
[  805.604792][T17142] bridge0: port 1(bridge_slave_0) entered blocking state
[  805.613923][T17142] bridge0: port 1(bridge_slave_0) entered disabled state
[  805.622740][T17142] device bridge_slave_0 entered promiscuous mode
[  805.634158][T17137] 8021q: adding VLAN 0 to HW filter on device team0
[  805.649085][T17142] bridge0: port 2(bridge_slave_1) entered blocking state
[  805.656809][T17142] bridge0: port 2(bridge_slave_1) entered disabled state
[  805.665122][T17142] device bridge_slave_1 entered promiscuous mode
[  805.693034][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  805.715157][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  805.723649][T15020] bridge0: port 1(bridge_slave_0) entered blocking state
[  805.730832][T15020] bridge0: port 1(bridge_slave_0) entered forwarding state
[  805.739539][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  805.748248][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  805.757307][T15020] bridge0: port 2(bridge_slave_1) entered blocking state
[  805.764360][T15020] bridge0: port 2(bridge_slave_1) entered forwarding state
[  805.806484][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  805.815746][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  805.824635][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  805.833393][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  805.842750][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  805.851553][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  805.862626][T17142] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  805.879164][T17142] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  805.892639][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  805.926158][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  805.935029][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  805.943445][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  805.952471][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  805.977110][T17137] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  806.019034][T17142] team0: Port device team_slave_0 added
[  806.033965][T17137] 8021q: adding VLAN 0 to HW filter on device batadv0
[  806.048190][T17141] 8021q: adding VLAN 0 to HW filter on device bond0
[  806.059356][T17142] team0: Port device team_slave_1 added
[  806.083997][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  806.092609][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  806.104705][T17141] 8021q: adding VLAN 0 to HW filter on device team0
[  806.157673][T17142] device hsr_slave_0 entered promiscuous mode
[  806.184776][T17142] device hsr_slave_1 entered promiscuous mode
[  806.253620][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  806.265399][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  806.285010][ T8841] bridge0: port 1(bridge_slave_0) entered blocking state
[  806.292154][ T8841] bridge0: port 1(bridge_slave_0) entered forwarding state
[  806.317287][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  806.346758][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  806.361908][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  806.371917][T15020] bridge0: port 2(bridge_slave_1) entered blocking state
[  806.379061][T15020] bridge0: port 2(bridge_slave_1) entered forwarding state
[  806.394937][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  806.441239][T17149] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  806.442783][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  806.462378][T17149] CPU: 0 PID: 17149 Comm: syz-executor.5 Not tainted 5.2.0-rc2+ #14
[  806.467266][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  806.470383][T17149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  806.483839][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  806.488325][T17149] Call Trace:
[  806.488351][T17149]  dump_stack+0x172/0x1f0
[  806.488374][T17149]  dump_header+0x10f/0xb6c
[  806.488393][T17149]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  806.488409][T17149]  ? ___ratelimit+0x60/0x595
[  806.488425][T17149]  ? do_raw_spin_unlock+0x57/0x270
[  806.488444][T17149]  oom_kill_process.cold+0x10/0x15
[  806.488462][T17149]  out_of_memory+0x79a/0x1280
[  806.488478][T17149]  ? lock_downgrade+0x880/0x880
[  806.488494][T17149]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  806.488511][T17149]  ? oom_killer_disable+0x280/0x280
[  806.488523][T17149]  ? find_held_lock+0x35/0x130
[  806.488549][T17149]  mem_cgroup_out_of_memory+0x1ca/0x230
[  806.488562][T17149]  ? memcg_event_wake+0x230/0x230
[  806.488580][T17149]  ? do_raw_spin_unlock+0x57/0x270
[  806.488595][T17149]  ? _raw_spin_unlock+0x2d/0x50
[  806.488613][T17149]  try_charge+0x102c/0x15c0
[  806.488624][T17149]  ? find_held_lock+0x35/0x130
[  806.488648][T17149]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  806.488669][T17149]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  806.504309][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  806.508525][T17149]  ? kasan_check_read+0x11/0x20
[  806.508548][T17149]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  806.508564][T17149]  mem_cgroup_try_charge+0x24d/0x5e0
[  806.508583][T17149]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  806.508602][T17149]  __handle_mm_fault+0x1e1a/0x3eb0
[  806.508623][T17149]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  806.508644][T17149]  ? find_held_lock+0x35/0x130
[  806.521759][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  806.524137][T17149]  ? handle_mm_fault+0x292/0xa90
[  806.530491][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  806.533918][T17149]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  806.545392][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  806.550192][T17149]  ? kasan_check_read+0x11/0x20
[  806.566379][T17141] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  806.570688][T17149]  handle_mm_fault+0x3b7/0xa90
[  806.583508][T17141] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  806.584785][T17149]  __do_page_fault+0x5ef/0xda0
[  806.584809][T17149]  do_page_fault+0x71/0x57d
[  806.584826][T17149]  ? page_fault+0x8/0x30
[  806.584840][T17149]  page_fault+0x1e/0x30
[  806.584852][T17149] RIP: 0033:0x410bbf
[  806.584869][T17149] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[  806.584877][T17149] RSP: 002b:00007ffc9d697700 EFLAGS: 00010206
[  806.584891][T17149] RAX: 00007f63d5da5000 RBX: 0000000000020000 RCX: 00000000004592ca
[  806.584900][T17149] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[  806.584909][T17149] RBP: 00007ffc9d6977e0 R08: ffffffffffffffff R09: 0000000000000000
[  806.584917][T17149] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc9d6978d0
[  806.584925][T17149] R13: 00007f63d5dc5700 R14: 0000000000000001 R15: 000000000075bfcc
[  806.624535][T17149] memory: usage 3248kB, limit 0kB, failcnt 211925
[  806.798067][T17149] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  806.807296][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  806.816365][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  806.821124][T17149] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  806.825605][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  806.831208][T17149] Memory cgroup stats for /syz5: cache:176KB rss:2104KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2104KB inactive_file:132KB active_file:0KB unevictable:0KB
[  806.856881][T17141] 8021q: adding VLAN 0 to HW filter on device batadv0
[  806.867417][T17149] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17149,uid=0
[  806.900083][T17149] Memory cgroup out of memory: Killed process 17149 (syz-executor.5) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[  806.910623][T17142] 8021q: adding VLAN 0 to HW filter on device bond0
[  806.925535][ T1044] oom_reaper: reaped process 17149 (syz-executor.5), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB
[  806.948164][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  806.957391][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  806.978764][T17142] 8021q: adding VLAN 0 to HW filter on device team0
[  807.005776][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  807.032091][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  807.041065][T14418] bridge0: port 1(bridge_slave_0) entered blocking state
[  807.048232][T14418] bridge0: port 1(bridge_slave_0) entered forwarding state
[  807.057254][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  807.066231][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  807.081066][T14418] bridge0: port 2(bridge_slave_1) entered blocking state
[  807.088187][T14418] bridge0: port 2(bridge_slave_1) entered forwarding state
15:49:58 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r1 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r2, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r3 = openat$cgroup_int(r0, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r0, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000240))
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:49:58 executing program 3:
r0 = perf_event_open$cgroup(&(0x7f0000000080)={0x5, 0x70, 0xfffffffffffffffb, 0x1, 0x7, 0x2000000000, 0x0, 0x1b4c, 0x888, 0x8, 0x6, 0x82b3, 0x2, 0x7fff, 0x4, 0x4, 0x3, 0x7fffffff8, 0x45bfee1d, 0x0, 0x5, 0x4, 0x8001, 0x100000000, 0xc5bb, 0xd0b0, 0xffffffffffff0001, 0x7, 0xffffffffffffff61, 0xa0000000000000, 0x4, 0x5, 0xffffffff, 0xdbc, 0x9, 0x5, 0x2, 0x5, 0x0, 0x4, 0x7, @perf_config_ext={0x4, 0x8020000000000000}, 0x4, 0xfffffffffffffffe, 0x80000001, 0x7, 0x0, 0x5, 0x10000}, 0xffffffffffffff9c, 0x8, 0xffffffffffffff9c, 0xc)
perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x45d, 0x9, 0x3, 0x67, 0x0, 0x7fff, 0x80040, 0x8, 0x0, 0x1f, 0xfffffffffffffff7, 0x4, 0x0, 0x5, 0x5, 0x20, 0x20, 0x2, 0x8, 0x1, 0x27, 0x8, 0x2000000, 0xffffffffffffffff, 0x8, 0x4, 0x0, 0x7, 0x5, 0x6000000000000000, 0x3c56, 0x200, 0x9, 0x3f, 0x2, 0x6, 0x0, 0x80000000, 0x7, @perf_config_ext={0x6, 0xfffffffffffffffc}, 0x2008, 0xffffffffffffff7f, 0x937f, 0x2, 0x3, 0x400, 0x5ab8}, 0x0, 0xc, r0, 0x1)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8904, 0x0)

[  807.101913][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  807.111201][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  807.126523][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  807.156855][T17137] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  807.181778][T17137] CPU: 1 PID: 17137 Comm: syz-executor.5 Not tainted 5.2.0-rc2+ #14
[  807.189791][T17137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  807.199855][T17137] Call Trace:
[  807.203164][T17137]  dump_stack+0x172/0x1f0
[  807.207518][T17137]  dump_header+0x10f/0xb6c
[  807.211952][T17137]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  807.217772][T17137]  ? ___ratelimit+0x60/0x595
[  807.222375][T17137]  ? do_raw_spin_unlock+0x57/0x270
[  807.227507][T17137]  oom_kill_process.cold+0x10/0x15
[  807.232643][T17137]  out_of_memory+0x79a/0x1280
[  807.237339][T17137]  ? lock_downgrade+0x880/0x880
[  807.242199][T17137]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  807.248453][T17137]  ? oom_killer_disable+0x280/0x280
[  807.248467][T17137]  ? find_held_lock+0x35/0x130
[  807.248503][T17137]  mem_cgroup_out_of_memory+0x1ca/0x230
[  807.264089][T17137]  ? memcg_event_wake+0x230/0x230
[  807.269133][T17137]  ? do_raw_spin_unlock+0x57/0x270
[  807.274257][T17137]  ? _raw_spin_unlock+0x2d/0x50
[  807.279122][T17137]  try_charge+0x102c/0x15c0
[  807.283627][T17137]  ? find_held_lock+0x35/0x130
[  807.288414][T17137]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  807.293979][T17137]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  807.300239][T17137]  ? kasan_check_read+0x11/0x20
[  807.305119][T17137]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  807.310684][T17137]  mem_cgroup_try_charge+0x24d/0x5e0
[  807.315989][T17137]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  807.321665][T17137]  wp_page_copy+0x416/0x1770
[  807.326265][T17137]  ? do_wp_page+0x486/0x1500
[  807.330868][T17137]  ? pmd_pfn+0x1d0/0x1d0
[  807.335126][T17137]  ? lock_downgrade+0x880/0x880
[  807.339985][T17137]  ? swp_swapcount+0x540/0x540
[  807.344756][T17137]  ? do_raw_spin_unlock+0x57/0x270
[  807.349876][T17137]  ? kasan_check_read+0x11/0x20
[  807.354739][T17137]  ? do_raw_spin_unlock+0x57/0x270
[  807.359863][T17137]  do_wp_page+0x48e/0x1500
[  807.364299][T17137]  ? finish_mkwrite_fault+0x540/0x540
[  807.369690][T17137]  __handle_mm_fault+0x22e3/0x3eb0
[  807.374820][T17137]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  807.380405][T17137]  ? find_held_lock+0x35/0x130
[  807.385174][T17137]  ? handle_mm_fault+0x292/0xa90
[  807.390126][T17137]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  807.396374][T17137]  ? kasan_check_read+0x11/0x20
[  807.401232][T17137]  handle_mm_fault+0x3b7/0xa90
[  807.406010][T17137]  __do_page_fault+0x5ef/0xda0
[  807.410791][T17137]  do_page_fault+0x71/0x57d
[  807.415309][T17137]  ? page_fault+0x8/0x30
[  807.419569][T17137]  page_fault+0x1e/0x30
[  807.423732][T17137] RIP: 0033:0x430356
[  807.427639][T17137] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 46 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 4c 64 00 85 c0 0f 84
[  807.447600][T17137] RSP: 002b:00007ffc9d696710 EFLAGS: 00010206
[  807.453681][T17137] RAX: 0000000000019691 RBX: 0000000000714640 RCX: 0000000000008041
[  807.461667][T17137] RDX: 000055555692f930 RSI: 0000555556937970 RDI: 0000000000000003
[  807.469643][T17137] RBP: 0000000000008041 R08: 0000000000000001 R09: 000055555692e940
[  807.477618][T17137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000714698
[  807.485589][T17137] R13: 0000000000714698 R14: 0000000000000000 R15: 0000000000002710
[  807.504813][T17137] memory: usage 912kB, limit 0kB, failcnt 211934
[  807.508907][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  807.511263][T17137] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  807.524058][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  807.535736][T17137] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  807.550359][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  807.551132][T17137] Memory cgroup stats for /syz5: cache:176KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:52KB inactive_file:132KB active_file:0KB unevictable:0KB
[  807.558647][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  807.579034][T17137] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17137,uid=0
[  807.602682][T17137] Memory cgroup out of memory: Killed process 17137 (syz-executor.5) total-vm:72444kB, anon-rss:68kB, file-rss:34828kB, shmem-rss:0kB
[  807.604027][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  807.626608][ T1044] oom_reaper: reaped process 17137 (syz-executor.5), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
[  807.631592][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  807.645940][T17158] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  807.657388][T17158] CPU: 1 PID: 17158 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  807.657405][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  807.665384][T17158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  807.665392][T17158] Call Trace:
[  807.665416][T17158]  dump_stack+0x172/0x1f0
[  807.665440][T17158]  dump_header+0x10f/0xb6c
[  807.665464][T17158]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  807.677111][T17142] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  807.683232][T17158]  ? ___ratelimit+0x60/0x595
[  807.687755][T17142] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  807.690830][T17158]  ? do_raw_spin_unlock+0x57/0x270
[  807.710314][T17142] 8021q: adding VLAN 0 to HW filter on device batadv0
[  807.711337][T17158]  oom_kill_process.cold+0x10/0x15
[  807.723023][T17158]  out_of_memory+0x79a/0x1280
[  807.744825][T17158]  ? oom_killer_disable+0x280/0x280
[  807.750042][T17158]  ? find_held_lock+0x35/0x130
[  807.754839][T17158]  mem_cgroup_out_of_memory+0x1ca/0x230
[  807.760403][T17158]  ? memcg_event_wake+0x230/0x230
[  807.765447][T17158]  ? do_raw_spin_unlock+0x57/0x270
[  807.770564][T17158]  ? _raw_spin_unlock+0x2d/0x50
[  807.775433][T17158]  try_charge+0x102c/0x15c0
[  807.779942][T17158]  ? find_held_lock+0x35/0x130
[  807.784720][T17158]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  807.784757][T17158]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  807.796530][T17158]  ? kasan_check_read+0x11/0x20
[  807.801389][T17158]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  807.806943][T17158]  mem_cgroup_try_charge+0x24d/0x5e0
[  807.812263][T17158]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  807.817910][T17158]  __handle_mm_fault+0x1e1a/0x3eb0
[  807.823039][T17158]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  807.828599][T17158]  ? find_held_lock+0x35/0x130
[  807.833381][T17158]  ? handle_mm_fault+0x292/0xa90
[  807.838351][T17158]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  807.844612][T17158]  ? kasan_check_read+0x11/0x20
[  807.849567][T17158]  handle_mm_fault+0x3b7/0xa90
[  807.854349][T17158]  __do_page_fault+0x5ef/0xda0
[  807.859132][T17158]  do_page_fault+0x71/0x57d
[  807.863646][T17158]  ? page_fault+0x8/0x30
[  807.867901][T17158]  page_fault+0x1e/0x30
[  807.872068][T17158] RIP: 0033:0x410bbf
[  807.875977][T17158] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[  807.895597][T17158] RSP: 002b:00007ffcf0b54b00 EFLAGS: 00010206
[  807.901679][T17158] RAX: 00007f18c32d2000 RBX: 0000000000020000 RCX: 00000000004592ca
[  807.909661][T17158] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[  807.917620][T17158] RBP: 00007ffcf0b54be0 R08: ffffffffffffffff R09: 0000000000000000
[  807.925588][T17158] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf0b54cd0
[  807.933856][T17158] R13: 00007f18c32f2700 R14: 0000000000000001 R15: 000000000075bfcc
[  807.955832][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  807.961097][T17158] memory: usage 3176kB, limit 0kB, failcnt 229562
[  807.964317][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  807.970619][T17158] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  807.986864][T17158] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  807.993835][T17158] Memory cgroup stats for /syz2: cache:0KB rss:2088KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:132KB swap:0KB inactive_anon:0KB active_anon:2088KB inactive_file:0KB active_file:0KB unevictable:0KB
[  808.015972][T17158] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17158,uid=0
[  808.032188][T17158] Memory cgroup out of memory: Killed process 17158 (syz-executor.2) total-vm:72708kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB
[  808.048449][ T1044] oom_reaper: reaped process 17158 (syz-executor.2), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB
[  808.065346][T17169] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  808.086613][T17169] CPU: 1 PID: 17169 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  808.094636][T17169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  808.104717][T17169] Call Trace:
[  808.108048][T17169]  dump_stack+0x172/0x1f0
[  808.112397][T17169]  dump_header+0x10f/0xb6c
[  808.116841][T17169]  oom_kill_process.cold+0x10/0x15
[  808.121969][T17169]  out_of_memory+0x79a/0x1280
[  808.128176][T17169]  ? oom_killer_disable+0x280/0x280
[  808.133411][T17169]  mem_cgroup_out_of_memory+0x1ca/0x230
[  808.138970][T17169]  ? memcg_event_wake+0x230/0x230
[  808.144015][T17169]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  808.149837][T17169]  ? cgroup_file_notify+0x140/0x1b0
[  808.155053][T17169]  memory_max_write+0x169/0x300
[  808.159922][T17169]  ? mem_cgroup_write+0x360/0x360
[  808.164971][T17169]  ? cgroup_file_write+0x86/0x790
[  808.170011][T17169]  cgroup_file_write+0x241/0x790
[  808.174964][T17169]  ? mem_cgroup_write+0x360/0x360
[  808.179998][T17169]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  808.185656][T17169]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  808.191298][T17169]  kernfs_fop_write+0x2b8/0x480
[  808.196166][T17169]  __vfs_write+0x8a/0x110
[  808.200509][T17169]  ? kernfs_fop_open+0xd80/0xd80
[  808.205465][T17169]  vfs_write+0x20c/0x580
[  808.209734][T17169]  ksys_write+0x14f/0x290
[  808.214087][T17169]  ? __ia32_sys_read+0xb0/0xb0
[  808.218867][T17169]  ? do_syscall_64+0x26/0x680
[  808.223557][T17169]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  808.229642][T17169]  ? do_syscall_64+0x26/0x680
[  808.234338][T17169]  __x64_sys_write+0x73/0xb0
[  808.238944][T17169]  do_syscall_64+0xfd/0x680
[  808.243465][T17169]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  808.249371][T17169] RIP: 0033:0x459279
[  808.253291][T17169] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  808.272911][T17169] RSP: 002b:00007f1746ca4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  808.281347][T17169] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  808.289335][T17169] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  808.297301][T17169] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  808.305261][T17169] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1746ca56d4
15:50:00 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={0x0, &(0x7f0000000480)=""/222, 0x0, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:50:00 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:50:00 executing program 4:
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000001580)={<r0=>0xffffffffffffff9c})
sendmsg(r0, &(0x7f0000002100)={&(0x7f00000015c0)=@sco={0x1f, {0xbf15, 0xffffffffffffffc1, 0x4, 0x2, 0xfffffffffffff3af, 0xdf}}, 0x80, &(0x7f0000001a80)=[{&(0x7f0000001640)="e19fdd784f09e0f670912deace16f172452cec81f8c40c2012b308d1f85ee29f52abbd3bd2d4b2aceacc1126291779f61c6e8b04b3c6c1a72637672d38b0617d07659a66fee06db26dc236ca091c6a7984d29b144926aaa20eaca8de9978d0be2fa609ba65ba03ba355e1e598bcb4cd71debe6632f9398c77c79a38e42eb1eeb3130aa1a0bc7cdee9b69c06fb2d5415848d0c483828d9c373b04cc01b23ac528536cb30398045b2c349e2da40a1450c8bb7dfc26d5c09d5440ab9e3e8aef086b54732838b188c46973fe2c0f4e12e1669f6dc95e43ea18c50d5b32c712", 0xdd}, {&(0x7f0000001740)="1a4539c5a7b385e87dd8f0ae7190223460b400f77b24eca9ffbc923eae9eebc29de0de24301d5ca223c344726807a9180ffc72757f9abfbb05c8b39fec4fc829b63dd5ed55b085349d0a9129d8a864c36fc2811f3e8541666b1e8a6a1b25e0a3a6a170fc24fd33a02a", 0x69}, {&(0x7f00000017c0)="6ef1669574a0b7101363ff038e5c5c6dc479c4908f13c16695e5649c89cd562035131f3542da0063b6adf1b9cf4aca3f579d75c1f7b4fadf50abc29836142888bb4656fc8f083e0a4220014d79d971a7c563ac74eb4431c7aeb5a78706", 0x5d}, {&(0x7f0000001840)="75f102bc33c0033f8e9937c94f6f4197a87a1d016b1eda238a0c13802e139c458102773d9375941828f2b436cd98e66f47b28b79c8e3106f2579f74f26940463e186086714bceb689261d6ba0addc8e88c8e35a384f5cc61ee63237bf3a35dd0e961f2f5", 0x64}, {&(0x7f00000018c0)="0876986fea9a1b109099b11ff811a41203668c6f968fa6b48f9683c88c7692687e506187465252c1f7b6e7c433cc47ce9fa0c6cf14a115db2395c530f2913fd645e503e982cadfbc830071cf", 0x4c}, {&(0x7f0000001940)="180719f45a6f95bb472b83b6eb09bd7c94ba2ba106774f929e4f7e18b271e00015d337695adc85e170f456d193913082b9ada51152e8cf9d4261381dc35d61296e3ceaafd36f0fafa37bc330dd30478658", 0x51}, {&(0x7f00000019c0)="58b633ae470bdd46b032623c7b69f992536d276ec9cd62f5513aed518109b722d38ff9d2a1df30a0eda96d3d8f9fdff5e04fa08e079944890ad4498c6792fcc2b13253f295b69ea6af5cd4c7bf846ced8d0b583782d3fcdd", 0x58}, {&(0x7f0000001a40)="801ca2228cb8642692e1e7c0f1cc466803b2fe913a02e3e8c72b5ea37b18be66", 0x20}], 0x8, &(0x7f0000001b00)=[{0xa0, 0x101, 0x5, "8cede3d1b0581031d549051f42003288d81c25e7cc3f4ac48d6fced1345389c28188ced27064066242a50c460e51248aa98ade44a7c797a2d9af5f37495a337b4bdfa1479269ea6ab1d5a381e1bb77f8e2dc2234611f535879cfc5fa0f4b8c1a37743a33a07edeabd8b27d241afbb0539eb238fe183a82a0eab361cc6c1c68f487c06d4408eded6051f5e1848ace"}, {0x100, 0x6, 0x8000, "4b23b7f2ad206ad8b648efe731d2b579ba0aa4215a5c25879c7db1ab48d2c0e14259281135ccfdf0fdf5187b531547a449b79bc5570ba8a163e21dd7064e1da4b6dc7b9ace2a4d19dec30ffba3a6ae350ce677c3d763e9372e60bcfc1cdaf04571cf7bcf3672102ef5e0a1764a29cfe5ce7811f6264f4d97f3019fbd18ea71089053e2e82b8dc0bd7ba01ab32e2dade70863722e043debb47662471f78da9fd22c4028569eebd6a9a29c8356ab2e24116f3f06ecd8f0b743d75634b011ba4bf2f828f543d8725fbc15a8690301c019288e71dbd633e0514b29067909e564e1945b7c5ce09dfc2222e6e7"}, {0x30, 0x10b, 0x7, "13979f1fdf907eead8c3188f67c8447422d94c96d26e5cf32237d79a70"}, {0xe0, 0x10b, 0x1000, "a995d7e407628aa8e6839279e9e5fda720e8328293505108cc8cf8fcda21447c71f6416e9f5b7c65e3d1345258d3c61f9841ffe07111de4b4467301f9f54cc1491045bc982c505b918a20803d7e19c9d4b9cfbcfd094115e83687bfb1b023f6c080847eb8018226ba7adc5f6fdf4c7c95e4185d7ff13e98b65bb276a18ae9c21375550ba654c2ef55316c42eb7fbde65fa1d0a15a1b5140753b54266ee68087787ac99ad768f620174b3677ca526a9068cc0429095f7176bf676604a7be2fd75a84dc54d89f760a52f60f5"}, {0xa0, 0x11d, 0xfff, "ae0528a5ad012b8e51aec22c265a9292774712ebfe81d81054c32dca650a4a262f9ad22f72f5a2be137590516a36c1e050b4023b66389c87498740b0978587a5a397d6312c21e316e1a3891d36f41cbe2535807fbd48654d695e56936381df063461f131ce4ce02abfc957ea2b95c9d0f865d208d6e844b34663b9d4848c69271375c88f9f549348e51e5c"}, {0x80, 0x0, 0x6, "f8111bbac01e4feb3537b4e7c2b3566659df119ecfac5f2a8edc8f83598f094049dbbe97c5dd0486c64cc3f2cdb600fc5d17b7da81d40e4f877131e33dc6c6705bce097fc2b07c7f7beea15828c301ff70a7c5661f76324b20e9d9ff9683371ec61cfdb1a4d6faad56ed698e"}, {0xe0, 0x11b, 0xc37b, "f82a99dbd248498482397fd3d49c65617e6b68ff56c254b588210e0f1fc28d008dfea2f98f451b5ea5c0d38fb8dfdc12971330064d646cb2a66dae68d50b13e167429fb9f91813abfa37351984777f113055c55460103b323e1082eebd5ca8f502e080f8c39f2a3f02619664c8b0fb99f0b8fc56d172bdb3ed491d48c1370f3450aba6efb1749dfcb33018a0f02e643289ae8b4c408d3d8d8cb0028cef47b29d98b9f605af3a20fea9dfce8cd13b6d27d3eb8aafa99515f04f9c20a7864bcc05db94d5bad8def9b503"}, {0xd8, 0x103, 0x101, "e1739a3b1287099cfc989e594806edb9fef4377024a7a44e315f09743ebbbdee4fcd623d3406f49060f985e2bca56f9a03a4b6a25b39f9cf51d1e7ce1dad6c00c93a51c10b2ed32c4963ff67d532d3e5a47d6c5b4249649ea516daf8f7045fec7571429007f2852119af408141f70992e06760e390b6b555f076ad9f906d6b4566fa43a2fca9f9623fde0911897768b052e2e94c86023d4c53c8a6ce259cb2b06ab841e95278f1e8cfff72dbe9a5ba37bd0a0f45fd7489cddf47beb4d8e781d71bd3"}, {0x68, 0x13a, 0x0, "be2f0b0a89f38af6eb0795ef7026b9d1faaa27d3fb1b4abd7337b9b866053e1f38be938692d9c936b356f52c12b5f419515c65592c71419b21d45bb608a0bb6305b225bbf28e55fc30d7f5d2344c861cfb5c5313dd06d63f"}], 0x5f0}, 0x40000)
r1 = socket$kcm(0x2b, 0x1, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./\xa6group.Ypu/syz0\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

[  808.313245][T17169] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  808.328034][T17169] memory: usage 3148kB, limit 0kB, failcnt 381202
[  808.345174][T17169] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  808.362132][T17169] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  808.369556][T17169] Memory cgroup stats for /syz1: cache:4KB rss:2212KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2212KB inactive_file:0KB active_file:0KB unevictable:0KB
[  808.391401][T17169] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17167,uid=0
[  808.423127][T17169] Memory cgroup out of memory: Killed process 17167 (syz-executor.1) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[  808.454782][ T1044] oom_reaper: reaped process 17167 (syz-executor.1), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB
[  808.456894][T17173] device nr0
 entered promiscuous mode
[  808.474678][T17141] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  808.496065][T17141] CPU: 0 PID: 17141 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  808.504078][T17141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  808.514136][T17141] Call Trace:
[  808.517437][T17141]  dump_stack+0x172/0x1f0
[  808.521786][T17141]  dump_header+0x10f/0xb6c
[  808.526217][T17141]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  808.532045][T17141]  ? ___ratelimit+0x60/0x595
[  808.536644][T17141]  ? do_raw_spin_unlock+0x57/0x270
[  808.541778][T17141]  oom_kill_process.cold+0x10/0x15
[  808.546997][T17141]  out_of_memory+0x79a/0x1280
[  808.551692][T17141]  ? oom_killer_disable+0x280/0x280
[  808.556927][T17141]  ? find_held_lock+0x35/0x130
[  808.561715][T17141]  mem_cgroup_out_of_memory+0x1ca/0x230
[  808.567273][T17141]  ? memcg_event_wake+0x230/0x230
[  808.572314][T17141]  ? do_raw_spin_unlock+0x57/0x270
[  808.577433][T17141]  ? _raw_spin_unlock+0x2d/0x50
[  808.582285][T17141]  try_charge+0x102c/0x15c0
[  808.586776][T17141]  ? find_held_lock+0x35/0x130
[  808.591542][T17141]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  808.597095][T17141]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  808.603323][T17141]  ? kasan_check_read+0x11/0x20
[  808.608166][T17141]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  808.613700][T17141]  mem_cgroup_try_charge+0x24d/0x5e0
[  808.619009][T17141]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  808.624656][T17141]  wp_page_copy+0x416/0x1770
[  808.629240][T17141]  ? do_wp_page+0x486/0x1500
[  808.633818][T17141]  ? pmd_pfn+0x1d0/0x1d0
[  808.638219][T17141]  ? lock_downgrade+0x880/0x880
[  808.643089][T17141]  ? swp_swapcount+0x540/0x540
[  808.647843][T17141]  ? kasan_check_read+0x11/0x20
[  808.652683][T17141]  ? do_raw_spin_unlock+0x57/0x270
[  808.657788][T17141]  do_wp_page+0x48e/0x1500
[  808.662193][T17141]  ? finish_mkwrite_fault+0x540/0x540
[  808.667558][T17141]  __handle_mm_fault+0x22e3/0x3eb0
[  808.672660][T17141]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  808.678191][T17141]  ? find_held_lock+0x35/0x130
[  808.682949][T17141]  ? handle_mm_fault+0x292/0xa90
[  808.687885][T17141]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  808.694119][T17141]  ? kasan_check_read+0x11/0x20
[  808.698967][T17141]  handle_mm_fault+0x3b7/0xa90
[  808.703727][T17141]  __do_page_fault+0x5ef/0xda0
[  808.708501][T17141]  do_page_fault+0x71/0x57d
[  808.713008][T17141]  ? page_fault+0x8/0x30
[  808.717245][T17141]  page_fault+0x1e/0x30
[  808.721385][T17141] RIP: 0033:0x403672
[  808.725273][T17141] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 29 86 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 49 3b 05 00 48
[  808.744889][T17141] RSP: 002b:00007ffcf0b53cb0 EFLAGS: 00010246
[  808.750952][T17141] RAX: 0000000000000000 RBX: 00000000000c523a RCX: 0000000000412e80
[  808.758917][T17141] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffcf0b54de0
[  808.766877][T17141] RBP: 0000000000000002 R08: 0000000000000001 R09: 000055555690c940
15:50:00 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:50:00 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x3ac, 0x4, 0x1000, 0x7ff, 0x0, 0x3, 0x4000, 0xd, 0x9, 0x4, 0x8000, 0x8, 0x7, 0x2, 0x0, 0x7, 0x6, 0x100000000, 0x4, 0x5, 0x7, 0x7fffffff, 0x5, 0x1, 0x7fff, 0x7ff, 0x2, 0x7522e34a, 0x100, 0x8, 0x80000000, 0x1, 0xb9, 0x0, 0x9, 0x1, 0x0, 0x4, 0x4, @perf_bp={&(0x7f0000000000), 0xa}, 0x40, 0x9, 0x7fffffff, 0x2, 0xe52f, 0x7, 0xb494}, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x8)
ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000000c0)=0x6)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)

15:50:00 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r1 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r2, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r3 = openat$cgroup_int(r0, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r0, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000240))
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:50:00 executing program 4:
r0 = socket$kcm(0x2b, 0x7, 0x0)
socket$kcm(0x29, 0x5, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={<r2=>0x0, r0, 0x0, 0x12, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0xffffffffffffffff}, 0x30)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x4f, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r3, 0x0, 0xe, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8", 0x0, 0x3f00}, 0x28)
r4 = perf_event_open$cgroup(&(0x7f0000000100)={0x4, 0x70, 0x8001, 0xfff, 0x6, 0x0, 0x0, 0x5, 0xc000, 0x4, 0x5, 0xcd4d, 0x6, 0x0, 0x20, 0x1, 0x1000, 0x8000, 0x7f, 0x8, 0x2d0, 0x9, 0x9, 0x80, 0x4, 0x5, 0xffffffff, 0x5, 0x6, 0x200, 0x80000000, 0x0, 0x6, 0x80000001, 0x800, 0x1, 0x4, 0x6, 0x0, 0x9, 0x4, @perf_bp={&(0x7f00000000c0)}, 0x2610, 0x4, 0x9, 0xf, 0x9, 0xda2, 0x4}, r1, 0xa, 0xffffffffffffff9c, 0x4)
socket$kcm(0x29, 0x5, 0x0)
r5 = perf_event_open$cgroup(&(0x7f00000001c0)={0x2, 0x70, 0x564ee689, 0x9, 0x6a, 0x6, 0x0, 0x9, 0x22, 0x1, 0x8, 0x7f, 0x0, 0xff, 0x1, 0x7, 0x100000001, 0x100, 0xfffffffffffff000, 0x9, 0xfffffffffffffff9, 0x5, 0x80000000, 0x1, 0x200, 0x5, 0xdb15, 0x6, 0xfffffffffffffffb, 0x2, 0x3, 0x849d, 0x3, 0x1, 0x100000000, 0x1000, 0x100, 0x1, 0x0, 0x4, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x10, 0x1, 0x2da, 0x3, 0x2, 0x1, 0x7f}, r1, 0x10, 0xffffffffffffffff, 0x8)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
perf_event_open(&(0x7f0000000240)={0x7, 0x70, 0x6, 0x10000, 0x0, 0x5, 0x0, 0x3, 0x40, 0x4, 0xd10, 0x5, 0x2, 0x1, 0x9f0a, 0xfffffffffffffff8, 0x6, 0x2510d5a6, 0x8, 0x9, 0x1, 0x1, 0xa00, 0x100, 0x1, 0xfffffffffffffffa, 0x81, 0x22, 0x2, 0x3, 0x400, 0xad4, 0x9ea, 0x34a5, 0x8, 0x3, 0x80000000, 0x3, 0x0, 0x6, 0x0, @perf_config_ext={0xa16, 0x2}, 0x400, 0x6, 0x7e5, 0x0, 0x7, 0x4, 0x1000}, r2, 0x10, r4, 0x0)

[  808.774837][T17141] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf0b54de0
[  808.782795][T17141] R13: 00007ffcf0b54dd0 R14: 0000000000000000 R15: 00007ffcf0b54de0
[  808.792769][T17141] memory: usage 844kB, limit 0kB, failcnt 229571
[  808.825952][T17141] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
15:50:00 executing program 3:
r0 = socket$kcm(0x2b, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)

[  808.871247][T17141] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  808.913392][T17141] Memory cgroup stats for /syz2: cache:0KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:132KB swap:0KB inactive_anon:0KB active_anon:48KB inactive_file:0KB active_file:0KB unevictable:0KB
[  808.984570][T17141] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17141,uid=0
[  809.010473][T17141] Memory cgroup out of memory: Killed process 17141 (syz-executor.2) total-vm:72444kB, anon-rss:76kB, file-rss:34828kB, shmem-rss:0kB
[  809.040378][T17142] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  809.041266][ T1044] oom_reaper: reaped process 17141 (syz-executor.2), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
[  809.054930][T17142] CPU: 0 PID: 17142 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  809.069454][T17142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  809.079700][T17142] Call Trace:
[  809.083036][T17142]  dump_stack+0x172/0x1f0
15:50:00 executing program 4:
r0 = socket$kcm(0x2b, 0x1, 0x0)
r1 = perf_event_open$cgroup(&(0x7f0000000080)={0x7, 0x70, 0x243, 0xfa50, 0xfffffffffffffe00, 0x4, 0x0, 0x5, 0x0, 0xa, 0x40000, 0xa8, 0x2, 0x1, 0x9, 0xef9, 0x8, 0x7f, 0x1ff, 0x8000, 0x100000000, 0x7, 0x100000001, 0x2, 0xfffffffffffffff7, 0x3, 0x10, 0xf95, 0x6, 0x7, 0x3, 0x6, 0x9, 0x25, 0x949, 0x3, 0xf8, 0x9, 0x0, 0x5, 0x1, @perf_bp={&(0x7f0000000040), 0x1}, 0x2000, 0xad5, 0x401, 0x7, 0x4, 0x8, 0xffff}, 0xffffffffffffffff, 0x4, 0xffffffffffffff9c, 0x5)
ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x1)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x1)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz0\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_RESET(r1, 0x2403, 0x2)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)

[  809.087417][T17142]  dump_header+0x10f/0xb6c
[  809.091854][T17142]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  809.097678][T17142]  ? ___ratelimit+0x60/0x595
[  809.102310][T17142]  ? do_raw_spin_unlock+0x57/0x270
[  809.107445][T17142]  oom_kill_process.cold+0x10/0x15
[  809.112590][T17142]  out_of_memory+0x79a/0x1280
[  809.117305][T17142]  ? oom_killer_disable+0x280/0x280
[  809.122519][T17142]  ? find_held_lock+0x35/0x130
[  809.127309][T17142]  mem_cgroup_out_of_memory+0x1ca/0x230
[  809.127325][T17142]  ? memcg_event_wake+0x230/0x230
[  809.127347][T17142]  ? do_raw_spin_unlock+0x57/0x270
[  809.127365][T17142]  ? _raw_spin_unlock+0x2d/0x50
[  809.127385][T17142]  try_charge+0x102c/0x15c0
[  809.127399][T17142]  ? find_held_lock+0x35/0x130
[  809.127421][T17142]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  809.157481][T17142]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  809.157501][T17142]  ? kasan_check_read+0x11/0x20
[  809.157523][T17142]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  809.157542][T17142]  mem_cgroup_try_charge+0x24d/0x5e0
[  809.157560][T17142]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  809.157581][T17142]  __handle_mm_fault+0x1e1a/0x3eb0
[  809.157602][T17142]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  809.157616][T17142]  ? find_held_lock+0x35/0x130
[  809.157637][T17142]  ? handle_mm_fault+0x292/0xa90
[  809.211096][T17142]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  809.217448][T17142]  ? kasan_check_read+0x11/0x20
[  809.222319][T17142]  handle_mm_fault+0x3b7/0xa90
[  809.227102][T17142]  __do_page_fault+0x5ef/0xda0
[  809.231887][T17142]  do_page_fault+0x71/0x57d
[  809.236402][T17142]  ? page_fault+0x8/0x30
[  809.240650][T17142]  page_fault+0x1e/0x30
[  809.244811][T17142] RIP: 0033:0x403672
[  809.248721][T17142] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 29 86 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 49 3b 05 00 48
[  809.268364][T17142] RSP: 002b:00007ffedeaf8eb0 EFLAGS: 00010246
[  809.274536][T17142] RAX: 0000000000000000 RBX: 00000000000c53a3 RCX: 0000000000412e80
[  809.282526][T17142] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffedeaf9fe0
15:50:01 executing program 3:
r0 = socket$kcm(0x2b, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000000)={r0})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.stat\x00', 0x0, 0x0)
perf_event_open$cgroup(&(0x7f0000000080)={0x4, 0x70, 0x1, 0x100, 0x83, 0x2, 0x0, 0x20, 0x0, 0x0, 0x400000000, 0x16, 0x2, 0x1, 0x1, 0x9, 0x7300, 0x0, 0x91, 0x3, 0x6, 0x0, 0x100000000, 0xffffffffa4d59e41, 0x6, 0x4, 0x6, 0x6, 0x4, 0x7, 0x17d, 0x10001, 0x37, 0x3, 0x6, 0x7, 0x0, 0x2c, 0x0, 0x2, 0x3, @perf_config_ext={0x2, 0x5}, 0x30200, 0x1f, 0xee69, 0x1, 0x24, 0xffffffff7fffffff, 0x100000001}, 0xffffffffffffff9c, 0x1, 0xffffffffffffff9c, 0x2)
perf_event_open$cgroup(&(0x7f0000000140)={0x2, 0x70, 0x43, 0xf06d, 0x0, 0x401, 0x0, 0x7, 0x40000, 0x2, 0x7f, 0x100000001, 0x9, 0x402be0aa, 0xffffffffbcd5741a, 0x0, 0x1, 0x4, 0xcf, 0x401, 0xfff, 0x100, 0x80000001, 0xffffffff80000001, 0x401, 0x1, 0x10000, 0x0, 0x1, 0x8, 0x3f, 0x1, 0x0, 0xfffffffffffffff7, 0x1f, 0x100, 0x8000, 0x5, 0x0, 0xaef, 0x0, @perf_bp={&(0x7f0000000100), 0x6}, 0x8000, 0x4, 0x6, 0x7, 0x336, 0x7, 0xf1d3}, 0xffffffffffffff9c, 0x2, r0, 0xa)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x0, 0x0)
perf_event_open$cgroup(&(0x7f0000000240)={0x4, 0x70, 0x7, 0xfffffffffffffffb, 0x8, 0x9, 0x0, 0x7b6, 0xc0000, 0x8, 0x5, 0x100000001, 0xfffffffffffffff9, 0x243fe48f, 0x800, 0x1ff, 0x9, 0x101, 0x800, 0x401, 0x0, 0x6, 0x20, 0xfffffffffffffbfd, 0x2, 0x9, 0x4, 0x5, 0x1f, 0x5, 0x1, 0x2, 0x1, 0x9, 0x4, 0xc7f4, 0xffffffff, 0xbc7, 0x0, 0x6, 0x1, @perf_bp={&(0x7f0000000200), 0x3}, 0x400, 0x1000, 0x800, 0x5, 0x1f, 0xfffffffffffffffe, 0x7}, 0xffffffffffffffff, 0xb, 0xffffffffffffffff, 0xee9e2b795db6418f)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000300)={0xffffffffffffffff, <r1=>0xffffffffffffff9c, 0x0, 0x16, &(0x7f00000002c0)='{security\'#cgroup\'+.!\x00', 0xffffffffffffffff}, 0x30)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8904, 0x40000004)

[  809.290519][T17142] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555555911940
[  809.298611][T17142] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffedeaf9fe0
[  809.306603][T17142] R13: 00007ffedeaf9fd0 R14: 0000000000000000 R15: 00007ffedeaf9fe0
15:50:01 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
socket$kcm(0x29, 0x7, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)

[  809.442801][T17142] memory: usage 812kB, limit 0kB, failcnt 381211
[  809.466877][T17142] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  809.492462][T17142] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  809.516933][T17142] Memory cgroup stats for /syz1: cache:4KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:52KB inactive_file:0KB active_file:0KB unevictable:0KB
15:50:01 executing program 3:
r0 = socket$kcm(0x2b, 0x6, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x0, 0x0)
ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00', r1}, 0x10)
socket$kcm(0x29, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)

[  809.547743][T17142] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17142,uid=0
[  809.565733][T17142] Memory cgroup out of memory: Killed process 17142 (syz-executor.1) total-vm:72444kB, anon-rss:72kB, file-rss:34828kB, shmem-rss:0kB
[  809.610105][ T1044] oom_reaper: reaped process 17142 (syz-executor.1), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB
15:50:01 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={0x0, &(0x7f0000000480)=""/222, 0x0, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:50:01 executing program 3:
r0 = socket$kcm(0x2b, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)

15:50:02 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  810.204220][T17210] device nr0
 entered promiscuous mode
15:50:02 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  810.577541][T17216] IPVS: ftp: loaded support on port[0] = 21
[  810.766258][T17216] chnl_net:caif_netlink_parms(): no params data found
[  810.864591][T17216] bridge0: port 1(bridge_slave_0) entered blocking state
[  810.871710][T17216] bridge0: port 1(bridge_slave_0) entered disabled state
[  810.879746][T17216] device bridge_slave_0 entered promiscuous mode
[  810.887914][T17216] bridge0: port 2(bridge_slave_1) entered blocking state
[  810.896777][T17216] bridge0: port 2(bridge_slave_1) entered disabled state
[  810.905491][T17216] device bridge_slave_1 entered promiscuous mode
[  810.981665][T17216] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  810.992696][T17216] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  811.014697][T17216] team0: Port device team_slave_0 added
[  811.020909][    T7] device bridge_slave_1 left promiscuous mode
[  811.027963][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[  811.075472][    T7] device bridge_slave_0 left promiscuous mode
[  811.081770][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[  812.767987][    T7] device hsr_slave_1 left promiscuous mode
[  812.809582][    T7] device hsr_slave_0 left promiscuous mode
[  812.869491][    T7] team0 (unregistering): Port device team_slave_1 removed
[  812.881993][    T7] team0 (unregistering): Port device team_slave_0 removed
[  812.893674][    T7] bond0 (unregistering): Releasing backup interface bond_slave_1
[  812.929990][    T7] bond0 (unregistering): Releasing backup interface bond_slave_0
[  813.003760][    T7] bond0 (unregistering): Released all slaves
[  813.099214][T17216] team0: Port device team_slave_1 added
[  813.156531][T17216] device hsr_slave_0 entered promiscuous mode
[  813.214829][T17216] device hsr_slave_1 entered promiscuous mode
[  813.311874][T17216] 8021q: adding VLAN 0 to HW filter on device bond0
[  813.331567][T17216] 8021q: adding VLAN 0 to HW filter on device team0
[  813.342353][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  813.350639][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  813.363333][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  813.373127][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  813.381879][ T8841] bridge0: port 1(bridge_slave_0) entered blocking state
[  813.389008][ T8841] bridge0: port 1(bridge_slave_0) entered forwarding state
[  813.404891][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  813.413064][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  813.422056][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  813.430812][ T8841] bridge0: port 2(bridge_slave_1) entered blocking state
[  813.438177][ T8841] bridge0: port 2(bridge_slave_1) entered forwarding state
[  813.447283][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  813.456264][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  813.545721][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  813.554765][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  813.563283][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  813.572158][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  813.581072][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  813.592196][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  813.600666][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  813.625716][T17216] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  813.667450][T17216] 8021q: adding VLAN 0 to HW filter on device batadv0
[  813.838688][T17225] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  813.854310][T17225] CPU: 0 PID: 17225 Comm: syz-executor.5 Not tainted 5.2.0-rc2+ #14
[  813.862330][T17225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  813.872408][T17225] Call Trace:
[  813.875725][T17225]  dump_stack+0x172/0x1f0
[  813.880080][T17225]  dump_header+0x10f/0xb6c
[  813.884549][T17225]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  813.890379][T17225]  ? ___ratelimit+0x60/0x595
[  813.894986][T17225]  ? do_raw_spin_unlock+0x57/0x270
[  813.900123][T17225]  oom_kill_process.cold+0x10/0x15
[  813.905259][T17225]  out_of_memory+0x79a/0x1280
[  813.909951][T17225]  ? __sched_text_start+0x8/0x8
[  813.914905][T17225]  ? oom_killer_disable+0x280/0x280
[  813.920127][T17225]  ? cgroup_file_notify+0x140/0x1b0
[  813.925351][T17225]  mem_cgroup_out_of_memory+0x1ca/0x230
[  813.930911][T17225]  ? memcg_event_wake+0x230/0x230
[  813.935964][T17225]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  813.941797][T17225]  ? cgroup_file_notify+0x140/0x1b0
[  813.947021][T17225]  memory_max_write+0x169/0x300
[  813.951900][T17225]  ? mem_cgroup_write+0x360/0x360
[  813.956942][T17225]  ? lock_acquire+0x16f/0x3f0
[  813.961628][T17225]  ? kernfs_fop_write+0x227/0x480
[  813.966669][T17225]  cgroup_file_write+0x241/0x790
[  813.971624][T17225]  ? mem_cgroup_write+0x360/0x360
[  813.976676][T17225]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  813.982412][T17225]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  813.988063][T17225]  kernfs_fop_write+0x2b8/0x480
[  813.992950][T17225]  __vfs_write+0x8a/0x110
[  813.997297][T17225]  ? kernfs_fop_open+0xd80/0xd80
[  814.002250][T17225]  vfs_write+0x20c/0x580
[  814.006508][T17225]  ksys_write+0x14f/0x290
[  814.010899][T17225]  ? __ia32_sys_read+0xb0/0xb0
[  814.017214][T17225]  ? do_syscall_64+0x26/0x680
[  814.021921][T17225]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  814.028007][T17225]  ? do_syscall_64+0x26/0x680
[  814.032704][T17225]  __x64_sys_write+0x73/0xb0
[  814.037343][T17225]  do_syscall_64+0xfd/0x680
[  814.041861][T17225]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  814.047767][T17225] RIP: 0033:0x459279
[  814.051880][T17225] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  814.071501][T17225] RSP: 002b:00007f2273988c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  814.079940][T17225] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  814.087928][T17225] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008
[  814.095914][T17225] RBP: 000000000075bfc0 R08: 0000000000000000 R09: 0000000000000000
[  814.103902][T17225] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f22739896d4
[  814.111892][T17225] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  814.123810][T17225] memory: usage 3320kB, limit 0kB, failcnt 211935
[  814.146506][T17225] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  814.166353][T17225] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  814.173482][T17225] Memory cgroup stats for /syz5: cache:176KB rss:2176KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2176KB inactive_file:132KB active_file:0KB unevictable:0KB
[  814.195696][T17225] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17223,uid=0
[  814.212428][T17225] Memory cgroup out of memory: Killed process 17223 (syz-executor.5) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[  814.230860][ T1044] oom_reaper: reaped process 17223 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB
15:50:06 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r1 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r2, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r3 = openat$cgroup_int(r0, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r0, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000240))
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:50:06 executing program 4:
r0 = socket$kcm(0x2b, 0x1000000000000005, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)

15:50:06 executing program 3:
r0 = socket$kcm(0x29, 0x7, 0x0)
sendmsg$inet(r0, &(0x7f0000000c40)={&(0x7f0000000780)={0x2, 0x4e22, @multicast2}, 0x10, &(0x7f0000000bc0)=[{&(0x7f00000007c0)="51bb4bb94675c4b288543cb238a32bb4698113081be84662136481b0c374943c4bb45258d949f5e8f8468dc4c5d33b4956c777f88fbbf91a2629415695cfa398d5d0a56f22c3155c64f9049937942616c6803a89a557aa793db38a79e62cf867aadb78aa38e8974a67e277a97a6421633057f8bc8b709e288418f9ddec4ffeb6e85140766795acc5fd8f6a058b03d410861c3b053198a106b8d6ede9e3a263bd7f602f692a7b9a12b33b4cacd565f2aa629685f8a1278e7c1343977af80daf026617e44b06bc15addf3deeb1", 0xcc}, {&(0x7f00000008c0)="3ebb24b65c1469050badeaef6bbe7b75a9bececa50e7e6928a556aff38200f85a2f11328a7f6f8294fe061221482a75efbb4cb005f04b45e52c6619990dc2628bda62004ef0ee140dc825150eb9059d0027b199d1ed2bd14a7038c92f89f9056ee0a8b217fe80f8c2442a5e304d0619d56775b15c767b6a88595c642f60f36df29543978bd9377764919a817f59fb8435756185bea7424a29022d48c2fc524c6d28153ec1d78ce26004a12c8b565ae1b3ee35e92c703cf780e", 0xb9}, {&(0x7f0000000980)="85fbd346ec9b07d27fff9df429828973c283e402a282b62348624e9f3ee63801815aa5260b358aacb3b4a16d1c1c40ecb64c71178d81cbc5eac1c4ca8623832256cb566a4254528614e354314cd399d79ed13a866a60ae75de59cd2be10840ca862ba44ab9ec7c09c0b353ce8b1c2d", 0x6f}, {&(0x7f0000000a00)="ce04313b1cc85bbbe42a9577b39b98d30ef64337160b747d6f13a62357ebb94516f772c1f275979e7a6fe8cd36760bf8b63f815e0fbe360701e8df774bd0642f23ac566de0db1b9df663821a6d84225e356f6b5bbb4fe493d560cd35a490157ae30331e5a0f2bf325829fe9d555a4f98cb6cacd8692077d3ba87b5f4a4", 0x7d}, {&(0x7f0000000a80)="59601187d3abc5666eb61f46d7d68d88a0f772055b572282fde99e37e5dc04549e6b1bbd4176f54314fa58238722aa57aafac923bd40c99f0cc8dcf270b1e8ae520dd0e7ad35e49c4becd5ff93ea661a6dd447e47a87515a5fec4e9f1c610ea6c90d539394c8edaa90192edb3d9f62a2a64a0d869bb4a676fbd3e3b7f529ad288f61ca191ce5333b4d6581c768d968726f7967c7c015698349603ed90f2e93a583105c", 0xa3}, {&(0x7f0000000b40)="1230921cf2e3120858c4ff54b396774f8a01a4851cd2bda134866d5ffd4f2960a61d998b3e497683f073b5c59d6a9587d113c74543e33c8106c9bd3023375b1a5499f227262fcf346d3ca2a0aa51e98f01a07335ab4fed41eba969cde8c67587f334", 0x62}], 0x6}, 0x4000040)
sendmsg$kcm(r0, &(0x7f0000001ac0)={&(0x7f00000012c0)=@in6={0xa, 0x4e20, 0xff, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x10001}, 0x80, &(0x7f0000001680)=[{&(0x7f0000001340)="9d98235d5cf2d6d8cdfda0106a6e6934f3d5ce09099d17bffa136801a9e3cc4b439be28821f957f7e88e63ed0fb6b7a0f1cb2dfdc20bfc7260399a4e2329c579622a65177aa76d86543d8c35f4e005f8bf8029c32d72943ff0b938534dc6fa1fb799725fd23e706e85f3efa105093da61545ebb551c221bfa3cb92ce71b624344f04cd376bfa5942e8f99a3ba70953", 0x8f}, {&(0x7f0000001400)="cb1669c1f9dbe5fb99adddf9ecdeb4272db8bfc3269507d34a3a78038b0fd9bff435", 0x22}, {&(0x7f0000001440)="bb4ecde1bac90fef2628b3022ae7f95719a89c4b8d0c9e7e2c57cfd9467ccd8b70e368c3fd3492d456ab84ca7e0b7936b0be186eaaa54d44318a07cf10fb41ceac7bdbafd37c569b2f0206991f7cc1e7680ada432911e88636864a4bacf886db4dda8b36f45762c1d50725369550ebd9caf856483fbb3b82079b50a610df8c75850de7630f44acd53cecf41f78f08aff8fab65999334caaecd756024b5c68fed9b4b24fb1a70396c42408e8f0822a6fa9e8ba57eef7ff647ffa6db2ddfe55b69e3d207b6aa1c7eea982b9450ab50acc16cde063133", 0xd5}, {&(0x7f0000001540)="a1b3cff8e7a6efcaea3070", 0xb}, {&(0x7f0000001580)="e86d5855639493044805d0b2772d38461d3e8272b50a51c2b5e2b7d8aa5e3b01ea5d3ea1f9b323c389006e251c55", 0x2e}, {&(0x7f00000015c0)="ee1685a59f36593eb912c0d55480baee01989f6d2a5a9022db201cb460a745780c0306546460ef3cf44564f514a762557253383533c387235cc54b05dad5f1d1e3338ba9c54b8fd063d2949d6026c8e01c140844359611608957e4f05c6bfd7b79b9094f98c411d259e7eafccd66ddea5e5e069be3b870271f6791aa3cbb9d2b02637b96", 0x84}], 0x6, &(0x7f0000000240)=ANY=[@ANYBLOB="780000000000000029000000e30e000099be81a89d68bb99ec346588d96e60170e9899a63a66f4b1f3a627d24c418b9b89634fd93c52527236f5c561d31fdc64589213b64d1e21a57855545df5a66ecc19e6738e14761f27bda6a74f33e12dd87e27c1059988f68aeacb7bfe403df51be415dc8f32000000a000000000000000130100000500000073848daf05e6e449a439b7eac7141cb83d1a52dc0b30b280a10c5b11fb890d606dbb6b84941c89fdc01cb6613ea13257c02a330c232315d2fb19ae2f8daaee644c132d6a8e4f5cdfaa922dc0a4e5e1f70be78dd4ad45e7ea0b6ee02b6cc4470c74e4e28ab2649cd16cbfa7ed91fed1d1243dd3cea33e488218ff58a772b3221be966d5acdef93fd39a42407eb912385a80000000000000000000000005000000b7e4907b2ca2cee096b145b70883ea4246cfe08cc749af76854da4be3bf562e98580045e4bf93262625453dddb429a42dc4fc26039d6453971360f0bd083d1839db6dcca873f0c8a1f0bc31ccef0cfad027bafc14422d716e1bb7521bb68874968ff37139b08d94a714540e3d149c4fb00000000480000000000000017010000020000010cb1a75127aa6aeb1af420be6c0d123982fafb9cb112bfca3fe4f665b5d14ffe88dc215aaf384aefa75cdfb4c9763584ced805ccaaa678ea60000000000000000f01000000010000cb04c6e78bb829d4f77cb187c42debfefaabe1c260e55bc5dface10f3d1ad43fbded20204e330a0ad5d779a133bde0328ee70e14ff0ac82675541e9998330156041fa01d15708af56be6ae2f6046be00b8000000000000003f010000ff0000003ade074103b8c51d12b5bbdf67ee5b1860104cc1b35979befa0a69fbb6530a7691e364739a8ba2412cc4d1ff927d31f2832821795729b58d71774b6b3648ad798860ef4f1b8d3053022d83ce080000002fab96b3d0db6d34989d378b4a882d6426d23c020a3c149ae8ef4ccfc9f7a000bf490f9a8e8a86f385c796711bc46eb8661972c5233e34f81003226518e49a03c5ede899d5d0ae8c121300fc6d7772f3dc2e6f000000000078000000000000000c01000004000000f404bbb1af9fd5e21111ce8d92f4e06c9f0706f2beeaf2bc339a1865a359a4d200daa4825eef5861cb000b85c557d3b22ea7963da2aaf82d7388828828e890e000974c60c1fb518200537482dca52da8d91b2c3484cfa069bd9bb9af7facf4e8fd00001600000000500000000000000016eaffff020000008c93c151fe3ef76746038b143268aa192f259cf4493d96f9938930a31bbf7804a0592e979f886c4962c26db0caf059eedafb4479fb36ae7d178e054faa9fc5a1"], 0x3c0}, 0x20000000)
socket$kcm(0x2b, 0x1, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000000)='memory.current\x00', 0x0, 0x0)
r2 = perf_event_open(&(0x7f0000000080)={0x5, 0x70, 0x4c, 0xce, 0x3, 0xfffffffffffffffd, 0x0, 0xffffffff, 0x20000, 0x4, 0x3, 0x9, 0xf719, 0x2, 0xffff, 0xcd8, 0x8000, 0x3, 0x4, 0x1, 0x101, 0x8000, 0x5f, 0xffffffff80000001, 0x8, 0x3, 0x5, 0x5, 0x2, 0x2, 0x1, 0x1ff, 0x7, 0xffff, 0x101, 0x1d, 0x88, 0x7c1, 0x0, 0x8c33, 0x2, @perf_bp={&(0x7f0000000040), 0x2}, 0x39200, 0x1, 0x8, 0x5, 0x40, 0x7fff, 0xfffffffffffffff7}, 0xffffffffffffffff, 0xa, 0xffffffffffffff9c, 0x2)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000d00)={0xffffffffffffffff, r1, 0x0, 0xf, &(0x7f0000000cc0)='memory.current\x00', 0xffffffffffffffff}, 0x30)
r3 = getpid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000dc0)={0xffffffffffffffff, r2, 0x0, 0x3, &(0x7f0000000d80)='-\\\x00', <r4=>0xffffffffffffffff}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000640)={<r5=>r3, r1, 0x0, 0x157, &(0x7f0000000d40)='\x00\x00\x00\x00\x00\x00\x00\x00%\x8f$\xd3\xcb\xad\xb3\xc2L6\xe7\xc7H\x00\x00\x00\x00\x00', r4}, 0x8)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={0x0, <r6=>r1, 0x0, 0xf, &(0x7f00000006c0)='memory.current\x00', <r7=>0x0}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000740)={r5, <r8=>r2, 0x0, 0xd, &(0x7f0000000680)='cpuacct.stat\x00', r7}, 0x30)
perf_event_open(&(0x7f0000000140)={0x3, 0x70, 0xfffffffffffffffc, 0x9, 0x7e1e, 0xffffffffffffff97, 0x0, 0xd7, 0x80, 0x4, 0x101, 0x6, 0x2, 0x79, 0x7, 0x400, 0x81, 0x10000, 0x8, 0x0, 0x6, 0x4, 0x6, 0x9aa0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x400, 0x4, 0x100000001, 0x2, 0x6, 0x2, 0xfff, 0x4, 0xff, 0x0, 0x2168, 0x0, @perf_bp={&(0x7f0000000100), 0x2}, 0x811, 0x6a, 0x7, 0xb, 0xfff, 0x0, 0x3}, 0x0, 0x5, 0xffffffffffffffff, 0xb)
ioctl$PERF_EVENT_IOC_SET_FILTER(r8, 0x40082406, &(0x7f0000000c80)='-\\\x00')
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='cpuacct.stat\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8904, 0xb60)

15:50:06 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:50:06 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:50:06 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], &(0x7f0000000480)=""/222, 0x0, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

[  814.346908][T17216] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  814.426720][T17231] device nr0
 entered promiscuous mode
[  814.432327][T17216] CPU: 1 PID: 17216 Comm: syz-executor.5 Not tainted 5.2.0-rc2+ #14
[  814.440335][T17216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  814.450414][T17216] Call Trace:
[  814.453743][T17216]  dump_stack+0x172/0x1f0
[  814.458096][T17216]  dump_header+0x10f/0xb6c
[  814.462533][T17216]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  814.468352][T17216]  ? ___ratelimit+0x60/0x595
[  814.472952][T17216]  ? do_raw_spin_unlock+0x57/0x270
[  814.478253][T17216]  oom_kill_process.cold+0x10/0x15
[  814.483378][T17216]  out_of_memory+0x79a/0x1280
[  814.488082][T17216]  ? lock_downgrade+0x880/0x880
[  814.492940][T17216]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  814.499193][T17216]  ? oom_killer_disable+0x280/0x280
[  814.504665][T17216]  ? find_held_lock+0x35/0x130
[  814.509460][T17216]  mem_cgroup_out_of_memory+0x1ca/0x230
[  814.515019][T17216]  ? memcg_event_wake+0x230/0x230
[  814.520076][T17216]  ? do_raw_spin_unlock+0x57/0x270
[  814.525207][T17216]  ? _raw_spin_unlock+0x2d/0x50
[  814.530077][T17216]  try_charge+0x102c/0x15c0
[  814.534587][T17216]  ? find_held_lock+0x35/0x130
[  814.539372][T17216]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  814.544958][T17216]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  814.551223][T17216]  ? kasan_check_read+0x11/0x20
[  814.556099][T17216]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  814.561674][T17216]  mem_cgroup_try_charge+0x24d/0x5e0
[  814.566988][T17216]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  814.572642][T17216]  __handle_mm_fault+0x1e1a/0x3eb0
[  814.577779][T17216]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  814.583367][T17216]  ? find_held_lock+0x35/0x130
[  814.588143][T17216]  ? handle_mm_fault+0x292/0xa90
[  814.593103][T17216]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  814.599372][T17216]  ? kasan_check_read+0x11/0x20
[  814.604252][T17216]  handle_mm_fault+0x3b7/0xa90
[  814.609041][T17216]  __do_page_fault+0x5ef/0xda0
[  814.613836][T17216]  do_page_fault+0x71/0x57d
[  814.618367][T17216]  ? page_fault+0x8/0x30
[  814.622739][T17216]  page_fault+0x1e/0x30
[  814.626915][T17216] RIP: 0033:0x403672
[  814.630826][T17216] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 29 86 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 49 3b 05 00 48
[  814.650450][T17216] RSP: 002b:00007ffdedcdeff0 EFLAGS: 00010246
[  814.656534][T17216] RAX: 0000000000000000 RBX: 00000000000c6c1d RCX: 0000000000412e80
[  814.664700][T17216] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffdedce0120
15:50:06 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x10)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000080)=r1, 0x4)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)

15:50:06 executing program 4:
r0 = socket$kcm(0x2b, 0x1, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000080)={r0})
r2 = perf_event_open(&(0x7f0000000100)={0x7, 0x70, 0x2, 0xb96, 0x800, 0x1, 0x0, 0x7, 0x10, 0x8, 0x100, 0x9, 0x2, 0x0, 0x4, 0x3, 0x0, 0x3, 0x1d, 0x1, 0x3ff, 0x6, 0x7fff, 0x7ff, 0x1, 0x10000, 0x0, 0x2000200000000, 0x6, 0x80, 0x2b, 0x44, 0x8000, 0x7, 0x0, 0xc5, 0x2, 0x4, 0x0, 0x1000, 0x0, @perf_bp={&(0x7f00000000c0)}, 0x2000, 0x200, 0x2, 0x6, 0x1, 0x100000001, 0x9}, 0x0, 0xe, 0xffffffffffffffff, 0xb)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x40042409, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000000)={r0})
openat$cgroup_ro(r1, &(0x7f0000000040)='cpuset.effective_mems\x00', 0x0, 0x0)

[  814.672805][T17216] RBP: 0000000000000002 R08: 0000000000000001 R09: 000055555680f940
[  814.680788][T17216] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdedce0120
[  814.688768][T17216] R13: 00007ffdedce0110 R14: 0000000000000000 R15: 00007ffdedce0120
15:50:06 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], &(0x7f0000000480)=""/222, 0x0, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:50:06 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)
r1 = perf_event_open$cgroup(&(0x7f0000000040)={0x0, 0x70, 0x40, 0x1000, 0x2ed9, 0x34c, 0x0, 0xffffffffffffff00, 0x40, 0x4, 0x5, 0x20b307f5, 0xf11, 0x80, 0x6863, 0x0, 0x8, 0x8000, 0x800, 0x8, 0x3, 0x5, 0x9, 0xfffffffffffffff8, 0x37, 0x2, 0x7f, 0x1, 0xffffffffffffffff, 0x4, 0xd333, 0xfffffffffffffffa, 0x10000, 0x2d5, 0x24e4, 0xedd, 0x100000001, 0x14000000000, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000000), 0x4}, 0x20400, 0x1, 0x7f, 0x5, 0x7ff, 0xa423, 0x2}, r0, 0x5, 0xffffffffffffff9c, 0x3)
ioctl$PERF_EVENT_IOC_QUERY_BPF(r1, 0xc008240a, &(0x7f00000000c0)=ANY=[@ANYBLOB="0300000079809f794bcafc22553bac7400000000"])

[  814.840265][T17216] memory: usage 944kB, limit 0kB, failcnt 211956
[  814.855336][T17216] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  814.862839][T17216] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
15:50:06 executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x27}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
bpf$BPF_PROG_TEST_RUN(0xb, &(0x7f0000000100)={r0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x28)

[  814.898052][T17216] Memory cgroup stats for /syz5: cache:176KB rss:56KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:56KB inactive_file:132KB active_file:0KB unevictable:0KB
[  814.942040][T17242] device nr0
 entered promiscuous mode
[  815.020960][T17216] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17216,uid=0
15:50:06 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x8, 0x4, 0x4000000000004, 0x1ff, 0x0, 0x1}, 0x2c)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r0, &(0x7f0000000100)="dd98", 0x0}, 0x18)

[  815.124522][T17216] Memory cgroup out of memory: Killed process 17216 (syz-executor.5) total-vm:72444kB, anon-rss:68kB, file-rss:34828kB, shmem-rss:0kB
15:50:07 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:50:07 executing program 3:
r0 = socket$kcm(0x2b, 0x2, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={<r1=>0x0, <r2=>0xffffffffffffff9c, 0x0, 0x4, &(0x7f0000000000)='}+{\x00', 0xffffffffffffffff}, 0x30)
perf_event_open(&(0x7f0000001580)={0x0, 0x70, 0x5, 0x5, 0xa000, 0x57b, 0x0, 0xb6, 0x21000, 0x6, 0x400, 0x9, 0x9, 0x1c0, 0x7, 0x9, 0x5, 0x2, 0x9, 0x0, 0x8, 0x4, 0x7, 0x9, 0x8000000000, 0x5, 0x300000000000, 0x5, 0x7fff, 0x80000000, 0x7f, 0x80, 0xf8, 0x1, 0x6, 0xfffffffffffffffc, 0x2, 0x80000001, 0x0, 0x1ff, 0x5, @perf_bp={&(0x7f0000001540), 0xa}, 0x2a800, 0x100000000, 0x10, 0x6, 0x6, 0x9, 0x5}, r1, 0xf, r2, 0x9)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cgroup.controllers\x00', 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={<r4=>0x0, 0xffffffffffffff9c, 0x0, 0x1, &(0x7f00000000c0)='\x00', 0xffffffffffffffff}, 0x30)
r5 = perf_event_open$cgroup(&(0x7f0000000180)={0x0, 0x70, 0x1ff, 0xff, 0x1000, 0x9b3f424, 0x0, 0x8, 0x88001, 0xc, 0x1, 0x1, 0xc411, 0x8, 0x400, 0xfffffffffffffffc, 0x3, 0xffffffffffff8001, 0x1bd92e8f, 0x4, 0xff, 0x1f, 0x6, 0x1, 0x8, 0x3f, 0x4, 0x80000001, 0xf3, 0x0, 0x5, 0x4, 0xe4, 0x1, 0x800, 0x5, 0x0, 0x7, 0x0, 0x1e, 0x3, @perf_bp={&(0x7f0000000140), 0x1}, 0x20, 0x0, 0x3, 0x0, 0x6, 0x6, 0x81}, 0xffffffffffffffff, 0xc, 0xffffffffffffffff, 0x4)
perf_event_open(&(0x7f00000014c0)={0x2, 0x70, 0x0, 0x20, 0x29, 0x7fffffff, 0x0, 0x9d88, 0x20, 0x8, 0x2, 0x8, 0xfffffffffffffff7, 0x8, 0x0, 0x3, 0x40, 0x3, 0xffffffffffffff65, 0x0, 0x7c, 0xffff, 0x4, 0x0, 0x6, 0x101, 0x6, 0x9, 0x4, 0x101, 0x81, 0x0, 0x6, 0x1, 0xb2, 0x66, 0xfff, 0x1, 0x0, 0x4, 0x7, @perf_bp={&(0x7f00000012c0), 0x2}, 0x400, 0xe0, 0x7, 0xb, 0xfff, 0xeb20, 0x6}, r4, 0xf, 0xffffffffffffffff, 0x1)
sendmsg$kcm(r3, &(0x7f0000001480)={&(0x7f0000000200)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e24, @remote}, 0x0, 0x2, 0x3, 0x3}}, 0x80, &(0x7f0000001400)=[{&(0x7f0000000280)="c4accdafaa6d8e90726da79e1a3e5dca340251a2b42b2d39a94d52e2ae29d7be5239d7780e151a1fa75313ee4054c712c406248730ec3b19ef7b75f17ace094b4a212490387c3800ed8b901c651bdf6f6c412304851ca6663635210fb74f67d40911f89720e100dc79147ab1a6df224c35f7dcb969fcce524fa8cc1a71dce560cc3a623a3de2f5eff784420b8fb63df3c6fe555361e1e2f1d4dc5f6afc38d5be9513101772ad0eed0fb8bf1f64ce85233a390b32cac9fbb816ceb48ab2a21692495899eb3a1789f354f859617f0818e3bb6365b45e4cbee6bbac71cf9af0c7d12f5ca7c9608de903a2de0abec7f96ca239f92d50667aae66491af5e4ee5ebc22f547b341211e4c2751e8e90867930a0b0e4c04307aa4dd7747095cf134bfd79ed21cad97d63287e647fa8e480c10fad6f96c6531274b2ff242fc09765d66032bba82f289cc28d3b590bcb1306369da92226a74c3df6340455e96756be47755796684e1c06177eb3ab52268db717d101176b4dc3d45baddf020ce23b20fd6111ab36755d8e9d93b36caa75f12194b8190d24a7be226355b97aeb892816508465a3bd12ca4b85aac8d0d6f108c13de16bbea8b0e1bb62ea4dfdd15f2b980329a6653da6875524b372fcb513a5a5575ffb0d07a8ab8e9c5b514be91ac3a1de213e90df172c6b9f7304b2f72dc06794948575afb62f89db15c3863351d77e47d48956926cd87133fe2bc4b37580ae404724896ce07f2a5f817c0e55d66c63facd311e9505dd61679b3affdc5227ab7d9bf72c2a0fd937ff39a1097daf75f345339a4ab46725ed262d9fe14dd14b063030261f6ab8c18c971b10d5a258a9d800e509f3eef191f306ef3b2b205358faa4141897bb82795eb8fb1958708041604483c624a4e2dea5360d9854433bd6406d6e8d621d7ee86c424f22ab13f99dae02296cbb2f7dbb45e5f3548233ed4f89d4478b39c5ed5b1c05fc0e2c32f7fc8db7ab320cce3232ffdb70b1ef458c69999a27fd05d2f94d172219e86d7986cac373ad5ccea32b5c89bdfb5ad99009c3cf15ad6d9e86344d3a89ce805278fddd83f4e08de6b6b13d5a5ab9e6cf02354824669a082ce745898500ef7f88affc20aadfa96bca130ba42092feb6bb83ebee6cf58908e754f05bc22d55f6e5c6f95bd6b7faaeecf696a5e2069f63deea299be59a0f6739ed996d9d881c8221909c1030e2026f7a8aaedae37159902f5432df1318a195feb421f94c30ee53abc0ff76a4e81e013a6294ffec87375f88f16501127fe1f35cfb07f543682531c814daa1acb0a02a2591361bbae98da82e76370fc43bab4b83627babb179ea594df98aab870f2bddf377d1f3729ac9976052c0af045ec8b2ad5a92069e9daa82bec170bd66fabbd3238b3077dabad57692e37aa85f7b8cba8166615dcfdf67663662c82014537b512aa1408fd2e542af675381bf1b7560af2697987c9044a8b7c81e3ddd5b4e1d0f35d36eaaae4883dc349c55a177fadab67362ce9a407bf44a9fc6578dcc8e2419d80e715bfb353208fe138760e07b4d605e9326207107da25a720c1a7d3ca1365f996c60a918ba3d135a7114a6078169bdc5b09c92a64ed67e605b0a6d9d049c03b04919360d77bee3ffde8aae440ef4a3b4a3bccff163830dd28775846561a3cb7c420e52b60f8167f995fe0e1ecd6bf84ee52b2a2d5fa535a87100f00b9459f3a85046eb290b51589a152854fab17b39975f130ac6da41207e09430f39824fd678029374cac260ec5eaa7c11ac5882de0a2739cca29ed809a8c7118ba88d837da0f11a733b333f99a13a251f46beea517180c6c85cee37ee25f400f76c6b77d6d58da984810f687fd5487d777834b12d23f1085dcb830f155bb57191525579959aecf48483bd6ddea998a16a379ebc2a01c5bbbe5b9b58481ebf11b65d0f924271fc0707b3afe9937dc78e61e7dc2404d4f204b1b810b2c7131c7bc1a09e3d0aee80f2a6c291b98ebc1f42d9c52e931153b5063c0c6de61a53949bf52deefcc40d1e02dd39e8a071b06b45cf255bd441a4121be6d37f329a71ba990c2e45c414a33b946240c6619b78d563317b24f44535c8e409fa0f450d68918077d6dbc52263e75ddb7e3cd2d137ce1a6b0d59b71e86f857c9f61ddfe13a09c5471caffadbf16be2e7657d21bf6c19c455465c45baa45aad3212e1c71f324bf29511049d22cf90b8ef75f6643c1a30e546e3f8954c80f6f7925f293a5596e01eec223566eae02a6fb40a23ec3d4d063b68491dfe8ffcafc8f27bf920d30a2b9ae7a1ecb0673e09c2e9128591cd803ab0c90c6702fcbcf8c60b523e2c6b765a9c4342b7d0813bbf9de939f6d3fb8c6e34fb6e4c067437d824fa65073ab5f335fb0abb07cc13f96974b98f2cfcc853caa3a3a904f4e6f66f25125adb43137ecbe982705bbb6eae04bc33a010938c0b8560a18e97028ac43fce3ab01644c2f6834301361728a48f4efef181b9f245ecf240c485cb7e79c61fb74f3e014aa558ac537fccb1243461944b0ed97785d8773817e31487a849c11d960f460ab2c9316c09cfe9a04fee0aea46d63e633a62355aa0ed468d3e3581e29b7fcab617e3465e3f1ec832ce0e4f136bc155bf16990012f2cb45a51370111af71152e32c95055e92e3f5cd9a9e8117230425bb93c10d2f4be1a68c3e21e705d21fd84a73b7c181311d34833ed889657c481ababd01b3f3d11577f3e4f372441c686c480c2fb1feff8651e7e2a0612b5ca7b7d3e5e44e959f32a97831cdd8b427d054e7741b87648000b23c4765e3fd76d9c2436ec0db0d2cd05e94609060b2b6744352d8a6a88747013fcca2f00ab6e590cb6aa401e1395c082fca287c5a958a0a5f67d446da88e86db3828f8b97c8fdf038df73fa119e7b78dba1f2c8467d7b1e8d0b12f69311454628d89c4b845580d6d6a8a52b9f949e84f4dde685b6eef440e58371a2f4b5d177c80bafa11cdebd19bb9d884eb261c94d7780515507a6dd61df34a150a2c55a0f7b3f8105dcf3015c8e74a298aecab3d83f3b873ff92e4a35e5eddbc50d00c55de543ae0db2a0f547153d868ee7a7c71515c9d0becf81f7dc71551054e2d2e0f44adeddc51ee1f8278c58865935ec6649a35077de4f291dd8a1d7a7f010e97c411f5adf70d79b9e3a56e6b5f555382d8c68b438035eaa09c918eeaee51b78516e872f169b4ffd9cf06b174e6515dc83b54d4540d9c82eb04b9706209837dc431810fbde22e5cf4e1a375b2f27107e2b9272a76885fabddb57cb7bf2f1c5fa20ecd4970fa0cd03b11b2f20981d7bf4b2d3de2b63608a529031ed1b6a9caee295d59c1d8275d4b4e075fad8c95d95347a5642478576c1d32efc1a0642e0fa05e196fe9bb4b2e952b4b6d9640c1989baa86e972388432272034767413dd405b8999d788f29922a3f058899204f111faeee0beb247830f04d1fbffe2c20cced27c59047e3d720d23a424c9b88ee1067d59e259a5e4fefdf16f34b0ab8ed8cb7c8cf5c173eeff9f5732e43943599b5205bca22cd5d7cc776a9ba7684ca9d777687556110a78cc268dbf22484d5ef62d9ec8dc8626b2388df6b660839774600631563d59d2fe6a10525d6681e7dea6e2dd60eed9042c9b7d60c9fa302ab77b78c907fddceb90d4c8371979d9a3a3bcdfef1ca7f8134276f538477f46e08c740a5c2f5f19f811b6e1770e35b9b911c4cd50aebc49fc599dc0b5fbf3fddce1ea4e57da22dd8d1d21d3ebec466db8e00537f767ebc37f164fb30647142c2eb5a9f2ace01d147336f0d99a248d9f00d6cdd68a43d8e7a5f15df801e80ea0c0ac243c6f125b6179bc5950eae66db5c867ad22eb7743d119938dec6af9b21803cd991d5c1e41a651b642be2e17381bfac519c566ba00f989f7de8283fa9133070faa7b5e5b8b0667b6b2e676bf0cfb30b58851e3e9c6a2be1655b435fb76479942ad235b9e1d8a74031426ad792f261bfd07cedc95e0725150e36cb23fe783fc66dfb58aa172e486fb3a0527547f58ab7a0ccefb91de79207bc6bf68d3aaf8c491f5646505f51af97d0776df074e30cbd6ddc1d28784337e05ae49cc8bc7b62bb2a53281922fbc07de77eab5a79f69b0df52f22100f14d54157cddb1a1590e1cd7fc64d9f635354479232fee180a1635a09d594dca2e0fcaa93fa6029d336f45aa91abffe79d9abfdd4e99461947ac2d5685778404767fd9c1186693daa81e19f6775d80f4d73d9c64c22317b6675858d55624c7e307b3dee5e869ee628dac2fd815754f008199fc131a8282dc7423380811a55a3f0a3d4dfab5c7c862aeffbd4d846ace4cee44e0201379586ac52ec68a592a7d4df7b36f62f11595d229cab4f4b8844bd267645140f04a9f96693add97b8d5623cde48bc43729490cebccbf272f1754441b2d8e1ec92546e9b1bf857cacf843d318c2bdd220afe2d3f8ad5a52bdd0f181fd16731d82600a7330dbf94d2a572a3707b33e8934be8b4afe7ba212c482bfa2eedecee28ddb3f72b7b0ca1d9b7eb8181fe4877bb6e6b676d5efa92b9bae988acd41611818aa6a43856fc711a77f24aac3189e45d9e04954a07149e17a4dd51a6e2039d0ba4f452da3850fe1f2e6ec56cc85643dc17c87a3be2860e02d80314d4f77aeadfbf729e6c019e72fdaeafc917e8378b5a1b2c6a918d34df6c4480b7a5a083e9a74ba0ae262877576a606fd2121e07d87e1c8e731a82c8fc6fa7a548bee44969a2212f2ccdfe249fdeba2f3e5cdbe15c3fd3743520d9603a78031720fd33360f7f39e953adc9fd718ad4d55f1af460ef47a0d84fe4e2b53b04ee1b225abc002ee158a8775c65a6d2acfaa9a5088232b82534d8309eb70a16648820141654f23f2298733d340883342dfb33bdc8980e58b4e84687a2244fae973e1ce1869ce7c57f324d62a59e2ac1607b9d710cd0422bcfdb57326bfe72af165cf9947a6839686c4853ac24a3c7e3f109d5ee52e4362919e95695bbd84538fa840864fa920ccf76fc05d0744218369b5c15cd32d4b2241a75b20fd1cb474914999e8766b2a804d9f36135b24daa9b54e3c8953e258a55020ddf8b4644326ddeb7e164a94fba6c9a913434da62dbae52846f984062c32f521c0f81ba6a2dfcb554092fbfe6d80466b25650b94411685c2d5d563b3a8130c536f25bf29d873b05e593123d5fd490f2c109430503b94f842f5b591a0e2b631006ee8aa1271a9b9b31468c1c6cd373a86fc47e99d99491cf49ea5cf26f1145a1b72931f9fffb0625933f8570a189fafb0956e1a39a7c0a6e2b7b5e7da26a19c07d6f7cfd8b3346ae7f93ad5264121a41c0729a302b83455498f07a0fbe50dca444fd0383eed4e43c1d03f4cc3fd25f06cdd08210b87a1ee0d6058a534319c83dd263633f6ed4c1e184e4b29158f633bec129fa66ce4c61b106e44ab8e0a6f592de88ab4cd6dbc24032356f7741c285f9f660b9b3a732519c4d8d5e2d0f938674530b60276070de765599348fcb5d92eed4ba7b8348ed2b9b551d2107e772222f932cf7ddfe237dacdce502f6cf24288c75e5287479f4e1ab75c7a530352842ad713423c5de0018e739681a3d6377dd843f23ac88c5c6f955ba6f9357fdc913472c94e547fa041c94d67ae790287e908f8b0ad70bf77185db0af24a79d180d19bc3593bc468c570e8794dc60a7dc15b6278e4bbd2a45de0415824ac2f852c375f29f111413a31f7cd84bd16cf01ed73651782310c1712f2df6fdadc9cca9897474d5572a65057115d0dc78c174b0888fa7b4", 0x1000}, {&(0x7f0000001280)="a30454d7f05f192e374b60f05f395f8d97d62beaa9", 0x15}, {&(0x7f00000012c0)}, {&(0x7f0000001300)="df68abd5f04cadcdc16209853ad6adc7f509c1c8208d02cd594b277f039cf1a827a238fa23f970c3a9c12dc1931ef7808a0e48", 0x33}, {&(0x7f0000001340)="1f1b529dc73d3afec4c1580c8df358889886165621328711426366bf12b6cb6d7d3a99cda70f4eaa1c2e3e1b61e86918c629d46c1b88d0092d9e983c0de16b6b27c4d5eda1f8a20023fd5ad7d5e3969625039f22cb622116943c771e70d649332877b6e1d3faa5e628392a5166e4f7da859a043d267d435e0e152510385e2fd3fe91187d441190308d49713989aeae5cbf131b7e1af85e0478f3a9e597c31071d48961ef54b7e26b", 0xa8}], 0x5}, 0x20000840)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8904, 0x5b94)

15:50:07 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], &(0x7f0000000480)=""/222, 0x0, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

[  815.647014][T17260] device nr0
 entered promiscuous mode
[  815.917233][T17266] IPVS: ftp: loaded support on port[0] = 21
[  815.987194][T17266] chnl_net:caif_netlink_parms(): no params data found
[  816.368992][T17266] bridge0: port 1(bridge_slave_0) entered blocking state
[  816.376254][T17266] bridge0: port 1(bridge_slave_0) entered disabled state
[  816.384363][T17266] device bridge_slave_0 entered promiscuous mode
[  816.612862][T17266] bridge0: port 2(bridge_slave_1) entered blocking state
[  816.620145][T17266] bridge0: port 2(bridge_slave_1) entered disabled state
[  816.628454][T17266] device bridge_slave_1 entered promiscuous mode
[  816.651898][T17266] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  816.841275][T17266] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  816.866184][T17269] IPVS: ftp: loaded support on port[0] = 21
[  816.866895][T17266] team0: Port device team_slave_0 added
[  817.054864][T17266] team0: Port device team_slave_1 added
[  817.108784][T17266] device hsr_slave_0 entered promiscuous mode
[  817.164961][T17266] device hsr_slave_1 entered promiscuous mode
[  817.640171][T17269] chnl_net:caif_netlink_parms(): no params data found
[  817.877917][T17269] bridge0: port 1(bridge_slave_0) entered blocking state
[  817.885964][T17269] bridge0: port 1(bridge_slave_0) entered disabled state
[  817.893762][T17269] device bridge_slave_0 entered promiscuous mode
[  817.903286][T17269] bridge0: port 2(bridge_slave_1) entered blocking state
[  817.910687][T17269] bridge0: port 2(bridge_slave_1) entered disabled state
[  817.918613][T17269] device bridge_slave_1 entered promiscuous mode
[  818.128069][T17269] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  818.138758][T17269] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  818.350182][T17269] team0: Port device team_slave_0 added
[  818.359389][T17269] team0: Port device team_slave_1 added
[  818.379245][    T7] device bridge_slave_1 left promiscuous mode
[  818.385908][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[  818.445601][    T7] device bridge_slave_0 left promiscuous mode
[  818.451791][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[  818.498238][    T7] device bridge_slave_1 left promiscuous mode
[  818.504956][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[  818.565847][    T7] device bridge_slave_0 left promiscuous mode
[  818.572102][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[  818.626040][    T7] device bridge_slave_1 left promiscuous mode
[  818.632278][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[  818.675448][    T7] device bridge_slave_0 left promiscuous mode
[  818.681640][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[  823.637822][    T7] device hsr_slave_1 left promiscuous mode
[  823.669990][    T7] device hsr_slave_0 left promiscuous mode
[  823.729619][    T7] team0 (unregistering): Port device team_slave_1 removed
[  823.741759][    T7] team0 (unregistering): Port device team_slave_0 removed
[  823.753340][    T7] bond0 (unregistering): Releasing backup interface bond_slave_1
[  823.790931][    T7] bond0 (unregistering): Releasing backup interface bond_slave_0
[  823.882183][    T7] bond0 (unregistering): Released all slaves
[  824.007427][    T7] device hsr_slave_1 left promiscuous mode
[  824.048768][    T7] device hsr_slave_0 left promiscuous mode
[  824.108705][    T7] team0 (unregistering): Port device team_slave_1 removed
[  824.122200][    T7] team0 (unregistering): Port device team_slave_0 removed
[  824.136886][    T7] bond0 (unregistering): Releasing backup interface bond_slave_1
[  824.169065][    T7] bond0 (unregistering): Releasing backup interface bond_slave_0
[  824.262775][    T7] bond0 (unregistering): Released all slaves
[  824.438311][    T7] device hsr_slave_1 left promiscuous mode
[  824.481676][    T7] device hsr_slave_0 left promiscuous mode
[  824.548321][    T7] team0 (unregistering): Port device team_slave_1 removed
[  824.561837][    T7] team0 (unregistering): Port device team_slave_0 removed
[  824.573692][    T7] bond0 (unregistering): Releasing backup interface bond_slave_1
[  824.639029][    T7] bond0 (unregistering): Releasing backup interface bond_slave_0
[  824.723080][    T7] bond0 (unregistering): Released all slaves
[  824.877984][T17269] device hsr_slave_0 entered promiscuous mode
[  824.925055][T17269] device hsr_slave_1 entered promiscuous mode
[  825.006625][T17266] 8021q: adding VLAN 0 to HW filter on device bond0
[  825.024274][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  825.033357][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  825.052786][T17266] 8021q: adding VLAN 0 to HW filter on device team0
[  825.075768][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  825.088416][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  825.096938][ T8853] bridge0: port 1(bridge_slave_0) entered blocking state
[  825.103978][ T8853] bridge0: port 1(bridge_slave_0) entered forwarding state
[  825.112576][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  825.121167][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  825.129785][ T8853] bridge0: port 2(bridge_slave_1) entered blocking state
[  825.136878][ T8853] bridge0: port 2(bridge_slave_1) entered forwarding state
[  825.156318][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  825.164827][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  825.173634][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  825.190772][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  825.200986][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  825.209988][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  825.230317][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  825.239158][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  825.258058][T17269] 8021q: adding VLAN 0 to HW filter on device bond0
[  825.278343][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  825.289536][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  825.302651][T17266] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  825.314278][T17266] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  825.323745][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  825.332420][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  825.340942][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  825.349023][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  825.359721][T17269] 8021q: adding VLAN 0 to HW filter on device team0
[  825.380323][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  825.389561][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  825.398635][T14418] bridge0: port 1(bridge_slave_0) entered blocking state
[  825.405752][T14418] bridge0: port 1(bridge_slave_0) entered forwarding state
[  825.417195][T17266] 8021q: adding VLAN 0 to HW filter on device batadv0
[  825.431272][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  825.440124][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  825.449502][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  825.458762][ T8853] bridge0: port 2(bridge_slave_1) entered blocking state
[  825.465896][ T8853] bridge0: port 2(bridge_slave_1) entered forwarding state
[  825.475010][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  825.499137][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  825.509471][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  825.519168][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  825.527758][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  825.536700][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  825.545343][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  825.553673][ T2852] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  825.563384][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  825.698339][T17269] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  825.710755][T17269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  825.730147][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  825.740076][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  825.763975][T17269] 8021q: adding VLAN 0 to HW filter on device batadv0
[  825.813116][T17276] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  825.827013][T17276] CPU: 0 PID: 17276 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  825.835100][T17276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  825.845260][T17276] Call Trace:
[  825.848567][T17276]  dump_stack+0x172/0x1f0
[  825.852923][T17276]  dump_header+0x10f/0xb6c
[  825.857365][T17276]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  825.863193][T17276]  ? ___ratelimit+0x60/0x595
[  825.867806][T17276]  ? do_raw_spin_unlock+0x57/0x270
[  825.872953][T17276]  oom_kill_process.cold+0x10/0x15
[  825.878081][T17276]  out_of_memory+0x79a/0x1280
[  825.882774][T17276]  ? lock_downgrade+0x880/0x880
[  825.887636][T17276]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  825.893888][T17276]  ? oom_killer_disable+0x280/0x280
[  825.899092][T17276]  ? find_held_lock+0x35/0x130
[  825.903903][T17276]  mem_cgroup_out_of_memory+0x1ca/0x230
[  825.909456][T17276]  ? memcg_event_wake+0x230/0x230
[  825.914494][T17276]  ? do_raw_spin_unlock+0x57/0x270
[  825.919616][T17276]  ? _raw_spin_unlock+0x2d/0x50
[  825.924479][T17276]  try_charge+0x102c/0x15c0
[  825.928993][T17276]  ? find_held_lock+0x35/0x130
[  825.933781][T17276]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  825.939373][T17276]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  825.945629][T17276]  ? kasan_check_read+0x11/0x20
[  825.950503][T17276]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  825.956065][T17276]  mem_cgroup_try_charge+0x24d/0x5e0
[  825.961365][T17276]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  825.967018][T17276]  __handle_mm_fault+0x1e1a/0x3eb0
[  825.972150][T17276]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  825.977710][T17276]  ? find_held_lock+0x35/0x130
[  825.982485][T17276]  ? handle_mm_fault+0x292/0xa90
[  825.987448][T17276]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  825.993701][T17276]  ? kasan_check_read+0x11/0x20
[  825.998570][T17276]  handle_mm_fault+0x3b7/0xa90
[  826.003350][T17276]  __do_page_fault+0x5ef/0xda0
[  826.008138][T17276]  do_page_fault+0x71/0x57d
[  826.012654][T17276]  ? page_fault+0x8/0x30
[  826.018435][T17276]  page_fault+0x1e/0x30
[  826.022604][T17276] RIP: 0033:0x410bbf
[  826.026511][T17276] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[  826.046211][T17276] RSP: 002b:00007ffecacc63d0 EFLAGS: 00010206
[  826.052296][T17276] RAX: 00007f530f3ae000 RBX: 0000000000020000 RCX: 00000000004592ca
[  826.060281][T17276] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[  826.068283][T17276] RBP: 00007ffecacc64b0 R08: ffffffffffffffff R09: 0000000000000000
[  826.076272][T17276] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffecacc65a0
[  826.084256][T17276] R13: 00007f530f3ce700 R14: 0000000000000001 R15: 000000000075bfcc
[  826.105142][T17276] memory: usage 3156kB, limit 0kB, failcnt 381220
[  826.111608][T17276] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  826.134316][T17276] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  826.150519][T17276] Memory cgroup stats for /syz1: cache:4KB rss:2160KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2160KB inactive_file:0KB active_file:0KB unevictable:0KB
[  826.231171][T17276] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17276,uid=0
[  826.250083][T17276] Memory cgroup out of memory: Killed process 17276 (syz-executor.1) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[  826.267488][T17285] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  826.268225][ T1044] oom_reaper: reaped process 17276 (syz-executor.1), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB
[  826.278314][T17285] CPU: 1 PID: 17285 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  826.296878][T17285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  826.306953][T17285] Call Trace:
[  826.310268][T17285]  dump_stack+0x172/0x1f0
[  826.314620][T17285]  dump_header+0x10f/0xb6c
[  826.319078][T17285]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  826.324900][T17285]  ? ___ratelimit+0x60/0x595
[  826.329501][T17285]  ? do_raw_spin_unlock+0x57/0x270
[  826.334639][T17285]  oom_kill_process.cold+0x10/0x15
[  826.339773][T17285]  out_of_memory+0x79a/0x1280
[  826.344476][T17285]  ? oom_killer_disable+0x280/0x280
[  826.349698][T17285]  mem_cgroup_out_of_memory+0x1ca/0x230
[  826.355261][T17285]  ? memcg_event_wake+0x230/0x230
[  826.360309][T17285]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  826.366129][T17285]  ? cgroup_file_notify+0x140/0x1b0
[  826.371432][T17285]  memory_max_write+0x169/0x300
[  826.376393][T17285]  ? mem_cgroup_write+0x360/0x360
[  826.381431][T17285]  ? lock_acquire+0x16f/0x3f0
[  826.386116][T17285]  ? kernfs_fop_write+0x227/0x480
[  826.391161][T17285]  cgroup_file_write+0x241/0x790
[  826.396115][T17285]  ? mem_cgroup_write+0x360/0x360
[  826.401177][T17285]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  826.406828][T17285]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  826.412474][T17285]  kernfs_fop_write+0x2b8/0x480
[  826.417343][T17285]  __vfs_write+0x8a/0x110
[  826.421942][T17285]  ? kernfs_fop_open+0xd80/0xd80
[  826.426896][T17285]  vfs_write+0x20c/0x580
[  826.431261][T17285]  ksys_write+0x14f/0x290
[  826.435606][T17285]  ? __ia32_sys_read+0xb0/0xb0
[  826.440476][T17285]  __x64_sys_write+0x73/0xb0
[  826.445076][T17285]  ? do_syscall_64+0x5b/0x680
[  826.449770][T17285]  do_syscall_64+0xfd/0x680
[  826.454292][T17285]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  826.460193][T17285] RIP: 0033:0x459279
[  826.464101][T17285] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  826.483724][T17285] RSP: 002b:00007f3ae58f1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  826.492164][T17285] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  826.500154][T17285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  826.508146][T17285] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  826.516162][T17285] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3ae58f26d4
[  826.524154][T17285] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  826.541541][T17285] memory: usage 3160kB, limit 0kB, failcnt 229580
[  826.549060][T17285] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  826.557378][T17285] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  826.565047][T17285] Memory cgroup stats for /syz2: cache:0KB rss:2176KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:132KB swap:0KB inactive_anon:0KB active_anon:2176KB inactive_file:0KB active_file:0KB unevictable:0KB
15:50:18 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  826.591315][T17285] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17284,uid=0
[  826.608595][T17285] Memory cgroup out of memory: Killed process 17284 (syz-executor.2) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[  826.629501][ T1044] oom_reaper: reaped process 17284 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB
[  826.648767][T17266] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  826.663545][T17266] CPU: 0 PID: 17266 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  826.671568][T17266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  826.681719][T17266] Call Trace:
[  826.685030][T17266]  dump_stack+0x172/0x1f0
[  826.689413][T17266]  dump_header+0x10f/0xb6c
[  826.693852][T17266]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  826.699694][T17266]  ? ___ratelimit+0x60/0x595
[  826.704292][T17266]  ? do_raw_spin_unlock+0x57/0x270
[  826.709449][T17266]  oom_kill_process.cold+0x10/0x15
[  826.714580][T17266]  out_of_memory+0x79a/0x1280
[  826.719274][T17266]  ? lock_downgrade+0x880/0x880
[  826.724395][T17266]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  826.730737][T17266]  ? oom_killer_disable+0x280/0x280
[  826.735952][T17266]  ? find_held_lock+0x35/0x130
[  826.740841][T17266]  mem_cgroup_out_of_memory+0x1ca/0x230
[  826.746400][T17266]  ? memcg_event_wake+0x230/0x230
[  826.751445][T17266]  ? do_raw_spin_unlock+0x57/0x270
[  826.756576][T17266]  ? _raw_spin_unlock+0x2d/0x50
[  826.761451][T17266]  try_charge+0x102c/0x15c0
[  826.765971][T17266]  ? find_held_lock+0x35/0x130
[  826.770789][T17266]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  826.776351][T17266]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  826.782614][T17266]  ? kasan_check_read+0x11/0x20
[  826.787510][T17266]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  826.793083][T17266]  mem_cgroup_try_charge+0x24d/0x5e0
[  826.798406][T17266]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  826.804424][T17266]  wp_page_copy+0x416/0x1770
[  826.809205][T17266]  ? do_wp_page+0x486/0x1500
[  826.814086][T17266]  ? pmd_pfn+0x1d0/0x1d0
[  826.818363][T17266]  ? lock_downgrade+0x880/0x880
[  826.823226][T17266]  ? swp_swapcount+0x540/0x540
[  826.828089][T17266]  ? do_raw_spin_unlock+0x57/0x270
[  826.833207][T17266]  ? kasan_check_read+0x11/0x20
[  826.838094][T17266]  ? do_raw_spin_unlock+0x57/0x270
[  826.843217][T17266]  do_wp_page+0x48e/0x1500
[  826.847659][T17266]  ? finish_mkwrite_fault+0x540/0x540
[  826.853050][T17266]  __handle_mm_fault+0x22e3/0x3eb0
[  826.858266][T17266]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  826.863826][T17266]  ? find_held_lock+0x35/0x130
[  826.868601][T17266]  ? handle_mm_fault+0x292/0xa90
[  826.873556][T17266]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  826.879806][T17266]  ? kasan_check_read+0x11/0x20
[  826.884870][T17266]  handle_mm_fault+0x3b7/0xa90
[  826.889646][T17266]  __do_page_fault+0x5ef/0xda0
[  826.894437][T17266]  do_page_fault+0x71/0x57d
[  826.898952][T17266]  ? page_fault+0x8/0x30
[  826.903217][T17266]  page_fault+0x1e/0x30
[  826.907386][T17266] RIP: 0033:0x430356
[  826.911288][T17266] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 46 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 4c 64 00 85 c0 0f 84
[  826.931966][T17266] RSP: 002b:00007ffecacc53e0 EFLAGS: 00010206
[  826.938071][T17266] RAX: 0000000000019691 RBX: 0000000000714640 RCX: 0000000000008041
[  826.946072][T17266] RDX: 0000555555c9c930 RSI: 0000555555ca4970 RDI: 0000000000000003
[  826.954054][T17266] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555c9b940
[  826.962034][T17266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000714698
[  826.970017][T17266] R13: 0000000000714698 R14: 0000000000000000 R15: 0000000000002710
15:50:18 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:50:18 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x6, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0xa}]}, &(0x7f0000f6bffb)='GPL\x00', 0x1, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48)

15:50:18 executing program 3:
socket$kcm(0x2b, 0x1, 0x0)
r0 = perf_event_open(&(0x7f0000000040)={0x3, 0x70, 0x400, 0x5, 0x8, 0xc9, 0x0, 0x2, 0x80080, 0x8, 0xd01, 0xffff, 0xca, 0xffffffffffffa92c, 0x87, 0xfffffffffffffff7, 0x5, 0x1, 0x0, 0x1, 0x1f, 0x5, 0xb3c2, 0x0, 0x6, 0xffffffffffffffff, 0x5, 0x1, 0x79, 0x1, 0x7, 0x6d, 0x9, 0x5, 0x9, 0x5, 0x0, 0x5b, 0x0, 0x74b, 0x2, @perf_bp={&(0x7f0000000000), 0xf}, 0x8, 0x2, 0x401, 0x6, 0x7fff, 0x7, 0x2000000}, 0xffffffffffffffff, 0x6, 0xffffffffffffff9c, 0x1)
r1 = gettid()
perf_event_open(&(0x7f00000000c0)={0x5, 0x70, 0x9, 0x4, 0x100000001, 0x8, 0x0, 0x4, 0x80000, 0xa, 0x192000000000, 0x1, 0x8000000, 0xfffffffffffffbff, 0x3, 0x81, 0x0, 0x6c2, 0x3, 0xea2, 0x80000000, 0x9, 0xfffffffffffffffd, 0x6e1e, 0x100, 0x100000001, 0x7, 0x5, 0x1f, 0x8, 0x5, 0x6, 0x1, 0x3f, 0x7fffffff, 0x100000001, 0x1f, 0x1, 0x0, 0x5, 0x1, @perf_config_ext={0x8, 0x7}, 0x1081, 0x7fff, 0x2, 0x1, 0xa95d, 0x9, 0xc71}, r1, 0x10, 0xffffffffffffffff, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x518)

15:50:18 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000480)=""/222, 0x0, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:50:18 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

[  827.011948][T17266] memory: usage 816kB, limit 0kB, failcnt 381229
[  827.024553][T17266] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  827.032048][T17266] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  827.075308][T17266] Memory cgroup stats for /syz1: cache:4KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:48KB inactive_file:0KB active_file:0KB unevictable:0KB
[  827.098389][T17289] device nr0
 entered promiscuous mode
15:50:18 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x5, 0x800000008, 0x7fff, 0x8000000001}, 0x2c)
bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820000, 0x0}, 0x2c)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r0, &(0x7f0000000100)='?', 0x0}, 0x18)

[  827.124488][T17266] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17266,uid=0
[  827.158784][T17266] Memory cgroup out of memory: Killed process 17266 (syz-executor.1) total-vm:72444kB, anon-rss:68kB, file-rss:34828kB, shmem-rss:0kB
[  827.199148][ T1044] oom_reaper: reaped process 17266 (syz-executor.1), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB
[  827.212017][T17269] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  827.236877][T17269] CPU: 0 PID: 17269 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
15:50:19 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cgroup.stat\x00', 0x0, 0x0)
r2 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)={&(0x7f0000000040)='./file0\x00', 0x0, 0x10}, 0x10)
r3 = getpid()
perf_event_open(&(0x7f0000000180)={0x4, 0x70, 0x7ff, 0x4, 0x1, 0x0, 0x0, 0x8000, 0x40000, 0x1, 0x5, 0x5, 0x9, 0x81, 0x0, 0x8, 0x1, 0x1b4, 0x6, 0xff, 0x3ff, 0x5, 0x8, 0xda97, 0x0, 0x3fc1, 0xf43, 0x0, 0x4, 0x4, 0x0, 0x8001, 0x1, 0x0, 0x4c40, 0xfff, 0x9, 0x3ff, 0x0, 0x5, 0x7, @perf_config_ext={0xffff}, 0x4, 0x2, 0x0, 0x1, 0x6, 0x0, 0x4}, r3, 0x8, r1, 0x2)
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0xf1e, 0x6, 0x5, 0x101, 0x0, 0x1, 0x8, 0x2, 0x100000000, 0x539, 0x940d, 0x8, 0x0, 0x34c, 0x7fff, 0x0, 0x3eec8325, 0x2, 0x1, 0x8, 0xa5, 0xffffffff80000000, 0x93, 0x4b, 0x10, 0x5, 0x0, 0x7152, 0x1000, 0x7, 0x3, 0xef1, 0x9, 0x8, 0x3ff, 0x6, 0x0, 0x9, 0x2, @perf_bp={&(0x7f0000000080), 0xa}, 0x0, 0xfffffffffffeffff, 0x7fff, 0x3, 0xffffffffffffffe0, 0x8, 0x5}, r3, 0x4, 0xffffffffffffffff, 0x1)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)
socket$kcm(0x29, 0x5, 0x0)

[  827.245452][T17269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  827.255707][T17269] Call Trace:
[  827.259746][T17269]  dump_stack+0x172/0x1f0
[  827.264372][T17269]  dump_header+0x10f/0xb6c
[  827.268814][T17269]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  827.274630][T17269]  ? ___ratelimit+0x60/0x595
[  827.279236][T17269]  ? do_raw_spin_unlock+0x57/0x270
[  827.284361][T17269]  oom_kill_process.cold+0x10/0x15
[  827.289575][T17269]  out_of_memory+0x79a/0x1280
[  827.294279][T17269]  ? oom_killer_disable+0x280/0x280
[  827.299489][T17269]  ? find_held_lock+0x35/0x130
[  827.304276][T17269]  mem_cgroup_out_of_memory+0x1ca/0x230
[  827.309917][T17269]  ? memcg_event_wake+0x230/0x230
[  827.315043][T17269]  ? do_raw_spin_unlock+0x57/0x270
[  827.322259][T17269]  ? _raw_spin_unlock+0x2d/0x50
[  827.327131][T17269]  try_charge+0x102c/0x15c0
[  827.331640][T17269]  ? find_held_lock+0x35/0x130
[  827.336421][T17269]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  827.341978][T17269]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  827.348236][T17269]  ? kasan_check_read+0x11/0x20
[  827.353110][T17269]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  827.358667][T17269]  mem_cgroup_try_charge+0x24d/0x5e0
[  827.363970][T17269]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  827.369613][T17269]  wp_page_copy+0x416/0x1770
[  827.374212][T17269]  ? do_wp_page+0x486/0x1500
[  827.378823][T17269]  ? pmd_pfn+0x1d0/0x1d0
[  827.383084][T17269]  ? lock_downgrade+0x880/0x880
[  827.387948][T17269]  ? swp_swapcount+0x540/0x540
[  827.392755][T17269]  ? do_raw_spin_unlock+0x57/0x270
[  827.397880][T17269]  ? kasan_check_read+0x11/0x20
[  827.402774][T17269]  ? do_raw_spin_unlock+0x57/0x270
[  827.407897][T17269]  do_wp_page+0x48e/0x1500
[  827.412331][T17269]  ? finish_mkwrite_fault+0x540/0x540
[  827.417733][T17269]  __handle_mm_fault+0x22e3/0x3eb0
[  827.422886][T17269]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  827.428445][T17269]  ? find_held_lock+0x35/0x130
[  827.433221][T17269]  ? handle_mm_fault+0x292/0xa90
[  827.438189][T17269]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  827.444454][T17269]  ? kasan_check_read+0x11/0x20
[  827.449342][T17269]  handle_mm_fault+0x3b7/0xa90
[  827.454179][T17269]  __do_page_fault+0x5ef/0xda0
[  827.458967][T17269]  do_page_fault+0x71/0x57d
[  827.463481][T17269]  ? page_fault+0x8/0x30
[  827.467734][T17269]  page_fault+0x1e/0x30
[  827.471896][T17269] RIP: 0033:0x430356
[  827.475799][T17269] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 46 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 4c 64 00 85 c0 0f 84
15:50:19 executing program 4:
socketpair(0x11, 0xa, 0xfffffffffffffffb, &(0x7f00000001c0))

[  827.496133][T17269] RSP: 002b:00007ffc622c02d0 EFLAGS: 00010206
[  827.502210][T17269] RAX: 0000000000019691 RBX: 0000000000714640 RCX: 0000000000008041
[  827.510292][T17269] RDX: 0000555556a82930 RSI: 0000555556a8a970 RDI: 0000000000000003
[  827.518308][T17269] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556a81940
[  827.526292][T17269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000714698
[  827.534272][T17269] R13: 0000000000714698 R14: 0000000000000000 R15: 0000000000002710
15:50:19 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000480)=""/222, 0x0, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

[  827.564790][T17269] memory: usage 816kB, limit 0kB, failcnt 229589
[  827.579406][T17269] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  827.626304][T17269] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  827.633319][T17269] Memory cgroup stats for /syz2: cache:0KB rss:64KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:132KB swap:0KB inactive_anon:0KB active_anon:64KB inactive_file:0KB active_file:0KB unevictable:0KB
15:50:19 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='pids.events\x00', 0x0, 0x0)
r1 = getpid()
ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0x7cbb)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r1, <r2=>r0, 0x0, 0x0, &(0x7f0000000000)='\x00'}, 0x30)
ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, &(0x7f0000000080)={0x1, 0x0, [0x0]})
r3 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8904, 0x0)
perf_event_open(&(0x7f0000000140)={0x4, 0x70, 0x5, 0x2, 0x6e2, 0x7fffffff, 0x0, 0x2, 0x8, 0xf, 0x38, 0x81, 0xffffffff, 0x1f, 0x0, 0x1ff, 0x0, 0x64, 0x2, 0x2, 0x3647, 0x81, 0x2382, 0x8000, 0x3, 0x9, 0x9, 0x1, 0xe42, 0x8, 0x0, 0x178, 0x3, 0xea, 0x2, 0x6, 0x7, 0x6, 0x0, 0x1, 0x4, @perf_bp={&(0x7f0000000100), 0x8}, 0x40, 0x200, 0x6, 0x3, 0x6, 0x100000000, 0x6cf}, 0x0, 0x7, r0, 0xa)

15:50:19 executing program 4:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009})
write$cgroup_subtree(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="46029f8e5584403268001d4e4dc7"], 0xe)

[  827.705587][T17269] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17269,uid=0
[  827.782636][T17269] Memory cgroup out of memory: Killed process 17269 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34828kB, shmem-rss:0kB
[  827.838053][ T1044] oom_reaper: reaped process 17269 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB
[  828.115951][T17312] device nr0
 entered promiscuous mode
15:50:20 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:50:20 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:50:20 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$kcm(r0, &(0x7f0000002740)={&(0x7f0000000000)=@pppoe={0x18, 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, 'nlmon0\x00'}}, 0x80, &(0x7f0000001300)=[{&(0x7f0000000080)="b8dfb6eaad486aab40f2846360a52b0ea0d960ab6e96323e81d1374e22536a1ab97e6d5e8f1353ee334ca844f8ca43389903c16a9dabd270f322efa44de9fb10f290849b69e0b2ca2aadd75e6330f499ff09a66e022ba9b0e227c64ab0e08918500c9f1fc54c2ddec2b0ef8e7377ddcd0adfc253e0385dc7dfc19769bfb5a8dbf314be85c3d995de87f76abccaa7bd8d3613e784aee26c2f13609abe4da05b5d85b8c91b9c28b6d028cbd9ba35e06b", 0xaf}, {&(0x7f0000000140)="7923dda419ad290bdda0060ce8825bc37a1718787e0771b7e2fc8021797e2fc6a6ecb020d9b9b3f81e11352ed54a4c729e750d3ee8e4faab51c36bb681746285d73ce747effea7dcc9bdfa8822a01491d1c64026bb8c8cf7fb73014ba7151efb20d4", 0x62}, {&(0x7f00000001c0)="fc96d6ad1557716c244e75d86eb21a0110f541b4b3b0c1dc08d4ccaa5b7c73b10fdb133849", 0x25}, {&(0x7f0000000200)="23cd1d4baa6be4c9fef7747c47a4dc96bcb65fbfebcc637a1fafff2653f4a2cd530d430d63ec468ba3041380708a8ab9a784bfe9be83aeb053aa3b102c", 0x3d}, {&(0x7f0000000240)="41072fac2d862b0824fe9ddd270be5368694eb5fa981be8e8c54aa5aa1e30487304435cc7349f28858fc3ece20f18f1182e9655e5954097d3107cb9c59a604f6ac40de1622724e29f5c12c09bd823136f6e5ddb02001ca813bd44933acaa19d3c1deaf0ae1fa09665da310c4916b8e70ae46742ebef2efaa64d09e5f1fb74b43d01127054259c19af3feda34fb44d0bb4c0098535d2b941d465f6ebf0b2d6523c8ed04614beb22e5728042b20314aa426bfacab609647e44a11c6dee5c08ccb37fbe01b656e91f95a96c4d71cd663392ac5308edf1f6775cdfde3d9aa527038c4f9c6c496c34370ebb12336287f920b06e2d6eef7bf91e850c753b62a3c4f5a47325f11e78d2d79de3a0527f08f6ddd58545c89a49d9599bfb46ee422a1006f629161987c8893488b8392b08bed2d79e873aeaa4ce9ef3a36a7fc3887f017aa8618f888524a581e73fe1f65a10d183d1018c0231f65ad01608b65895c8732b0c2a0aa36373f997a909323e06fe5467a709d5c633b8c3673879bd3ecf1232c7ebf6670f90cae7a9c0d330aa5895ff231df5328a4be3e7726fc4ffdc7a3a082c5316107baf6cd5aa9b8efe416b402da6e3528e93f1126bc4dc996b9e53e831eaf48fdd9840c4474d623e4c6e305a128a401605953e9d9dd91e3c85360b6c5589d3a63e25cf2d17b203e8d6dab09bf1cf18aa4bbd419d3b5a33a591c048baf86545ffe305dda196fb2f7b4d2aef1364a0fd7840cf4d9beb83e778f7d89c2d273300a2a39073062ea257936fc335e607a7c3ac88d605532c045437b8607efd60a02aabcb474e90152a97a77e00331309bb212c20784709d356d5917bf123f4acbdc5d9313830b82162f415a5947fa1aea9b1a1156a4de5318723fdb38de0e902db98ec3fa13a7dab4cbf35b88c5fc0a1434ad45bc568e4d465dac79ecc03ff99f6d05ed348acbd31106830f00899fd6c3e2238f4c09bb03657e570d831ee155a0068c2019975ec1bd2227fa92f30bf76a1983a040b5733b4f2b233ddac8de8a6565a513d0ad8975f38cd1d17ba314f3c11d6d43f9282fbc234f9625796e6de00149805afad082dc021ccb4e744c35d643bd13fc99a0e4120da9d4be83c86f7df1820bc7af72537bb812c54c669a60361b9e054ab90826a7d8b8236d109685de994f65f19d142398b3bbf666b1ae7781d110e5819bac347af9b360ce2e0a3f708ae2e461e3ff11ae0703975e4fafa19d281420ba1cb810911bd5d3b03e7bf90a8a4d3c8bb9c32d619b9405c28bc4cb2c0a162d2d7e370d9704eb73ff8400c603b49a4d95de0ea0e66bba4bcbdf9ddd4836bf85c60053f078d48191f8986d10d2979692ddb58349548df6118aede30427c020a3d8934513954544cdfbe794162866198ff4a95d63fdc74c5e2de36428d0cc44b8ddc89edbf09cefcccf991f5397b8f27e650eefe58a65dc3f7a4c3d61385e4662699a1bf74f29cba37533b2cf54759caafd80a5e568f8319eaba199799821f2e2551b994c310d9bdb28ad1d5fc8c35601f797bbe991c8074581181a4592c013f421c5a6f7e93bee05126b4d4dfdd6210f25df65c5943de168437d1f3089806276e166bdadd9dc7e8304e8128214dd324e69b15d1b0ab6951cdfe38cec6376b505b9ec0f05edb6df1f8bca7b9ad53eb4c2d1a2574860307f635402c54151b5c76c552a4e9bd643b4d20aee0ed89924944299591be606a825dbeb3092780b7da1a7f97283d651c6bdd15a68ec7331d15ee4adfc4b2fd851389046c1d39e3a6d036f3c5b27aaba4b63b64afe135dc83dd221fd689461fd071ffecd5938f61789dc71ca7ec9f35af8ccd9b2992d83114eda667c00e8edb46141c646783faa296e093cfbb2f3d124841b7f69647023df0dc716b302950f4fbddf6d46cbb20110d620a9fb1fc7780ce16e2cceff760a56dc407eeef258830a06072c795ea11391aaea1da8c6c387c34e02affc1bec9d320b8c3a2653ba3955eca1cae99f4848adb2e27d0761e7f4f3b2d9f22d76796b75b2ecb6a2de1fa7b999ad45d12a31fd7bf614366e8de6d24213914d816e4245cc44aa3940444bfca2d9eb0321aa8fabf0bd554e6f4169acf1dc8bd61a67299cf248aa2d51ccaff561f5cc705d1f34187d480e8c62e4f9d234b3c538245787e742d4aaa93d4afc1e0664972f95d8cb6b8477b3983251590d467e9918873a7a0b8dae2cba374db81e71511a47c7959d455331f2b309c1247e22f92f4dbdda9e580042fe0de64916e19860e24952dd9d40f013b6a4df51de959c2f7aaf06662f59ba135495a8eb0541dde910e868fc60be589d3eba090ae997acd5b98c602c1df5992e55d79e4eac2c8004dcae41858574cf24ede145bfaffb36f1b7da6806ff010bf3c4da14b35b79bcfaf86b0a47cc0c3b99a70e8c49d608e3a7aebfb11e783fc3acf53a15d4437b00238be4baa0aecbc63ebb8ba00df215c9215ceffb343c948922fbbf0fbc6c745386e95bc9a7539d03b75e541950c29dbc4115584ac8ba0947320ae03eba2d5a02a417293ae998e99d1a310fd38be6c251cb36920da4a1648028ca4ce14e375fa57c5a844919a275893f56162ccb1419e53f2264b0b408df26a22690af44e0fccf5b89761f8178c8c513a23a591df3d13d0c272d47762b558ec235b40d63c3dbacbc1e47f83f6c46e396951f0462ee604a9ac2c381967f71fd2303bacae1e89e08eeac0ff49fd64763926b418a921fc0b0ab744612b1a95472864ba0e3eabeefa9165f0e962a080fd73cadbff9dc3b585b1b27b75a804212e87c0895f0e4dcd00eead4281e523219dabdcaadf0d96c16c912d377f0a74dd0d75268d1ef5a3747f27aec468f337cda576ba00310e7a150273d8916c23302c94fe07df13229088c375986e6828cb625ff6b68796e159c7f7da3f1a8977d3f652e475371541f7889ac3cde684c9d40a211d567399e5aeb393c215274fb72b6a4ce236cb7d2ccc0860fb1af7f73e4dc8617352e9975991715a09483bdcd9768bb9d7fbcef75552bfa35c43bbcf612d1bfcd325a681556710a5a45c4a572724ae9e50040cc6cbc816fb154e28a591eebd2b3ffe61d7bef500b97383c59da82f7e68a5190419aa183b83192e4c713a002a968393b1af2c2805b1f23b56564c583c2233bc246aaff2e09416c0390a3cb3e9ab017361190da7c79b5c86734543c47cb38309568ecad05ec1b95c114fd761c0d05b533be919f457e39ba45444d7e4478de1c35c4c67c516e5b2f98935e8e4f3e62e6ef0a4b0821ec33d61947f4fabc89d2f4a58e4db190aca2f988bc593648f593e9c2f37f462541aaf92cc99c7921c9d51d9466f60acf4ec0258d1c1c5f1fba6c2c877618a55a7cd72509ea482dee23b812155d43a2f329c9c7bdce97568105d5ce7f907b6c278dc57c664951a77761d8978f4ba64ca61676b4da1dbf24e7c4294b167d8780c6669ee3b9934e61ee0274ea9085526cdc2f6720ae4bdb535bbcfa3c8bf95f8e72b0b458b03c3d4ef5816b9dfd388eb69e2d173d6bbda4c10c6758b84ac6b9895f6894042f8527234d3bcdb3d1f0f38978856851c86bc42a73bb6da3822ffb0c7db6879febe3d6a6ca9e93416627a9507efe8498b8eb7e558e2bb57bcc2f90f1c4bc8982d6f31390a127ba7b8cefef17e830c707fe379a271497479d929657b9c859bf76617953971710580ccbb25da68e27cc974fbc0d095379357510a54ea76af67c493c5f5f2f285faaea2db99f113181d66e0b8c670e53ed8f209b8372e01260cdcb70453bd6bbbf4d294fd3aff3e5c3ca93d4a2d6a25999474fd12da68185e247d929d59065d9b5f785f2f93a4806d6184e632d781ae80547a374162e79828cb3eade6be3440ef92cb72c015e8b88b884f005b64f1efec2c3c5f6028effc0f872dbd2de2fefbaf167a974b7833ae910bd869e88a402f5f12ba3c15de053850fbd94aba2fecc010e0d0df51cd18eb4af497c66ff93d94022d7ce6c68ea39ab9e1249fe1db0f217a15777c2772ecefb06188d138ace423b514ef08d1dca6b919e093e4c5263e1f24cc7dcf68f435d95e3ef809b6eff7fa42cd59bcb5d41a324c7d211eb9d3a418221856b39d721a005b61614dc8addae5d8b4699e478c1c0fd6567efa60087238826e224bee935038cc55a5687c98b74cc5f99102cbf19c54590cce76d611c086c2eb6dba6c72875d04617d4f53624a02035d27efc0bae94b4edfb1238ab5b663ea0275d00c7c911934c5471b975b26449e4b7ac47a76d76094e34eb39676dc680d76a4301ac5f351647ad4cf9920317b3d43c7e170c3849a187f46719dcea82157aebcc3923babc82fc305bd086f64a790b4a890754ab544f790809a8a44e996abbc0c4f6eb1f8866b2cb8df7a2eebd597059a23e7bf08e279f1a48024abe0b8df90520f180a732e0f9efd19a007ce79d6ff04a0cf19bb1142d83db647215ba1e377e3bb364adc091a9609b0d59e2b86d379d519adac8e65c9f38fd07e02b8ec617f6c379d390aa01c46d662730379bbadfc484cb06930d5d3c3bcbcfdb60a285245c64c27a65a7fd12380ca36a7a6f819193c780f56e836c4c9f442444554d0fdb2ff0389b2cd0269b4c06aeafa9bf43cdd0b2d073a7eb826117c4b6e54c7e13970df77fe7ab4339c3e2098e0009b76fd8173b70b83de5276e10d7128a07dcddbb5a3f7751444f2fb9c6679481f7c2975d2e5fd2579d4d4936e70ec7b3db0533a5b2668a55d0240cc4691dbff7b34d5c2e71c6d785dae080d99eae6c279299aeb129de59c1b6e9aed515a8c0a65da40ca9acd67ed1d43c429e8e9b7498dc8df59a6de566de8050605d99eadaf85b65ece605da94ad9e595eb3e35eb8be5c0a69c4af6fc8c999c3fc751c5c87d63256d0150883e1343f22381af2a9b88b2239e882bccb040e6428f14cccd72abf5b04df6ab027b2141d8a6fdf3413a9ddbbfc91170cddaea295744982516bdf01f2b2c846750468fa6c1a358e7ae21725c331e625f28f9c158724a0dcb79f8e426a18cdbca73ab689bcf0e406bb4f7aaa1875d616a3cdf2a92e0e2b3f33060d472a3812a03a564b15e6092d2adbff02eff83672beba2f179b7920899db890747a1824e9fb420a1df7cbe97231bf92752dce4414c671736336baf1282e1688306f4f466deb3f30da821b5861a33c2f85ab38632ee865d5fa399e672872fa5f227ad345893023653a0222cfc97867428f1981b611adbb0cc5b436050c2a31eb01976bb58ac366eddbc947b15316bd2e9735d1b05fe5360a049877101c27ec9cba3572bf99d8dcb9bcafcf8856751821494079694c4d96738c6fd4bf33d06a317d9c8629242e68a7b87798f203827f695c0a80c8dacf19eed7f9947ddea2e492224eb18e01aaaabd962f12d460dca8876afef4ff3d2a1179a52c31ba031c135eb9e5199a1779ee34c3613c8a4aca83675a62842a03329062e167f60c9479217a9eac9f3bf443618aa2cf76fb81a1527f85c0f83bbbf7f2b1f1b93b05bd644b4da28ed52e1c3c01e22b912be25f48f53912483c1cf1c82ab6922ed13b12380ac0b18d7dcfc04d48482d9776d7ae0f81b2130d8016eb4ba6bdbb1a362f942286274a4256ede483749282a094b6deaad8ae1294311a66b491b0af92b2f69668cf8dd4e4d9ee69fcbba4ebe8c4c9be9ac3612596b36859f7ce43884cf03fe5e05fe32994a6564f52282b212ab93373272f22efc9a6ffedd39e3161523b95672fdef73f9e5150dde3530b23171bdc88d15c9d2d5478aa00be65becc0", 0x1000}, {&(0x7f0000001240)="12db3d336c603c459fd41d38dc2a6a189373fbd2c65e1aaa114579ce758d5760cac2662694d255c707847096d5d822b9b1f5b38a051de8561f6d2fd9039f417d8393", 0x42}, {&(0x7f00000012c0)="fd9b5f86322a94bbeaa2f0c78a3b5e7baf4bb44c00a048b599f5711825f0", 0x1e}], 0x7, &(0x7f0000001380)=[{0x90, 0x0, 0x7, "e55fe270db0a9b3f07e7a7c6fd3a6b8007556aff62c2b226a022d45b4a586f3b86153c50b4508867bb45606d7d94d91cce4f533190d61eaaf05a5e57c42bafb2499c29845390d57f8c6dfc2b5ee7a4fed4ca8f9e5ec08dc4ca88d6cf845bb0cb9a84d32ef0cab5ac8040a5efdef572fc56db50230ba5b7f21b344c16a0ab91"}, {0x100, 0x3a, 0x6, "13613ed5793aa2737f4757e16d2a0040282dd78225e8b82ae79395efd13b02f5011f070de435281da71f378ad49b28f05d919cc0004805ae9088c15826cea15f02b9a672ef301cb60de8fb18d8761dfe0201ca4692cb30e54f470b0abefa6ef16d019dcd7c57d68bd4b1fc76daaf1451c352304cd65b7d3ea1194e9a975046683815d9f0fddb284dc678778b5ba5fe5b833e0052f2f4a9249a1d7c625c71466de51f4ef377de08cb11cac91779a2a36a2a7b6483278f52fe105da2e4551497edc67205c879b13f60d5c949359d2b6dd28461f17f04d5551edfcce5b0ce36c1fc7884f3b28128beaa0ec3e6"}, {0x1010, 0x11d, 0x1, "4c4fb75e5d65505610cbdafa9f77bb2236b06ffb8adf1b8c9305863d5d2b7d693ad86186e0a4111006f4ecb689ed92c8891ca167ea24a1b91f8fc85f4f1a1165876e0b26ce9674b2d623015c208e7734510ce4ae3d37e958a361ede54423b2ceed1f00be0ae95cb706374b72f82a853f761e37b390411ed5a9a7c1ee1e47adcf3d38c9bf6308cbfec264b3de08647f752f6aa50e6fbc8570c5d6fee2febc2b0191798d557af16dda55923626a82d2c8780590da6f3184ae2ae6181f9929c06279329ed57b72a1bad38c084c317354ecae81d1983c08859628ffc3124c0b73a2540386a75ba2b27efb970555d7349cc4873815c621f4ce03e0af16344bf4b139a985b7cf4d955250662f3030f2f3a34f5086af9a7b9bcbc1482bf7e2397c9fc0fb30b30fc69870a7a7438045a07eccadb2ac89c2b0eb774966bb7c0863a5c1b82933fc821a78f1380af928c1f3aa03d1d0b3e61265b1aad155d675cec1f6575da0666f7f80f7c0c639245d46d2c9b041ff8ee6028ece16c82a0bf6133068e19567b781338d2984e020bd1c5680e56d2816b65292750ffc9cb46c7124366c9bca643d0c9a8c7162e75a0e28d0ccafad50478af7790564537ffa68677856eb437ea82ef4a7aa791e5c73985ec56ab8f12e0d7a87ab0a9e777f108b6ff26dd66d0e51b2f8551999a78573eb849f79c374395ca3f94eeb3ba7d1ae46395f07af0ab28b9baee42816e40571d13bc740f88628c3c3bc5a76f3dd94c96b5f2146dd21f8a0aa058bf1abf8435c5c12053ece1ff993a20deb45d5b060f4fca56e426ec9d9912ebc515af0269f5bf2a61ce4921a4ed97ccd3bdd9305e2d67f07374229fd3896cc39dbf8cab71bde03761fc63da88ac8a756282d72b08a06919833199aa053ff75a7441cdfef172768c75ea209956a3731ce0fe5c74526e92d43015821fbb59f0768cf7bdc4b19fef482433d1defe0eb3287f07dfb16ed1d68ec7d12f7cc9c223786d8179b3fd3e37f1f870aff3f4ae09b9a2dbbcc6668f6ffa730b9d585e4f19a167ddb875e53955bc94078a5ddb0050c03ef40e1f0a3e2e3d9a48b4c838d40e58940fdf2195d3ac1a8a3d1ea6772c81c760e25acc50efb89e0d4e1115b0f6b62a937cd18aea110d1a780a49bb9d08a72323194774211432f6e6e00b27063fd2a49698df854ac07fa527ca2df235101a6e4de5628f4173e6226e201a5dbc3d4814c1ac13fe37c0216b00a2ae5795dbf4656a567c48c0f37d5e5bf9c55fe93bb7ba72cb09e2a57dd86e738b1e63852f08948583f841955d2a3712b0473b1be9e23c3e878e6ff401011ff36bb5c03dc798519de8116ad90f074c34439947b80574aa208e83ec150117abfbf46d349bc1b184a15963e5359dfd9825ffffc94a6f271cf175740ac871603463826170dacab542c8b7dc82412c0168fffbd146041fd01969060b3c94aa21bb49644389ccb08386e8eb5417213b5924a0f8f25691fa1bcc41087340948a74a5f4b8dd23f6889e30da3c63497cf3c80c4056701aa1b8382c75bcb3c0cb60cd7bee83174ebcd17f669349525d9f2e231495a2bad91aeecb09b1cf53a2e65e87a2977ea97ceaf9790ebb31eaec4acd75137f6d74cee19f7b4c258515017d86b59eb248dac4f9235c966ecf2610f2f5482f529978bbfd971bcea93586613654878c055cd1ec29b3b6b5fa17b7ec9d5cf27493150a8949a98a351129938328ba476848981d21f3427bd62df8ba8c8d7e1a9bdd949e7274931c26c66e575458ac2973824598566cbe8c071b4eeac6795b459149e6a11dcaca414239857c8e223174259bd1d9d054b747502148b8790e6b38e98c78e00c4cf029f108629e5155582d51954fece6049ab3bea8fecedacf0384e8b192113c730f29050d93b24982d2af5c14cbb44c1af179762183dcbefef99d67c4a34c5023cb2a1375736be8304b49ad52b44932069cb62bec0c9ca3929ffd94f1a9945a73a0230c8b8dbcd4fe58e7ee1dc92912d689c39f656cf93715b07d9c7ebd6fe004cbc8f22e4e5570d0729b6ff9808cadcc170669b30bc4c7d51d77f6ad1fb98d2972c777620e15eeadbec7f316426c9f653d0ff58c8d725476a519a2610df7075cabfdeda136db600a65ed8e26fbf724a27c27a1a9beafecb283e33c23ca81b33f4ffbca8ea9bddfc77a7a39fcffa6dfe5621cdf2b4bf0569d297da968351991d5c96268dfa435cd7b261634ddfaad7ccefd75ca4a6b48d3ef52f05251941937562bb7a5341c08964c3037e86a1303eb062951f2bcea16f476833aaf58e511b86ceb0be27c2cc0706820b5e6cc072c1901a65112feca8a8c238970e9a6440ada2c2168f8335f4c302d0645f24dcecd8ae211d0fd49efd638c8c66428458ee3cbca0fb5385c192dc597e32c6b20960b2bb283315c3c81acf49ff3863112b359a69c9721b73907aeab265dbf0f74569ca386a28183a84cfa60bb22d147618b104e3fe18a347aa18eefda2c43cbeb3cd2f02bb9416bbdc846cd5552943f279fb7f5bbbe4ad1d62f20e641390fe898f5b6aa67f605f5e146965b3bbaee0d4e0788ef8870982d08bece1811e592c54186560cd450a08f609931c24c96c2f4c87b6d210fea243b39a2c0a07f18c57397e9ea86f6e233d2f31ee281f292c281ce0c31cdb6486c8b7739783825eba9d68131b6666fb33b2c2b35a6cfdca109425fac1379092a975a759d1bdfe451db0538932b0e74e0e011f6023a1c34b2eef7845f0b41990b16de91fb39590a782379f3f9dbfebd4385d7bc38d72bbf344af00e6ce72ef7dc97a6cfa769dc40e8a1d9e55be55f4352c30dc4d6aa404b23f2b1b808b00f43aaaf0c106421f8b9a311ef108b9de7d70280f0a074d8a4a057c9c2895a1dd7bcf4ab6fba1238163ff1c28ebfb44c840cc228fedc9bf7f604b82fbc085182e01c2f6d6703f735431903ad0550bba6ed2d976524bb7a1345bd2a88f4d3398db3b8d13e42c53bfa3b283924e8efc09f109d368bcdfae98f73236355e93e189d2ad5f1acc17cb1feaafc6ccbbf8074eb1730d22797d7688f1661a294110c9ac38b30d11c1bd1600222f6f2d6e63c0c29e1777ff5e2c6bd700a32d5a32c9952ca823a2b85142dfe99864d6b9b590a884a126aebfed3c8a7f0afdd45287b5f05b147eac92602047da9404b741b16f83b85e8d549ef967159348d66b0d1481eef351281ab4af76c1007d84690153f808592922113a8f8fbe69de9bf1ecc567ef45668f68d3bdd09cd3a6f87ccc3e9599486cf5aed50e7f16607d80ac622d442195ae91b2d7a62058a461d54c3c7a412a5f509839db216b3fe58f166eb4a0e90600ae6ceb8cbe0c5496aed7201f67330a52ab86cf93dfb0a0c08508dbc784c88a7b55bcee80761fd1ad0d0ac324ceddef4c30420dbe68e08120c3a64ea7a19c608647487c8003056a680a0fbf367d69763a797dcd0607db402224fb8b8e69e62a92e38cb9bba2f85875df023f8493b1684d8c1646dfd783310808b180fec69663c55015ad677760c40df159b861ca9ac156c20fb26f65138ab4d85e255b67ac30bb48f126da364338c3919df41b60adb49fda9f261bd40f9a72d3b8b35879a9f8bc62c9e37f139f43440a861e297c04f59f314ab7c65f815e0f9f9a4d2bcd25540c37eacf294208f5b4347c0ac9f072f28799d3bdf3a3e38b0cb914046757facc3b538b432aac27bd4f7119577da5b992e48e2e84fa86c549eee0b443cc47fce4d7ce6ac1869f70e432348414f4b3800d52bc21ef7e7e4fcf411d488dcef543f61d4df348e42ea863d55253d12efcad56df6920becedbbab69ec3ecb83e73a1025165f681b1326b8ae3d4a88dda1d65f01b9cc6f5769b41814fa815379e18753b3aeaeb2112f792a31ba7cf8e3ce6dde515386d3826e4fde9b5741b73097284470a19cf11741c7b23acd4378b83bf387eced2b0e08506921a4976bee826e505da6cb38d47876eb3f922d7aa7278f9222ea9d31189d0bbae1e4e41dee895df6c601a0ddded27f6a75bf20456ebfe8b50ddb2899c79b880579c3e9a9f892f4bdf7653afa4986d7a74f3f8911225686f5053f56d64c5c2aa5a918beb62f61ce594ff0973f6f242cb13a8f0d76d708251d14551cd7d4fdff5b5e151b2d0e63248d515bbe47ef9859ec6f43116598508001fa356b577de6a4f6e9de2ebc108820802bdf53c54ad7ccb30516575f40c1f718e03add8359a5161d32c1ffcb070129297d145d88b477b866cfe9e4a6b49f66c07b16b8cf8999a0378c366b1f6772fd957642c5da4ed3b2c4f55e3b52351f062f8bec077e6d5294f5cad58a86fb5e569d9db524b9c7c937d5f07f94bb6438bd84d4356730a5d2f0a9fbc01e45899490f5cf78ebf808901317fbc1f980a30a330a0b32219b03d423b715c244039b253aacc0c26a3b066a00bc92b3dcc8eaae9dd007f40f2d5c07c7d14e7c7a1547aaf02580cb6cf40e3e961fdae9c01f99c7221eb2420542bcd51c42923488b24894da7b5dd8d3c9ca681d8fb6a15cdbdaad6b53b5cbf9fa262ad6929c3ad552ab0dd02cc5af6e1f8a27a91fcbe0f0c333ebe3baaf74c13c14f3442151f3219b9b0441c5655d218a9bc39d24615509401b533a29fea8d67b809b5bb55be1bd6d83a3f4a62150f6ed5dcc842674e25ca831563dd2026cd5d1c73c8f5d2ee19d07d61c5a1654a24b709980784da4082013639c35b59f57819410307e50e9eb01e83445bf113883e31a41d44c1adbb63c162858016f4622febe7a76dff1b35202b1b03b33777aadcf13b3449cd5f2e305bcbbd618c198aeee784357d421602a1ecb4a58fefa76d22ce3a5d3f206647cf6213cd63c130f1efd849119f87703bf07aea9f6bde91f5220e3153b3f9201b37af6713149e75686719a64526e96529f4a556ecf6b62b9f0c64381fed226d1254cf7a83202d56c1b86ba7bb5cd533889972025014432aa46b3316141a47fb05f6af8a4c022561a8235f5879b1efc3a7c8318a43fe18c85bdf0c613d988cbf96c4655be03a5efdb8ca873d301c36d05a39e6d3152d769b1563120a993ef94738541ddc8cd343b513226a516af9eab0ea4d427148dc6b3cafddf360bc8964d39ce91b5889b063b28f1526db3e20bd95146d5a38925ed77b10cfd4d922d3bd450efa537d1b66abf63812b3d66473a67aa7c69011b1274b677bd67b5417a2cc5a1f4e5830308ddd32fde03d2b6967dedc782c180b6cccb0c8bfa160514a531f438fd3faab9dc00c91b41ee24b838f3555446b6151cabdd09aac0c17805640e00492f6735030b9f7257c81d234a48cf21a24c3b93a1995783a1d81094f911d4a83df8a930e7481ff775b08970067d8437b43911b28c7e3c802fed4bff5ea42bd49d97585dc5109396577eb817f1ea6b2405cebff2638e306a9f49ac329b7c218e4ef566d258140c87de73934613edb541879421dce20a939a9872bcc268b3d4ff0018e4ef7b4fb7c55ca17860d2677ef12ef63c15597d42278c1edeaf3a370880bbadef06fac7f8f0e487ddc489218a69b6eef67b542ccdbf62aff1c4bedf95df70ca8fcd9e50c7140df95177e5bfca16b0a2dd1ac9c319155613f845a602b158a30398ead8b73b122e89b9917bf496e4463bafefe5ed547b76eb55a168550ee6385a0271ec356d76b7983904cfd9866f2a68fab18e0205164484acc3f63c4f339d996e776adead67a19e5da2adf289d86744a75227a5313f4a96949eac461086ea2e3083e4d5669206a187b051cc3b7d73e8ecc62d30734c871dc13915c3"}, {0x98, 0x0, 0x31, "250427e768d05918e5168cd39d47b7cd92a4f487b86d66a0f18dc59d0461ae1ccd67445e86af0f7c8430892e5cdb3c824c678c395a32775e754cfa18ff6c1db43492b2b1fda40d235a1a2058d230aa4616a7875879b5feeef7cbbf4989671ef2885407745c8aa48344f2a45a64039211ed2f5d3f7c0d04e4425866b5cffe4207a881ab27b2"}, {0x100, 0x118, 0xfffffffffffffff9, "1f2bd74cbeb7c9e7d4eb7381a650acb7fda228bbe9a3bdb862a25c1e8360ebe5341f4d7b7ffc9f286310ebfeba6cd535f547576259732a16b65e19244335ea3862b8a37147dfe6c2d6a7ee612e286e4d8038ba4dd79f9b65cca0444c2fc2df1053c7198d1460cd85adda1ef0d2cca2cb14a5400b81e5e5b38985e567027ce9057595b9fe39bc100d52c116fdd4f394bc675702ab720bef219fb2a41943d984909b68ccc6e8895b4da6d4e1f699c1f332ba3a635877a57f38451e68b08849690b6760672d2fd28cf3038a2c733465590f1dd95cbb740dba3d930fd4adcadd240090af4bbdbb495c8bbc68336ef3"}, {0x50, 0xff, 0x76, "fb2157b2e3f7f78a60e558bbe32f3397b08e80a2e908b61375fdf0606e49207fd5ca66c8ad73100e67ee67e79b7f832d83f26ffa6f4b75f8df869633"}], 0x1388}, 0x4000000)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)

15:50:20 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000480)=""/222, 0x0, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:50:20 executing program 4:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  828.666276][T17328] device nr0
 entered promiscuous mode
[  828.896121][T17329] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  828.910782][T17333] IPVS: ftp: loaded support on port[0] = 21
[  828.938134][T17329] CPU: 1 PID: 17329 Comm: syz-executor.4 Not tainted 5.2.0-rc2+ #14
[  828.946162][T17329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  828.956234][T17329] Call Trace:
[  828.956261][T17329]  dump_stack+0x172/0x1f0
[  828.956282][T17329]  dump_header+0x10f/0xb6c
[  828.956300][T17329]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  828.956324][T17329]  ? ___ratelimit+0x60/0x595
[  828.956337][T17329]  ? do_raw_spin_unlock+0x57/0x270
[  828.956352][T17329]  oom_kill_process.cold+0x10/0x15
[  828.956366][T17329]  out_of_memory+0x79a/0x1280
[  828.956380][T17329]  ? lock_downgrade+0x880/0x880
[  828.956393][T17329]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  828.956407][T17329]  ? oom_killer_disable+0x280/0x280
[  828.956417][T17329]  ? find_held_lock+0x35/0x130
[  828.956441][T17329]  mem_cgroup_out_of_memory+0x1ca/0x230
[  828.964964][T17329]  ? memcg_event_wake+0x230/0x230
[  828.964987][T17329]  ? do_raw_spin_unlock+0x57/0x270
[  828.965004][T17329]  ? _raw_spin_unlock+0x2d/0x50
[  828.965023][T17329]  try_charge+0x102c/0x15c0
[  828.965042][T17329]  ? find_held_lock+0x35/0x130
[  828.985036][T17329]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  828.985058][T17329]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  828.985075][T17329]  ? kasan_check_read+0x11/0x20
[  828.985097][T17329]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  828.994911][T17329]  mem_cgroup_try_charge+0x24d/0x5e0
[  828.994934][T17329]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  828.994953][T17329]  __handle_mm_fault+0x1e1a/0x3eb0
[  828.994977][T17329]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  829.006060][T17329]  ? find_held_lock+0x35/0x130
[  829.006079][T17329]  ? handle_mm_fault+0x292/0xa90
[  829.006104][T17329]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  829.006125][T17329]  ? kasan_check_read+0x11/0x20
[  829.016087][T17329]  handle_mm_fault+0x3b7/0xa90
[  829.026735][T17329]  __do_page_fault+0x5ef/0xda0
[  829.026758][T17329]  do_page_fault+0x71/0x57d
[  829.026775][T17329]  ? page_fault+0x8/0x30
[  829.026791][T17329]  page_fault+0x1e/0x30
[  829.026809][T17329] RIP: 0033:0x410bbf
[  829.037014][T17329] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[  829.037023][T17329] RSP: 002b:00007fffa94b25d0 EFLAGS: 00010206
[  829.037035][T17329] RAX: 00007f9b9442f000 RBX: 0000000000020000 RCX: 00000000004592ca
[  829.037044][T17329] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[  829.037053][T17329] RBP: 00007fffa94b26b0 R08: ffffffffffffffff R09: 0000000000000000
[  829.037061][T17329] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffa94b27a0
[  829.037069][T17329] R13: 00007f9b9444f700 R14: 0000000000000001 R15: 000000000075bfcc
[  829.087516][T17329] memory: usage 5992kB, limit 0kB, failcnt 8
[  829.101555][T17329] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  829.117720][T17329] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  829.128286][T17329] Memory cgroup stats for /syz4: cache:48KB rss:2120KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2120KB inactive_file:0KB active_file:0KB unevictable:0KB
[  829.138468][T17329] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17329,uid=0
[  829.172636][T17329] Memory cgroup out of memory: Killed process 17329 (syz-executor.4) total-vm:72704kB, anon-rss:2148kB, file-rss:34816kB, shmem-rss:0kB
[  829.207159][ T1044] oom_reaper: reaped process 17329 (syz-executor.4), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB
[  829.755768][T17333] chnl_net:caif_netlink_parms(): no params data found
[  829.783891][T17333] bridge0: port 1(bridge_slave_0) entered blocking state
[  829.793080][T17333] bridge0: port 1(bridge_slave_0) entered disabled state
[  829.803063][T17333] device bridge_slave_0 entered promiscuous mode
[  829.925289][T17333] bridge0: port 2(bridge_slave_1) entered blocking state
[  829.932376][T17333] bridge0: port 2(bridge_slave_1) entered disabled state
[  829.940729][T17333] device bridge_slave_1 entered promiscuous mode
[  829.959621][T17333] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  829.969846][T17333] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  830.105465][T17333] team0: Port device team_slave_0 added
[  830.112239][T17333] team0: Port device team_slave_1 added
[  830.197842][T17333] device hsr_slave_0 entered promiscuous mode
[  830.264921][T17333] device hsr_slave_1 entered promiscuous mode
[  830.441240][T17333] bridge0: port 2(bridge_slave_1) entered blocking state
[  830.448351][T17333] bridge0: port 2(bridge_slave_1) entered forwarding state
[  830.455751][T17333] bridge0: port 1(bridge_slave_0) entered blocking state
[  830.462812][T17333] bridge0: port 1(bridge_slave_0) entered forwarding state
[  830.618224][T17333] 8021q: adding VLAN 0 to HW filter on device bond0
[  830.630304][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  830.639158][ T8825] bridge0: port 1(bridge_slave_0) entered disabled state
[  830.647522][ T8825] bridge0: port 2(bridge_slave_1) entered disabled state
[  830.791040][T17333] 8021q: adding VLAN 0 to HW filter on device team0
[  830.807109][T17278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  830.816916][T17278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  830.826026][T17278] bridge0: port 1(bridge_slave_0) entered blocking state
[  830.833096][T17278] bridge0: port 1(bridge_slave_0) entered forwarding state
[  830.955053][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  830.963755][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  830.972939][ T8825] bridge0: port 2(bridge_slave_1) entered blocking state
[  830.980046][ T8825] bridge0: port 2(bridge_slave_1) entered forwarding state
[  831.106870][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  831.115690][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  831.131069][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  831.139783][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  831.148479][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  831.158253][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  831.167821][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  831.177724][    T7] device bridge_slave_1 left promiscuous mode
[  831.183932][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[  831.225723][    T7] device bridge_slave_0 left promiscuous mode
[  831.231933][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[  831.266851][    T7] device bridge_slave_1 left promiscuous mode
[  831.273027][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[  831.325851][    T7] device bridge_slave_0 left promiscuous mode
[  831.332027][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[  834.466538][    T7] device hsr_slave_1 left promiscuous mode
[  834.520356][    T7] device hsr_slave_0 left promiscuous mode
[  834.580064][    T7] team0 (unregistering): Port device team_slave_1 removed
[  834.591773][    T7] team0 (unregistering): Port device team_slave_0 removed
[  834.603557][    T7] bond0 (unregistering): Releasing backup interface bond_slave_1
[  834.641285][    T7] bond0 (unregistering): Releasing backup interface bond_slave_0
[  834.731303][    T7] bond0 (unregistering): Released all slaves
[  834.857840][    T7] device hsr_slave_1 left promiscuous mode
[  834.900386][    T7] device hsr_slave_0 left promiscuous mode
[  834.958855][    T7] team0 (unregistering): Port device team_slave_1 removed
[  834.971634][    T7] team0 (unregistering): Port device team_slave_0 removed
[  834.983025][    T7] bond0 (unregistering): Releasing backup interface bond_slave_1
[  835.030717][    T7] bond0 (unregistering): Releasing backup interface bond_slave_0
[  835.122586][    T7] bond0 (unregistering): Released all slaves
[  835.237597][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  835.246376][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  835.259405][T17333] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  835.271773][T17333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  835.282407][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  835.292648][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  835.310966][T17333] 8021q: adding VLAN 0 to HW filter on device batadv0
[  835.389787][T17343] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  835.400110][T17343] CPU: 1 PID: 17343 Comm: syz-executor.5 Not tainted 5.2.0-rc2+ #14
[  835.408085][T17343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  835.418123][T17343] Call Trace:
[  835.421405][T17343]  dump_stack+0x172/0x1f0
[  835.425725][T17343]  dump_header+0x10f/0xb6c
[  835.430153][T17343]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  835.435972][T17343]  ? ___ratelimit+0x60/0x595
[  835.440568][T17343]  ? do_raw_spin_unlock+0x57/0x270
[  835.445686][T17343]  oom_kill_process.cold+0x10/0x15
[  835.450786][T17343]  out_of_memory+0x79a/0x1280
[  835.455496][T17343]  ? cgroup_file_notify+0x140/0x1b0
[  835.460689][T17343]  ? oom_killer_disable+0x280/0x280
[  835.465881][T17343]  ? cgroup_file_notify+0x140/0x1b0
[  835.471072][T17343]  mem_cgroup_out_of_memory+0x1ca/0x230
[  835.476648][T17343]  ? memcg_event_wake+0x230/0x230
[  835.481662][T17343]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  835.487456][T17343]  ? cgroup_file_notify+0x140/0x1b0
[  835.492661][T17343]  memory_max_write+0x169/0x300
[  835.497502][T17343]  ? mem_cgroup_write+0x360/0x360
[  835.502511][T17343]  ? lock_acquire+0x16f/0x3f0
[  835.507174][T17343]  ? kernfs_fop_write+0x227/0x480
[  835.512188][T17343]  cgroup_file_write+0x241/0x790
[  835.517112][T17343]  ? mem_cgroup_write+0x360/0x360
[  835.522121][T17343]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  835.527744][T17343]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  835.533362][T17343]  kernfs_fop_write+0x2b8/0x480
[  835.538199][T17343]  __vfs_write+0x8a/0x110
[  835.542517][T17343]  ? kernfs_fop_open+0xd80/0xd80
[  835.547441][T17343]  vfs_write+0x20c/0x580
[  835.551668][T17343]  ksys_write+0x14f/0x290
[  835.556085][T17343]  ? __ia32_sys_read+0xb0/0xb0
[  835.560836][T17343]  ? do_syscall_64+0x26/0x680
[  835.565498][T17343]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  835.571549][T17343]  ? do_syscall_64+0x26/0x680
[  835.576233][T17343]  __x64_sys_write+0x73/0xb0
[  835.580822][T17343]  do_syscall_64+0xfd/0x680
[  835.585318][T17343]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  835.591198][T17343] RIP: 0033:0x459279
[  835.595081][T17343] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  835.614673][T17343] RSP: 002b:00007f8ae933cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  835.623094][T17343] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  835.631056][T17343] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  835.639016][T17343] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  835.646985][T17343] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8ae933d6d4
[  835.654969][T17343] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  835.667011][T17343] memory: usage 3276kB, limit 0kB, failcnt 211965
[  835.673466][T17343] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  835.682833][T17343] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  835.690598][T17343] Memory cgroup stats for /syz5: cache:176KB rss:2164KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2164KB inactive_file:132KB active_file:0KB unevictable:0KB
[  835.712625][T17343] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17342,uid=0
15:50:27 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:50:27 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:50:27 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_user\x00', 0x0, 0x0)
recvmsg(r1, &(0x7f0000002d80)={&(0x7f0000001a40)=@ll={0x11, 0x0, <r2=>0x0}, 0x80, &(0x7f0000002c40)=[{&(0x7f0000001ac0)=""/24, 0x18}, {&(0x7f0000001b00)=""/36, 0x24}, {&(0x7f0000001b40)=""/54, 0x36}, {&(0x7f0000001b80)=""/14, 0xe}, {&(0x7f0000001bc0)=""/4096, 0x1000}, {&(0x7f0000002bc0)=""/124, 0x7c}], 0x6, &(0x7f0000002cc0)=""/136, 0x88}, 0x2000)
sendmsg$kcm(r0, &(0x7f0000005200)={&(0x7f0000002dc0)=@xdp={0x2c, 0x4, r2, 0x100}, 0x80, &(0x7f0000003f00)=[{&(0x7f0000002e40)="117c1c26a1c2cde473e1735a2f20d471b22b8b40cef8f3aa446b58d80fedf161cacf4dacac9b16875cf635cdb2481b6fb15015acbff39709b9883d56f1caafd8741ab2fd291c8448d924470e77a18ab05115910297bcf6dc44252307717697c95e72de86e50fe3d6b0494ef79123a7df84c01689d5ca99b4b0400d6a47c17158b90a6d6745996808d62fc5971871073d25fa3aa0876191c4c6609ee9751ced95916d826db6f6094be605c33308daa64719c80dd82fa623c1ab72e8cfe1661c408531e8454347447f46d7846a1f405b41651152b3170d49cc4e8de75e7a941c644acfbac0524bb02d7f5fa9b4a955826cdbcad7221f9188f55d013b6d5070738809fff15a85ea6ac20ba70c7f65ef17eaf4a638847da36e40f06302120cd33a184b36bc26a99bbedc339fb9feadf1e38a22bd0208e60ff48e2ddc2f7beb1af8a4b81a5c7d0d2621c6dc457b41e01e3ee43ecd29cfd685d8f9559461da1e4c4f548d761622b2e379b225a0b1df6fa4e48bdb88d211103211a8941f854918e9d58bd77b4b776f2d867de3e4d8bdf9c7635b606f1ee26435fad651f6af9b627f39b4b03609a18fef482c43498d21dbe5165ce1066561f44c2a4496f9558e75328f681b9bf556c6bca488cc7740021e2a59f8c0ce4baa618d66aa5d0a0482f0b614a9c409f78b89f230ecb1d461a72e8cc49e018366634e1e3517c84f57985c36027544beb127e388c9d0c7768488654dc0ba38ed8a952cbd515b84a01f5d79782cbaef26858b80735260c2823d52e2415c29c2b7c1ee4ac1ba51003b6df09148000a97303852845a88101610a6b98771a70e909e0a8de99576b8c609e9545af71f4f605af3ca92a4694bdac9ee91fbf2bd018018b6e41ba58dbd1e7e79c0cd6106ae5a28347eac27b96d9fcaec3891345986dbec270b6a07373f05213aca87a9a0d775136d47ffe87ed4fa9905263cec2f8bca4238a15e86cb8c526751fe9873ae74cfbf8d4b70d823db8ee4f0e6b21c1213293124ca205f7055c9d9e287c4908312032d359144c9953dd922a11cf3f7f43aa4fea97fed1bb7f64c50bdd6c31b22560b84f11d5a576a1c1d8c835f72037d1b3e5197e1ce074a7443af4665ee828e45ec2033cddc703c9832090b3f9ed5ba92cc42da9d98c93fa1eda9e0b7e6ffa6a7f87d78133afbee39b0aaef174513b4dbd56f5358e40c50e512517ef629fbfab00e82f98f775457815fd2884e4372e113f699df716e00e45aafdddcfb65350b09373d3f607fd981c15cd77d26b1b1ec286c5c311b8ea1b5e74ace46d7528ad911a1376a34328ccd138480621be9c58ddea59fe243ccd7e1d3685c7323738b40bd01e065eb84d838f12d0347c0a37cfe8afca2d19e7d8280b7fa132e09d087a8ea8e75a894f8a7dd5439a296db4e28ebe38221109ac73fa0e73488be049b2daca570ada0386e3548fa40da7199bbd978045d70e6e569859b0115721bf892016c98b634a85d9d729016eb83b1658f487b4e1437ca955a431b99a2378cfcf6b37e7e9bc3cd638fc8b6f1754f510e44ab9da72b5fe0c6327012b78908424c4d4789f99a869637e0addd175c96dae343e9b5329d9817264cc9afdc227f3001c76f2dd03a7b245fe4c161a6dcec30be3dc15fcdc1f82b8921392a82fccac70e6eb1bc8359a4afb57616b2cbf7f088cd49f9986ab0abc453caa844941c6ed4bd120815ed39986a75e83623bc9c57ed6e16318cc1d6b8c5809012955670a7c41421a92b59b331207ec537f01f82e74cc03e290e83d7b680139b2fe6e275746c1d84ef0061f7ef680f8345139b803aaffaf0cbb876e7a94ffebf39c29a6191d9090d6a4e47c3eabb57be8d6029e60659cd15a51495cadbfec8bd0ec859efcd0b75f6125a7e7c49c90f5ff080f4bc44537ff3eaed237d4442ba7e46bf03413325142a6701a82c1c7c3a1d9d8c2f440c68b54fcb63c74b3268643e2a2220c7a3fcc966d12fa252d166f3978961e2e62dbeced78101f9131418bd2924624f50bda417bee368584b390c66851073db2dece20d22238d91f2adfd93c2c6fbc41d75e6b2c844aaa7ecaa3a3ca72229a366a5bd1730f41b0b86180ad876cc90d29a795252a4213ac4fe1518455912d3f22eedce75c50ed297b5e44cae1f7a1e3aeec8bf9e4a173bafba41ebb29f69436b62d89055e312cda500d93335e764197cf7f45d22863188ba574c94d3d6f72bf09ea8527d860bf44be9958839d93e445b3d140f2955bd8fa30a736ff7709a6202fb85a95a9ee1f6dca08ce4904effd8b57c7a48efada08f5dd11d7db1f0c64100ddb3cde1eea26b5e191202e6c0b99ea2a15f05fab6bb6419fcf38f06d7cf410ea378088b11e12043da1d66c137b22304197229b48155ff9dbde078a886e015d89ea1cce8c25b8b94b72b003ed797c8fce470383054ab1d281789e4de419fde585bf8592a9c7e76483f03d0870557ff4b2296a784875dc55687ab78ee99d7736dbfcb38901403effbbd2a9f3a7f8495cfbdf5fc3d2781912c3c649ac2c5d146162a76950998e381eb5a7f94b55ae3fd60da3795a35df900063e6a4f1b6c0b21b5d3e463745312f25e721ccc24e66c4e9b9862bd7426b165a77c0a134e71c95ec6428ad44e526341665a8a860a27577cd87668a32e499e43edcc099c67d5629a59ef2b7538ba65177707201c3debb361a391b7bdda4c3cea2f49d569c07320e384a8fa2d1ba0cb512ff5fabc4d14a02830dbaeeefe9e6b609c8da32cc5b2b8a6e0486df21d9f6e787de2009bf7ef45e3570cc4b6f650c404b7b033661edc64c70c094c2588fbb773685a80ee230963bfa5fb58c1c0fccc20c819a6f767116739e579e0657e058957d86a9f69a113fc27c42a63e2f6737d5b3a35c990244af260c2bb9f031e60b41284d93af85c89c096648c11295e4d428a6e9595bb3cd884866305974fc6977905861e4843c5e8fddebc2f263707968ed7f0748b622637b95f7c8966d88282f9481a8cc8b932c98f034c8f02281f658d12fba7453d25746ac3dfb007bd8740164344c7ff3e84cceede914d4d4efb6a42206ec49bf4f33416a4ff4ce43443e64087d4c4d20e42ffb87c2199b82382d82f6f5ba265f22ce877a224b685098ce09548012972337bc48a6d235b915c9fbd2fcc499a60b18cbe3046c10ad9a5a499bb231dc9b31a26d77a06696c0e47dc4460d16f5bea86c5f24a71621e04e4d2a21d0ffae67f672e19356b5357a295e6d4052614b9e348f08128d4c566f64ca551fe111366350868bc13ef4432f4d057c97edd2a0ebd183afb6719f25ce53cc5dcc38bca71661dc093d7d0a9faac1bd6235ccf8c329637dd9d5c6a9d8767b64b0b868a951a13c5e1abcc891d7285a3ff041425857f268b7e0410a62ec3240bc102e7786d7b3cfb970971cb9d1746aa1b81401c81ae161bab90eea4b276b1c2a20e5ca1928b91c0da6083b13c6209585af44be804dfd8207f0c5d7fbeab6e0676e51996c9e628701983654f198d59b4522a2483150ac6d909dd5fe35d4ed0ca1605d4a6d36ab79d9c3f1fd3d778c7b4f1e083eb6df232738d47bbffaf63992ae7a8958fc76a18389a661b7a4d110c02823e02b99d9d134419e6c015b4c04abf35554d82081554da37366580e18a1cec9c6955b5c147cd53e4cc831ff890587ccb0f3de637aafce1219dbb0d154a1da63891fc8ca47069cd2f28cdbc498a5f2b20607b353a2c9c384ad9c4219400695d2ac967c1bf5eab3810d30b8f44bd75a304b41699febf7783143f9b74323fec8258048d550e033678d31c90d4d034660c429586c73bcaf2dc04a86eaad3d9aeb95830e54d151eedb7f793c0ff3ba33a8cdb543d6675cc990ae90f10aa0ec1d48d6c03f8153d0f234ee483464400204be1f5686e684a15494aa6f8bcf131aa9dcc345925436a6f5eabd1b2e31f1fbcac0a9b326858b03f01757246c3dd9867871c021617f1312c5c452012084030d31a99e3188703e30fd18e09a454e370461de97d6422971d69c6e098677c268aba2fc185588d737f7461f32b5fd3ec8c07d834c02ce1ac422231c2d36b0f1e2b192ef04855a1f77224d897e764942114ec2046ff258690ee1e748cba73ae8a878a4c0eae28da7a27f56713f423c350c1388dcd6d839141a7bcd7b17f7b598dd1187cb25e1c8f57c77421f70caaec39cf7d4f3d309f6512fad201cf7961120c313b90fac5debb7a6829e3cf63c41cdd72c0473a90f079c2e59b58180ff9b53e6e33cc9690537b66917a0abb57554fe45c47cb67623685f0176131f4db949d6f68e36d3fda91fbb8cffb2f380b55642082291507fee61b6c3788608182d0c58289066efd011cace1d85a9c76c8856122cd8a876dc4079b9d0ea9e9db6c6987b132411034ef510af501d4066220b83b549e526f21a20943fa65b2e8ef3be75e82502631bfdd56bba8175b5acc28eee65d30381cb12f4b0f3e948669f17ea77949e25eac559b4ca88fa543f8abc21ff38f14a477e97804de9bc2f4494ce07843bce11ab559dcaa6ac9eca49df84f3a896ed7eebeb5435ba833c83042501fda6736c32ea8709dabd49f3e960b4ca93e82a70c9a98bac32c9f7ad91362f3a26f53619be7634ceea78978815d1e6c57aa6ee87e5bb5259a1da98a6ac7f3ded8e72a1f18c2540efce8fec1ba093e359d493e7148169cc570c0de11d6bdb327cccb549fc3bcb5f05b3b4d9039d0934990927ad3435e94da00fa32eaf1fca881f90fca6242186b7dd6326fe6b257f48fd3295ab95ccf0e458e159575645f80d81504d75b104b5c0a540a61f43a67275b35fec4f7ead84234d6f448edd474a07ade312e16314bd100c9b64ef34e66147295d28aea8fff4829b9bde3c5f86b2491133e467e4a4466fd4106775d1023e875acb365d0c4b94f7686bd57acec1d6671645f58b48806df060be4521b57a0c829b5b4fb7b22e374a896233bc3beb323c5bf57c80a3259a947e29da7c7704127571766bf159a28b5d1cf80e83034590f9de8b1373f00fa0d1441297470ff8bbfff88c420f99d68ff84ad61fbf894bbd9b897b0556facd81161a42b3b463bba8c17ebe9a9c7600af745e0d4fe322c91e8a24346d0e80710f4242e7c61c364fcb8ffd649f326a90e7fceb35c228648e34ccf237198c29cc90fe9d689cd647194988b2d7a24598425525bf17077987c9ae8aa2bfb814dfe58d6435183d6204771ea69004053fca1b9b8950765535d9d374281db1d84bd2ca033377bc4b3e49affce444a4f92e5d0b96608068501dd0ff913245c0b36b5f6f6782ccd41656f0847e98f604abd88eca5b80e511a23e7a1c09146d12ffdddd9cf3910f43eb3e007b65fe5e5b2e7ddafa943224bc13969bcba8e08cf5b22a02f4f82927c394ad4d5d2525fd871200f2ebeaf5170ea5d3ca041dcdedaeffbe42846d99c308201398f9f0782f61957620a4492d48e44a6155a9dae2f863f4a44afc356e6ec6a4c7f904bfe404db12f4f43bd358e42d707cb8b57da90e601680ce9fe1c7bb6b11ddc908619e91961e2e1d9398f7fa9b59ba42224bb6457821ae7163a16ae973e00b1690fe4793ca5cfc4ab9233d73e846ec81deff2e478caa296140d368ec8774b06b492c615ab36d7e18c3be6c24d103918441ad7e44921aaa3302cc3ba1368793b44375449222102208e382b4e21152f3ae3a8c1c7c08f61eed3bda582c5a00e724eb63327195c198ddd22f8f2ced704ac4c2b4872242b30312115a68428c31e4a8da5303abb342be6597ec6084fd3e637f1", 0x1000}, {&(0x7f0000003e40)="be3025a8160dc5ba36c205b5dc696b9192d56b1dc89dee6fc06c46bfedb364c7dabf2489bcb48c7572360b175682f4c5954654e56c64952566d59b81d99fe8e6f185f12f4a51d177b8b74706574a57635507fa0674e882caddb1aab198693fb09a6fd18ebaea9b33abe5fbd65eae3ca74d00497bf10d7ff78295712c4351b228c00d8ed6d5a0b762549f48d2c4d5efc92d6cf04ca494dbe9eaeafe94e90061ea8644f874aa9b24bd4b1a75aaaddca6045f6d7b2fc883", 0xb6}], 0x2, &(0x7f0000003f40)=[{0xb8, 0x1, 0x8, "6f0179647c7cd2f83676accd11c207138b02a78c53ace719fdabaa90380f449e19462d115a74b681bc9fab1b7092c1b61001ea871dad0a2aa02e43a1c98d45f1ea21dcd2ab934ab542ee7edacaa5017cb9124dce1c17d55aaaa7756eaf3dc090b345ec01ade3ae744d4d764c984979c19cd333ffd6d737aba0c8d1e58ac320b7e68434eff6115eb1a970542bfec15711951feef9a2426115f4e8483329315250ec224c"}, {0x60, 0x115, 0x4b19, "bf2a7751fa55730cddc2e79844f83e48f36c61cf150177419200daef5dd2930b2ef9395b6ad32a9e65d5ca9578da4ac110929b08c78e1a03ea7b4b6925d2ad391bcd72e6bf97cf6841fd867a54"}, {0x28, 0x1ff, 0x9, "681b93ac3bba0140c053669eb18a8caaaaa010"}, {0x30, 0x11d, 0x1, "7fa68114d3a785f09a00b982ffb9b46c59412dae4231158366e566"}, {0x18, 0x101, 0x1, "20cca879f02696"}, {0xf8, 0x13e, 0xff, "ccf85da995c99ada1d9167e5f47bbbb3209979bebfbd75aaf2bee8da83ff9b56f62d6e011f46f84c9e4003fbf746e445e99aac99e2bdf27dbaab2db3b4d80567cad151b4c5bc07be6eb4c03bbd461f949ed9edb567c5f5ee7b8d905fc33160836851d767d273083b7db15dd36e5a41fd51eea160278385cb1ea7236583e7b08162c21e8201bbddc59cedc2cd8ced4445b960f75ab484ea1df7e0bd496dc6b36dbd1d460b108efdcff546a0e9d7b4b564587fbcb8e3662bb3e93ebb4b0f8f59491284285568def67df64e34ecc7050622c709b39f5b2c273e8f2a42a5d11fc2fa9a47dd"}, {0x1010, 0x102, 0x6, "636dbc17793c1247172e901e498bddd584f3c4dfef9cf3a802aa9fc065121a239f38fbb58f768895b9da67b3214ba2c159abfd7752ccb4e951807385acdd4606878d293b843acf378e6538e36d7a12ae8e41fc27336775763ee339ab8f087a4acb8932af0e403f01f2864cbb035bb56d1e6cbb6ce1152586fee18792c1af8d6737fadd004c3a36622bf32aefc0b2a053e5cd0ceb6da61a9f217f951aeb0da0c5a7e4fca46aabf648b4540cc9e8e93b4880dacd307f0a00e3907e76bcf9ca2d7c73e518adc3302a23cdf72741c8348f94563984ca66cfc04eb8bd5588857c49ea4549ebc41d3d228e2b32746f574010457e620eceb0e20c9d1aa7954d113d635d73430681926ab01e5d0dd97bc30502f5d55798f8817ff7b8663d42f939dd38199085338532553ba4328f54496175ef353fc36c1b68cce72e78fef6e759a25f7569de9b98780c4fb4a305edcdc6d98c88389d118f21ebd2b9243dad4a5cc782337b37baec4dc9a718027346a4395ffbcb2c836dfea86cead5cb8c616a4c6a41aae9da1fdb065ad4e443738c7950aa891166d250d42eba3c56a8233fc930c3ad9799c912f5861940fc5d14fc50c618c0549dac4cc775bb60bb04bc127a7ea824f88fa06e6b096dbf67a9856cf24a8a2af0aed36881ff9b97fc96d633a4f22508fdef9736d5b90730e8d23e89742fa9e2ccd1f5ca4e863cc0244a08f7105d1a0e9d32c3a8c82ea83cc12205c48d2dce86d12426b1c39fd875c1ac5addcec263efd9aa8bbcf0773e38db1f91f12b37f52847a9e9cf46095baaa382290c4a989661b73b45e634241b6b435ba03d85119b4831942bd936e0556cd613ca3689f08b90f0f6f4b48bcb3332eae8b55bf6d63a9c07264016aa894172a9c2a134abb653829a042739fc753002a3af334082b5ee2c9b55e75271a8bb442565b7f9385796b1109f8f0ed50efdf2cbbbe007ac4343723bd995f1455cfb907ee096c08c5841628cded05c5b08b5bd5242517716d6341543654a0d50812ef3be4830172ea1d7f161eb8cd3b4bb36fdc3f0c1c6f3569278edcafc82a37cd4a7526767597481d06e89b1ce9a35f97c84747956d2dff998638e78fff328d22f8bcc3f98c1be585b4af9b63cd475f3c9fc43b8d49ca60251f845122e5622c0388cf198741a77a881e06d9094aeed832cead5d6f698648ba8dbe01a4914961631b986eaf1ed4ec375f9bc749bad6ba09073c9e4ec45f98ef38166478eed360bc3ec98272aae95d30e532c8d59c54900c4e5a43816ea9521a689c15e7043a1c95d5f7aa2a51a992514649679f080ca7ef76fe72b5285c012e31fe9aeb01e2fc0e0b71608682a6473c676ed7394823f0f041492f2263bf9eb530d8f0f4ccf05c7f28a88dfa4bbc38117deff1d842613aa55123732d4aa68d82ae857333b60026ff78ca5e72f8af6b7042a12b7dcf108bdbcd1046664b71f8c42250c36fe9610f15a3889308bd150871e91f22fe66bfc9592963552ac8b0b48824cf9cd1fbdd4108bc6921aec788ecb0a4fe7dc4903102af1205e2f22e94a208a4eb2635be23529435034decd06f67e99460ea3c211423f53f2db8baf7e1b1d49461de2265e4c4415512024c2ba085d7ecd2bf1047f6574449f0b2a1956e68bfb56fd165c9fcea5ab6867ce4561822b835dc40745a467bc34a0ba1bdf2b2b356d45f9c253266020eace82b161db754ba2d315de633cea63f3cb9fcb645e009e10ce9d2e8a3e0b8081aed63426d2f14d6eee11b748484435ca953abb1f2771b2adb233e76ff6ceceef7a78ee2b0c01fe8a3b87e741116eff61c24785eedcce39294003a8a9224e044e3bb19b26f01061efce04dd93599fc6aeac7bdba8a1a7859d61f63d3c37ec2b8950df666ada2ce23ae43785a1d4790a0d4eb654e0e0cf2144f719e35fed80e4d14388c688966a1b8f14ff81fd90dcb2aeb8c98bb1ad008ee128be0e96eae472ca2032744d6ed7766843fd5ab79b521640590af4c068bc5a55c3df594727409d013538804590ff676c69e692c54923fa8f813e5e66a9ed2b0663770d1bdbbb9976bb8aab082eefa12f29ba946fbfc7f094b3b36ef75a6a69cd081aa4cb9947ae4f8cf3ca7afa320ff23d5bf7f3d33fd06626e7ec1ebbf397d62f4d82fae912a1954437e0d6b94c8617442c24673a74c63ed6a5ca73ec1ee41d73e9370571d14fb777cbafb0525095b017b3972be8315318e12dd7d620dc636e7edd50ac98219151368c1f976c23bf639d7f7b6350e2413ec082b310d2b356cb911773e5a3437096b336e6dfd797d34b57aef6d568aa3cb5d5aaed7ea822ad409c4bfd170e8136eb37e8555c01351e20d458a579938076080073deff58b65ac261101c188cabddddd373f66d4f33c7a93ca0295d575132be5f655a6990b089b51ecc4275fa73674bc45f0c655d28867214063a1f5e1a0f8b51473a2a244c38e74d0ce1f2bc03dd42b5d87528ffb7e836f8f91f23300e8b4d5bb70c2060862e65ef54b897c278ea38cef42c4ea1e676f59b37922761a646424f60170c02eebacb10067f4ac75a5e95c08807a6e937c1b732524c74f0d4c51b5643300eb1f161634e463dd63669b301ee1553a9c76e4a517f352699f1ceeb278bf2ab46081ed1719784ef71321fd1bcb6afaec011d03d925278598454a3a433dd3924c3ad11c1134fff5818246cf9786671d1dd8e09127b4579de57b7d430e3661391f70386d380161195dc66be09c7e766ddb82b3bf03efae6b2f09196b92c942854d63c7178bfc320ff16dd3b22754726eef0d4ab409eb59fcad351ac211f155010ba65eb0aaf30229d2403d0e52fbdc694a8029ab47ce4a7c47c45d244364caa98dee5590dac1652404664cd0fc185dbfc9c1fc7f2974c821902bbbd086c772c5bd63bcdedd96da8526ee2fa1c02cdfb6846fba31de486a5753f12b8ef12482f7f62115205c9d2d71de6bb9f24510e20bd2a40c0e39ebe463a111606cfd9e8db340f9d5f457a9e022f10ab9263305e6cc864938e36159ebbec29e5f85da76281239adff6eeb17b8a7eca56a35a1cff8ce9771343c2d9c7e72a404a7785daa53e47f2baf1779059952576794826666f86aafd1ac2ea71ff9174e5bea8fcca499b76af6c820682566dcc5533022c6c627a072c6e10bdcf6eb9f667c11af1f82034a4971381ecdce9b3b7d954889759086aac12ef840bde08d59c31a579d9e6a39bc5ed5f5c5d158d01c0502823b017aa4317e811ad02494c3faf9897968c6f27e0448d4da97d10648ef714752309cdcc8392b8fec23f01e0a7c8b189f2866e4907268d92348a6af167983242effaa4eabe577e19fa88fdc2f2fa4df547ed7f081a401db06f26d3f276defc8a013f9dce1529d6f61355e0b1312991b6f2d5b3907678cb534d5a461b1e06b384448d1e2f69270cd2a0ae2103c8fe6f9f1bbeb1602f9b9b6874a6111f05be61aafd7874eff9e80f600443f7c6802f1645656fb1591bcdb21ceb3481f6ee03a6058f65b27af85c8880aa1458faaff220f9d8360aa5873db53d30240ccec6d21ad4ba925869f21232a125fd3156c70b6eae846cfe6c9961b099c30422f09db203efaf41c14c8054f128509b57fc3ff151e7e150443fff1a54598a6cc56a4b558dd4ba0cd39515d018388d4732b02f6149c097421e1ddd3df8a4087270247ecccb826f224335deaf282746b06f12b5e4dd048625474e839c3dd826a69f5003385f1b0509735a05b760e5a20772550c7899ba926db6ca29ec64a3e3edc289049f0c8bd3f5a2aef9bc746e7132e0ec915d186c7357d54dafcb385fd76981f821afba0fc36dcdd21d5adc5c4c1365575a16d46879d7614f2308856ea57fe2f9f590dba9a895ce1e228060405200d33ce218e89f6337c7349d923b7f6e5b90e3797a48c454f536978ffe51f8000aebf4f9061c915a943796b1e4cc2418b556c67c3e84b7d4ebdb8416977c73843403b4658370abec798a5cc32fc0742fd2f1c4c8952554134eb2be462b89641659da7f60b317a7c5b22d083aade39a246a30e66808b6d158f04b88caef2d7cafe77a46c0af71455b55c5dffbcb0e84845c3e70d2060c00b49ed08a656caeeada70f2deff9ccff6a77430539f92050963b36b014c20eebcc36039395de2ea26e3e5cd6951b628fe12423ea9d4864fa8f8dc234884c3a00766184193a52de532e8d52c73f36ea402fc4376e8133b0a4b821f06dc3656a0d6a717a57779fafe99c4853013238647cd7f5b264596edd3ae9a991cf143969c2d2c8167315baa65dc2d905f59e1e91a6483055565322b67c59e112af0b25ab1190ace83317fc044d168107bd6f69383e9278645f752c8b367a8052af2b70c8900119ff483b84cb06a8988cda1b6e98ffe8b1ef43afcfb68b9882328a0517b88d1391d1c1f1a6d4e089755c0f8f1d6b63b3d575de5ea7a89f081d2d717f8c49f20861ca14534edf45e20db587e6224edee50f9decfa5bac53857a0db3e348c708a027b0a4624b8cb925096639a6396e185ffe17e16775586f399540a4c351c38972056771d59fcae955968eed82c61c8272cae66c530e3050cd8872530ab5389a90c709d7b9f7321ad52f5751255d01133435de2ce63de9de286860e35b32f121bc3210a20020b5b45e07b85ad4e5b02108402ce16fc940a3c46ae8980089cf8ddd151d772bf0e87b3d90469840687c32af16c1ea73a052fe9504a0a7167d13c2c7ff5a46877b30905687b420c0aa0abec37d8d39116f4cb1ec6196b461bffaee3f3c1b584394df469c3731721a76e0ce26571b4cd03e79167beee1c3c37758e8a2719dc737c66ed0d2485863d9b69708b9a11796575f561233111a021138779013d03b724fa2e1edb9132203cf14b34353d2f8344f30752effd817ccba2196739764b6a4806a4d235db139acafba76294ede63573e9688132f197d8c1df39627dc5fd38cc31decee07ccb6625cc7b49311e3cc33c0ea47c8460bdf7c232438cd4937d973fb04e0581c754f060ebdc2e245d01cbdea751b3542103c30970ef626928c6967444e2c7f21273227cefac9ef4204739eaaeca590ad2dfe09fdaa75d6a4296e498a1389ef36f815e2df8ae9fbc87a53b3b554b62a49e846c85a3a7cdd86d9e0a2e3c7bd1f9af26734c30356331e94826e7afa013927aed64c97c588717b0e9a3338e47b8fa773ac513cfba5fb5106c112e3c30cd95134f773d492469812a8e9432b1255febabfeb2560aa385041f313eb42063e7a6feb9d271b77a1c6d53594e9eb14110e945be7a6da25955a590d33154c290945307b32b938f9bc7e8b18f2b6a60ddc7a10e4a153ae6cd28b276a3ccdd86f716258158099ab13d054cac2883e7f5d937cd1ac4585a5813c98cb611940e9436429ed5d2a0267d24744f7ad51f25db55e60cbc10dcf06b39168f178f8bc65749ee9f7a38a3cdcf7956aa64bec3d85ecf78ac0047f1356fecdba1c8246547763f1b25797eb6125d0ac962dd91c63d46b191421f2332bbe1a5b851db3cb406c346b817a738a77be928133582c1bbe6f63754ec96e4726b513f837984cf91dd38bd31094582ac2ce40ce7deabb5d489e246353610565c82def510a05afe1fab277c4426051745ce56b98679c6d5b6770114ccab1a16db7adfc45c82df0727528543a8cfd862fbb1e330e37cbf6d46aebab09eb9d98ef0c6fdff2661fa2af4a15fc101f8b3ae6b29c260cf65b62ec8c60ca5d3a757a194fbe5e573437b306d77ef47c8354f9790fa74c04d3fd8205a9bb3666c1db2709d9ccd"}], 0x1290}, 0x40000)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8904, 0x7)

15:50:27 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  835.728538][T17343] Memory cgroup out of memory: Killed process 17342 (syz-executor.5) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[  835.744698][ T1044] oom_reaper: reaped process 17342 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB
15:50:27 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006000004000000201000000005000000000000000500000005000000"], &(0x7f0000000480)=""/222, 0x38, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

[  835.792296][T17333] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  835.804825][T17333] CPU: 1 PID: 17333 Comm: syz-executor.5 Not tainted 5.2.0-rc2+ #14
[  835.812825][T17333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  835.822881][T17333] Call Trace:
[  835.826177][T17333]  dump_stack+0x172/0x1f0
[  835.830518][T17333]  dump_header+0x10f/0xb6c
[  835.834944][T17333]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  835.840760][T17333]  ? ___ratelimit+0x60/0x595
[  835.845354][T17333]  ? do_raw_spin_unlock+0x57/0x270
[  835.850476][T17333]  oom_kill_process.cold+0x10/0x15
[  835.855598][T17333]  out_of_memory+0x79a/0x1280
[  835.860290][T17333]  ? lock_downgrade+0x880/0x880
[  835.865144][T17333]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  835.871390][T17333]  ? oom_killer_disable+0x280/0x280
[  835.876611][T17333]  ? find_held_lock+0x35/0x130
[  835.881399][T17333]  mem_cgroup_out_of_memory+0x1ca/0x230
[  835.886953][T17333]  ? memcg_event_wake+0x230/0x230
[  835.891994][T17333]  ? do_raw_spin_unlock+0x57/0x270
[  835.897115][T17333]  ? _raw_spin_unlock+0x2d/0x50
[  835.901976][T17333]  try_charge+0x102c/0x15c0
[  835.906488][T17333]  ? find_held_lock+0x35/0x130
[  835.911264][T17333]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  835.916820][T17333]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  835.923065][T17333]  ? kasan_check_read+0x11/0x20
[  835.927932][T17333]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  835.933489][T17333]  mem_cgroup_try_charge+0x24d/0x5e0
[  835.938786][T17333]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  835.944431][T17333]  __handle_mm_fault+0x1e1a/0x3eb0
[  835.949557][T17333]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  835.955109][T17333]  ? find_held_lock+0x35/0x130
[  835.959886][T17333]  ? handle_mm_fault+0x292/0xa90
[  835.964839][T17333]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  835.971090][T17333]  ? kasan_check_read+0x11/0x20
[  835.975956][T17333]  handle_mm_fault+0x3b7/0xa90
[  835.980822][T17333]  __do_page_fault+0x5ef/0xda0
[  835.985601][T17333]  do_page_fault+0x71/0x57d
[  835.990109][T17333]  ? page_fault+0x8/0x30
[  835.994359][T17333]  page_fault+0x1e/0x30
[  835.998521][T17333] RIP: 0033:0x403672
[  836.002420][T17333] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 29 86 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 49 3b 05 00 48
[  836.022646][T17333] RSP: 002b:00007fff6dd1df80 EFLAGS: 00010246
[  836.028722][T17333] RAX: 0000000000000000 RBX: 00000000000cbf21 RCX: 0000000000412e80
15:50:27 executing program 4:
r0 = socket$kcm(0x2b, 0x7, 0x0)
socket$kcm(0x29, 0x5, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={<r2=>0x0, r0, 0x0, 0x12, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0xffffffffffffffff}, 0x30)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x4f, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r3, 0x0, 0xe, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8", 0x0, 0x3f00}, 0x28)
r4 = perf_event_open$cgroup(&(0x7f0000000100)={0x4, 0x70, 0x8001, 0xfff, 0x6, 0x0, 0x0, 0x5, 0xc000, 0x4, 0x5, 0xcd4d, 0x6, 0x0, 0x20, 0x1, 0x1000, 0x8000, 0x7f, 0x8, 0x2d0, 0x9, 0x9, 0x80, 0x4, 0x5, 0xffffffff, 0x5, 0x6, 0x200, 0x80000000, 0x0, 0x6, 0x80000001, 0x800, 0x1, 0x4, 0x6, 0x0, 0x9, 0x4, @perf_bp={&(0x7f00000000c0)}, 0x2610, 0x4, 0x9, 0xf, 0x9, 0xda2, 0x4}, r1, 0xa, 0xffffffffffffff9c, 0x4)
socket$kcm(0x29, 0x5, 0x0)
r5 = perf_event_open$cgroup(&(0x7f00000001c0)={0x2, 0x70, 0x564ee689, 0x9, 0x6a, 0x6, 0x0, 0x9, 0x22, 0x1, 0x8, 0x7f, 0x0, 0xff, 0x1, 0x7, 0x100000001, 0x100, 0xfffffffffffff000, 0x9, 0xfffffffffffffff9, 0x5, 0x80000000, 0x1, 0x200, 0x5, 0xdb15, 0x6, 0xfffffffffffffffb, 0x2, 0x3, 0x849d, 0x3, 0x1, 0x100000000, 0x1000, 0x100, 0x1, 0x0, 0x4, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x10, 0x1, 0x2da, 0x3, 0x2, 0x1, 0x7f}, r1, 0x10, 0xffffffffffffffff, 0x8)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
perf_event_open(&(0x7f0000000240)={0x7, 0x70, 0x6, 0x10000, 0x0, 0x5, 0x0, 0x3, 0x40, 0x4, 0xd10, 0x5, 0x2, 0x1, 0x9f0a, 0xfffffffffffffff8, 0x6, 0x2510d5a6, 0x8, 0x9, 0x1, 0x1, 0xa00, 0x100, 0x1, 0xfffffffffffffffa, 0x81, 0x22, 0x2, 0x3, 0x400, 0xad4, 0x9ea, 0x34a5, 0x8, 0x3, 0x80000000, 0x3, 0x0, 0x6, 0x0, @perf_config_ext={0xa16, 0x2}, 0x400, 0x6, 0x7e5, 0x0, 0x7, 0x4, 0x1000}, r2, 0x10, r4, 0x0)

[  836.036704][T17333] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff6dd1f0b0
[  836.044685][T17333] RBP: 0000000000000002 R08: 0000000000000001 R09: 00005555570bc940
[  836.052668][T17333] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff6dd1f0b0
[  836.060644][T17333] R13: 00007fff6dd1f0a0 R14: 0000000000000000 R15: 00007fff6dd1f0b0
[  836.075129][T17333] memory: usage 952kB, limit 0kB, failcnt 211974
[  836.099179][T17333] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  836.111031][T17333] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  836.123481][T17333] Memory cgroup stats for /syz5: cache:176KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:52KB inactive_file:132KB active_file:0KB unevictable:0KB
[  836.134841][T17347] device nr0
 entered promiscuous mode
15:50:27 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x7, 0x9f6, 0x3, 0x5, 0x0, 0x8000, 0x8000, 0x1, 0x3, 0xe, 0x7, 0x9, 0xffffffff, 0x4000000, 0x1, 0x38b, 0x5, 0x5, 0x5, 0x1, 0x5, 0x10001, 0x6, 0x4, 0x1d76c00000000, 0x1, 0xa7d4, 0x4, 0x44a, 0x25, 0x1f, 0x7, 0x3, 0x4, 0x54b8, 0xffffffff, 0x0, 0x7ff, 0x1, @perf_config_ext={0x1000, 0x800}, 0x0, 0xff, 0x1ff, 0x0, 0x3, 0x28c, 0x9}, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0x2)
perf_event_open(&(0x7f0000000080)={0x7, 0x70, 0x3f, 0x7, 0x7, 0x0, 0x0, 0x83, 0x8, 0x6, 0x8, 0x3, 0x5, 0x1ff, 0x2, 0x1, 0x101, 0x5, 0x3, 0x100, 0xfff, 0x2, 0x5, 0x2073748000000000, 0x100, 0xd9, 0x9, 0xe6, 0x9, 0x4, 0x3, 0x582, 0x3ff, 0xfffffffffffffbff, 0x9, 0xe6af, 0x1, 0x1, 0x0, 0x1002, 0x5, @perf_config_ext={0x4, 0x9}, 0x2000, 0x5627, 0x0, 0x1, 0x1, 0x1d, 0xbd}, 0x0, 0xb, 0xffffffffffffff9c, 0xb)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='cpuacct.stat\x00', 0x0, 0x0)
socket$kcm(0x29, 0x2, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000000280)='\x00', 0xffffffffffffffff}, 0x30)
perf_event_open(&(0x7f0000000200)={0x5, 0x70, 0x80000001, 0x7, 0x4, 0x9, 0x0, 0x9, 0x10, 0x8, 0x1d2, 0x400, 0x7fffffff, 0x3, 0x5, 0x1, 0x80000000, 0x4, 0x2, 0x800, 0x9f, 0x3, 0x2, 0x800000000000, 0x2, 0x5, 0x81, 0x6, 0x6, 0x50, 0x9, 0x7ff, 0x6244, 0x5eac1f87, 0x7f, 0x4, 0x6, 0x3, 0x0, 0x5, 0x4, @perf_bp={&(0x7f00000001c0)}, 0x0, 0x1, 0x1, 0x0, 0x4, 0x7}, 0x0, 0xd, 0xffffffffffffff9c, 0xa)

15:50:28 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9f"], &(0x7f0000000480)=""/222, 0x1, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:50:28 executing program 3:
r0 = socket$kcm(0x2b, 0x80000000000000c, 0x0)
socket$kcm(0x29, 0x7, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)

[  836.397312][T17333] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17333,uid=0
[  836.414128][T17333] Memory cgroup out of memory: Killed process 17333 (syz-executor.5) total-vm:72444kB, anon-rss:68kB, file-rss:34828kB, shmem-rss:0kB
[  836.428969][ T1044] oom_reaper: reaped process 17333 (syz-executor.5), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
15:50:28 executing program 3:
r0 = socket$kcm(0x2b, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)
r1 = perf_event_open$cgroup(&(0x7f00000000c0)={0x3, 0x70, 0x0, 0xe, 0x8, 0x90, 0x0, 0xff, 0x42, 0x2, 0x9000000000000, 0x20, 0xfffffffffffffff7, 0x800, 0xf2a4, 0x6b, 0x0, 0x6, 0x4, 0x3, 0x2, 0x3, 0x10000000, 0x2, 0x3b62d64a, 0x2, 0xb16, 0x5, 0x9, 0x6, 0x93d1, 0x1, 0x8, 0x4, 0x0, 0x3, 0x5, 0x9, 0x0, 0x8001, 0x6, @perf_bp={&(0x7f0000000080), 0x8}, 0x18000, 0xc75e, 0x80000000, 0xd, 0xb3, 0x200, 0x2be}, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x4)
recvmsg$kcm(r0, &(0x7f0000000340)={&(0x7f0000000140)=@ll={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000240)=[{&(0x7f00000001c0)=""/34, 0x22}, {&(0x7f0000000200)=""/9, 0x9}], 0x2, &(0x7f0000000280)=""/136, 0x88}, 0x0)
ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000380)=r2)
r3 = perf_event_open$cgroup(&(0x7f0000000000)={0x3, 0x70, 0xfffffffffffffe01, 0x6, 0x0, 0x80000001, 0x0, 0x9, 0x2, 0x1, 0x846, 0x1, 0xf5, 0x1, 0x4, 0x92, 0x0, 0x8, 0xfffffffffffffffb, 0x200, 0x0, 0xffffffffffff0001, 0x1, 0x5, 0x81, 0x7fffffff, 0x5, 0x6, 0x5, 0x7ff, 0x1, 0x3, 0x8bf7, 0xe49f, 0x5, 0x9, 0x3, 0x422b, 0x0, 0x8, 0x4, @perf_config_ext={0x8, 0xeaa}, 0x4, 0x4, 0x4, 0x4, 0x7, 0xfffffffffffffffe, 0x5}, r0, 0xe, r1, 0x1)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x3, 0x5, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xe40}, [@exit, @exit]}, &(0x7f0000000400)='syzkaller\x00', 0x3ff, 0xac, &(0x7f0000000440)=""/172, 0x41100, 0x1, [], 0x0, 0x4, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x0, 0x3}, 0x8, 0x10, &(0x7f0000000540)={0x1, 0x7, 0xdda, 0xffff}, 0x10}, 0x70)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000600)={r0, r4})

[  836.440589][ T8827] syz-executor.4 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0
[  836.459982][T17357] device nr0
 entered promiscuous mode
[  836.471436][ T8827] CPU: 0 PID: 8827 Comm: syz-executor.4 Not tainted 5.2.0-rc2+ #14
[  836.479351][ T8827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  836.489412][ T8827] Call Trace:
[  836.492720][ T8827]  dump_stack+0x172/0x1f0
15:50:28 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)
r1 = openat$cgroup_int(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage\x00', 0x2, 0x0)
write$cgroup_int(r1, &(0x7f0000000040), 0x12)

[  836.497072][ T8827]  dump_header+0x10f/0xb6c
[  836.501504][ T8827]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  836.507322][ T8827]  ? ___ratelimit+0x60/0x595
[  836.511924][ T8827]  ? do_raw_spin_unlock+0x57/0x270
[  836.517047][ T8827]  oom_kill_process.cold+0x10/0x15
[  836.522170][ T8827]  out_of_memory+0x79a/0x1280
[  836.526865][ T8827]  ? oom_killer_disable+0x280/0x280
[  836.532067][ T8827]  ? find_held_lock+0x35/0x130
[  836.536860][ T8827]  mem_cgroup_out_of_memory+0x1ca/0x230
[  836.542415][ T8827]  ? memcg_event_wake+0x230/0x230
[  836.547453][ T8827]  ? do_raw_spin_unlock+0x57/0x270
[  836.552573][ T8827]  ? _raw_spin_unlock+0x2d/0x50
[  836.552596][ T8827]  try_charge+0x102c/0x15c0
[  836.552620][ T8827]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  836.568026][ T8827]  ? rcu_read_lock_sched_held+0x110/0x130
[  836.573758][ T8827]  ? __alloc_pages_nodemask+0x61b/0x8d0
[  836.579326][ T8827]  __memcg_kmem_charge_memcg+0x7c/0x130
[  836.584880][ T8827]  ? memcg_kmem_put_cache+0xb0/0xb0
[  836.590087][ T8827]  ? cache_grow_begin+0x3d6/0x650
[  836.595121][ T8827]  ? lockdep_hardirqs_on+0x418/0x5d0
[  836.600412][ T8827]  ? trace_hardirqs_on+0x67/0x220
[  836.605444][ T8827]  cache_grow_begin+0x402/0x650
[  836.610303][ T8827]  ? __cpuset_node_allowed+0x136/0x540
[  836.615772][ T8827]  fallback_alloc+0x1fd/0x2d0
[  836.620469][ T8827]  ____cache_alloc_node+0x1be/0x1e0
[  836.625683][ T8827]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  836.631942][ T8827]  kmem_cache_alloc_node+0xe3/0x710
[  836.637152][ T8827]  ? lockdep_hardirqs_on+0x418/0x5d0
[  836.642449][ T8827]  ? trace_hardirqs_on+0x67/0x220
[  836.647492][ T8827]  copy_process.part.0+0x43f7/0x6790
[  836.652786][ T8827]  ? __might_fault+0x12b/0x1e0
[  836.657567][ T8827]  ? __cleanup_sighand+0x60/0x60
[  836.662509][ T8827]  ? lock_downgrade+0x880/0x880
[  836.667379][ T8827]  _do_fork+0x25d/0xfe0
[  836.671548][ T8827]  ? copy_init_mm+0x20/0x20
[  836.676066][ T8827]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  836.681532][ T8827]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  836.687004][ T8827]  ? do_syscall_64+0x26/0x680
[  836.691692][ T8827]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  836.697773][ T8827]  ? do_syscall_64+0x26/0x680
[  836.702466][ T8827]  __x64_sys_clone+0xbf/0x150
[  836.707251][ T8827]  do_syscall_64+0xfd/0x680
[  836.711769][ T8827]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  836.717661][ T8827] RIP: 0033:0x45784a
[  836.721560][ T8827] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
[  836.741169][ T8827] RSP: 002b:00007fffa94b2820 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  836.749592][ T8827] RAX: ffffffffffffffda RBX: 00007fffa94b2820 RCX: 000000000045784a
[  836.757569][ T8827] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  836.765544][ T8827] RBP: 00007fffa94b2860 R08: 0000000000000001 R09: 0000555556053940
[  836.773524][ T8827] R10: 0000555556053c10 R11: 0000000000000246 R12: 0000000000000001
[  836.781502][ T8827] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffa94b28b0
15:50:28 executing program 3:
socket$kcm(0x2b, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.usage_percpu_user\x00', 0x0, 0x0)
perf_event_open$cgroup(&(0x7f0000000040)={0x4, 0x70, 0x7, 0x0, 0x1ff, 0x100, 0x0, 0x7, 0x28000, 0xd, 0xffff000, 0x156, 0x6, 0x0, 0x2, 0xf87c, 0x2, 0xfe6, 0x2, 0x3ff, 0x80000000, 0xfff, 0x1, 0x81, 0x0, 0x100, 0x9, 0x80000001, 0x6300, 0x2, 0x5, 0xc593, 0x3, 0x80000001, 0x0, 0x101, 0x3, 0xffffffffffffffe0, 0x0, 0x1611, 0x7, @perf_config_ext={0x4, 0x9}, 0x20000, 0x7fffffff, 0x9, 0xf, 0xfffffffffffffff9, 0xd0}, 0xffffffffffffff9c, 0xa, 0xffffffffffffff9c, 0x6)
perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x1, 0xd3, 0x6, 0x10001, 0x0, 0x0, 0x9, 0xc, 0x4, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x9, 0x1, 0x0, 0x7, 0xffffffff, 0xae94bc1, 0x6, 0xffffffffffffed0d, 0x3, 0x5, 0x186c00, 0x3, 0x6188, 0x9, 0x1de, 0x3, 0x65d17db5, 0x20, 0x3, 0x7d6, 0xfffffffffffffff8, 0x7ff, 0x7, 0x0, 0x99, 0x5, @perf_bp={&(0x7f00000000c0), 0x2}, 0x1, 0x9, 0x200, 0x6, 0xc42, 0x1439, 0x681}, 0x0, 0x2, 0xffffffffffffff9c, 0xb)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x8000)

[  836.795319][ T8827] memory: usage 3572kB, limit 0kB, failcnt 21
[  836.815300][ T8827] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  836.824872][ T8827] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  836.854485][ T8827] Memory cgroup stats for /syz4: cache:48KB rss:8KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:8KB inactive_file:0KB active_file:0KB unevictable:0KB
[  836.896450][ T8827] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8827,uid=0
[  836.928611][ T8827] Memory cgroup out of memory: Killed process 8827 (syz-executor.4) total-vm:72440kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB
[  836.958730][ T1044] oom_reaper: reaped process 8827 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB
15:50:29 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

[  837.366176][T17376] IPVS: ftp: loaded support on port[0] = 21
[  837.603122][T17376] chnl_net:caif_netlink_parms(): no params data found
[  837.637943][T17380] IPVS: ftp: loaded support on port[0] = 21
[  837.673573][T17376] bridge0: port 1(bridge_slave_0) entered blocking state
[  837.681867][T17376] bridge0: port 1(bridge_slave_0) entered disabled state
[  837.693982][T17376] device bridge_slave_0 entered promiscuous mode
[  837.713818][T17376] bridge0: port 2(bridge_slave_1) entered blocking state
[  837.722062][T17376] bridge0: port 2(bridge_slave_1) entered disabled state
[  837.734111][T17376] device bridge_slave_1 entered promiscuous mode
[  837.772029][T17376] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  837.792697][T17376] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  837.821572][T17376] team0: Port device team_slave_0 added
[  837.836188][T17376] team0: Port device team_slave_1 added
[  837.917991][T17380] chnl_net:caif_netlink_parms(): no params data found
[  837.968190][T17376] device hsr_slave_0 entered promiscuous mode
[  838.015083][T17376] device hsr_slave_1 entered promiscuous mode
[  838.087205][T17380] bridge0: port 1(bridge_slave_0) entered blocking state
[  838.094906][T17380] bridge0: port 1(bridge_slave_0) entered disabled state
[  838.103042][T17380] device bridge_slave_0 entered promiscuous mode
[  838.111860][T17380] bridge0: port 2(bridge_slave_1) entered blocking state
[  838.119530][T17380] bridge0: port 2(bridge_slave_1) entered disabled state
[  838.128593][T17380] device bridge_slave_1 entered promiscuous mode
[  838.172041][T17380] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  838.184211][T17376] bridge0: port 2(bridge_slave_1) entered blocking state
[  838.191361][T17376] bridge0: port 2(bridge_slave_1) entered forwarding state
[  838.198802][T17376] bridge0: port 1(bridge_slave_0) entered blocking state
[  838.205938][T17376] bridge0: port 1(bridge_slave_0) entered forwarding state
[  838.227724][T17380] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  838.300460][T17380] team0: Port device team_slave_0 added
[  838.307817][T17380] team0: Port device team_slave_1 added
[  838.377731][T17380] device hsr_slave_0 entered promiscuous mode
[  838.420562][T17380] device hsr_slave_1 entered promiscuous mode
[  838.494014][T17380] bridge0: port 2(bridge_slave_1) entered blocking state
[  838.501124][T17380] bridge0: port 2(bridge_slave_1) entered forwarding state
[  838.508552][T17380] bridge0: port 1(bridge_slave_0) entered blocking state
[  838.515727][T17380] bridge0: port 1(bridge_slave_0) entered forwarding state
[  838.531912][ T8825] bridge0: port 1(bridge_slave_0) entered disabled state
[  838.539576][ T8825] bridge0: port 2(bridge_slave_1) entered disabled state
[  838.551592][ T8825] bridge0: port 1(bridge_slave_0) entered disabled state
[  838.559630][ T8825] bridge0: port 2(bridge_slave_1) entered disabled state
[  838.576692][T17376] 8021q: adding VLAN 0 to HW filter on device bond0
[  838.595844][T17376] 8021q: adding VLAN 0 to HW filter on device team0
[  838.616353][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  838.624727][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  838.659182][T17380] 8021q: adding VLAN 0 to HW filter on device bond0
[  838.666717][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  838.676526][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  838.695686][ T8825] bridge0: port 1(bridge_slave_0) entered blocking state
[  838.702796][ T8825] bridge0: port 1(bridge_slave_0) entered forwarding state
[  838.733873][T17380] 8021q: adding VLAN 0 to HW filter on device team0
[  838.741534][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  838.750537][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  838.760179][ T8918] bridge0: port 2(bridge_slave_1) entered blocking state
[  838.767284][ T8918] bridge0: port 2(bridge_slave_1) entered forwarding state
[  838.777406][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  838.786376][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  838.795235][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  838.803721][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  838.812373][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  838.821302][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  838.829957][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  838.838322][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  838.847104][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  838.854971][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  838.867622][T17376] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  838.880049][T17376] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  838.888103][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  838.896936][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  838.905653][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  838.925943][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  838.935523][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  838.943848][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  838.950981][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  838.958946][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  838.968209][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  838.977008][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  838.984057][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  838.991814][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  839.000941][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  839.137826][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  839.146458][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  839.155975][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  839.244110][T17380] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  839.254955][T17380] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  839.272868][T17376] 8021q: adding VLAN 0 to HW filter on device batadv0
[  839.284516][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  839.294325][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  839.306919][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  839.315984][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  839.324343][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  839.332845][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  839.341866][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  839.441465][T17380] 8021q: adding VLAN 0 to HW filter on device batadv0
[  839.566761][T17389] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  839.577884][T17389] CPU: 0 PID: 17389 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  839.585880][T17389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  839.595946][T17389] Call Trace:
[  839.599262][T17389]  dump_stack+0x172/0x1f0
[  839.603617][T17389]  dump_header+0x10f/0xb6c
[  839.608047][T17389]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  839.613862][T17389]  ? ___ratelimit+0x60/0x595
[  839.618465][T17389]  ? do_raw_spin_unlock+0x57/0x270
[  839.623600][T17389]  oom_kill_process.cold+0x10/0x15
[  839.628721][T17389]  out_of_memory+0x79a/0x1280
[  839.633412][T17389]  ? retint_kernel+0x2b/0x2b
[  839.638006][T17389]  ? oom_killer_disable+0x280/0x280
[  839.643212][T17389]  mem_cgroup_out_of_memory+0x1ca/0x230
[  839.648757][T17389]  ? memcg_event_wake+0x230/0x230
[  839.653779][T17389]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  839.659592][T17389]  ? cgroup_file_notify+0x140/0x1b0
[  839.664800][T17389]  memory_max_write+0x169/0x300
[  839.669654][T17389]  ? mem_cgroup_write+0x360/0x360
[  839.674684][T17389]  ? cgroup_file_write+0x86/0x790
[  839.679750][T17389]  cgroup_file_write+0x241/0x790
[  839.684692][T17389]  ? mem_cgroup_write+0x360/0x360
[  839.689703][T17389]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  839.695340][T17389]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  839.700978][T17389]  kernfs_fop_write+0x2b8/0x480
[  839.705824][T17389]  __vfs_write+0x8a/0x110
[  839.710186][T17389]  ? kernfs_fop_open+0xd80/0xd80
[  839.715133][T17389]  vfs_write+0x20c/0x580
[  839.719392][T17389]  ksys_write+0x14f/0x290
[  839.723747][T17389]  ? __ia32_sys_read+0xb0/0xb0
[  839.728509][T17389]  __x64_sys_write+0x73/0xb0
[  839.733102][T17389]  ? do_syscall_64+0x5b/0x680
[  839.737784][T17389]  do_syscall_64+0xfd/0x680
[  839.742399][T17389]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  839.748277][T17389] RIP: 0033:0x459279
[  839.752180][T17389] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  839.771780][T17389] RSP: 002b:00007f6376051c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  839.780221][T17389] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  839.788208][T17389] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  839.796196][T17389] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  839.804276][T17389] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f63760526d4
[  839.812270][T17389] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  839.829650][T17389] memory: usage 3196kB, limit 0kB, failcnt 381238
[  839.836474][T17389] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  839.845453][T17389] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  839.845461][T17389] Memory cgroup stats for /syz1: cache:4KB rss:2156KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2156KB inactive_file:0KB active_file:0KB unevictable:0KB
[  839.873857][T17389] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17387,uid=0
[  839.890071][T17389] Memory cgroup out of memory: Killed process 17387 (syz-executor.1) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[  839.912549][ T1044] oom_reaper: reaped process 17387 (syz-executor.1), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB
15:50:31 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:50:31 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0xffffffff7fffffff)

[  840.008006][T17376] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  840.028142][T17376] CPU: 1 PID: 17376 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  840.036240][T17376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  840.046294][T17376] Call Trace:
[  840.049594][T17376]  dump_stack+0x172/0x1f0
[  840.053938][T17376]  dump_header+0x10f/0xb6c
[  840.058398][T17376]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  840.064212][T17376]  ? ___ratelimit+0x60/0x595
[  840.068803][T17376]  ? do_raw_spin_unlock+0x57/0x270
[  840.073925][T17376]  oom_kill_process.cold+0x10/0x15
[  840.079052][T17376]  out_of_memory+0x79a/0x1280
[  840.083753][T17376]  ? lock_downgrade+0x880/0x880
[  840.088613][T17376]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  840.094869][T17376]  ? oom_killer_disable+0x280/0x280
[  840.100077][T17376]  ? find_held_lock+0x35/0x130
[  840.104866][T17376]  mem_cgroup_out_of_memory+0x1ca/0x230
[  840.110420][T17376]  ? memcg_event_wake+0x230/0x230
[  840.115466][T17376]  ? do_raw_spin_unlock+0x57/0x270
[  840.120591][T17376]  ? _raw_spin_unlock+0x2d/0x50
[  840.126960][T17376]  try_charge+0x102c/0x15c0
[  840.131468][T17376]  ? find_held_lock+0x35/0x130
[  840.136247][T17376]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  840.141799][T17376]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  840.148074][T17376]  ? kasan_check_read+0x11/0x20
[  840.152929][T17376]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  840.158477][T17376]  mem_cgroup_try_charge+0x24d/0x5e0
[  840.163774][T17376]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  840.169417][T17376]  __handle_mm_fault+0x1e1a/0x3eb0
[  840.174534][T17376]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  840.180077][T17376]  ? find_held_lock+0x35/0x130
[  840.184838][T17376]  ? handle_mm_fault+0x292/0xa90
[  840.189803][T17376]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  840.196044][T17376]  ? kasan_check_read+0x11/0x20
[  840.200896][T17376]  handle_mm_fault+0x3b7/0xa90
[  840.205662][T17376]  __do_page_fault+0x5ef/0xda0
[  840.210435][T17376]  do_page_fault+0x71/0x57d
[  840.214942][T17376]  ? page_fault+0x8/0x30
[  840.219183][T17376]  page_fault+0x1e/0x30
[  840.223366][T17376] RIP: 0033:0x42f7aa
[  840.227259][T17376] Code: 21 4e 00 bf b0 28 4e 00 e8 e3 b8 ff ff 0f 1f 00 48 83 fe bf 0f 87 63 08 00 00 48 89 f0 41 57 41 56 48 83 c0 17 41 55 41 54 55 <53> 48 89 c5 48 83 e5 f0 48 89 fb 48 81 ec 98 00 00 00 48 83 f8 20
[  840.246858][T17376] RSP: 002b:00007ffcab97f000 EFLAGS: 00010206
[  840.252923][T17376] RAX: 0000000000008047 RBX: 0000000000714640 RCX: 00000000004585e4
[  840.260894][T17376] RDX: 00007ffcab97f050 RSI: 0000000000008030 RDI: 0000000000714640
[  840.268864][T17376] RBP: 0000000000008030 R08: 0000000000000001 R09: 0000555557268940
[  840.276832][T17376] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcab980230
[  840.284798][T17376] R13: 00007ffcab980220 R14: 0000000000000000 R15: 00007ffcab980230
[  840.297904][T17376] memory: usage 860kB, limit 0kB, failcnt 381247
[  840.317271][T17376] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  840.330444][T17376] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  840.341295][T17376] Memory cgroup stats for /syz1: cache:4KB rss:96KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96KB inactive_file:0KB active_file:0KB unevictable:0KB
[  840.362423][T17376] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17376,uid=0
[  840.387105][T17376] Memory cgroup out of memory: Killed process 17376 (syz-executor.1) total-vm:72444kB, anon-rss:72kB, file-rss:34828kB, shmem-rss:0kB
[  840.401931][ T1044] oom_reaper: reaped process 17376 (syz-executor.1), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
[  840.413648][T17397] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  840.430114][T17397] CPU: 0 PID: 17397 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  840.438133][T17397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  840.448202][T17397] Call Trace:
[  840.451522][T17397]  dump_stack+0x172/0x1f0
[  840.455890][T17397]  dump_header+0x10f/0xb6c
[  840.460337][T17397]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  840.466334][T17397]  ? ___ratelimit+0x60/0x595
[  840.470941][T17397]  ? do_raw_spin_unlock+0x57/0x270
[  840.476072][T17397]  oom_kill_process.cold+0x10/0x15
[  840.481205][T17397]  out_of_memory+0x79a/0x1280
[  840.485909][T17397]  ? oom_killer_disable+0x280/0x280
[  840.491133][T17397]  mem_cgroup_out_of_memory+0x1ca/0x230
[  840.496688][T17397]  ? memcg_event_wake+0x230/0x230
[  840.501709][T17397]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  840.507506][T17397]  ? cgroup_file_notify+0x140/0x1b0
[  840.512708][T17397]  memory_max_write+0x169/0x300
[  840.517556][T17397]  ? mem_cgroup_write+0x360/0x360
[  840.522586][T17397]  ? cgroup_file_write+0x1e2/0x790
[  840.528150][T17397]  cgroup_file_write+0x241/0x790
[  840.533082][T17397]  ? mem_cgroup_write+0x360/0x360
[  840.538095][T17397]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  840.543731][T17397]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  840.549385][T17397]  kernfs_fop_write+0x2b8/0x480
[  840.554241][T17397]  __vfs_write+0x8a/0x110
[  840.558564][T17397]  ? kernfs_fop_open+0xd80/0xd80
[  840.563508][T17397]  vfs_write+0x20c/0x580
[  840.567749][T17397]  ksys_write+0x14f/0x290
[  840.572075][T17397]  ? __ia32_sys_read+0xb0/0xb0
[  840.576836][T17397]  ? do_syscall_64+0x26/0x680
[  840.581501][T17397]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  840.587560][T17397]  ? do_syscall_64+0x26/0x680
[  840.593345][T17397]  __x64_sys_write+0x73/0xb0
[  840.597948][T17397]  do_syscall_64+0xfd/0x680
[  840.602448][T17397]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  840.608356][T17397] RIP: 0033:0x459279
[  840.612262][T17397] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  840.631870][T17397] RSP: 002b:00007f12faadac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  840.640310][T17397] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  840.651566][T17397] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  840.659541][T17397] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  840.667537][T17397] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f12faadb6d4
[  840.675503][T17397] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  840.688483][T17397] memory: usage 3124kB, limit 0kB, failcnt 229598
[  840.695249][T17397] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  840.702776][T17397] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  840.709955][T17397] Memory cgroup stats for /syz2: cache:0KB rss:2104KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2104KB inactive_file:0KB active_file:0KB unevictable:0KB
[  840.731999][T17397] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17394,uid=0
[  840.748570][T17397] Memory cgroup out of memory: Killed process 17394 (syz-executor.2) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[  840.769021][ T1044] oom_reaper: reaped process 17394 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB
15:50:32 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:50:32 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9f"], &(0x7f0000000480)=""/222, 0x1, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:50:32 executing program 4:
r0 = socket$kcm(0x2b, 0x7, 0x0)
socket$kcm(0x29, 0x5, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={<r2=>0x0, r0, 0x0, 0x12, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0xffffffffffffffff}, 0x30)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x4f, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r3, 0x0, 0xe, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8", 0x0, 0x3f00}, 0x28)
r4 = perf_event_open$cgroup(&(0x7f0000000100)={0x4, 0x70, 0x8001, 0xfff, 0x6, 0x0, 0x0, 0x5, 0xc000, 0x4, 0x5, 0xcd4d, 0x6, 0x0, 0x20, 0x1, 0x1000, 0x8000, 0x7f, 0x8, 0x2d0, 0x9, 0x9, 0x80, 0x4, 0x5, 0xffffffff, 0x5, 0x6, 0x200, 0x80000000, 0x0, 0x6, 0x80000001, 0x800, 0x1, 0x4, 0x6, 0x0, 0x9, 0x4, @perf_bp={&(0x7f00000000c0)}, 0x2610, 0x4, 0x9, 0xf, 0x9, 0xda2, 0x4}, r1, 0xa, 0xffffffffffffff9c, 0x4)
socket$kcm(0x29, 0x5, 0x0)
r5 = perf_event_open$cgroup(&(0x7f00000001c0)={0x2, 0x70, 0x564ee689, 0x9, 0x6a, 0x6, 0x0, 0x9, 0x22, 0x1, 0x8, 0x7f, 0x0, 0xff, 0x1, 0x7, 0x100000001, 0x100, 0xfffffffffffff000, 0x9, 0xfffffffffffffff9, 0x5, 0x80000000, 0x1, 0x200, 0x5, 0xdb15, 0x6, 0xfffffffffffffffb, 0x2, 0x3, 0x849d, 0x3, 0x1, 0x100000000, 0x1000, 0x100, 0x1, 0x0, 0x4, 0x4, @perf_bp={&(0x7f0000000180), 0x1}, 0x10, 0x1, 0x2da, 0x3, 0x2, 0x1, 0x7f}, r1, 0x10, 0xffffffffffffffff, 0x8)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
perf_event_open(&(0x7f0000000240)={0x7, 0x70, 0x6, 0x10000, 0x0, 0x5, 0x0, 0x3, 0x40, 0x4, 0xd10, 0x5, 0x2, 0x1, 0x9f0a, 0xfffffffffffffff8, 0x6, 0x2510d5a6, 0x8, 0x9, 0x1, 0x1, 0xa00, 0x100, 0x1, 0xfffffffffffffffa, 0x81, 0x22, 0x2, 0x3, 0x400, 0xad4, 0x9ea, 0x34a5, 0x8, 0x3, 0x80000000, 0x3, 0x0, 0x6, 0x0, @perf_config_ext={0xa16, 0x2}, 0x400, 0x6, 0x7e5, 0x0, 0x7, 0x4, 0x1000}, r2, 0x10, r4, 0x0)

15:50:32 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:50:32 executing program 3:
r0 = socket$kcm(0x2b, 0x2000000002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)
r1 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000080)='syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(r1, &(0x7f00000000c0)='cpuset.memory_pressure\x00', 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='pids.current\x00', 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000040)={'dummy0\x00', @remote})

[  840.956324][T17380] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  840.999206][T17380] CPU: 1 PID: 17380 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  841.007231][T17380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  841.017298][T17380] Call Trace:
[  841.020601][T17380]  dump_stack+0x172/0x1f0
[  841.024945][T17380]  dump_header+0x10f/0xb6c
[  841.029380][T17380]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  841.035194][T17380]  ? ___ratelimit+0x60/0x595
[  841.035212][T17380]  ? do_raw_spin_unlock+0x57/0x270
[  841.035233][T17380]  oom_kill_process.cold+0x10/0x15
[  841.050119][T17380]  out_of_memory+0x79a/0x1280
[  841.054808][T17380]  ? lock_downgrade+0x880/0x880
[  841.059671][T17380]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  841.065927][T17380]  ? oom_killer_disable+0x280/0x280
[  841.071128][T17380]  ? find_held_lock+0x35/0x130
[  841.075915][T17380]  mem_cgroup_out_of_memory+0x1ca/0x230
[  841.081465][T17380]  ? memcg_event_wake+0x230/0x230
[  841.086510][T17380]  ? do_raw_spin_unlock+0x57/0x270
[  841.091637][T17380]  ? _raw_spin_unlock+0x2d/0x50
[  841.096509][T17380]  try_charge+0x102c/0x15c0
[  841.101017][T17380]  ? find_held_lock+0x35/0x130
[  841.105800][T17380]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  841.111363][T17380]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  841.117619][T17380]  ? kasan_check_read+0x11/0x20
[  841.122486][T17380]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  841.128511][T17380]  mem_cgroup_try_charge+0x24d/0x5e0
[  841.133819][T17380]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  841.139460][T17380]  wp_page_copy+0x416/0x1770
[  841.144140][T17380]  ? do_wp_page+0x486/0x1500
[  841.148749][T17380]  ? pmd_pfn+0x1d0/0x1d0
[  841.153015][T17380]  ? lock_downgrade+0x880/0x880
[  841.157872][T17380]  ? swp_swapcount+0x540/0x540
[  841.162637][T17380]  ? do_raw_spin_unlock+0x57/0x270
[  841.167765][T17380]  ? kasan_check_read+0x11/0x20
[  841.172620][T17380]  ? do_raw_spin_unlock+0x57/0x270
[  841.177768][T17380]  do_wp_page+0x48e/0x1500
[  841.182195][T17380]  ? finish_mkwrite_fault+0x540/0x540
[  841.187577][T17380]  __handle_mm_fault+0x22e3/0x3eb0
[  841.192698][T17380]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  841.198252][T17380]  ? find_held_lock+0x35/0x130
[  841.203023][T17380]  ? handle_mm_fault+0x292/0xa90
[  841.207973][T17380]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  841.214220][T17380]  ? kasan_check_read+0x11/0x20
[  841.219085][T17380]  handle_mm_fault+0x3b7/0xa90
[  841.223862][T17380]  __do_page_fault+0x5ef/0xda0
[  841.228645][T17380]  do_page_fault+0x71/0x57d
[  841.233159][T17380]  ? page_fault+0x8/0x30
[  841.237407][T17380]  page_fault+0x1e/0x30
[  841.241564][T17380] RIP: 0033:0x430356
[  841.245467][T17380] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 46 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 4c 64 00 85 c0 0f 84
[  841.265075][T17380] RSP: 002b:00007ffd88228700 EFLAGS: 00010206
[  841.271141][T17380] RAX: 0000000000019691 RBX: 0000000000714640 RCX: 0000000000008041
[  841.279113][T17380] RDX: 00005555556b0930 RSI: 00005555556b8970 RDI: 0000000000000003
[  841.287090][T17380] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555556af940
15:50:33 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.swap.current\x00', 0x0, 0x0)
recvmsg(r0, &(0x7f00000006c0)={&(0x7f00000003c0)=@xdp={0x2c, 0x0, <r2=>0x0}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000440)=""/110, 0x6e}, {&(0x7f00000004c0)=""/20, 0x14}, {&(0x7f0000000500)=""/77, 0x4d}], 0x3, &(0x7f00000005c0)=""/233, 0xe9}, 0x40002003)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000700)='cpuacct.usage_percpu\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000740)={0xf, 0x1, 0xc3eb, 0x80, 0x5, r1, 0xfffffffffffffffd, [], r2, r3, 0x0, 0x5}, 0x3c)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)

[  841.295063][T17380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000714698
[  841.303033][T17380] R13: 0000000000714698 R14: 0000000000000000 R15: 0000000000002710
[  841.330506][T17405] device nr0
 entered promiscuous mode
15:50:33 executing program 3:
socketpair(0xb, 0x0, 0x7c4, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
recvmsg$kcm(r0, &(0x7f0000000600)={&(0x7f0000000100)=@tipc, 0x80, &(0x7f0000000580)=[{&(0x7f0000000180)=""/42, 0x2a}, {&(0x7f00000001c0)=""/116, 0x74}, {&(0x7f0000000240)=""/99, 0x63}, {&(0x7f00000002c0)=""/246, 0xf6}, {&(0x7f00000003c0)=""/110, 0x6e}, {&(0x7f0000000440)=""/62, 0x3e}, {&(0x7f0000000480)=""/254, 0xfe}], 0x7}, 0x2000)
r1 = socket$kcm(0x2b, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='memory.swap.current\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r2, 0x4008240b, &(0x7f0000000040)={0x3, 0x70, 0x4, 0x6, 0x4, 0x4, 0x0, 0x5, 0x10, 0xb, 0x5, 0x1, 0x3, 0x1bb, 0x9, 0x9, 0x1, 0xfffffffffffffffa, 0x6, 0x8001, 0x9, 0xa9d, 0x8, 0x100000001, 0x8, 0x7, 0x1ff, 0x3f, 0x2, 0xfffffffffffffffc, 0x5, 0x2, 0x10001, 0xffffffff, 0x6, 0x7ff, 0x3, 0x175, 0x0, 0x3800000000000, 0x6, @perf_config_ext={0xcf, 0x81}, 0x200, 0x7ff, 0x4, 0x1, 0x1ff, 0x5, 0x1})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8904, 0x0)

[  841.378961][T17380] memory: usage 788kB, limit 0kB, failcnt 229607
[  841.385401][T17380] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  841.392861][T17380] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  841.399858][T17380] Memory cgroup stats for /syz2: cache:0KB rss:0KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:0KB inactive_file:0KB active_file:0KB unevictable:0KB
[  841.420493][T17380] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17380,uid=0
[  841.489536][T17380] Memory cgroup out of memory: Killed process 17380 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34828kB, shmem-rss:0kB
15:50:33 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
r1 = perf_event_open(&(0x7f0000000140)={0x3, 0x70, 0x10000, 0x10001, 0x6, 0x447b, 0x0, 0x3, 0x8000c, 0x9, 0x8, 0xa6df, 0x2, 0x2, 0x3ff, 0xb59, 0x1d8, 0x7fffffff, 0x6, 0xbb4c, 0x1, 0x5d, 0x5, 0x36f, 0xffff, 0x7f, 0x8, 0x3, 0x5, 0x8001, 0x400, 0x4, 0x0, 0xffffffff, 0x100000001, 0x6, 0x1, 0xcd, 0x0, 0x8001, 0x7, @perf_bp={&(0x7f0000000100), 0xc}, 0x2000, 0x100, 0x2, 0x6, 0x5, 0x1, 0x9592}, 0xffffffffffffffff, 0x2, r0, 0x3)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x1)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffff9c, 0x0, 0x2, &(0x7f0000000000)='\\\x00', 0xffffffffffffffff}, 0x30)
perf_event_open(&(0x7f0000000080)={0x5, 0x70, 0x386000000, 0x20, 0x40, 0x7, 0x0, 0x558, 0x2040, 0x1, 0x7fff, 0x5, 0x8, 0x3, 0x1, 0x10000, 0x8, 0x400, 0x0, 0x6810e813, 0x229, 0x7fff, 0x5, 0x3ff, 0x0, 0x1, 0x1, 0xfffffffffffffffc, 0x8, 0x7, 0x7, 0x6, 0xeac, 0xec, 0xff, 0x0, 0x3, 0xa8, 0x0, 0xff, 0x1, @perf_config_ext={0x3, 0x40}, 0x1010, 0x8, 0x3, 0x0, 0x5, 0x6, 0xffffffffffffffae}, r2, 0xf, 0xffffffffffffff9c, 0x9)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r3, 0x40042409, 0x1)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)

[  841.539725][ T1044] oom_reaper: reaped process 17380 (syz-executor.2), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
15:50:33 executing program 3:
r0 = socket$kcm(0x2b, 0x0, 0x0)
r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r1, 0xc0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=0x81, 0x0, <r2=>0x0, 0x0, &(0x7f0000000100)={0x8, 0x1}, 0x0, 0x0, &(0x7f0000000140)={0x2, 0x2, 0x0, 0x10000}, &(0x7f0000000180)=0x4, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=0x7}}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='.wlan0trusted,GPLvboxnet0(wlan0\x00', r1}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300)=r2, 0x4)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)

15:50:33 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:50:33 executing program 3:
getpid()
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)={&(0x7f00000000c0)='./file0\x00', 0x0, 0x4}, 0x6)
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)
perf_event_open(&(0x7f0000000000)={0x7, 0x15d, 0xffffffffffffffff, 0xffff, 0x4, 0x80000001, 0x0, 0x3ff, 0x10000, 0xc, 0x2, 0x3, 0x2640, 0x5, 0x4, 0x1cb9, 0x5, 0x0, 0x1000, 0x0, 0x800008000, 0xf81c, 0xd, 0xffffffff, 0x6, 0x7, 0x4, 0x6d, 0x9, 0x7c, 0x80000001, 0x5, 0x3, 0x9, 0x1, 0x1, 0x0, 0x5, 0x0, 0x3, 0x3, @perf_config_ext={0x100000000, 0x4}, 0x5d44d84fb1c72954, 0x5, 0x9, 0x7, 0x300000000000000, 0x18fef5dd, 0x4}, 0x0, 0x10, 0xffffffffffffff9c, 0x3)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x2a0400, 0x0)
ioctl$TUNDETACHFILTER(r1, 0x401054d6, 0x0)

15:50:33 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:50:34 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:50:34 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9f"], &(0x7f0000000480)=""/222, 0x1, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

[  842.445885][T17434] device nr0
 entered promiscuous mode
[  842.564232][T17438] IPVS: ftp: loaded support on port[0] = 21
[  842.712107][T17438] chnl_net:caif_netlink_parms(): no params data found
[  842.786052][T17438] bridge0: port 1(bridge_slave_0) entered blocking state
[  842.793147][T17438] bridge0: port 1(bridge_slave_0) entered disabled state
[  842.805046][T17438] device bridge_slave_0 entered promiscuous mode
[  842.812691][T17438] bridge0: port 2(bridge_slave_1) entered blocking state
[  842.819895][T17438] bridge0: port 2(bridge_slave_1) entered disabled state
[  842.828057][T17438] device bridge_slave_1 entered promiscuous mode
[  842.911735][T17438] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  842.923328][T17438] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  842.991092][T17438] team0: Port device team_slave_0 added
[  842.999262][T17438] team0: Port device team_slave_1 added
[  843.016712][T17442] IPVS: ftp: loaded support on port[0] = 21
[  843.066485][T17438] device hsr_slave_0 entered promiscuous mode
[  843.125017][T17438] device hsr_slave_1 entered promiscuous mode
[  843.282306][T17444] IPVS: ftp: loaded support on port[0] = 21
[  843.297221][T17438] bridge0: port 2(bridge_slave_1) entered blocking state
[  843.304306][T17438] bridge0: port 2(bridge_slave_1) entered forwarding state
[  843.311711][T17438] bridge0: port 1(bridge_slave_0) entered blocking state
[  843.318838][T17438] bridge0: port 1(bridge_slave_0) entered forwarding state
[  843.468089][ T8853] bridge0: port 1(bridge_slave_0) entered disabled state
[  843.476272][ T8853] bridge0: port 2(bridge_slave_1) entered disabled state
[  843.527539][T17438] 8021q: adding VLAN 0 to HW filter on device bond0
[  843.637347][T17444] chnl_net:caif_netlink_parms(): no params data found
[  843.660730][T17442] chnl_net:caif_netlink_parms(): no params data found
[  843.684215][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  843.693018][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  843.718952][T17438] 8021q: adding VLAN 0 to HW filter on device team0
[  843.789224][T17444] bridge0: port 1(bridge_slave_0) entered blocking state
[  843.797381][T17444] bridge0: port 1(bridge_slave_0) entered disabled state
[  843.806885][T17444] device bridge_slave_0 entered promiscuous mode
[  843.820395][T17444] bridge0: port 2(bridge_slave_1) entered blocking state
[  843.828726][T17444] bridge0: port 2(bridge_slave_1) entered disabled state
[  843.836609][T17444] device bridge_slave_1 entered promiscuous mode
[  843.857594][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  843.867352][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  843.876008][ T8828] bridge0: port 1(bridge_slave_0) entered blocking state
[  843.883059][ T8828] bridge0: port 1(bridge_slave_0) entered forwarding state
[  843.891117][T17442] bridge0: port 1(bridge_slave_0) entered blocking state
[  843.898386][T17442] bridge0: port 1(bridge_slave_0) entered disabled state
[  843.906642][T17442] device bridge_slave_0 entered promiscuous mode
[  843.916337][T17444] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  843.928561][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  843.940863][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  843.949690][ T8828] bridge0: port 2(bridge_slave_1) entered blocking state
[  843.956821][ T8828] bridge0: port 2(bridge_slave_1) entered forwarding state
[  843.965444][T17442] bridge0: port 2(bridge_slave_1) entered blocking state
[  843.972503][T17442] bridge0: port 2(bridge_slave_1) entered disabled state
[  843.981701][T17442] device bridge_slave_1 entered promiscuous mode
[  843.990769][T17444] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  844.064051][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  844.073097][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  844.106714][T17444] team0: Port device team_slave_0 added
[  844.157531][T17442] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  844.168034][T17444] team0: Port device team_slave_1 added
[  844.177601][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  844.186734][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  844.195740][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  844.204136][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  844.212679][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  844.232175][T17442] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  844.317921][T17444] device hsr_slave_0 entered promiscuous mode
[  844.354828][T17444] device hsr_slave_1 entered promiscuous mode
[  844.469979][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  844.478555][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  844.496646][T17442] team0: Port device team_slave_0 added
[  844.503159][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  844.513229][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  844.523042][T17438] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  844.535477][T17442] team0: Port device team_slave_1 added
[  844.656787][T17442] device hsr_slave_0 entered promiscuous mode
[  844.705223][T17442] device hsr_slave_1 entered promiscuous mode
[  844.830261][T17438] 8021q: adding VLAN 0 to HW filter on device batadv0
[  844.924181][T17444] 8021q: adding VLAN 0 to HW filter on device bond0
[  844.986968][T17444] 8021q: adding VLAN 0 to HW filter on device team0
[  845.018300][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  845.027175][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
15:50:36 executing program 4:
socketpair(0x3, 0x0, 0x0, 0x0)

[  845.071631][T17442] 8021q: adding VLAN 0 to HW filter on device bond0
[  845.123780][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  845.142397][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  845.153680][T15522] bridge0: port 1(bridge_slave_0) entered blocking state
[  845.160803][T15522] bridge0: port 1(bridge_slave_0) entered forwarding state
[  845.181293][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  845.190228][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  845.198781][T15522] bridge0: port 2(bridge_slave_1) entered blocking state
[  845.205897][T15522] bridge0: port 2(bridge_slave_1) entered forwarding state
[  845.213551][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  845.247964][T17444] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  845.262132][T17444] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  845.274961][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  845.283005][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  845.291783][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  845.300513][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  845.309406][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  845.318259][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  845.326883][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  845.335354][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  845.343603][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  845.351348][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  845.359155][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  845.367593][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  845.378658][T17442] 8021q: adding VLAN 0 to HW filter on device team0
[  845.388912][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  845.397255][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  845.446958][    T7] device bridge_slave_1 left promiscuous mode
[  845.453272][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[  845.505265][    T7] device bridge_slave_0 left promiscuous mode
[  845.511451][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[  845.566723][    T7] device bridge_slave_1 left promiscuous mode
[  845.572907][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[  845.629475][    T7] device bridge_slave_0 left promiscuous mode
[  845.635817][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[  847.448251][    T7] device hsr_slave_1 left promiscuous mode
[  847.511054][    T7] device hsr_slave_0 left promiscuous mode
[  847.570334][    T7] team0 (unregistering): Port device team_slave_1 removed
[  847.582981][    T7] team0 (unregistering): Port device team_slave_0 removed
[  847.596205][    T7] bond0 (unregistering): Releasing backup interface bond_slave_1
[  847.623786][    T7] bond0 (unregistering): Releasing backup interface bond_slave_0
[  847.723590][    T7] bond0 (unregistering): Released all slaves
[  847.908263][    T7] device hsr_slave_1 left promiscuous mode
[  847.971049][    T7] device hsr_slave_0 left promiscuous mode
[  848.030989][    T7] team0 (unregistering): Port device team_slave_1 removed
[  848.043425][    T7] team0 (unregistering): Port device team_slave_0 removed
[  848.058921][    T7] bond0 (unregistering): Releasing backup interface bond_slave_1
[  848.092185][    T7] bond0 (unregistering): Releasing backup interface bond_slave_0
[  848.188339][    T7] bond0 (unregistering): Released all slaves
[  848.326409][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  848.338365][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  848.349142][ T3542] bridge0: port 1(bridge_slave_0) entered blocking state
[  848.356500][ T3542] bridge0: port 1(bridge_slave_0) entered forwarding state
[  848.366366][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  848.390942][T17444] 8021q: adding VLAN 0 to HW filter on device batadv0
[  848.404672][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  848.421245][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  848.430490][ T3542] bridge0: port 2(bridge_slave_1) entered blocking state
[  848.438056][ T3542] bridge0: port 2(bridge_slave_1) entered forwarding state
[  848.446626][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  848.456133][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  848.476336][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  848.494283][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  848.512991][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  848.522864][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  848.532715][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  848.541763][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  848.551002][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  848.567216][T17442] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  848.580567][T17442] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  848.595473][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  848.608664][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  848.644025][T17442] 8021q: adding VLAN 0 to HW filter on device batadv0
[  848.837495][T17470] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  848.863828][T17470] CPU: 1 PID: 17470 Comm: syz-executor.5 Not tainted 5.2.0-rc2+ #14
[  848.871948][T17470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  848.882113][T17470] Call Trace:
[  848.885443][T17470]  dump_stack+0x172/0x1f0
[  848.889816][T17470]  dump_header+0x10f/0xb6c
[  848.894354][T17470]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  848.900193][T17470]  ? ___ratelimit+0x60/0x595
[  848.905163][T17470]  ? do_raw_spin_unlock+0x57/0x270
[  848.910458][T17470]  oom_kill_process.cold+0x10/0x15
[  848.915917][T17470]  out_of_memory+0x79a/0x1280
[  848.920637][T17470]  ? retint_kernel+0x2b/0x2b
[  848.925333][T17470]  ? oom_killer_disable+0x280/0x280
[  848.930653][T17470]  mem_cgroup_out_of_memory+0x1ca/0x230
[  848.936216][T17470]  ? memcg_event_wake+0x230/0x230
[  848.941730][T17470]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  848.947572][T17470]  ? cgroup_file_notify+0x140/0x1b0
[  848.952925][T17470]  memory_max_write+0x169/0x300
[  848.957786][T17470]  ? mem_cgroup_write+0x360/0x360
[  848.962930][T17470]  ? cgroup_file_write+0x1e2/0x790
[  848.968056][T17470]  cgroup_file_write+0x241/0x790
[  848.973277][T17470]  ? mem_cgroup_write+0x360/0x360
[  848.978498][T17470]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  848.984279][T17470]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  848.990130][T17470]  kernfs_fop_write+0x2b8/0x480
[  848.995003][T17470]  __vfs_write+0x8a/0x110
[  848.999347][T17470]  ? kernfs_fop_open+0xd80/0xd80
[  849.004286][T17470]  vfs_write+0x20c/0x580
[  849.008619][T17470]  ksys_write+0x14f/0x290
[  849.013251][T17470]  ? __ia32_sys_read+0xb0/0xb0
[  849.018021][T17470]  ? do_syscall_64+0x26/0x680
[  849.022696][T17470]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  849.029019][T17470]  ? do_syscall_64+0x26/0x680
[  849.033788][T17470]  __x64_sys_write+0x73/0xb0
[  849.038514][T17470]  do_syscall_64+0xfd/0x680
[  849.043056][T17470]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  849.049054][T17470] RIP: 0033:0x459279
[  849.053069][T17470] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  849.073530][T17470] RSP: 002b:00007f7ff77eac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  849.082193][T17470] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  849.090566][T17470] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008
[  849.099116][T17470] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  849.107551][T17470] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7ff77eb6d4
[  849.115851][T17470] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  849.139461][T17470] memory: usage 3156kB, limit 0kB, failcnt 211983
[  849.147024][T17470] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  849.155672][T17470] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  849.162713][T17470] Memory cgroup stats for /syz5: cache:176KB rss:2172KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2172KB inactive_file:132KB active_file:0KB unevictable:0KB
[  849.186733][T17470] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17469,uid=0
[  849.203819][T17470] Memory cgroup out of memory: Killed process 17469 (syz-executor.5) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[  849.225577][ T1044] oom_reaper: reaped process 17469 (syz-executor.5), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB
15:50:41 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:50:41 executing program 3:
socket$kcm(0x2b, 0x1, 0x0)
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='mime_type.GPL)vmnet0\x00', 0xffffffffffffff9c}, 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0xffffffffffffffff, <r1=>r0, 0x0, 0x2, &(0x7f0000000000)='%\x00'}, 0x30)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8904, 0x0)

15:50:41 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:50:41 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006"], &(0x7f0000000480)=""/222, 0x1d, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:50:41 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:50:41 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1f', 0x2761, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0xffffffffffffff14}, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000000))

[  849.540853][T17442] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  849.589909][T17478] device nr0
 entered promiscuous mode
[  849.608487][T17442] CPU: 0 PID: 17442 Comm: syz-executor.5 Not tainted 5.2.0-rc2+ #14
[  849.616616][T17442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  849.626968][T17442] Call Trace:
[  849.630376][T17442]  dump_stack+0x172/0x1f0
[  849.634867][T17442]  dump_header+0x10f/0xb6c
[  849.639403][T17442]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  849.645447][T17442]  ? ___ratelimit+0x60/0x595
[  849.650061][T17442]  ? do_raw_spin_unlock+0x57/0x270
[  849.655468][T17442]  oom_kill_process.cold+0x10/0x15
[  849.660704][T17442]  out_of_memory+0x79a/0x1280
[  849.665514][T17442]  ? lock_downgrade+0x880/0x880
[  849.670492][T17442]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  849.677029][T17442]  ? oom_killer_disable+0x280/0x280
[  849.682845][T17442]  ? find_held_lock+0x35/0x130
[  849.687670][T17442]  mem_cgroup_out_of_memory+0x1ca/0x230
[  849.693339][T17442]  ? memcg_event_wake+0x230/0x230
[  849.698490][T17442]  ? do_raw_spin_unlock+0x57/0x270
[  849.703908][T17442]  ? _raw_spin_unlock+0x2d/0x50
[  849.708909][T17442]  try_charge+0x102c/0x15c0
[  849.713434][T17442]  ? find_held_lock+0x35/0x130
[  849.718498][T17442]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  849.724071][T17442]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  849.730511][T17442]  ? kasan_check_read+0x11/0x20
[  849.735409][T17442]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  849.740978][T17442]  mem_cgroup_try_charge+0x24d/0x5e0
[  849.746382][T17442]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  849.752161][T17442]  wp_page_copy+0x416/0x1770
[  849.757052][T17442]  ? do_wp_page+0x486/0x1500
[  849.761791][T17442]  ? pmd_pfn+0x1d0/0x1d0
[  849.766154][T17442]  ? lock_downgrade+0x880/0x880
[  849.771121][T17442]  ? swp_swapcount+0x540/0x540
[  849.775904][T17442]  ? do_raw_spin_unlock+0x57/0x270
[  849.781038][T17442]  ? kasan_check_read+0x11/0x20
[  849.785913][T17442]  ? do_raw_spin_unlock+0x57/0x270
[  849.791434][T17442]  do_wp_page+0x48e/0x1500
[  849.795893][T17442]  ? finish_mkwrite_fault+0x540/0x540
[  849.801302][T17442]  __handle_mm_fault+0x22e3/0x3eb0
[  849.806707][T17442]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  849.812729][T17442]  ? find_held_lock+0x35/0x130
[  849.817518][T17442]  ? handle_mm_fault+0x292/0xa90
[  849.822741][T17442]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  849.829006][T17442]  ? kasan_check_read+0x11/0x20
[  849.834077][T17442]  handle_mm_fault+0x3b7/0xa90
[  849.838871][T17442]  __do_page_fault+0x5ef/0xda0
[  849.844364][T17442]  do_page_fault+0x71/0x57d
[  849.849060][T17442]  ? page_fault+0x8/0x30
[  849.853331][T17442]  page_fault+0x1e/0x30
[  849.857504][T17442] RIP: 0033:0x430356
[  849.861422][T17442] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 46 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 4c 64 00 85 c0 0f 84
[  849.881134][T17442] RSP: 002b:00007ffc954390c0 EFLAGS: 00010206
15:50:41 executing program 4:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

[  849.887424][T17442] RAX: 0000000000019691 RBX: 0000000000714640 RCX: 0000000000008041
[  849.895426][T17442] RDX: 0000555555c68930 RSI: 0000555555c70970 RDI: 0000000000000003
[  849.903500][T17442] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555c67940
[  849.911697][T17442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000714698
[  849.919683][T17442] R13: 0000000000714698 R14: 0000000000000000 R15: 0000000000002710
15:50:41 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000080)=0xcc33)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)=',)eth0usereth0&!self+,\'ppp1ppp1system\x00', r0}, 0x10)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8904, 0x0)

15:50:41 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x5, 0x5, 0x200, 0x4, 0x8, 0xffffffffffffff9c, 0x0, [], 0x0, 0xffffffffffffff9c, 0x0, 0x1}, 0x3c)

15:50:41 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006"], &(0x7f0000000480)=""/222, 0x1d, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:50:42 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1f, 0x2, 0xc54e, 0x2, 0x4, r1, 0x73, [], 0x0, r1, 0x0, 0x2}, 0x3c)

[  850.265280][T17442] memory: usage 808kB, limit 0kB, failcnt 211992
[  850.273453][T17495] device nr0
 entered promiscuous mode
[  850.302463][T17442] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
15:50:42 executing program 4:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

[  850.346018][T17442] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  850.464530][T17442] Memory cgroup stats for /syz5: cache:176KB rss:68KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:68KB inactive_file:132KB active_file:0KB unevictable:0KB
[  850.559288][T17442] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17442,uid=0
[  850.583796][T17442] Memory cgroup out of memory: Killed process 17442 (syz-executor.5) total-vm:72444kB, anon-rss:68kB, file-rss:34828kB, shmem-rss:0kB
[  850.615148][T17475] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  850.638694][T17475] CPU: 1 PID: 17475 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  850.646735][T17475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  850.656999][T17475] Call Trace:
[  850.660322][T17475]  dump_stack+0x172/0x1f0
[  850.664687][T17475]  dump_header+0x10f/0xb6c
[  850.669172][T17475]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  850.675093][T17475]  ? ___ratelimit+0x60/0x595
[  850.679706][T17475]  ? do_raw_spin_unlock+0x57/0x270
[  850.684873][T17475]  oom_kill_process.cold+0x10/0x15
[  850.690378][T17475]  out_of_memory+0x79a/0x1280
[  850.695088][T17475]  ? oom_killer_disable+0x280/0x280
[  850.700310][T17475]  ? find_held_lock+0x35/0x130
[  850.705286][T17475]  mem_cgroup_out_of_memory+0x1ca/0x230
[  850.710876][T17475]  ? memcg_event_wake+0x230/0x230
[  850.715935][T17475]  ? do_raw_spin_unlock+0x57/0x270
[  850.721162][T17475]  ? _raw_spin_unlock+0x2d/0x50
[  850.726129][T17475]  try_charge+0x102c/0x15c0
[  850.730657][T17475]  ? find_held_lock+0x35/0x130
[  850.735544][T17475]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  850.741116][T17475]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  850.747539][T17475]  ? kasan_check_read+0x11/0x20
[  850.752626][T17475]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  850.758392][T17475]  mem_cgroup_try_charge+0x24d/0x5e0
[  850.763721][T17475]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  850.769387][T17475]  __handle_mm_fault+0x1e1a/0x3eb0
[  850.774562][T17475]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  850.780125][T17475]  ? find_held_lock+0x35/0x130
[  850.784914][T17475]  ? handle_mm_fault+0x292/0xa90
[  850.790064][T17475]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  850.796417][T17475]  ? kasan_check_read+0x11/0x20
[  850.801291][T17475]  handle_mm_fault+0x3b7/0xa90
[  850.806087][T17475]  __do_page_fault+0x5ef/0xda0
[  850.810883][T17475]  do_page_fault+0x71/0x57d
[  850.815585][T17475]  ? page_fault+0x8/0x30
[  850.819938][T17475]  page_fault+0x1e/0x30
[  850.824106][T17475] RIP: 0033:0x410bbf
[  850.828192][T17475] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[  850.848077][T17475] RSP: 002b:00007fff286343c0 EFLAGS: 00010206
[  850.854267][T17475] RAX: 00007fb2e502a000 RBX: 0000000000020000 RCX: 00000000004592ca
[  850.863750][T17475] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[  850.871757][T17475] RBP: 00007fff286344a0 R08: ffffffffffffffff R09: 0000000000000000
[  850.879841][T17475] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff28634590
[  850.888182][T17475] R13: 00007fb2e504a700 R14: 0000000000000001 R15: 000000000075bfcc
[  850.906718][T17475] memory: usage 3248kB, limit 0kB, failcnt 381256
[  850.913301][T17475] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  850.928097][T17475] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  850.938332][T17475] Memory cgroup stats for /syz1: cache:4KB rss:2248KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2184KB inactive_file:0KB active_file:0KB unevictable:0KB
[  850.966993][T17475] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17475,uid=0
[  850.995551][T17475] Memory cgroup out of memory: Killed process 17475 (syz-executor.1) total-vm:72704kB, anon-rss:2148kB, file-rss:34816kB, shmem-rss:0kB
[  851.019771][ T1044] oom_reaper: reaped process 17475 (syz-executor.1), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB
15:50:43 executing program 4:
socketpair(0x11, 0xa, 0x5, &(0x7f0000000000))

15:50:43 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006"], &(0x7f0000000480)=""/222, 0x1d, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

[  851.326083][T17507] device nr0
 entered promiscuous mode
[  851.544158][T17512] IPVS: ftp: loaded support on port[0] = 21
[  851.717617][T17512] chnl_net:caif_netlink_parms(): no params data found
[  851.790679][T17512] bridge0: port 1(bridge_slave_0) entered blocking state
[  851.798933][T17512] bridge0: port 1(bridge_slave_0) entered disabled state
[  851.807577][T17512] device bridge_slave_0 entered promiscuous mode
[  851.816648][T17512] bridge0: port 2(bridge_slave_1) entered blocking state
[  851.823793][T17512] bridge0: port 2(bridge_slave_1) entered disabled state
[  851.832459][T17512] device bridge_slave_1 entered promiscuous mode
[  851.890640][T17512] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  851.913383][T17512] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  851.939270][T17512] team0: Port device team_slave_0 added
[  851.947628][T17512] team0: Port device team_slave_1 added
[  852.007707][T17512] device hsr_slave_0 entered promiscuous mode
[  852.054935][T17512] device hsr_slave_1 entered promiscuous mode
[  852.116854][T17512] bridge0: port 2(bridge_slave_1) entered blocking state
[  852.125030][T17512] bridge0: port 2(bridge_slave_1) entered forwarding state
[  852.132432][T17512] bridge0: port 1(bridge_slave_0) entered blocking state
[  852.139576][T17512] bridge0: port 1(bridge_slave_0) entered forwarding state
[  852.236091][T17512] 8021q: adding VLAN 0 to HW filter on device bond0
[  852.251827][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  852.266895][T14425] bridge0: port 1(bridge_slave_0) entered disabled state
[  852.294115][T14425] bridge0: port 2(bridge_slave_1) entered disabled state
[  852.317986][T17512] 8021q: adding VLAN 0 to HW filter on device team0
[  852.340295][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  852.358309][T14425] bridge0: port 1(bridge_slave_0) entered blocking state
[  852.365477][T14425] bridge0: port 1(bridge_slave_0) entered forwarding state
[  852.387656][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  852.397308][ T3542] bridge0: port 2(bridge_slave_1) entered blocking state
[  852.404450][ T3542] bridge0: port 2(bridge_slave_1) entered forwarding state
[  852.428547][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  852.445679][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  852.463005][T17512] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  852.481538][T17512] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  852.504520][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  852.512672][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  852.531534][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  852.543557][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  852.561284][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  853.369357][T17512] 8021q: adding VLAN 0 to HW filter on device batadv0
[  853.384704][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  854.057390][T17520] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  854.068973][T17520] CPU: 1 PID: 17520 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  854.076976][T17520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  854.087040][T17520] Call Trace:
[  854.090364][T17520]  dump_stack+0x172/0x1f0
[  854.094716][T17520]  dump_header+0x10f/0xb6c
[  854.099156][T17520]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  854.104980][T17520]  ? ___ratelimit+0x60/0x595
[  854.109581][T17520]  ? do_raw_spin_unlock+0x57/0x270
[  854.114719][T17520]  oom_kill_process.cold+0x10/0x15
[  854.119947][T17520]  out_of_memory+0x79a/0x1280
[  854.125910][T17520]  ? lock_downgrade+0x880/0x880
[  854.130782][T17520]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  854.137045][T17520]  ? oom_killer_disable+0x280/0x280
[  854.142251][T17520]  ? find_held_lock+0x35/0x130
[  854.147036][T17520]  mem_cgroup_out_of_memory+0x1ca/0x230
[  854.152594][T17520]  ? memcg_event_wake+0x230/0x230
[  854.157643][T17520]  ? do_raw_spin_unlock+0x57/0x270
[  854.162770][T17520]  ? _raw_spin_unlock+0x2d/0x50
[  854.167634][T17520]  try_charge+0x102c/0x15c0
[  854.172146][T17520]  ? find_held_lock+0x35/0x130
[  854.176935][T17520]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  854.182495][T17520]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  854.188834][T17520]  ? kasan_check_read+0x11/0x20
[  854.193697][T17520]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  854.199250][T17520]  mem_cgroup_try_charge+0x24d/0x5e0
[  854.204552][T17520]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  854.210195][T17520]  __handle_mm_fault+0x1e1a/0x3eb0
[  854.215335][T17520]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  854.220885][T17520]  ? find_held_lock+0x35/0x130
[  854.225656][T17520]  ? handle_mm_fault+0x292/0xa90
[  854.230613][T17520]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  854.236859][T17520]  ? kasan_check_read+0x11/0x20
[  854.241720][T17520]  handle_mm_fault+0x3b7/0xa90
[  854.246501][T17520]  __do_page_fault+0x5ef/0xda0
[  854.251279][T17520]  do_page_fault+0x71/0x57d
[  854.255796][T17520]  ? page_fault+0x8/0x30
[  854.260135][T17520]  page_fault+0x1e/0x30
[  854.264287][T17520] RIP: 0033:0x410bbf
[  854.268167][T17520] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[  854.287759][T17520] RSP: 002b:00007ffd16064ba0 EFLAGS: 00010206
[  854.293807][T17520] RAX: 00007f843d263000 RBX: 0000000000020000 RCX: 00000000004592ca
[  854.301761][T17520] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[  854.309716][T17520] RBP: 00007ffd16064c80 R08: ffffffffffffffff R09: 0000000000000000
[  854.317674][T17520] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd16064d70
[  854.325628][T17520] R13: 00007f843d283700 R14: 0000000000000001 R15: 000000000075bfcc
[  854.336800][T17520] memory: usage 3084kB, limit 0kB, failcnt 229616
[  854.343358][T17520] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  854.352254][T17520] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  854.366660][T17520] Memory cgroup stats for /syz2: cache:0KB rss:2120KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2120KB inactive_file:0KB active_file:0KB unevictable:0KB
[  854.387691][T17520] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17520,uid=0
[  854.406671][T17520] Memory cgroup out of memory: Killed process 17520 (syz-executor.2) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[  854.425190][ T1044] oom_reaper: reaped process 17520 (syz-executor.2), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB
15:50:46 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:50:46 executing program 5:
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:50:46 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8904, 0x0)
socket$kcm(0x29, 0x7, 0x0)

15:50:46 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:50:46 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac540000000300000000000000060000040000002010000000050000"], &(0x7f0000000480)=""/222, 0x2b, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:50:46 executing program 4:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  854.487491][T17512] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
15:50:46 executing program 3:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006"], &(0x7f0000000480)=""/222, 0x1d, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

[  854.585031][T17512] CPU: 1 PID: 17512 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  854.593055][T17512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  854.603119][T17512] Call Trace:
[  854.606425][T17512]  dump_stack+0x172/0x1f0
[  854.610776][T17512]  dump_header+0x10f/0xb6c
[  854.615211][T17512]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  854.621037][T17512]  ? ___ratelimit+0x60/0x595
[  854.625646][T17512]  ? do_raw_spin_unlock+0x57/0x270
[  854.630823][T17512]  oom_kill_process.cold+0x10/0x15
[  854.635969][T17512]  out_of_memory+0x79a/0x1280
[  854.640675][T17512]  ? lock_downgrade+0x880/0x880
[  854.645550][T17512]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  854.651813][T17512]  ? oom_killer_disable+0x280/0x280
[  854.657028][T17512]  ? find_held_lock+0x35/0x130
[  854.661819][T17512]  mem_cgroup_out_of_memory+0x1ca/0x230
[  854.667379][T17512]  ? memcg_event_wake+0x230/0x230
[  854.672420][T17512]  ? do_raw_spin_unlock+0x57/0x270
[  854.677546][T17512]  ? _raw_spin_unlock+0x2d/0x50
[  854.682413][T17512]  try_charge+0x102c/0x15c0
[  854.686925][T17512]  ? find_held_lock+0x35/0x130
[  854.691717][T17512]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  854.697285][T17512]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  854.703545][T17512]  ? kasan_check_read+0x11/0x20
[  854.708416][T17512]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  854.713982][T17512]  mem_cgroup_try_charge+0x24d/0x5e0
[  854.719294][T17512]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  854.724948][T17512]  wp_page_copy+0x416/0x1770
[  854.729559][T17512]  ? do_wp_page+0x486/0x1500
[  854.734171][T17512]  ? pmd_pfn+0x1d0/0x1d0
[  854.738429][T17512]  ? lock_downgrade+0x880/0x880
[  854.743289][T17512]  ? swp_swapcount+0x540/0x540
[  854.748067][T17512]  ? kasan_check_read+0x11/0x20
[  854.752958][T17512]  ? do_raw_spin_unlock+0x57/0x270
[  854.758086][T17512]  do_wp_page+0x48e/0x1500
[  854.762614][T17512]  ? finish_mkwrite_fault+0x540/0x540
[  854.768015][T17512]  __handle_mm_fault+0x22e3/0x3eb0
[  854.773150][T17512]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  854.778715][T17512]  ? find_held_lock+0x35/0x130
[  854.783503][T17512]  ? handle_mm_fault+0x292/0xa90
[  854.788470][T17512]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  854.794730][T17512]  ? kasan_check_read+0x11/0x20
[  854.799611][T17512]  handle_mm_fault+0x3b7/0xa90
[  854.804392][T17512]  __do_page_fault+0x5ef/0xda0
[  854.809179][T17512]  do_page_fault+0x71/0x57d
[  854.813703][T17512]  ? page_fault+0x8/0x30
[  854.817970][T17512]  page_fault+0x1e/0x30
[  854.822135][T17512] RIP: 0033:0x403672
[  854.826039][T17512] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 29 86 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 49 3b 05 00 48
[  854.845660][T17512] RSP: 002b:00007ffd16063d50 EFLAGS: 00010246
[  854.851749][T17512] RAX: 0000000000000000 RBX: 00000000000d07d9 RCX: 0000000000412e80
[  854.859734][T17512] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd16064e80
[  854.867722][T17512] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556ca8940
[  854.875709][T17512] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd16064e80
[  854.883698][T17512] R13: 00007ffd16064e70 R14: 0000000000000000 R15: 00007ffd16064e80
[  854.978721][T17512] memory: usage 756kB, limit 0kB, failcnt 229625
[  854.990506][T17512] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  855.001614][T17512] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  855.017695][T17512] Memory cgroup stats for /syz2: cache:0KB rss:12KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:12KB inactive_file:0KB active_file:0KB unevictable:0KB
[  855.054641][T17512] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17512,uid=0
[  855.081508][T17512] Memory cgroup out of memory: Killed process 17512 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34828kB, shmem-rss:0kB
[  855.096280][ T1044] oom_reaper: reaped process 17512 (syz-executor.2), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
[  855.104562][T17535] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  855.118067][T17535] CPU: 0 PID: 17535 Comm: syz-executor.4 Not tainted 5.2.0-rc2+ #14
[  855.126062][T17535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  855.136126][T17535] Call Trace:
[  855.139443][T17535]  dump_stack+0x172/0x1f0
[  855.143788][T17535]  dump_header+0x10f/0xb6c
[  855.148307][T17535]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  855.154124][T17535]  ? ___ratelimit+0x60/0x595
[  855.158720][T17535]  ? do_raw_spin_unlock+0x57/0x270
[  855.163846][T17535]  oom_kill_process.cold+0x10/0x15
[  855.168966][T17535]  out_of_memory+0x79a/0x1280
[  855.173657][T17535]  ? oom_killer_disable+0x280/0x280
[  855.178880][T17535]  mem_cgroup_out_of_memory+0x1ca/0x230
[  855.184434][T17535]  ? memcg_event_wake+0x230/0x230
[  855.189475][T17535]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  855.195384][T17535]  ? cgroup_file_notify+0x140/0x1b0
[  855.200771][T17535]  memory_max_write+0x169/0x300
[  855.205637][T17535]  ? mem_cgroup_write+0x360/0x360
[  855.210671][T17535]  ? lock_acquire+0x16f/0x3f0
[  855.215359][T17535]  ? kernfs_fop_write+0x227/0x480
[  855.220489][T17535]  cgroup_file_write+0x241/0x790
[  855.225437][T17535]  ? mem_cgroup_write+0x360/0x360
[  855.230460][T17535]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  855.236081][T17535]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  855.241699][T17535]  kernfs_fop_write+0x2b8/0x480
[  855.246597][T17535]  __vfs_write+0x8a/0x110
[  855.250911][T17535]  ? kernfs_fop_open+0xd80/0xd80
[  855.255834][T17535]  vfs_write+0x20c/0x580
[  855.260062][T17535]  ksys_write+0x14f/0x290
[  855.264399][T17535]  ? __ia32_sys_read+0xb0/0xb0
[  855.269158][T17535]  ? do_syscall_64+0x26/0x680
[  855.273824][T17535]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  855.279882][T17535]  ? do_syscall_64+0x26/0x680
[  855.284574][T17535]  __x64_sys_write+0x73/0xb0
[  855.289166][T17535]  do_syscall_64+0xfd/0x680
[  855.293779][T17535]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  855.299661][T17535] RIP: 0033:0x459279
[  855.303541][T17535] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  855.323131][T17535] RSP: 002b:00007f4c5c09cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  855.331541][T17535] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  855.339513][T17535] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  855.347473][T17535] RBP: 000000000075bfc0 R08: 0000000000000000 R09: 0000000000000000
[  855.355428][T17535] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c5c09d6d4
[  855.363387][T17535] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  855.373390][T17535] memory: usage 5800kB, limit 0kB, failcnt 26
[  855.380089][T17535] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  855.387770][T17535] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  855.387779][T17535] Memory cgroup stats for /syz4: cache:48KB rss:2276KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2212KB inactive_file:0KB active_file:0KB unevictable:0KB
[  855.387865][T17535] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17523,uid=0
[  855.416204][T17535] Memory cgroup out of memory: Killed process 17535 (syz-executor.4) total-vm:72704kB, anon-rss:2200kB, file-rss:35852kB, shmem-rss:0kB
[  855.455280][ T1044] oom_reaper: reaped process 17535 (syz-executor.4), now anon-rss:0kB, file-rss:34892kB, shmem-rss:0kB
15:50:47 executing program 4:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  855.535378][T17438] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0
[  855.562571][T17438] CPU: 0 PID: 17438 Comm: syz-executor.4 Not tainted 5.2.0-rc2+ #14
[  855.570677][T17438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  855.580741][T17438] Call Trace:
[  855.584062][T17438]  dump_stack+0x172/0x1f0
[  855.588406][T17438]  dump_header+0x10f/0xb6c
[  855.592833][T17438]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  855.598642][T17438]  ? ___ratelimit+0x60/0x595
[  855.603235][T17438]  ? do_raw_spin_unlock+0x57/0x270
[  855.608451][T17438]  oom_kill_process.cold+0x10/0x15
[  855.613576][T17438]  out_of_memory+0x79a/0x1280
[  855.618274][T17438]  ? lock_downgrade+0x880/0x880
[  855.623132][T17438]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  855.629387][T17438]  ? oom_killer_disable+0x280/0x280
[  855.634592][T17438]  ? find_held_lock+0x35/0x130
[  855.639381][T17438]  mem_cgroup_out_of_memory+0x1ca/0x230
[  855.644934][T17438]  ? memcg_event_wake+0x230/0x230
[  855.649974][T17438]  ? do_raw_spin_unlock+0x57/0x270
[  855.655097][T17438]  ? _raw_spin_unlock+0x2d/0x50
[  855.659964][T17438]  try_charge+0x102c/0x15c0
[  855.664471][T17438]  ? find_held_lock+0x35/0x130
[  855.669263][T17438]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  855.674818][T17438]  ? get_mem_cgroup_from_mm+0x10b/0x2b0
[  855.680387][T17438]  ? find_held_lock+0x35/0x130
[  855.685159][T17438]  ? get_mem_cgroup_from_mm+0x10b/0x2b0
[  855.690722][T17438]  __memcg_kmem_charge_memcg+0x7c/0x130
[  855.696281][T17438]  ? memcg_kmem_put_cache+0xb0/0xb0
[  855.701492][T17438]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  855.707049][T17438]  __memcg_kmem_charge+0x136/0x300
[  855.712178][T17438]  __alloc_pages_nodemask+0x4bd/0x8d0
[  855.717565][T17438]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  855.723820][T17438]  ? __alloc_pages_slowpath+0x28f0/0x28f0
[  855.729555][T17438]  ? copy_process.part.0+0x43f7/0x6790
[  855.735025][T17438]  ? lockdep_hardirqs_on+0x418/0x5d0
[  855.740318][T17438]  ? trace_hardirqs_on+0x67/0x220
[  855.745350][T17438]  ? kasan_check_read+0x11/0x20
[  855.750216][T17438]  copy_process.part.0+0x4a0/0x6790
[  855.755429][T17438]  ? __might_fault+0x12b/0x1e0
[  855.760212][T17438]  ? __cleanup_sighand+0x60/0x60
[  855.765161][T17438]  ? lock_downgrade+0x880/0x880
[  855.770036][T17438]  _do_fork+0x25d/0xfe0
[  855.774203][T17438]  ? copy_init_mm+0x20/0x20
[  855.778728][T17438]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  855.784300][T17438]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  855.789776][T17438]  ? do_syscall_64+0x26/0x680
[  855.794464][T17438]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  855.800541][T17438]  ? do_syscall_64+0x26/0x680
[  855.805238][T17438]  __x64_sys_clone+0xbf/0x150
[  855.809933][T17438]  do_syscall_64+0xfd/0x680
[  855.814464][T17438]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  855.820367][T17438] RIP: 0033:0x45784a
[  855.824253][T17438] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
[  855.843878][T17438] RSP: 002b:00007ffea4cdd440 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  855.852294][T17438] RAX: ffffffffffffffda RBX: 00007ffea4cdd440 RCX: 000000000045784a
[  855.860282][T17438] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  855.868254][T17438] RBP: 00007ffea4cdd480 R08: 0000000000000001 R09: 0000555557149940
[  855.876218][T17438] R10: 0000555557149c10 R11: 0000000000000246 R12: 0000000000000001
[  855.884183][T17438] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffea4cdd4d0
[  855.895585][T17438] memory: usage 3408kB, limit 0kB, failcnt 34
[  855.901679][T17438] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  855.909286][T17438] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  855.916207][T17438] Memory cgroup stats for /syz4: cache:48KB rss:172KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB
[  855.916300][T17438] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17438,uid=0
[  855.952663][T17438] Memory cgroup out of memory: Killed process 17438 (syz-executor.4) total-vm:72440kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB
[  855.996383][T17539] device nr0
 entered promiscuous mode
15:50:48 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac540000000300000000000000060000040000002010000000050000"], &(0x7f0000000480)=""/222, 0x2b, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:50:49 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:50:49 executing program 3:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006"], &(0x7f0000000480)=""/222, 0x1d, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

[  857.389189][T17545] IPVS: ftp: loaded support on port[0] = 21
[  857.416104][T17550] device nr0
 entered promiscuous mode
15:50:49 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:50:49 executing program 4:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  858.086985][T17558] device nr0
 entered promiscuous mode
[  859.197923][T17565] IPVS: ftp: loaded support on port[0] = 21
[  859.207979][T17545] chnl_net:caif_netlink_parms(): no params data found
[  859.234725][T13644] device bridge_slave_1 left promiscuous mode
[  859.240980][T13644] bridge0: port 2(bridge_slave_1) entered disabled state
[  859.305666][T13644] device bridge_slave_0 left promiscuous mode
[  859.311920][T13644] bridge0: port 1(bridge_slave_0) entered disabled state
[  859.366631][T13644] device bridge_slave_1 left promiscuous mode
[  859.372878][T13644] bridge0: port 2(bridge_slave_1) entered disabled state
[  859.425577][T13644] device bridge_slave_0 left promiscuous mode
[  859.431810][T13644] bridge0: port 1(bridge_slave_0) entered disabled state
[  859.486585][T13644] device bridge_slave_1 left promiscuous mode
[  859.492839][T13644] bridge0: port 2(bridge_slave_1) entered disabled state
[  859.545535][T13644] device bridge_slave_0 left promiscuous mode
[  859.551778][T13644] bridge0: port 1(bridge_slave_0) entered disabled state
[  871.007906][T13644] device hsr_slave_1 left promiscuous mode
[  871.060878][T13644] device hsr_slave_0 left promiscuous mode
[  871.120166][T13644] team0 (unregistering): Port device team_slave_1 removed
[  871.153088][T13644] team0 (unregistering): Port device team_slave_0 removed
[  871.181132][T13644] bond0 (unregistering): Releasing backup interface bond_slave_1
[  871.246678][T13644] bond0 (unregistering): Releasing backup interface bond_slave_0
[  871.427916][T13644] bond0 (unregistering): Released all slaves
[  871.578242][T13644] device hsr_slave_1 left promiscuous mode
[  871.623992][T13644] device hsr_slave_0 left promiscuous mode
[  871.680115][T13644] team0 (unregistering): Port device team_slave_1 removed
[  871.708427][T13644] team0 (unregistering): Port device team_slave_0 removed
[  871.723437][T13644] bond0 (unregistering): Releasing backup interface bond_slave_1
[  871.786675][T13644] bond0 (unregistering): Releasing backup interface bond_slave_0
[  871.953969][T13644] bond0 (unregistering): Released all slaves
[  872.128321][T13644] device hsr_slave_1 left promiscuous mode
[  872.170721][T13644] device hsr_slave_0 left promiscuous mode
[  872.230140][T13644] team0 (unregistering): Port device team_slave_1 removed
[  872.262822][T13644] team0 (unregistering): Port device team_slave_0 removed
[  872.291152][T13644] bond0 (unregistering): Releasing backup interface bond_slave_1
[  872.356830][T13644] bond0 (unregistering): Releasing backup interface bond_slave_0
[  872.486857][T13644] bond0 (unregistering): Released all slaves
[  872.657229][T17545] bridge0: port 1(bridge_slave_0) entered blocking state
[  872.664777][T17545] bridge0: port 1(bridge_slave_0) entered disabled state
[  872.672902][T17545] device bridge_slave_0 entered promiscuous mode
[  872.685685][T17545] bridge0: port 2(bridge_slave_1) entered blocking state
[  872.692822][T17545] bridge0: port 2(bridge_slave_1) entered disabled state
[  872.701502][T17545] device bridge_slave_1 entered promiscuous mode
[  872.756963][T17545] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  872.783185][T17545] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  872.877033][T17545] team0: Port device team_slave_0 added
[  872.882941][T17565] chnl_net:caif_netlink_parms(): no params data found
[  872.895601][T17545] team0: Port device team_slave_1 added
[  872.977813][T17545] device hsr_slave_0 entered promiscuous mode
[  873.014942][T17545] device hsr_slave_1 entered promiscuous mode
[  873.076058][T17565] bridge0: port 1(bridge_slave_0) entered blocking state
[  873.083560][T17565] bridge0: port 1(bridge_slave_0) entered disabled state
[  873.093472][T17565] device bridge_slave_0 entered promiscuous mode
[  873.111993][T17545] bridge0: port 2(bridge_slave_1) entered blocking state
[  873.119147][T17545] bridge0: port 2(bridge_slave_1) entered forwarding state
[  873.126641][T17545] bridge0: port 1(bridge_slave_0) entered blocking state
[  873.133755][T17545] bridge0: port 1(bridge_slave_0) entered forwarding state
[  873.163539][T17565] bridge0: port 2(bridge_slave_1) entered blocking state
[  873.181713][T17565] bridge0: port 2(bridge_slave_1) entered disabled state
[  873.192121][T17565] device bridge_slave_1 entered promiscuous mode
[  873.329838][T17565] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  873.407486][T17565] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  873.524894][T17565] team0: Port device team_slave_0 added
[  873.534012][T17545] 8021q: adding VLAN 0 to HW filter on device bond0
[  873.552513][T17565] team0: Port device team_slave_1 added
[  873.591492][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  873.614213][ T8848] bridge0: port 1(bridge_slave_0) entered disabled state
[  873.643013][ T8848] bridge0: port 2(bridge_slave_1) entered disabled state
[  873.664865][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  873.711185][T17545] 8021q: adding VLAN 0 to HW filter on device team0
[  873.806296][T17565] device hsr_slave_0 entered promiscuous mode
[  873.864904][T17565] device hsr_slave_1 entered promiscuous mode
[  873.944752][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  873.954076][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  873.970211][ T8848] bridge0: port 1(bridge_slave_0) entered blocking state
[  873.977379][ T8848] bridge0: port 1(bridge_slave_0) entered forwarding state
[  873.993539][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  874.002489][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  874.020059][ T8848] bridge0: port 2(bridge_slave_1) entered blocking state
[  874.027222][ T8848] bridge0: port 2(bridge_slave_1) entered forwarding state
[  874.042535][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  874.077241][T17278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  874.093348][T17278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  874.115108][T17278] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  874.124159][T17278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  874.140503][T17278] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  874.161397][T17545] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  874.180433][T17545] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  874.239673][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  874.269455][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  874.278420][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  874.305615][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  874.314013][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  874.353754][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  874.388631][T17545] 8021q: adding VLAN 0 to HW filter on device batadv0
[  874.409342][T17565] 8021q: adding VLAN 0 to HW filter on device bond0
[  874.431110][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  874.450021][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  874.479645][T17565] 8021q: adding VLAN 0 to HW filter on device team0
[  874.518741][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  874.542955][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  874.571372][ T8848] bridge0: port 1(bridge_slave_0) entered blocking state
[  874.578530][ T8848] bridge0: port 1(bridge_slave_0) entered forwarding state
[  874.632463][T17278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  874.642570][T17278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  874.680059][T17278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  874.701427][T17278] bridge0: port 2(bridge_slave_1) entered blocking state
[  874.708593][T17278] bridge0: port 2(bridge_slave_1) entered forwarding state
[  874.724958][T17278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  874.733982][T17278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  874.781916][T17278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  874.837393][T17278] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  874.855109][T17574] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  874.875398][T17278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  874.884088][T17278] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  874.884900][T17574] CPU: 1 PID: 17574 Comm: syz-executor.5 Not tainted 5.2.0-rc2+ #14
[  874.899708][T17278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  874.899883][T17574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  874.908672][T17278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  874.917831][T17574] Call Trace:
[  874.917860][T17574]  dump_stack+0x172/0x1f0
[  874.917884][T17574]  dump_header+0x10f/0xb6c
[  874.917911][T17574]  ? oom_kill_process+0x94/0x3f0
[  874.927003][T17278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  874.928917][T17574]  oom_kill_process.cold+0x10/0x15
[  874.933872][T17278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  874.937658][T17574]  out_of_memory+0x79a/0x1280
[  874.937681][T17574]  ? retint_kernel+0x2b/0x2b
[  874.937699][T17574]  ? oom_killer_disable+0x280/0x280
[  874.937728][T17574]  mem_cgroup_out_of_memory+0x1ca/0x230
[  874.946720][T17565] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  874.950459][T17574]  ? memcg_event_wake+0x230/0x230
[  874.972417][T17565] 8021q: adding VLAN 0 to HW filter on device batadv0
[  874.972517][T17574]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  874.983247][T17574]  ? cgroup_file_notify+0x140/0x1b0
[  874.998344][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  875.002107][T17574]  memory_max_write+0x169/0x300
[  875.025174][T17574]  ? mem_cgroup_write+0x360/0x360
[  875.030233][T17574]  ? cgroup_file_write+0x1e2/0x790
[  875.035366][T17574]  cgroup_file_write+0x241/0x790
[  875.040326][T17574]  ? mem_cgroup_write+0x360/0x360
[  875.045364][T17574]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  875.051013][T17574]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  875.056653][T17574]  kernfs_fop_write+0x2b8/0x480
[  875.061512][T17574]  __vfs_write+0x8a/0x110
[  875.065844][T17574]  ? kernfs_fop_open+0xd80/0xd80
[  875.070788][T17574]  vfs_write+0x20c/0x580
[  875.075052][T17574]  ksys_write+0x14f/0x290
[  875.079394][T17574]  ? __ia32_sys_read+0xb0/0xb0
[  875.084178][T17574]  ? do_syscall_64+0x26/0x680
[  875.088869][T17574]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  875.094956][T17574]  ? do_syscall_64+0x26/0x680
[  875.099635][T17574]  __x64_sys_write+0x73/0xb0
[  875.104209][T17574]  do_syscall_64+0xfd/0x680
[  875.108702][T17574]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  875.114578][T17574] RIP: 0033:0x459279
[  875.118452][T17574] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  875.138040][T17574] RSP: 002b:00007f489a6b9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  875.146437][T17574] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  875.154394][T17574] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  875.162348][T17574] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  875.170316][T17574] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f489a6ba6d4
[  875.178274][T17574] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  875.188087][T17574] memory: usage 3188kB, limit 0kB, failcnt 211993
[  875.195080][T17574] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  875.202867][T17574] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  875.210562][T17574] Memory cgroup stats for /syz5: cache:176KB rss:2204KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2204KB inactive_file:132KB active_file:0KB unevictable:0KB
[  875.246963][T17574] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17573,uid=0
[  875.263647][T17574] Memory cgroup out of memory: Killed process 17573 (syz-executor.5) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[  875.280132][ T1044] oom_reaper: reaped process 17573 (syz-executor.5), now anon-rss:0kB, file-rss:34772kB, shmem-rss:0kB
15:51:07 executing program 5:
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:51:07 executing program 4:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  875.568496][T17545] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  875.580823][T17545] CPU: 1 PID: 17545 Comm: syz-executor.5 Not tainted 5.2.0-rc2+ #14
[  875.588820][T17545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  875.598886][T17545] Call Trace:
[  875.602188][T17545]  dump_stack+0x172/0x1f0
[  875.606541][T17545]  dump_header+0x10f/0xb6c
[  875.610967][T17545]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  875.616788][T17545]  ? ___ratelimit+0x60/0x595
[  875.621395][T17545]  ? do_raw_spin_unlock+0x57/0x270
[  875.626524][T17545]  oom_kill_process.cold+0x10/0x15
[  875.631648][T17545]  out_of_memory+0x79a/0x1280
[  875.636333][T17545]  ? lock_downgrade+0x880/0x880
[  875.641189][T17545]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  875.647439][T17545]  ? oom_killer_disable+0x280/0x280
[  875.652644][T17545]  ? find_held_lock+0x35/0x130
[  875.657426][T17545]  mem_cgroup_out_of_memory+0x1ca/0x230
[  875.662975][T17545]  ? memcg_event_wake+0x230/0x230
[  875.668012][T17545]  ? do_raw_spin_unlock+0x57/0x270
[  875.674350][T17545]  ? _raw_spin_unlock+0x2d/0x50
[  875.679217][T17545]  try_charge+0x102c/0x15c0
[  875.683727][T17545]  ? find_held_lock+0x35/0x130
[  875.688517][T17545]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  875.694124][T17545]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  875.700378][T17545]  ? kasan_check_read+0x11/0x20
[  875.705249][T17545]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  875.710810][T17545]  mem_cgroup_try_charge+0x24d/0x5e0
[  875.716113][T17545]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  875.721766][T17545]  wp_page_copy+0x416/0x1770
[  875.726379][T17545]  ? do_wp_page+0x486/0x1500
[  875.730987][T17545]  ? pmd_pfn+0x1d0/0x1d0
[  875.735246][T17545]  ? lock_downgrade+0x880/0x880
[  875.740105][T17545]  ? swp_swapcount+0x540/0x540
[  875.744872][T17545]  ? do_raw_spin_unlock+0x57/0x270
[  875.749990][T17545]  ? kasan_check_read+0x11/0x20
[  875.754848][T17545]  ? do_raw_spin_unlock+0x57/0x270
[  875.759971][T17545]  do_wp_page+0x48e/0x1500
[  875.764400][T17545]  ? finish_mkwrite_fault+0x540/0x540
[  875.769792][T17545]  __handle_mm_fault+0x22e3/0x3eb0
[  875.774911][T17545]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  875.780460][T17545]  ? find_held_lock+0x35/0x130
[  875.785225][T17545]  ? handle_mm_fault+0x292/0xa90
[  875.790175][T17545]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  875.796553][T17545]  ? kasan_check_read+0x11/0x20
[  875.801421][T17545]  handle_mm_fault+0x3b7/0xa90
[  875.806186][T17545]  __do_page_fault+0x5ef/0xda0
[  875.810934][T17545]  do_page_fault+0x71/0x57d
[  875.815442][T17545]  ? page_fault+0x8/0x30
[  875.819675][T17545]  page_fault+0x1e/0x30
[  875.823898][T17545] RIP: 0033:0x430356
[  875.827775][T17545] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 46 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 4c 64 00 85 c0 0f 84
[  875.847715][T17545] RSP: 002b:00007ffeb9991940 EFLAGS: 00010206
[  875.853801][T17545] RAX: 0000000000019691 RBX: 0000000000714640 RCX: 0000000000008041
[  875.861773][T17545] RDX: 0000555555caa930 RSI: 0000555555cb2970 RDI: 0000000000000003
[  875.869731][T17545] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555ca9940
[  875.877701][T17545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000714698
[  875.885668][T17545] R13: 0000000000714698 R14: 0000000000000000 R15: 0000000000002710
[  875.894893][T17545] memory: usage 812kB, limit 0kB, failcnt 212001
[  875.901245][T17545] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  875.909077][T17545] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  875.916003][T17545] Memory cgroup stats for /syz5: cache:176KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:48KB inactive_file:132KB active_file:0KB unevictable:0KB
[  875.936965][T17545] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17545,uid=0
[  875.952439][T17545] Memory cgroup out of memory: Killed process 17545 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34828kB, shmem-rss:0kB
[  875.967289][ T1044] oom_reaper: reaped process 17545 (syz-executor.5), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
[  876.993210][T17585] IPVS: ftp: loaded support on port[0] = 21
[  878.101472][T17585] chnl_net:caif_netlink_parms(): no params data found
[  879.130608][T17585] bridge0: port 1(bridge_slave_0) entered blocking state
[  879.148824][T17585] bridge0: port 1(bridge_slave_0) entered disabled state
[  879.161770][T17585] device bridge_slave_0 entered promiscuous mode
[  879.672585][T17585] bridge0: port 2(bridge_slave_1) entered blocking state
[  879.688240][T17585] bridge0: port 2(bridge_slave_1) entered disabled state
[  879.700876][T17585] device bridge_slave_1 entered promiscuous mode
[  879.749771][T17585] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  880.164912][T17585] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  880.515101][T17585] team0: Port device team_slave_0 added
[  880.522720][T17585] team0: Port device team_slave_1 added
[  881.107683][T17585] device hsr_slave_0 entered promiscuous mode
[  881.134936][T17585] device hsr_slave_1 entered promiscuous mode
[  882.171880][T17585] 8021q: adding VLAN 0 to HW filter on device bond0
[  882.186532][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  882.195200][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  882.207386][T17585] 8021q: adding VLAN 0 to HW filter on device team0
[  882.215830][T13644] device bridge_slave_1 left promiscuous mode
[  882.222098][T13644] bridge0: port 2(bridge_slave_1) entered disabled state
[  882.285737][T13644] device bridge_slave_0 left promiscuous mode
[  882.291988][T13644] bridge0: port 1(bridge_slave_0) entered disabled state
[  882.346671][T13644] device bridge_slave_1 left promiscuous mode
[  882.352916][T13644] bridge0: port 2(bridge_slave_1) entered disabled state
[  882.405676][T13644] device bridge_slave_0 left promiscuous mode
[  882.411913][T13644] bridge0: port 1(bridge_slave_0) entered disabled state
[  882.466659][T13644] device bridge_slave_1 left promiscuous mode
[  882.472928][T13644] bridge0: port 2(bridge_slave_1) entered disabled state
[  882.525699][T13644] device bridge_slave_0 left promiscuous mode
[  882.531949][T13644] bridge0: port 1(bridge_slave_0) entered disabled state
[  895.367630][T13644] device hsr_slave_1 left promiscuous mode
[  895.410710][T13644] device hsr_slave_0 left promiscuous mode
[  895.470052][T13644] team0 (unregistering): Port device team_slave_1 removed
[  895.493629][T13644] team0 (unregistering): Port device team_slave_0 removed
[  895.521607][T13644] bond0 (unregistering): Releasing backup interface bond_slave_1
[  895.574156][T13644] bond0 (unregistering): Releasing backup interface bond_slave_0
[  895.715935][T13644] bond0 (unregistering): Released all slaves
[  895.858238][T13644] device hsr_slave_1 left promiscuous mode
[  895.900565][T13644] device hsr_slave_0 left promiscuous mode
[  895.962987][T13644] team0 (unregistering): Port device team_slave_1 removed
[  895.991107][T13644] team0 (unregistering): Port device team_slave_0 removed
[  896.031749][T13644] bond0 (unregistering): Releasing backup interface bond_slave_1
[  896.082280][T13644] bond0 (unregistering): Releasing backup interface bond_slave_0
[  896.243473][T13644] bond0 (unregistering): Released all slaves
[  896.427846][T13644] device hsr_slave_1 left promiscuous mode
[  896.470491][T13644] device hsr_slave_0 left promiscuous mode
[  896.529947][T13644] team0 (unregistering): Port device team_slave_1 removed
[  896.553979][T13644] team0 (unregistering): Port device team_slave_0 removed
[  896.579653][T13644] bond0 (unregistering): Releasing backup interface bond_slave_1
[  896.656705][T13644] bond0 (unregistering): Releasing backup interface bond_slave_0
[  896.783189][T13644] bond0 (unregistering): Released all slaves
[  896.897740][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  896.915148][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  896.923604][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  896.930736][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  896.947876][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  896.960660][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  896.973644][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  896.980810][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  896.997171][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  897.032211][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  897.043641][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  897.071121][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  897.089901][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  897.102627][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  897.120145][ T3542] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  897.160021][T17585] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  897.178435][T17585] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  897.196949][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  897.213337][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  897.223137][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  897.240285][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  897.251384][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  897.277750][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  897.309119][T17585] 8021q: adding VLAN 0 to HW filter on device batadv0
[  897.623135][T17592] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  897.633614][T17592] CPU: 1 PID: 17592 Comm: syz-executor.4 Not tainted 5.2.0-rc2+ #14
[  897.641614][T17592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  897.651677][T17592] Call Trace:
[  897.654960][T17592]  dump_stack+0x172/0x1f0
[  897.659285][T17592]  dump_header+0x10f/0xb6c
[  897.663715][T17592]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  897.669507][T17592]  ? ___ratelimit+0x60/0x595
[  897.674088][T17592]  ? do_raw_spin_unlock+0x57/0x270
[  897.679189][T17592]  oom_kill_process.cold+0x10/0x15
[  897.684307][T17592]  out_of_memory+0x79a/0x1280
[  897.688976][T17592]  ? lock_downgrade+0x880/0x880
[  897.693812][T17592]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  897.700045][T17592]  ? oom_killer_disable+0x280/0x280
[  897.705250][T17592]  ? find_held_lock+0x35/0x130
[  897.710008][T17592]  mem_cgroup_out_of_memory+0x1ca/0x230
[  897.715539][T17592]  ? memcg_event_wake+0x230/0x230
[  897.720565][T17592]  ? do_raw_spin_unlock+0x57/0x270
[  897.725661][T17592]  ? _raw_spin_unlock+0x2d/0x50
[  897.730495][T17592]  try_charge+0x102c/0x15c0
[  897.734982][T17592]  ? find_held_lock+0x35/0x130
[  897.739733][T17592]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  897.745376][T17592]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  897.751686][T17592]  ? kasan_check_read+0x11/0x20
[  897.756523][T17592]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  897.762064][T17592]  mem_cgroup_try_charge+0x24d/0x5e0
[  897.767338][T17592]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  897.772954][T17592]  __handle_mm_fault+0x1e1a/0x3eb0
[  897.778061][T17592]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  897.783593][T17592]  ? find_held_lock+0x35/0x130
[  897.788345][T17592]  ? handle_mm_fault+0x292/0xa90
[  897.793277][T17592]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  897.799507][T17592]  ? kasan_check_read+0x11/0x20
[  897.804355][T17592]  handle_mm_fault+0x3b7/0xa90
[  897.809119][T17592]  __do_page_fault+0x5ef/0xda0
[  897.814045][T17592]  do_page_fault+0x71/0x57d
[  897.818622][T17592]  ? page_fault+0x8/0x30
[  897.822862][T17592]  page_fault+0x1e/0x30
[  897.826999][T17592] RIP: 0033:0x410bbf
[  897.830878][T17592] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[  897.850472][T17592] RSP: 002b:00007ffcda80b290 EFLAGS: 00010206
[  897.856618][T17592] RAX: 00007fd4c53bc000 RBX: 0000000000020000 RCX: 00000000004592ca
[  897.864579][T17592] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[  897.872540][T17592] RBP: 00007ffcda80b370 R08: ffffffffffffffff R09: 0000000000000000
[  897.880514][T17592] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcda80b460
[  897.888479][T17592] R13: 00007fd4c53dc700 R14: 0000000000000001 R15: 000000000075bfcc
[  897.898219][T17592] memory: usage 5512kB, limit 0kB, failcnt 47
[  897.904466][T17592] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  897.911960][T17592] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  897.919125][T17592] Memory cgroup stats for /syz4: cache:48KB rss:2132KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2200KB inactive_file:0KB active_file:0KB unevictable:0KB
[  897.940832][T17592] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17592,uid=0
[  897.956344][T17592] Memory cgroup out of memory: Killed process 17592 (syz-executor.4) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[  897.972271][ T1044] oom_reaper: reaped process 17592 (syz-executor.4), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB
[  898.050911][T17585] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  898.061029][T17585] CPU: 0 PID: 17585 Comm: syz-executor.4 Not tainted 5.2.0-rc2+ #14
[  898.069014][T17585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  898.079051][T17585] Call Trace:
[  898.082332][T17585]  dump_stack+0x172/0x1f0
[  898.086652][T17585]  dump_header+0x10f/0xb6c
[  898.091059][T17585]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  898.096855][T17585]  ? ___ratelimit+0x60/0x595
[  898.101428][T17585]  ? do_raw_spin_unlock+0x57/0x270
[  898.106528][T17585]  oom_kill_process.cold+0x10/0x15
[  898.111621][T17585]  out_of_memory+0x79a/0x1280
[  898.116290][T17585]  ? lock_downgrade+0x880/0x880
[  898.121148][T17585]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  898.127953][T17585]  ? oom_killer_disable+0x280/0x280
[  898.133131][T17585]  ? find_held_lock+0x35/0x130
[  898.137883][T17585]  mem_cgroup_out_of_memory+0x1ca/0x230
[  898.143411][T17585]  ? memcg_event_wake+0x230/0x230
[  898.148423][T17585]  ? do_raw_spin_unlock+0x57/0x270
[  898.153521][T17585]  ? _raw_spin_unlock+0x2d/0x50
[  898.158357][T17585]  try_charge+0x102c/0x15c0
[  898.162854][T17585]  ? find_held_lock+0x35/0x130
[  898.167604][T17585]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  898.173135][T17585]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  898.179357][T17585]  ? kasan_check_read+0x11/0x20
[  898.184215][T17585]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  898.189751][T17585]  mem_cgroup_try_charge+0x24d/0x5e0
[  898.195043][T17585]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  898.200660][T17585]  wp_page_copy+0x416/0x1770
[  898.205234][T17585]  ? do_wp_page+0x486/0x1500
[  898.209823][T17585]  ? pmd_pfn+0x1d0/0x1d0
[  898.214064][T17585]  ? lock_downgrade+0x880/0x880
[  898.218901][T17585]  ? swp_swapcount+0x540/0x540
[  898.223646][T17585]  ? do_raw_spin_unlock+0x57/0x270
[  898.228742][T17585]  ? kasan_check_read+0x11/0x20
[  898.233581][T17585]  ? do_raw_spin_unlock+0x57/0x270
[  898.238678][T17585]  do_wp_page+0x48e/0x1500
[  898.243098][T17585]  ? finish_mkwrite_fault+0x540/0x540
[  898.248481][T17585]  __handle_mm_fault+0x22e3/0x3eb0
[  898.253580][T17585]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  898.259151][T17585]  ? find_held_lock+0x35/0x130
[  898.263897][T17585]  ? handle_mm_fault+0x292/0xa90
[  898.268823][T17585]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  898.275049][T17585]  ? kasan_check_read+0x11/0x20
[  898.279887][T17585]  handle_mm_fault+0x3b7/0xa90
[  898.284639][T17585]  __do_page_fault+0x5ef/0xda0
[  898.289407][T17585]  do_page_fault+0x71/0x57d
[  898.293898][T17585]  ? page_fault+0x8/0x30
[  898.298120][T17585]  page_fault+0x1e/0x30
[  898.302255][T17585] RIP: 0033:0x430356
[  898.306138][T17585] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 46 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 4c 64 00 85 c0 0f 84
[  898.325723][T17585] RSP: 002b:00007ffcda80a2a0 EFLAGS: 00010206
[  898.331771][T17585] RAX: 0000000000019691 RBX: 0000000000714640 RCX: 0000000000008041
[  898.339729][T17585] RDX: 000055555744e930 RSI: 0000555557456970 RDI: 0000000000000003
[  898.347680][T17585] RBP: 0000000000008041 R08: 0000000000000001 R09: 000055555744d940
[  898.355634][T17585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000714698
[  898.363585][T17585] R13: 0000000000714698 R14: 0000000000000000 R15: 0000000000002710
[  898.376094][T17585] memory: usage 3180kB, limit 0kB, failcnt 56
[  898.382183][T17585] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  898.389985][T17585] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  898.397015][T17585] Memory cgroup stats for /syz4: cache:48KB rss:24KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:92KB inactive_file:0KB active_file:0KB unevictable:0KB
[  898.418376][T17585] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17585,uid=0
[  898.433806][T17585] Memory cgroup out of memory: Killed process 17585 (syz-executor.4) total-vm:72444kB, anon-rss:72kB, file-rss:34828kB, shmem-rss:0kB
[  898.448233][ T1044] oom_reaper: reaped process 17585 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB
[  902.695824][T13644] device bridge_slave_1 left promiscuous mode
[  902.702103][T13644] bridge0: port 2(bridge_slave_1) entered disabled state
[  902.755663][T13644] device bridge_slave_0 left promiscuous mode
[  902.761925][T13644] bridge0: port 1(bridge_slave_0) entered disabled state
[  906.152760][T13644] device hsr_slave_1 left promiscuous mode
[  906.216631][T13644] device hsr_slave_0 left promiscuous mode
[  906.270081][T13644] team0 (unregistering): Port device team_slave_1 removed
[  906.291013][T13644] team0 (unregistering): Port device team_slave_0 removed
[  906.312006][T13644] bond0 (unregistering): Releasing backup interface bond_slave_1
[  906.371270][T13644] bond0 (unregistering): Releasing backup interface bond_slave_0
[  906.495013][T13644] bond0 (unregistering): Released all slaves
15:51:46 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:51:46 executing program 3:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006"], &(0x7f0000000480)=""/222, 0x1d, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:51:46 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac540000000300000000000000060000040000002010000000050000"], &(0x7f0000000480)=""/222, 0x2b, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:51:46 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:51:46 executing program 5:
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:51:46 executing program 4:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

[  914.949833][T17596] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  914.998753][T17596] CPU: 1 PID: 17596 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  915.006789][T17596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  915.016850][T17596] Call Trace:
[  915.020157][T17596]  dump_stack+0x172/0x1f0
[  915.024503][T17596]  dump_header+0x10f/0xb6c
[  915.028946][T17596]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  915.034942][T17596]  ? ___ratelimit+0x60/0x595
[  915.039542][T17596]  ? do_raw_spin_unlock+0x57/0x270
[  915.044669][T17596]  oom_kill_process.cold+0x10/0x15
[  915.049798][T17596]  out_of_memory+0x79a/0x1280
[  915.054485][T17596]  ? lock_downgrade+0x880/0x880
[  915.059346][T17596]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  915.065599][T17596]  ? oom_killer_disable+0x280/0x280
[  915.070805][T17596]  ? find_held_lock+0x35/0x130
[  915.075593][T17596]  mem_cgroup_out_of_memory+0x1ca/0x230
[  915.081151][T17596]  ? memcg_event_wake+0x230/0x230
[  915.086196][T17596]  ? do_raw_spin_unlock+0x57/0x270
[  915.091323][T17596]  ? _raw_spin_unlock+0x2d/0x50
[  915.096194][T17596]  try_charge+0x102c/0x15c0
[  915.100714][T17596]  ? find_held_lock+0x35/0x130
[  915.105496][T17596]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  915.111058][T17596]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  915.117308][T17596]  ? kasan_check_read+0x11/0x20
[  915.122173][T17596]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  915.127735][T17596]  mem_cgroup_try_charge+0x24d/0x5e0
[  915.133044][T17596]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  915.138698][T17596]  __handle_mm_fault+0x1e1a/0x3eb0
[  915.143829][T17596]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  915.149394][T17596]  ? find_held_lock+0x35/0x130
[  915.154173][T17596]  ? handle_mm_fault+0x292/0xa90
[  915.159129][T17596]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  915.165375][T17596]  ? kasan_check_read+0x11/0x20
[  915.170245][T17596]  handle_mm_fault+0x3b7/0xa90
[  915.175024][T17596]  __do_page_fault+0x5ef/0xda0
[  915.179809][T17596]  do_page_fault+0x71/0x57d
[  915.184329][T17596]  ? page_fault+0x8/0x30
[  915.188581][T17596]  page_fault+0x1e/0x30
[  915.192763][T17596] RIP: 0033:0x410bbf
[  915.196667][T17596] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[  915.216278][T17596] RSP: 002b:00007fff0b8f2720 EFLAGS: 00010206
[  915.222355][T17596] RAX: 00007fb67b274000 RBX: 0000000000020000 RCX: 00000000004592ca
[  915.230335][T17596] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[  915.238307][T17596] RBP: 00007fff0b8f2800 R08: ffffffffffffffff R09: 0000000000000000
[  915.246277][T17596] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff0b8f28f0
[  915.254249][T17596] R13: 00007fb67b294700 R14: 0000000000000001 R15: 000000000075bfcc
[  915.263758][T17596] memory: usage 3140kB, limit 0kB, failcnt 229634
[  915.270667][T17596] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  915.278653][T17596] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  915.285975][T17596] Memory cgroup stats for /syz2: cache:0KB rss:2084KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2084KB inactive_file:0KB active_file:0KB unevictable:0KB
[  915.307386][T17596] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17596,uid=0
[  915.323241][T17596] Memory cgroup out of memory: Killed process 17596 (syz-executor.2) total-vm:72704kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
15:51:47 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  915.339872][ T1044] oom_reaper: reaped process 17596 (syz-executor.2), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB
[  915.390584][T17565] syz-executor.2 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0
[  915.421232][T17602] device nr0
 entered promiscuous mode
[  915.427973][T17565] CPU: 0 PID: 17565 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  915.435968][T17565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  915.446020][T17565] Call Trace:
[  915.449319][T17565]  dump_stack+0x172/0x1f0
[  915.453657][T17565]  dump_header+0x10f/0xb6c
[  915.458086][T17565]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  915.463900][T17565]  ? ___ratelimit+0x60/0x595
[  915.468494][T17565]  ? do_raw_spin_unlock+0x57/0x270
[  915.473620][T17565]  oom_kill_process.cold+0x10/0x15
[  915.478741][T17565]  out_of_memory+0x79a/0x1280
[  915.483422][T17565]  ? lock_downgrade+0x880/0x880
[  915.488281][T17565]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  915.494615][T17565]  ? oom_killer_disable+0x280/0x280
[  915.499815][T17565]  ? find_held_lock+0x35/0x130
[  915.504593][T17565]  mem_cgroup_out_of_memory+0x1ca/0x230
[  915.510140][T17565]  ? memcg_event_wake+0x230/0x230
[  915.515176][T17565]  ? do_raw_spin_unlock+0x57/0x270
[  915.520330][T17565]  ? _raw_spin_unlock+0x2d/0x50
[  915.525192][T17565]  try_charge+0x102c/0x15c0
[  915.529700][T17565]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  915.535943][T17565]  ? should_fail+0x1de/0x852
[  915.540549][T17565]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  915.546103][T17565]  ? rcu_read_lock_sched_held+0x110/0x130
[  915.551828][T17565]  ? __alloc_pages_nodemask+0x61b/0x8d0
[  915.561302][T17565]  __memcg_kmem_charge_memcg+0x7c/0x130
[  915.566856][T17565]  ? memcg_kmem_put_cache+0xb0/0xb0
[  915.572138][T17565]  ? cache_grow_begin+0x3d6/0x650
[  915.577150][T17565]  ? lockdep_hardirqs_on+0x418/0x5d0
[  915.582420][T17565]  ? trace_hardirqs_on+0x67/0x220
[  915.587425][T17565]  cache_grow_begin+0x402/0x650
[  915.592262][T17565]  ? __cpuset_node_allowed+0x136/0x540
[  915.597721][T17565]  fallback_alloc+0x1fd/0x2d0
[  915.602412][T17565]  ____cache_alloc_node+0x1be/0x1e0
[  915.607597][T17565]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  915.613823][T17565]  kmem_cache_alloc+0x1e8/0x6f0
[  915.618677][T17565]  ? stack_trace_save+0xac/0xe0
[  915.623517][T17565]  __alloc_file+0x27/0x300
[  915.628009][T17565]  alloc_empty_file+0x72/0x170
[  915.632758][T17565]  path_openat+0xef/0x46d0
[  915.637164][T17565]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[  915.642957][T17565]  ? __lock_acquire+0x54f/0x5490
[  915.647877][T17565]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  915.653932][T17565]  ? mark_held_locks+0xf0/0xf0
[  915.658687][T17565]  ? path_lookupat.isra.0+0x8d0/0x8d0
[  915.664069][T17565]  ? cache_grow_end+0xa4/0x190
[  915.668824][T17565]  ? __alloc_fd+0x44d/0x560
[  915.673315][T17565]  do_filp_open+0x1a1/0x280
[  915.677804][T17565]  ? may_open_dev+0x100/0x100
[  915.682469][T17565]  ? lock_downgrade+0x880/0x880
[  915.687304][T17565]  ? kasan_check_read+0x11/0x20
[  915.692137][T17565]  ? do_raw_spin_unlock+0x57/0x270
[  915.697254][T17565]  ? _raw_spin_unlock+0x2d/0x50
[  915.702104][T17565]  ? __alloc_fd+0x44d/0x560
[  915.706595][T17565]  do_sys_open+0x3fe/0x5d0
[  915.711010][T17565]  ? filp_open+0x80/0x80
[  915.715357][T17565]  ? __detach_mounts+0x320/0x320
[  915.720295][T17565]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  915.725738][T17565]  ? do_syscall_64+0x26/0x680
[  915.730398][T17565]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  915.736446][T17565]  ? do_syscall_64+0x26/0x680
[  915.741105][T17565]  __x64_sys_open+0x7e/0xc0
[  915.745617][T17565]  do_syscall_64+0xfd/0x680
[  915.750104][T17565]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  915.755978][T17565] RIP: 0033:0x4571f0
[  915.759857][T17565] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00
[  915.779801][T17565] RSP: 002b:00007fff0b8f1820 EFLAGS: 00000202 ORIG_RAX: 0000000000000002
[  915.788198][T17565] RAX: ffffffffffffffda RBX: 00000000000df5b5 RCX: 00000000004571f0
[  915.796152][T17565] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007fff0b8f2a00
[  915.804103][T17565] RBP: 0000000000000004 R08: 0000000000000001 R09: 0000555556ba2940
[  915.812056][T17565] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff0b8f2a00
[  915.820008][T17565] R13: 00007fff0b8f29f0 R14: 0000000000000000 R15: 00007fff0b8f2a00
[  915.834171][T17565] memory: usage 796kB, limit 0kB, failcnt 229647
[  915.834188][T17565] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  915.848207][T17565] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  915.855223][T17565] Memory cgroup stats for /syz2: cache:0KB rss:0KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:0KB inactive_file:0KB active_file:0KB unevictable:0KB
[  915.875525][T17565] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17565,uid=0
[  915.890979][T17565] Memory cgroup out of memory: Killed process 17565 (syz-executor.2) total-vm:72440kB, anon-rss:92kB, file-rss:35776kB, shmem-rss:0kB
[  915.910385][T17604] device nr0
 entered promiscuous mode
15:51:47 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006000004000000201000000005000000000000000500"], &(0x7f0000000480)=""/222, 0x32, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:51:48 executing program 3:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:51:48 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  916.366289][T17620] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  916.380517][T17614] device nr0
 entered promiscuous mode
[  916.403874][T17620] CPU: 0 PID: 17620 Comm: syz-executor.3 Not tainted 5.2.0-rc2+ #14
[  916.411897][T17620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  916.421961][T17620] Call Trace:
[  916.425277][T17620]  dump_stack+0x172/0x1f0
[  916.429632][T17620]  dump_header+0x10f/0xb6c
[  916.434061][T17620]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  916.439875][T17620]  ? ___ratelimit+0x60/0x595
[  916.444470][T17620]  ? do_raw_spin_unlock+0x57/0x270
[  916.449593][T17620]  oom_kill_process.cold+0x10/0x15
[  916.454715][T17620]  out_of_memory+0x79a/0x1280
[  916.459404][T17620]  ? retint_kernel+0x2b/0x2b
[  916.464006][T17620]  ? oom_killer_disable+0x280/0x280
[  916.469222][T17620]  mem_cgroup_out_of_memory+0x1ca/0x230
[  916.474787][T17620]  ? memcg_event_wake+0x230/0x230
[  916.479823][T17620]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  916.485634][T17620]  ? cgroup_file_notify+0x140/0x1b0
[  916.490843][T17620]  memory_max_write+0x169/0x300
[  916.495704][T17620]  ? mem_cgroup_write+0x360/0x360
[  916.500730][T17620]  ? lock_acquire+0x1ea/0x3f0
[  916.505427][T17620]  cgroup_file_write+0x241/0x790
[  916.510369][T17620]  ? mem_cgroup_write+0x360/0x360
[  916.515400][T17620]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  916.521042][T17620]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  916.526679][T17620]  kernfs_fop_write+0x2b8/0x480
[  916.531627][T17620]  __vfs_write+0x8a/0x110
[  916.535955][T17620]  ? kernfs_fop_open+0xd80/0xd80
[  916.540897][T17620]  vfs_write+0x20c/0x580
[  916.545146][T17620]  ksys_write+0x14f/0x290
[  916.549485][T17620]  ? __ia32_sys_read+0xb0/0xb0
[  916.554259][T17620]  ? do_syscall_64+0x26/0x680
[  916.558946][T17620]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  916.565017][T17620]  ? do_syscall_64+0x26/0x680
[  916.569703][T17620]  __x64_sys_write+0x73/0xb0
[  916.574311][T17620]  do_syscall_64+0xfd/0x680
[  916.578827][T17620]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  916.584725][T17620] RIP: 0033:0x459279
[  916.588629][T17620] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  916.608246][T17620] RSP: 002b:00007fc3de09cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
15:51:48 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  916.616689][T17620] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  916.624704][T17620] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  916.632695][T17620] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  916.640689][T17620] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc3de09d6d4
[  916.648681][T17620] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  916.666239][T17620] memory: usage 8068kB, limit 0kB, failcnt 8
[  916.688128][T17620] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  916.730514][T17620] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  916.746273][T17620] Memory cgroup stats for /syz3: cache:36KB rss:2308KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2236KB inactive_file:56KB active_file:0KB unevictable:0KB
[  916.790919][T17620] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17619,uid=0
[  916.825561][T17620] Memory cgroup out of memory: Killed process 17619 (syz-executor.3) total-vm:72704kB, anon-rss:2156kB, file-rss:34816kB, shmem-rss:0kB
[  916.858176][ T1044] oom_reaper: reaped process 17619 (syz-executor.3), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB
15:51:48 executing program 3:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  916.922322][T17625] IPVS: ftp: loaded support on port[0] = 21
[  916.942922][T17622] IPVS: ftp: loaded support on port[0] = 21
[  916.949487][T17626] IPVS: ftp: loaded support on port[0] = 21
[  917.899210][T17630] IPVS: ftp: loaded support on port[0] = 21
[  917.906348][ T3059] device bridge_slave_1 left promiscuous mode
[  917.912579][ T3059] bridge0: port 2(bridge_slave_1) entered disabled state
[  917.975618][ T3059] device bridge_slave_0 left promiscuous mode
[  917.981856][ T3059] bridge0: port 1(bridge_slave_0) entered disabled state
[  921.307620][ T3059] device hsr_slave_1 left promiscuous mode
[  921.354127][ T3059] device hsr_slave_0 left promiscuous mode
[  921.413673][ T3059] team0 (unregistering): Port device team_slave_1 removed
[  921.433821][ T3059] team0 (unregistering): Port device team_slave_0 removed
[  921.456757][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_1
[  921.501364][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_0
[  921.631346][ T3059] bond0 (unregistering): Released all slaves
[  921.819761][T17622] chnl_net:caif_netlink_parms(): no params data found
[  921.850903][T17625] chnl_net:caif_netlink_parms(): no params data found
[  921.950789][T17626] chnl_net:caif_netlink_parms(): no params data found
[  921.996117][T17625] bridge0: port 1(bridge_slave_0) entered blocking state
[  922.003287][T17625] bridge0: port 1(bridge_slave_0) entered disabled state
[  922.021383][T17625] device bridge_slave_0 entered promiscuous mode
[  922.067820][T17625] bridge0: port 2(bridge_slave_1) entered blocking state
[  922.079326][T17625] bridge0: port 2(bridge_slave_1) entered disabled state
[  922.089949][T17625] device bridge_slave_1 entered promiscuous mode
[  922.109233][T17622] bridge0: port 1(bridge_slave_0) entered blocking state
[  922.122975][T17622] bridge0: port 1(bridge_slave_0) entered disabled state
[  922.131405][T17622] device bridge_slave_0 entered promiscuous mode
[  922.172028][T17622] bridge0: port 2(bridge_slave_1) entered blocking state
[  922.185232][T17622] bridge0: port 2(bridge_slave_1) entered disabled state
[  922.193331][T17622] device bridge_slave_1 entered promiscuous mode
[  922.225902][T17625] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  922.243253][T17622] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  922.258092][T17626] bridge0: port 1(bridge_slave_0) entered blocking state
[  922.265570][T17626] bridge0: port 1(bridge_slave_0) entered disabled state
[  922.275171][T17626] device bridge_slave_0 entered promiscuous mode
[  922.287526][T17625] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  922.306005][T17622] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  922.326878][T17626] bridge0: port 2(bridge_slave_1) entered blocking state
[  922.343434][T17626] bridge0: port 2(bridge_slave_1) entered disabled state
[  922.352590][T17626] device bridge_slave_1 entered promiscuous mode
[  922.410508][T17622] team0: Port device team_slave_0 added
[  922.437686][T17625] team0: Port device team_slave_0 added
[  922.445180][T17622] team0: Port device team_slave_1 added
[  922.456709][T17626] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  922.503233][T17625] team0: Port device team_slave_1 added
[  922.573202][T17626] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  922.683202][T17630] chnl_net:caif_netlink_parms(): no params data found
[  922.733836][T17626] team0: Port device team_slave_0 added
[  922.763165][T17626] team0: Port device team_slave_1 added
[  922.847670][T17622] device hsr_slave_0 entered promiscuous mode
[  922.884911][T17622] device hsr_slave_1 entered promiscuous mode
[  922.967785][T17625] device hsr_slave_0 entered promiscuous mode
[  923.021747][T17625] device hsr_slave_1 entered promiscuous mode
[  923.212098][T17630] bridge0: port 1(bridge_slave_0) entered blocking state
[  923.251307][T17630] bridge0: port 1(bridge_slave_0) entered disabled state
[  923.272399][T17630] device bridge_slave_0 entered promiscuous mode
[  923.377973][T17626] device hsr_slave_0 entered promiscuous mode
[  923.414828][T17626] device hsr_slave_1 entered promiscuous mode
[  923.505860][T17630] bridge0: port 2(bridge_slave_1) entered blocking state
[  923.512973][T17630] bridge0: port 2(bridge_slave_1) entered disabled state
[  923.537301][T17630] device bridge_slave_1 entered promiscuous mode
[  923.627834][T17630] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  923.671653][T17630] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  923.737759][T17622] 8021q: adding VLAN 0 to HW filter on device bond0
[  923.806732][T17630] team0: Port device team_slave_0 added
[  923.829945][T17622] 8021q: adding VLAN 0 to HW filter on device team0
[  923.854701][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  923.862818][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  923.886624][T17630] team0: Port device team_slave_1 added
[  923.931660][T17626] 8021q: adding VLAN 0 to HW filter on device bond0
[  923.978947][T17625] 8021q: adding VLAN 0 to HW filter on device bond0
[  923.996777][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  924.016120][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  924.025176][T15020] bridge0: port 1(bridge_slave_0) entered blocking state
[  924.032262][T15020] bridge0: port 1(bridge_slave_0) entered forwarding state
[  924.042106][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  924.051084][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  924.060071][T15020] bridge0: port 2(bridge_slave_1) entered blocking state
[  924.067205][T15020] bridge0: port 2(bridge_slave_1) entered forwarding state
[  924.076401][T15020] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  924.096840][T17626] 8021q: adding VLAN 0 to HW filter on device team0
[  924.147685][T17630] device hsr_slave_0 entered promiscuous mode
[  924.188606][T17630] device hsr_slave_1 entered promiscuous mode
[  924.271967][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  924.292572][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  924.351511][T17625] 8021q: adding VLAN 0 to HW filter on device team0
[  924.396764][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  924.418444][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  924.437628][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  924.450662][ T8828] bridge0: port 1(bridge_slave_0) entered blocking state
[  924.457809][ T8828] bridge0: port 1(bridge_slave_0) entered forwarding state
[  924.473759][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  924.482961][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  924.499171][ T8828] bridge0: port 2(bridge_slave_1) entered blocking state
[  924.506308][ T8828] bridge0: port 2(bridge_slave_1) entered forwarding state
[  924.522476][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  924.531494][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  924.546494][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  924.555118][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  924.563947][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  924.573009][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  924.582309][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  924.591505][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  924.600688][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  924.614314][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  924.661662][T17622] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  924.673848][T17622] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  924.693914][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  924.710726][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  924.731356][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  924.750693][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  924.761376][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  924.778175][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  924.792025][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  924.808447][ T8918] bridge0: port 1(bridge_slave_0) entered blocking state
[  924.815587][ T8918] bridge0: port 1(bridge_slave_0) entered forwarding state
[  924.831798][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  924.841904][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  924.857920][ T8918] bridge0: port 2(bridge_slave_1) entered blocking state
[  924.865058][ T8918] bridge0: port 2(bridge_slave_1) entered forwarding state
[  924.880704][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  924.890821][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  924.899689][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  924.958589][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  924.968149][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  924.990336][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  925.008079][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  925.018803][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  925.028010][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  925.037394][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  925.048256][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  925.058814][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  925.068831][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  925.085845][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  925.095307][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  925.103801][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  925.116866][T17626] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  925.130621][T17626] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  925.152453][T17625] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  925.172688][T17625] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  925.211451][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  925.225869][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  925.255611][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  925.264124][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  925.285208][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  925.297161][T17622] 8021q: adding VLAN 0 to HW filter on device batadv0
[  925.336327][T17630] 8021q: adding VLAN 0 to HW filter on device bond0
[  925.378795][T17626] 8021q: adding VLAN 0 to HW filter on device batadv0
[  925.443736][T17630] 8021q: adding VLAN 0 to HW filter on device team0
[  925.471022][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  925.495745][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  925.507278][T17625] 8021q: adding VLAN 0 to HW filter on device batadv0
[  925.566112][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  925.594079][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  925.627275][ T8918] bridge0: port 1(bridge_slave_0) entered blocking state
[  925.634452][ T8918] bridge0: port 1(bridge_slave_0) entered forwarding state
[  925.656400][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  925.666246][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  925.682537][ T8918] bridge0: port 2(bridge_slave_1) entered blocking state
[  925.689686][ T8918] bridge0: port 2(bridge_slave_1) entered forwarding state
[  925.710342][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  925.770906][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  925.793159][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  925.835405][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  925.898936][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  925.964999][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  925.977467][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  925.996841][T17647] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  926.025892][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  926.034642][T17647] CPU: 0 PID: 17647 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  926.042645][T17647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  926.052994][T17647] Call Trace:
[  926.056314][T17647]  dump_stack+0x172/0x1f0
[  926.060670][T17647]  dump_header+0x10f/0xb6c
[  926.065104][T17647]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  926.070318][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  926.070926][T17647]  ? ___ratelimit+0x60/0x595
[  926.083321][T17647]  ? do_raw_spin_unlock+0x57/0x270
[  926.088458][T17647]  oom_kill_process.cold+0x10/0x15
[  926.093597][T17647]  out_of_memory+0x79a/0x1280
[  926.098313][T17647]  ? oom_killer_disable+0x280/0x280
[  926.101514][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  926.103534][T17647]  mem_cgroup_out_of_memory+0x1ca/0x230
[  926.103552][T17647]  ? memcg_event_wake+0x230/0x230
[  926.103578][T17647]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  926.120943][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  926.123565][T17647]  ? cgroup_file_notify+0x140/0x1b0
[  926.123582][T17647]  memory_max_write+0x169/0x300
[  926.123595][T17647]  ? mem_cgroup_write+0x360/0x360
[  926.123605][T17647]  ? cgroup_file_write+0x1e2/0x790
[  926.123616][T17647]  cgroup_file_write+0x241/0x790
[  926.123626][T17647]  ? mem_cgroup_write+0x360/0x360
[  926.123635][T17647]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  926.123648][T17647]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  926.123659][T17647]  kernfs_fop_write+0x2b8/0x480
[  926.123671][T17647]  __vfs_write+0x8a/0x110
[  926.123679][T17647]  ? kernfs_fop_open+0xd80/0xd80
[  926.123689][T17647]  vfs_write+0x20c/0x580
[  926.123700][T17647]  ksys_write+0x14f/0x290
[  926.123709][T17647]  ? __ia32_sys_read+0xb0/0xb0
[  926.123722][T17647]  ? do_syscall_64+0x26/0x680
[  926.123733][T17647]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  926.123741][T17647]  ? do_syscall_64+0x26/0x680
[  926.123752][T17647]  __x64_sys_write+0x73/0xb0
[  926.123762][T17647]  do_syscall_64+0xfd/0x680
[  926.123776][T17647]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  926.123789][T17647] RIP: 0033:0x459279
[  926.123806][T17647] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  926.123814][T17647] RSP: 002b:00007fe9f3786c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  926.123829][T17647] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  926.123838][T17647] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  926.123848][T17647] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  926.123857][T17647] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe9f37876d4
[  926.123873][T17647] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  926.131864][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  926.206842][T17647] memory: usage 3180kB, limit 0kB, failcnt 523978
[  926.219344][T17630] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  926.234562][T17647] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  926.340626][T17647] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  926.350469][T17647] Memory cgroup stats for /syz1: cache:4KB rss:2188KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2188KB inactive_file:0KB active_file:0KB unevictable:0KB
[  926.373800][T17647] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17645,uid=0
[  926.390252][T17647] Memory cgroup out of memory: Killed process 17645 (syz-executor.1) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[  926.408288][ T1044] oom_reaper: reaped process 17645 (syz-executor.1), now anon-rss:0kB, file-rss:34776kB, shmem-rss:0kB
[  926.418666][T17630] 8021q: adding VLAN 0 to HW filter on device batadv0
[  926.425081][T17651] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  926.439137][T17651] CPU: 0 PID: 17651 Comm: syz-executor.4 Not tainted 5.2.0-rc2+ #14
[  926.447149][T17651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  926.457216][T17651] Call Trace:
[  926.460521][T17651]  dump_stack+0x172/0x1f0
[  926.464869][T17651]  dump_header+0x10f/0xb6c
[  926.469319][T17651]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  926.475141][T17651]  ? ___ratelimit+0x60/0x595
[  926.479741][T17651]  ? do_raw_spin_unlock+0x57/0x270
[  926.484866][T17651]  oom_kill_process.cold+0x10/0x15
[  926.489992][T17651]  out_of_memory+0x79a/0x1280
[  926.494688][T17651]  ? retint_kernel+0x2b/0x2b
[  926.499306][T17651]  ? oom_killer_disable+0x280/0x280
[  926.504538][T17651]  mem_cgroup_out_of_memory+0x1ca/0x230
[  926.510103][T17651]  ? memcg_event_wake+0x230/0x230
[  926.515152][T17651]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  926.520980][T17651]  ? cgroup_file_notify+0x140/0x1b0
[  926.526240][T17651]  memory_max_write+0x169/0x300
[  926.531116][T17651]  ? mem_cgroup_write+0x360/0x360
[  926.536158][T17651]  ? mem_cgroup_write+0x360/0x360
[  926.541204][T17651]  ? cgroup_file_write+0x1e2/0x790
[  926.546341][T17651]  cgroup_file_write+0x241/0x790
[  926.551295][T17651]  ? mem_cgroup_write+0x360/0x360
[  926.556336][T17651]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  926.562024][T17651]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  926.567682][T17651]  kernfs_fop_write+0x2b8/0x480
[  926.572634][T17651]  __vfs_write+0x8a/0x110
[  926.576976][T17651]  ? kernfs_fop_open+0xd80/0xd80
[  926.581926][T17651]  vfs_write+0x20c/0x580
[  926.586190][T17651]  ksys_write+0x14f/0x290
[  926.590543][T17651]  ? __ia32_sys_read+0xb0/0xb0
[  926.595321][T17651]  ? do_syscall_64+0x26/0x680
[  926.600006][T17651]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  926.606078][T17651]  ? do_syscall_64+0x26/0x680
[  926.606100][T17651]  __x64_sys_write+0x73/0xb0
[  926.606118][T17651]  do_syscall_64+0xfd/0x680
[  926.606139][T17651]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  926.606152][T17651] RIP: 0033:0x459279
[  926.606169][T17651] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  926.606178][T17651] RSP: 002b:00007f0af3403c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  926.615451][T17651] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  926.615461][T17651] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008
[  926.615470][T17651] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  926.615480][T17651] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0af34046d4
[  926.615490][T17651] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  926.687715][T17651] memory: usage 5396kB, limit 0kB, failcnt 65
[  926.708128][T17651] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  926.715877][T17651] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
15:51:58 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:51:58 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006000004000000201000000005000000000000000500"], &(0x7f0000000480)=""/222, 0x32, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

[  926.723144][T17651] Memory cgroup stats for /syz4: cache:48KB rss:2112KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2180KB inactive_file:0KB active_file:0KB unevictable:0KB
[  926.751626][T17651] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17650,uid=0
[  926.774002][T17665] device nr0
 entered promiscuous mode
[  926.793952][T17651] Memory cgroup out of memory: Killed process 17650 (syz-executor.4) total-vm:72840kB, anon-rss:2192kB, file-rss:35776kB, shmem-rss:0kB
15:51:58 executing program 5:
socket$kcm(0xa, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

[  926.826050][ T1044] oom_reaper: reaped process 17650 (syz-executor.4), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB
[  926.842338][T17663] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  926.855766][T17663] CPU: 0 PID: 17663 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  926.863761][T17663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  926.873817][T17663] Call Trace:
[  926.877118][T17663]  dump_stack+0x172/0x1f0
[  926.881464][T17663]  dump_header+0x10f/0xb6c
[  926.885929][T17663]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  926.891755][T17663]  ? ___ratelimit+0x60/0x595
[  926.896355][T17663]  ? do_raw_spin_unlock+0x57/0x270
[  926.901475][T17663]  oom_kill_process.cold+0x10/0x15
[  926.906684][T17663]  out_of_memory+0x79a/0x1280
[  926.911387][T17663]  ? oom_killer_disable+0x280/0x280
[  926.916609][T17663]  mem_cgroup_out_of_memory+0x1ca/0x230
[  926.922163][T17663]  ? memcg_event_wake+0x230/0x230
[  926.927202][T17663]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  926.933017][T17663]  ? cgroup_file_notify+0x140/0x1b0
[  926.938230][T17663]  memory_max_write+0x169/0x300
[  926.943094][T17663]  ? mem_cgroup_write+0x360/0x360
[  926.948132][T17663]  ? cgroup_file_write+0x86/0x790
[  926.953228][T17663]  cgroup_file_write+0x241/0x790
[  926.958186][T17663]  ? mem_cgroup_write+0x360/0x360
[  926.963218][T17663]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  926.968864][T17663]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  926.974502][T17663]  kernfs_fop_write+0x2b8/0x480
[  926.979389][T17663]  __vfs_write+0x8a/0x110
[  926.983723][T17663]  ? kernfs_fop_open+0xd80/0xd80
[  926.988670][T17663]  vfs_write+0x20c/0x580
[  926.992929][T17663]  ksys_write+0x14f/0x290
[  926.997283][T17663]  ? __ia32_sys_read+0xb0/0xb0
[  927.002062][T17663]  ? do_syscall_64+0x26/0x680
[  927.006744][T17663]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  927.012815][T17663]  ? do_syscall_64+0x26/0x680
[  927.017511][T17663]  __x64_sys_write+0x73/0xb0
[  927.022116][T17663]  do_syscall_64+0xfd/0x680
[  927.026645][T17663]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  927.032544][T17663] RIP: 0033:0x459279
[  927.036460][T17663] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  927.056080][T17663] RSP: 002b:00007f9e8b388c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  927.064500][T17663] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  927.072477][T17663] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  927.080459][T17663] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  927.088442][T17663] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9e8b3896d4
[  927.096430][T17663] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  927.105280][T17663] memory: usage 3180kB, limit 0kB, failcnt 229656
[  927.111781][T17663] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  927.119633][T17663] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  927.127488][T17663] Memory cgroup stats for /syz2: cache:0KB rss:2148KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2148KB inactive_file:0KB active_file:0KB unevictable:0KB
[  927.150320][T17663] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17662,uid=0
[  927.167430][T17663] Memory cgroup out of memory: Killed process 17662 (syz-executor.2) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[  927.190361][T17622] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  927.237846][T17622] CPU: 0 PID: 17622 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  927.245870][T17622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  927.255935][T17622] Call Trace:
[  927.259246][T17622]  dump_stack+0x172/0x1f0
[  927.263686][T17622]  dump_header+0x10f/0xb6c
[  927.268122][T17622]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  927.273967][T17622]  ? ___ratelimit+0x60/0x595
[  927.278571][T17622]  ? do_raw_spin_unlock+0x57/0x270
[  927.283789][T17622]  oom_kill_process.cold+0x10/0x15
[  927.288928][T17622]  out_of_memory+0x79a/0x1280
[  927.293623][T17622]  ? oom_killer_disable+0x280/0x280
[  927.298829][T17622]  ? find_held_lock+0x35/0x130
[  927.303616][T17622]  mem_cgroup_out_of_memory+0x1ca/0x230
[  927.309174][T17622]  ? memcg_event_wake+0x230/0x230
[  927.314221][T17622]  ? do_raw_spin_unlock+0x57/0x270
[  927.319345][T17622]  ? _raw_spin_unlock+0x2d/0x50
[  927.324214][T17622]  try_charge+0x102c/0x15c0
[  927.328727][T17622]  ? find_held_lock+0x35/0x130
[  927.333512][T17622]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  927.339077][T17622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  927.345331][T17622]  ? kasan_check_read+0x11/0x20
[  927.350194][T17622]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  927.355752][T17622]  mem_cgroup_try_charge+0x24d/0x5e0
[  927.361145][T17622]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  927.366789][T17622]  __handle_mm_fault+0x1e1a/0x3eb0
[  927.371916][T17622]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  927.377480][T17622]  ? find_held_lock+0x35/0x130
[  927.382257][T17622]  ? handle_mm_fault+0x292/0xa90
[  927.387222][T17622]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  927.393475][T17622]  ? kasan_check_read+0x11/0x20
[  927.398342][T17622]  handle_mm_fault+0x3b7/0xa90
[  927.403124][T17622]  __do_page_fault+0x5ef/0xda0
[  927.407906][T17622]  do_page_fault+0x71/0x57d
[  927.412424][T17622]  ? page_fault+0x8/0x30
[  927.416682][T17622]  page_fault+0x1e/0x30
[  927.420840][T17622] RIP: 0033:0x403672
[  927.424741][T17622] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 29 86 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 49 3b 05 00 48
[  927.424750][T17622] RSP: 002b:00007fff5c209fb0 EFLAGS: 00010246
[  927.424763][T17622] RAX: 0000000000000000 RBX: 00000000000e20f8 RCX: 0000000000412e80
[  927.424772][T17622] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff5c20b0e0
[  927.424780][T17622] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556759940
[  927.424788][T17622] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff5c20b0e0
[  927.424797][T17622] R13: 00007fff5c20b0d0 R14: 0000000000000000 R15: 00007fff5c20b0e0
[  927.432715][T17622] memory: usage 808kB, limit 0kB, failcnt 523994
[  927.458916][T17622] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  927.458926][T17622] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  927.458933][T17622] Memory cgroup stats for /syz1: cache:4KB rss:88KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:88KB inactive_file:0KB active_file:0KB unevictable:0KB
15:51:59 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  927.459010][T17622] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17622,uid=0
[  927.459109][T17622] Memory cgroup out of memory: Killed process 17622 (syz-executor.1) total-vm:72444kB, anon-rss:68kB, file-rss:34828kB, shmem-rss:0kB
[  927.459353][T17625] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  927.459370][T17625] CPU: 0 PID: 17625 Comm: syz-executor.5 Not tainted 5.2.0-rc2+ #14
[  927.459380][T17625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  927.459386][T17625] Call Trace:
[  927.459408][T17625]  dump_stack+0x172/0x1f0
[  927.459432][T17625]  dump_header+0x10f/0xb6c
[  927.459452][T17625]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  927.459469][T17625]  ? ___ratelimit+0x60/0x595
[  927.459486][T17625]  ? do_raw_spin_unlock+0x57/0x270
[  927.459506][T17625]  oom_kill_process.cold+0x10/0x15
[  927.459525][T17625]  out_of_memory+0x79a/0x1280
[  927.459547][T17625]  ? oom_killer_disable+0x280/0x280
[  927.459560][T17625]  ? find_held_lock+0x35/0x130
[  927.459587][T17625]  mem_cgroup_out_of_memory+0x1ca/0x230
[  927.459603][T17625]  ? memcg_event_wake+0x230/0x230
[  927.459624][T17625]  ? do_raw_spin_unlock+0x57/0x270
[  927.459641][T17625]  ? _raw_spin_unlock+0x2d/0x50
[  927.459662][T17625]  try_charge+0x102c/0x15c0
[  927.459675][T17625]  ? find_held_lock+0x35/0x130
[  927.459698][T17625]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  927.459718][T17625]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  927.459736][T17625]  ? kasan_check_read+0x11/0x20
15:51:59 executing program 4:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

[  927.459754][T17625]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  927.459772][T17625]  mem_cgroup_try_charge+0x24d/0x5e0
[  927.459794][T17625]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  927.459814][T17625]  wp_page_copy+0x416/0x1770
[  927.459828][T17625]  ? do_wp_page+0x486/0x1500
[  927.459850][T17625]  ? pmd_pfn+0x1d0/0x1d0
[  927.459870][T17625]  ? lock_downgrade+0x880/0x880
[  927.459896][T17625]  ? swp_swapcount+0x540/0x540
[  927.459911][T17625]  ? do_raw_spin_unlock+0x57/0x270
[  927.459927][T17625]  ? kasan_check_read+0x11/0x20
[  927.459941][T17625]  ? do_raw_spin_unlock+0x57/0x270
[  927.459958][T17625]  do_wp_page+0x48e/0x1500
[  927.459980][T17625]  ? finish_mkwrite_fault+0x540/0x540
[  927.460004][T17625]  __handle_mm_fault+0x22e3/0x3eb0
[  927.460025][T17625]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  927.460039][T17625]  ? find_held_lock+0x35/0x130
[  927.460056][T17625]  ? handle_mm_fault+0x292/0xa90
[  927.460079][T17625]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  927.460096][T17625]  ? kasan_check_read+0x11/0x20
[  927.460116][T17625]  handle_mm_fault+0x3b7/0xa90
[  927.460136][T17625]  __do_page_fault+0x5ef/0xda0
[  927.460159][T17625]  do_page_fault+0x71/0x57d
[  927.460174][T17625]  ? page_fault+0x8/0x30
[  927.460191][T17625]  page_fault+0x1e/0x30
[  927.460203][T17625] RIP: 0033:0x430356
[  927.460219][T17625] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 46 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 4c 64 00 85 c0 0f 84
[  927.460227][T17625] RSP: 002b:00007fff8745e850 EFLAGS: 00010206
[  927.460240][T17625] RAX: 0000000000019691 RBX: 0000000000714640 RCX: 0000000000008041
[  927.460250][T17625] RDX: 00005555566b1930 RSI: 00005555566b9970 RDI: 0000000000000003
[  927.460259][T17625] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555566b0940
[  927.460267][T17625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000714698
[  927.460284][T17625] R13: 0000000000714698 R14: 0000000000000000 R15: 0000000000002710
[  927.460356][T17625] memory: usage 764kB, limit 0kB, failcnt 212010
[  927.460366][T17625] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  927.460376][T17625] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  927.460382][T17625] Memory cgroup stats for /syz5: cache:176KB rss:116KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:48KB inactive_file:132KB active_file:0KB unevictable:0KB
[  927.460454][T17625] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17625,uid=0
[  927.460530][T17625] Memory cgroup out of memory: Killed process 17625 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34828kB, shmem-rss:0kB
[  927.472201][ T1044] oom_reaper: reaped process 17622 (syz-executor.1), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
[  927.508947][T17630] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  927.566116][T17630] CPU: 0 PID: 17630 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  927.591438][T17630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  927.591446][T17630] Call Trace:
[  927.591471][T17630]  dump_stack+0x172/0x1f0
[  927.591492][T17630]  dump_header+0x10f/0xb6c
[  927.591511][T17630]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  927.591527][T17630]  ? ___ratelimit+0x60/0x595
[  927.591542][T17630]  ? do_raw_spin_unlock+0x57/0x270
[  927.591559][T17630]  oom_kill_process.cold+0x10/0x15
[  927.591580][T17630]  out_of_memory+0x79a/0x1280
[  927.603605][T17630]  ? lock_downgrade+0x880/0x880
[  927.603624][T17630]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  927.603645][T17630]  ? oom_killer_disable+0x280/0x280
[  927.614025][T17630]  ? find_held_lock+0x35/0x130
[  927.614055][T17630]  mem_cgroup_out_of_memory+0x1ca/0x230
[  927.614075][T17630]  ? memcg_event_wake+0x230/0x230
[  927.628967][T17630]  ? do_raw_spin_unlock+0x57/0x270
[  927.628989][T17630]  ? _raw_spin_unlock+0x2d/0x50
[  927.638946][T17630]  try_charge+0x102c/0x15c0
[  927.638963][T17630]  ? find_held_lock+0x35/0x130
[  927.638986][T17630]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  927.639006][T17630]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  927.639023][T17630]  ? kasan_check_read+0x11/0x20
[  927.639042][T17630]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  927.639061][T17630]  mem_cgroup_try_charge+0x24d/0x5e0
[  927.639082][T17630]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  927.639102][T17630]  wp_page_copy+0x416/0x1770
[  927.639121][T17630]  ? do_wp_page+0x486/0x1500
[  927.654781][T17630]  ? pmd_pfn+0x1d0/0x1d0
[  927.654803][T17630]  ? lock_downgrade+0x880/0x880
[  927.654820][T17630]  ? swp_swapcount+0x540/0x540
[  927.654836][T17630]  ? do_raw_spin_unlock+0x57/0x270
[  927.654852][T17630]  ? kasan_check_read+0x11/0x20
[  927.654868][T17630]  ? do_raw_spin_unlock+0x57/0x270
[  927.654887][T17630]  do_wp_page+0x48e/0x1500
[  927.664240][T17630]  ? finish_mkwrite_fault+0x540/0x540
[  927.664280][T17630]  __handle_mm_fault+0x22e3/0x3eb0
[  927.680793][T17630]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  927.680811][T17630]  ? find_held_lock+0x35/0x130
[  927.680831][T17630]  ? handle_mm_fault+0x292/0xa90
[  927.691216][T17630]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  927.702114][T17630]  ? kasan_check_read+0x11/0x20
[  927.702142][T17630]  handle_mm_fault+0x3b7/0xa90
[  927.715555][T17630]  __do_page_fault+0x5ef/0xda0
[  927.715577][T17630]  do_page_fault+0x71/0x57d
[  927.715594][T17630]  ? page_fault+0x8/0x30
[  927.715610][T17630]  page_fault+0x1e/0x30
[  927.715621][T17630] RIP: 0033:0x430356
[  927.715639][T17630] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 46 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 4c 64 00 85 c0 0f 84
[  927.715647][T17630] RSP: 002b:00007ffcede071d0 EFLAGS: 00010206
[  927.715659][T17630] RAX: 0000000000019691 RBX: 0000000000714640 RCX: 0000000000008041
[  927.715674][T17630] RDX: 0000555556236930 RSI: 000055555623e970 RDI: 0000000000000003
[  927.725275][T17630] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556235940
[  927.725286][T17630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000714698
[  927.725294][T17630] R13: 0000000000714698 R14: 0000000000000000 R15: 0000000000002710
[  927.732076][T17630] memory: usage 852kB, limit 0kB, failcnt 229665
[  927.742517][T17630] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  927.754984][T17630] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  927.762949][T17630] Memory cgroup stats for /syz2: cache:0KB rss:44KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:44KB inactive_file:0KB active_file:0KB unevictable:0KB
[  927.776206][T17630] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17630,uid=0
[  927.786804][T17630] Memory cgroup out of memory: Killed process 17630 (syz-executor.2) total-vm:72444kB, anon-rss:68kB, file-rss:34828kB, shmem-rss:0kB
[  927.804515][T17626] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  927.842438][T17626] CPU: 0 PID: 17626 Comm: syz-executor.4 Not tainted 5.2.0-rc2+ #14
[  927.850903][T17626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  927.850910][T17626] Call Trace:
[  927.850935][T17626]  dump_stack+0x172/0x1f0
[  927.850956][T17626]  dump_header+0x10f/0xb6c
[  927.850975][T17626]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  927.850991][T17626]  ? ___ratelimit+0x60/0x595
[  927.851007][T17626]  ? do_raw_spin_unlock+0x57/0x270
[  927.851034][T17626]  oom_kill_process.cold+0x10/0x15
[  927.867092][T17626]  out_of_memory+0x79a/0x1280
[  927.867116][T17626]  ? oom_killer_disable+0x280/0x280
[  927.867130][T17626]  ? find_held_lock+0x35/0x130
[  927.867154][T17626]  mem_cgroup_out_of_memory+0x1ca/0x230
[  927.867167][T17626]  ? memcg_event_wake+0x230/0x230
[  927.867187][T17626]  ? do_raw_spin_unlock+0x57/0x270
[  927.867205][T17626]  ? _raw_spin_unlock+0x2d/0x50
[  927.867227][T17626]  try_charge+0x102c/0x15c0
[  927.881553][T17626]  ? find_held_lock+0x35/0x130
[  927.895869][T17626]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  927.895889][T17626]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  927.895906][T17626]  ? kasan_check_read+0x11/0x20
[  927.895924][T17626]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  927.895948][T17626]  mem_cgroup_try_charge+0x24d/0x5e0
[  928.490100][T17626]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  928.495749][T17626]  wp_page_copy+0x416/0x1770
[  928.500325][T17626]  ? do_wp_page+0x486/0x1500
[  928.504904][T17626]  ? pmd_pfn+0x1d0/0x1d0
[  928.509136][T17626]  ? lock_downgrade+0x880/0x880
[  928.513971][T17626]  ? swp_swapcount+0x540/0x540
[  928.518719][T17626]  ? do_raw_spin_unlock+0x57/0x270
[  928.523815][T17626]  ? kasan_check_read+0x11/0x20
[  928.528648][T17626]  ? do_raw_spin_unlock+0x57/0x270
[  928.533771][T17626]  do_wp_page+0x48e/0x1500
[  928.538205][T17626]  ? finish_mkwrite_fault+0x540/0x540
[  928.543571][T17626]  __handle_mm_fault+0x22e3/0x3eb0
[  928.548670][T17626]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  928.554198][T17626]  ? find_held_lock+0x35/0x130
[  928.558966][T17626]  ? handle_mm_fault+0x292/0xa90
[  928.563998][T17626]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  928.570228][T17626]  ? kasan_check_read+0x11/0x20
[  928.575078][T17626]  handle_mm_fault+0x3b7/0xa90
[  928.579848][T17626]  __do_page_fault+0x5ef/0xda0
[  928.584618][T17626]  do_page_fault+0x71/0x57d
[  928.589117][T17626]  ? page_fault+0x8/0x30
[  928.593358][T17626]  page_fault+0x1e/0x30
[  928.597516][T17626] RIP: 0033:0x430356
[  928.601410][T17626] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 46 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 4c 64 00 85 c0 0f 84
[  928.621018][T17626] RSP: 002b:00007ffd3a31c0e0 EFLAGS: 00010206
[  928.627084][T17626] RAX: 0000000000019691 RBX: 0000000000714640 RCX: 0000000000008041
[  928.635053][T17626] RDX: 0000555556f29930 RSI: 0000555556f31970 RDI: 0000000000000003
[  928.643021][T17626] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556f28940
[  928.650991][T17626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000714698
[  928.658959][T17626] R13: 0000000000714698 R14: 0000000000000000 R15: 0000000000002710
[  928.669247][T17626] memory: usage 3004kB, limit 0kB, failcnt 74
[  928.677858][T17626] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  928.688961][T17626] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  928.696993][T17626] Memory cgroup stats for /syz4: cache:48KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:52KB inactive_file:0KB active_file:0KB unevictable:0KB
[  928.717862][T17626] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17626,uid=0
[  928.733752][T17626] Memory cgroup out of memory: Killed process 17626 (syz-executor.4) total-vm:72444kB, anon-rss:72kB, file-rss:34828kB, shmem-rss:0kB
[  928.748355][ T1044] oom_reaper: reaped process 17626 (syz-executor.4), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
15:52:01 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006000004000000201000000005000000"], &(0x7f0000000480)=""/222, 0x2c, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:52:02 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:52:02 executing program 5:
socket$kcm(0xa, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:52:02 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:52:02 executing program 5:
socket$kcm(0xa, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:52:02 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  930.689840][T17671] device nr0
 entered promiscuous mode
[  931.945632][ T3059] device bridge_slave_1 left promiscuous mode
[  931.951927][ T3059] bridge0: port 2(bridge_slave_1) entered disabled state
[  932.035601][ T3059] device bridge_slave_0 left promiscuous mode
[  932.041853][ T3059] bridge0: port 1(bridge_slave_0) entered disabled state
[  936.338098][ T3059] device hsr_slave_1 left promiscuous mode
[  936.380664][ T3059] device hsr_slave_0 left promiscuous mode
[  936.431031][ T3059] team0 (unregistering): Port device team_slave_1 removed
[  936.453604][ T3059] team0 (unregistering): Port device team_slave_0 removed
[  936.472600][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_1
[  936.556896][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_0
[  936.721831][ T3059] bond0 (unregistering): Released all slaves
[  936.856260][T17677] IPVS: ftp: loaded support on port[0] = 21
[  936.858580][T17679] IPVS: ftp: loaded support on port[0] = 21
[  937.281633][T17677] chnl_net:caif_netlink_parms(): no params data found
[  937.310228][T17679] chnl_net:caif_netlink_parms(): no params data found
[  937.443399][T17679] bridge0: port 1(bridge_slave_0) entered blocking state
[  937.492103][T17679] bridge0: port 1(bridge_slave_0) entered disabled state
[  937.500482][T17679] device bridge_slave_0 entered promiscuous mode
[  937.568258][T17679] bridge0: port 2(bridge_slave_1) entered blocking state
[  937.602396][T17679] bridge0: port 2(bridge_slave_1) entered disabled state
[  937.610681][T17679] device bridge_slave_1 entered promiscuous mode
[  937.636640][T17677] bridge0: port 1(bridge_slave_0) entered blocking state
[  937.643755][T17677] bridge0: port 1(bridge_slave_0) entered disabled state
[  937.663830][T17677] device bridge_slave_0 entered promiscuous mode
[  937.728549][T17677] bridge0: port 2(bridge_slave_1) entered blocking state
[  937.739638][T17677] bridge0: port 2(bridge_slave_1) entered disabled state
[  937.773330][T17677] device bridge_slave_1 entered promiscuous mode
[  937.795787][T17679] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  937.823770][T17679] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  937.837535][T17677] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  937.872113][T17677] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  937.883477][T17679] team0: Port device team_slave_0 added
[  937.899384][T17679] team0: Port device team_slave_1 added
[  937.922436][T17677] team0: Port device team_slave_0 added
[  937.972032][T17677] team0: Port device team_slave_1 added
[  938.037849][T17679] device hsr_slave_0 entered promiscuous mode
[  938.152739][T17679] device hsr_slave_1 entered promiscuous mode
[  938.327713][T17677] device hsr_slave_0 entered promiscuous mode
[  938.382484][T17677] device hsr_slave_1 entered promiscuous mode
[  938.580651][T17679] 8021q: adding VLAN 0 to HW filter on device bond0
[  938.639622][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  938.661195][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  938.687976][T17677] 8021q: adding VLAN 0 to HW filter on device bond0
[  938.707169][T17679] 8021q: adding VLAN 0 to HW filter on device team0
[  938.734039][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  938.756103][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  938.826148][T17677] 8021q: adding VLAN 0 to HW filter on device team0
[  938.844762][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  938.853833][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  938.871913][ T8848] bridge0: port 1(bridge_slave_0) entered blocking state
[  938.879072][ T8848] bridge0: port 1(bridge_slave_0) entered forwarding state
[  938.897083][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  938.911976][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  938.923115][ T8848] bridge0: port 2(bridge_slave_1) entered blocking state
[  938.930265][ T8848] bridge0: port 2(bridge_slave_1) entered forwarding state
[  938.948114][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  938.962771][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  939.023180][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  939.049460][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  939.081032][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  939.108326][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  939.140391][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  939.168326][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  939.195411][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  939.204022][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  939.225337][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  939.233914][T15522] bridge0: port 1(bridge_slave_0) entered blocking state
[  939.241090][T15522] bridge0: port 1(bridge_slave_0) entered forwarding state
[  939.273654][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  939.283038][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  939.292144][T15522] bridge0: port 2(bridge_slave_1) entered blocking state
[  939.299295][T15522] bridge0: port 2(bridge_slave_1) entered forwarding state
[  939.307646][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  939.329307][T17679] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  939.341380][T17679] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  939.362483][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  939.373227][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  939.397560][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  939.407367][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  939.420097][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  939.429880][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  939.447649][ T8853] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  939.492631][T17677] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  939.535434][T17677] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  939.572204][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  939.592009][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  939.632641][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  939.652599][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  939.692849][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  939.703772][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  939.720571][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  939.749638][T17679] 8021q: adding VLAN 0 to HW filter on device batadv0
[  939.767775][T17677] 8021q: adding VLAN 0 to HW filter on device batadv0
[  939.786229][T15522] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  940.117400][T17694] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  940.171816][T17694] CPU: 1 PID: 17694 Comm: syz-executor.5 Not tainted 5.2.0-rc2+ #14
[  940.179857][T17694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  940.189931][T17694] Call Trace:
[  940.193255][T17694]  dump_stack+0x172/0x1f0
[  940.197611][T17694]  dump_header+0x10f/0xb6c
[  940.202044][T17694]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  940.207866][T17694]  ? ___ratelimit+0x60/0x595
[  940.212479][T17694]  ? do_raw_spin_unlock+0x57/0x270
[  940.217617][T17694]  oom_kill_process.cold+0x10/0x15
[  940.222746][T17694]  out_of_memory+0x79a/0x1280
[  940.227447][T17694]  ? __sched_text_start+0x8/0x8
[  940.232308][T17694]  ? oom_killer_disable+0x280/0x280
[  940.237565][T17694]  ? cgroup_file_notify+0x140/0x1b0
[  940.242804][T17694]  mem_cgroup_out_of_memory+0x1ca/0x230
[  940.248360][T17694]  ? memcg_event_wake+0x230/0x230
[  940.253405][T17694]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  940.259226][T17694]  ? cgroup_file_notify+0x140/0x1b0
[  940.264440][T17694]  memory_max_write+0x169/0x300
[  940.269306][T17694]  ? mem_cgroup_write+0x360/0x360
[  940.274345][T17694]  ? lock_acquire+0x16f/0x3f0
[  940.279038][T17694]  ? kernfs_fop_write+0x227/0x480
[  940.284076][T17694]  cgroup_file_write+0x241/0x790
[  940.289032][T17694]  ? mem_cgroup_write+0x360/0x360
[  940.294068][T17694]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  940.299716][T17694]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  940.305386][T17694]  kernfs_fop_write+0x2b8/0x480
[  940.310262][T17694]  __vfs_write+0x8a/0x110
[  940.314599][T17694]  ? kernfs_fop_open+0xd80/0xd80
[  940.319546][T17694]  vfs_write+0x20c/0x580
[  940.323807][T17694]  ksys_write+0x14f/0x290
[  940.328150][T17694]  ? __ia32_sys_read+0xb0/0xb0
[  940.332924][T17694]  ? do_syscall_64+0x26/0x680
[  940.337701][T17694]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  940.343784][T17694]  ? do_syscall_64+0x26/0x680
[  940.348477][T17694]  __x64_sys_write+0x73/0xb0
[  940.353084][T17694]  do_syscall_64+0xfd/0x680
[  940.357601][T17694]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  940.363672][T17694] RIP: 0033:0x459279
[  940.367587][T17694] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  940.387201][T17694] RSP: 002b:00007f2beeceec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  940.395628][T17694] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  940.403608][T17694] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  940.411592][T17694] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  940.419574][T17694] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2beecef6d4
[  940.427573][T17694] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  940.438815][T17694] memory: usage 3164kB, limit 0kB, failcnt 212011
[  940.445426][T17694] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  940.453022][T17694] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  940.460091][T17694] Memory cgroup stats for /syz5: cache:176KB rss:2244KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2176KB inactive_file:132KB active_file:0KB unevictable:0KB
[  940.481740][T17694] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17693,uid=0
[  940.497396][T17694] Memory cgroup out of memory: Killed process 17693 (syz-executor.5) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[  940.514029][ T1044] oom_reaper: reaped process 17693 (syz-executor.5), now anon-rss:0kB, file-rss:34780kB, shmem-rss:0kB
[  940.524440][T17692] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  940.537510][T17692] CPU: 1 PID: 17692 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  940.545509][T17692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  940.555567][T17692] Call Trace:
[  940.558874][T17692]  dump_stack+0x172/0x1f0
[  940.563224][T17692]  dump_header+0x10f/0xb6c
[  940.567655][T17692]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  940.573471][T17692]  ? ___ratelimit+0x60/0x595
[  940.578081][T17692]  ? do_raw_spin_unlock+0x57/0x270
[  940.583386][T17692]  oom_kill_process.cold+0x10/0x15
[  940.588520][T17692]  out_of_memory+0x79a/0x1280
[  940.593231][T17692]  ? oom_killer_disable+0x280/0x280
[  940.598570][T17692]  ? find_held_lock+0x35/0x130
[  940.603359][T17692]  mem_cgroup_out_of_memory+0x1ca/0x230
[  940.608923][T17692]  ? memcg_event_wake+0x230/0x230
[  940.613969][T17692]  ? do_raw_spin_unlock+0x57/0x270
[  940.619100][T17692]  ? _raw_spin_unlock+0x2d/0x50
[  940.623969][T17692]  try_charge+0x102c/0x15c0
[  940.628588][T17692]  ? find_held_lock+0x35/0x130
[  940.633411][T17692]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  940.638975][T17692]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  940.645244][T17692]  ? kasan_check_read+0x11/0x20
[  940.650126][T17692]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  940.655706][T17692]  mem_cgroup_try_charge+0x24d/0x5e0
[  940.661026][T17692]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  940.666688][T17692]  __handle_mm_fault+0x1e1a/0x3eb0
[  940.671829][T17692]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  940.677390][T17692]  ? find_held_lock+0x35/0x130
[  940.682169][T17692]  ? handle_mm_fault+0x292/0xa90
[  940.687134][T17692]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  940.693387][T17692]  ? kasan_check_read+0x11/0x20
[  940.698252][T17692]  handle_mm_fault+0x3b7/0xa90
[  940.703030][T17692]  __do_page_fault+0x5ef/0xda0
[  940.707817][T17692]  do_page_fault+0x71/0x57d
[  940.712503][T17692]  ? page_fault+0x8/0x30
[  940.716758][T17692]  page_fault+0x1e/0x30
[  940.720917][T17692] RIP: 0033:0x410bbf
[  940.724825][T17692] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[  940.744699][T17692] RSP: 002b:00007ffcb4b916a0 EFLAGS: 00010206
[  940.750782][T17692] RAX: 00007f9250db2000 RBX: 0000000000020000 RCX: 00000000004592ca
[  940.758770][T17692] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[  940.766773][T17692] RBP: 00007ffcb4b91780 R08: ffffffffffffffff R09: 0000000000000000
[  940.774761][T17692] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcb4b91870
[  940.783108][T17692] R13: 00007f9250dd2700 R14: 0000000000000001 R15: 000000000075bfcc
[  940.809801][T17692] memory: usage 3156kB, limit 0kB, failcnt 524003
[  940.819837][T17692] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  940.827478][T17692] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  940.834456][T17692] Memory cgroup stats for /syz1: cache:4KB rss:2124KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2124KB inactive_file:0KB active_file:0KB unevictable:0KB
[  940.855514][T17692] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17692,uid=0
[  940.871458][T17692] Memory cgroup out of memory: Killed process 17692 (syz-executor.1) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[  940.887200][ T1044] oom_reaper: reaped process 17692 (syz-executor.1), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB
[  940.899205][T17679] syz-executor.5 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=0
[  940.911885][T17679] CPU: 0 PID: 17679 Comm: syz-executor.5 Not tainted 5.2.0-rc2+ #14
[  940.919897][T17679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  940.929964][T17679] Call Trace:
[  940.933270][T17679]  dump_stack+0x172/0x1f0
[  940.937620][T17679]  dump_header+0x10f/0xb6c
[  940.942045][T17679]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  940.947861][T17679]  ? ___ratelimit+0x60/0x595
[  940.952464][T17679]  ? do_raw_spin_unlock+0x57/0x270
[  940.957595][T17679]  oom_kill_process.cold+0x10/0x15
[  940.962804][T17679]  out_of_memory+0x79a/0x1280
[  940.967494][T17679]  ? oom_killer_disable+0x280/0x280
[  940.972715][T17679]  ? find_held_lock+0x35/0x130
[  940.977494][T17679]  mem_cgroup_out_of_memory+0x1ca/0x230
[  940.983046][T17679]  ? memcg_event_wake+0x230/0x230
[  940.988083][T17679]  ? do_raw_spin_unlock+0x57/0x270
[  940.993203][T17679]  ? _raw_spin_unlock+0x2d/0x50
[  940.998070][T17679]  try_charge+0x102c/0x15c0
[  941.002578][T17679]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  941.008910][T17679]  ? should_fail+0x1de/0x852
[  941.013512][T17679]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  941.019078][T17679]  ? rcu_read_lock_sched_held+0x110/0x130
[  941.024806][T17679]  ? __alloc_pages_nodemask+0x61b/0x8d0
[  941.030369][T17679]  __memcg_kmem_charge_memcg+0x7c/0x130
[  941.035918][T17679]  ? memcg_kmem_put_cache+0xb0/0xb0
[  941.041104][T17679]  ? cache_grow_begin+0x3d6/0x650
[  941.046117][T17679]  ? lockdep_hardirqs_on+0x418/0x5d0
[  941.051403][T17679]  ? trace_hardirqs_on+0x67/0x220
[  941.056417][T17679]  cache_grow_begin+0x402/0x650
[  941.061255][T17679]  ? __cpuset_node_allowed+0x136/0x540
[  941.066705][T17679]  fallback_alloc+0x1fd/0x2d0
[  941.071370][T17679]  ____cache_alloc_node+0x1be/0x1e0
[  941.076556][T17679]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  941.082780][T17679]  kmem_cache_alloc+0x1e8/0x6f0
[  941.087619][T17679]  ? stack_trace_save+0xac/0xe0
[  941.092456][T17679]  __alloc_file+0x27/0x300
[  941.096857][T17679]  alloc_empty_file+0x72/0x170
[  941.101613][T17679]  path_openat+0xef/0x46d0
[  941.106033][T17679]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[  941.111830][T17679]  ? __lock_acquire+0x54f/0x5490
[  941.116755][T17679]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  941.122820][T17679]  ? mark_held_locks+0xf0/0xf0
[  941.127586][T17679]  ? path_lookupat.isra.0+0x8d0/0x8d0
[  941.132979][T17679]  ? cache_grow_end+0xa4/0x190
[  941.137746][T17679]  ? __alloc_fd+0x44d/0x560
[  941.142238][T17679]  do_filp_open+0x1a1/0x280
[  941.146741][T17679]  ? may_open_dev+0x100/0x100
[  941.151406][T17679]  ? lock_downgrade+0x880/0x880
[  941.156263][T17679]  ? kasan_check_read+0x11/0x20
[  941.161120][T17679]  ? do_raw_spin_unlock+0x57/0x270
[  941.166217][T17679]  ? _raw_spin_unlock+0x2d/0x50
[  941.171050][T17679]  ? __alloc_fd+0x44d/0x560
[  941.175544][T17679]  do_sys_open+0x3fe/0x5d0
[  941.179949][T17679]  ? filp_open+0x80/0x80
[  941.184175][T17679]  ? __detach_mounts+0x320/0x320
[  941.189103][T17679]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  941.194550][T17679]  ? do_syscall_64+0x26/0x680
[  941.199212][T17679]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  941.205289][T17679]  ? do_syscall_64+0x26/0x680
[  941.209954][T17679]  __x64_sys_open+0x7e/0xc0
[  941.214465][T17679]  do_syscall_64+0xfd/0x680
[  941.218959][T17679]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  941.224836][T17679] RIP: 0033:0x4571f0
[  941.228713][T17679] Code: 31 c0 e9 45 ff ff ff 0f 1f 00 80 3f 00 0f 84 f7 00 00 00 55 53 b9 02 00 00 00 be 00 08 09 00 89 c8 48 81 ec 98 00 00 00 0f 05 <48> 3d 00 f0 ff ff 48 89 c3 0f 87 e9 00 00 00 85 db 0f 88 2f 01 00
[  941.248303][T17679] RSP: 002b:00007ffe0e0cf630 EFLAGS: 00000206 ORIG_RAX: 0000000000000002
[  941.256701][T17679] RAX: ffffffffffffffda RBX: 00000000000e5986 RCX: 00000000004571f0
[  941.264662][T17679] RDX: 000000000000000c RSI: 0000000000090800 RDI: 00007ffe0e0d0810
[  941.272634][T17679] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555557427940
[  941.280591][T17679] R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffe0e0d0810
[  941.288549][T17679] R13: 00007ffe0e0d0800 R14: 0000000000000000 R15: 00007ffe0e0d0810
[  941.297222][T17679] memory: usage 784kB, limit 0kB, failcnt 212023
[  941.305529][T17679] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  941.313009][T17679] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  941.321263][T17679] Memory cgroup stats for /syz5: cache:176KB rss:132KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:64KB inactive_file:132KB active_file:0KB unevictable:0KB
[  941.342270][T17679] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17679,uid=0
[  941.342355][T17679] Memory cgroup out of memory: Killed process 17679 (syz-executor.5) total-vm:72444kB, anon-rss:68kB, file-rss:34828kB, shmem-rss:0kB
[  941.354423][T17677] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  941.358256][ T1044] oom_reaper: reaped process 17679 (syz-executor.5), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
[  941.372605][T17677] CPU: 1 PID: 17677 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  941.392331][T17677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  941.410375][T17677] Call Trace:
[  941.410403][T17677]  dump_stack+0x172/0x1f0
[  941.410426][T17677]  dump_header+0x10f/0xb6c
[  941.410444][T17677]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  941.410460][T17677]  ? ___ratelimit+0x60/0x595
[  941.410476][T17677]  ? do_raw_spin_unlock+0x57/0x270
[  941.410495][T17677]  oom_kill_process.cold+0x10/0x15
[  941.410514][T17677]  out_of_memory+0x79a/0x1280
[  941.410545][T17677]  ? oom_killer_disable+0x280/0x280
[  941.428381][T17677]  ? find_held_lock+0x35/0x130
[  941.428410][T17677]  mem_cgroup_out_of_memory+0x1ca/0x230
[  941.428426][T17677]  ? memcg_event_wake+0x230/0x230
[  941.428447][T17677]  ? do_raw_spin_unlock+0x57/0x270
[  941.428471][T17677]  ? _raw_spin_unlock+0x2d/0x50
[  941.443306][T17677]  try_charge+0x102c/0x15c0
[  941.453156][T17677]  ? find_held_lock+0x35/0x130
[  941.473548][T17677]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  941.483056][T17677]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  941.493372][T17677]  ? kasan_check_read+0x11/0x20
[  941.504444][T17677]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  941.504463][T17677]  mem_cgroup_try_charge+0x24d/0x5e0
[  941.504484][T17677]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  941.504504][T17677]  wp_page_copy+0x416/0x1770
[  941.504519][T17677]  ? do_wp_page+0x486/0x1500
[  941.504542][T17677]  ? pmd_pfn+0x1d0/0x1d0
[  941.504570][T17677]  ? lock_downgrade+0x880/0x880
[  941.521004][T17677]  ? swp_swapcount+0x540/0x540
[  941.530185][T17677]  ? do_raw_spin_unlock+0x57/0x270
[  941.544810][T17677]  ? kasan_check_read+0x11/0x20
[  941.544829][T17677]  ? do_raw_spin_unlock+0x57/0x270
[  941.544848][T17677]  do_wp_page+0x48e/0x1500
[  941.544869][T17677]  ? finish_mkwrite_fault+0x540/0x540
[  941.544895][T17677]  __handle_mm_fault+0x22e3/0x3eb0
[  941.544918][T17677]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  941.544933][T17677]  ? find_held_lock+0x35/0x130
[  941.544954][T17677]  ? handle_mm_fault+0x292/0xa90
[  941.560028][T17677]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  941.569974][T17677]  ? kasan_check_read+0x11/0x20
[  941.580610][T17677]  handle_mm_fault+0x3b7/0xa90
[  941.590319][T17677]  __do_page_fault+0x5ef/0xda0
[  941.601396][T17677]  do_page_fault+0x71/0x57d
[  941.610896][T17677]  ? page_fault+0x8/0x30
[  941.619619][T17677]  page_fault+0x1e/0x30
[  941.623774][T17677] RIP: 0033:0x430356
[  941.623797][T17677] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 46 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 4c 64 00 85 c0 0f 84
[  941.647327][T17677] RSP: 002b:00007ffcb4b906b0 EFLAGS: 00010206
[  941.647343][T17677] RAX: 0000000000019691 RBX: 0000000000714640 RCX: 0000000000008041
[  941.647351][T17677] RDX: 0000555556b5f930 RSI: 0000555556b67970 RDI: 0000000000000003
[  941.647359][T17677] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556b5e940
[  941.647366][T17677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000714698
[  941.647374][T17677] R13: 0000000000714698 R14: 0000000000000000 R15: 0000000000002710
[  941.669603][T17677] memory: usage 824kB, limit 0kB, failcnt 524012
[  941.669615][T17677] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  941.669624][T17677] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  941.669631][T17677] Memory cgroup stats for /syz1: cache:4KB rss:28KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:28KB inactive_file:0KB active_file:0KB unevictable:0KB
[  941.686422][T17677] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17677,uid=0
[  941.707105][T17677] Memory cgroup out of memory: Killed process 17677 (syz-executor.1) total-vm:72444kB, anon-rss:72kB, file-rss:34828kB, shmem-rss:0kB
[  947.167291][ T3059] device bridge_slave_1 left promiscuous mode
[  947.173564][ T3059] bridge0: port 2(bridge_slave_1) entered disabled state
[  947.225662][ T3059] device bridge_slave_0 left promiscuous mode
[  947.231939][ T3059] bridge0: port 1(bridge_slave_0) entered disabled state
[  947.286658][ T3059] device bridge_slave_1 left promiscuous mode
[  947.292935][ T3059] bridge0: port 2(bridge_slave_1) entered disabled state
[  947.345739][ T3059] device bridge_slave_0 left promiscuous mode
[  947.352000][ T3059] bridge0: port 1(bridge_slave_0) entered disabled state
[  947.406628][ T3059] device bridge_slave_1 left promiscuous mode
[  947.412892][ T3059] bridge0: port 2(bridge_slave_1) entered disabled state
[  947.466412][ T3059] device bridge_slave_0 left promiscuous mode
[  947.472649][ T3059] bridge0: port 1(bridge_slave_0) entered disabled state
[  947.526676][ T3059] device bridge_slave_1 left promiscuous mode
[  947.532939][ T3059] bridge0: port 2(bridge_slave_1) entered disabled state
[  947.585730][ T3059] device bridge_slave_0 left promiscuous mode
[  947.591982][ T3059] bridge0: port 1(bridge_slave_0) entered disabled state
[  963.597854][ T3059] device hsr_slave_1 left promiscuous mode
[  963.646578][ T3059] device hsr_slave_0 left promiscuous mode
[  963.699991][ T3059] team0 (unregistering): Port device team_slave_1 removed
[  963.731181][ T3059] team0 (unregistering): Port device team_slave_0 removed
[  963.761578][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_1
[  963.822508][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_0
[  963.942345][ T3059] bond0 (unregistering): Released all slaves
[  964.088244][ T3059] device hsr_slave_1 left promiscuous mode
[  964.130653][ T3059] device hsr_slave_0 left promiscuous mode
[  964.190007][ T3059] team0 (unregistering): Port device team_slave_1 removed
[  964.208053][ T3059] team0 (unregistering): Port device team_slave_0 removed
[  964.221820][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_1
[  964.271168][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_0
[  964.422080][ T3059] bond0 (unregistering): Released all slaves
[  964.568351][ T3059] device hsr_slave_1 left promiscuous mode
[  964.610504][ T3059] device hsr_slave_0 left promiscuous mode
[  964.669934][ T3059] team0 (unregistering): Port device team_slave_1 removed
[  964.687674][ T3059] team0 (unregistering): Port device team_slave_0 removed
[  964.702534][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_1
[  964.774014][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_0
[  964.933454][ T3059] bond0 (unregistering): Released all slaves
[  965.098128][ T3059] device hsr_slave_1 left promiscuous mode
[  965.140662][ T3059] device hsr_slave_0 left promiscuous mode
[  965.206422][ T3059] team0 (unregistering): Port device team_slave_1 removed
[  965.230627][ T3059] team0 (unregistering): Port device team_slave_0 removed
[  965.253799][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_1
[  965.322062][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_0
[  965.445769][ T3059] bond0 (unregistering): Released all slaves
[  971.866230][ T3059] device bridge_slave_1 left promiscuous mode
[  971.872508][ T3059] bridge0: port 2(bridge_slave_1) entered disabled state
[  971.925597][ T3059] device bridge_slave_0 left promiscuous mode
[  971.931867][ T3059] bridge0: port 1(bridge_slave_0) entered disabled state
[  972.006570][ T3059] device bridge_slave_1 left promiscuous mode
[  972.012846][ T3059] bridge0: port 2(bridge_slave_1) entered disabled state
[  972.068664][ T3059] device bridge_slave_0 left promiscuous mode
[  972.076736][ T3059] bridge0: port 1(bridge_slave_0) entered disabled state
[  977.737687][ T3059] device hsr_slave_1 left promiscuous mode
[  977.779374][ T3059] device hsr_slave_0 left promiscuous mode
[  977.848134][ T3059] team0 (unregistering): Port device team_slave_1 removed
[  977.862927][ T3059] team0 (unregistering): Port device team_slave_0 removed
[  977.874620][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_1
[  977.929014][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_0
[  978.023605][ T3059] bond0 (unregistering): Released all slaves
[  978.208074][ T3059] device hsr_slave_1 left promiscuous mode
[  978.277953][ T3059] device hsr_slave_0 left promiscuous mode
[  978.329599][ T3059] team0 (unregistering): Port device team_slave_1 removed
[  978.340327][ T3059] team0 (unregistering): Port device team_slave_0 removed
[  978.353287][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_1
[  978.410120][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_0
[  978.501811][ T3059] bond0 (unregistering): Released all slaves
15:52:50 executing program 3:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:52:50 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:52:50 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:52:50 executing program 4:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:52:50 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006000004000000201000000005000000"], &(0x7f0000000480)=""/222, 0x2c, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:52:50 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

[  978.804021][T17702] device nr0
 entered promiscuous mode
15:52:50 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006000004000000201000"], &(0x7f0000000480)=""/222, 0x26, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

[  978.988153][T17704] device nr0
 entered promiscuous mode
15:52:50 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006000004"], &(0x7f0000000480)=""/222, 0x20, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

[  979.151553][T17709] device nr0
 entered promiscuous mode
15:52:51 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006000004"], &(0x7f0000000480)=""/222, 0x20, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

[  979.300723][T17712] device nr0
 entered promiscuous mode
15:52:51 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006000004"], &(0x7f0000000480)=""/222, 0x20, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:52:51 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006000004000000"], &(0x7f0000000480)=""/222, 0x23, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

[  979.461157][T17715] device nr0
 entered promiscuous mode
[  979.561242][T17718] device nr0
 entered promiscuous mode
15:52:51 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006000004000000"], &(0x7f0000000480)=""/222, 0x23, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

[  979.670938][T17720] device nr0
 entered promiscuous mode
[  980.079121][T17724] IPVS: ftp: loaded support on port[0] = 21
[  980.197719][T17724] chnl_net:caif_netlink_parms(): no params data found
[  980.271992][T17724] bridge0: port 1(bridge_slave_0) entered blocking state
[  980.304518][T17724] bridge0: port 1(bridge_slave_0) entered disabled state
[  980.339735][T17724] device bridge_slave_0 entered promiscuous mode
[  980.359987][T17724] bridge0: port 2(bridge_slave_1) entered blocking state
[  980.384523][T17724] bridge0: port 2(bridge_slave_1) entered disabled state
[  980.424564][T17724] device bridge_slave_1 entered promiscuous mode
[  980.466096][T17730] IPVS: ftp: loaded support on port[0] = 21
[  980.478772][T17731] IPVS: ftp: loaded support on port[0] = 21
[  980.479271][T17732] IPVS: ftp: loaded support on port[0] = 21
[  980.513535][T17733] IPVS: ftp: loaded support on port[0] = 21
[  980.547678][T17724] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  980.592534][T17724] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  980.664054][T17724] team0: Port device team_slave_0 added
[  980.676054][T17724] team0: Port device team_slave_1 added
[  980.817760][T17724] device hsr_slave_0 entered promiscuous mode
[  980.854873][T17724] device hsr_slave_1 entered promiscuous mode
[  981.059319][T17731] chnl_net:caif_netlink_parms(): no params data found
[  981.117919][T17733] chnl_net:caif_netlink_parms(): no params data found
[  981.133226][T17730] chnl_net:caif_netlink_parms(): no params data found
[  981.150802][T17732] chnl_net:caif_netlink_parms(): no params data found
[  981.180188][T17731] bridge0: port 1(bridge_slave_0) entered blocking state
[  981.187615][T17731] bridge0: port 1(bridge_slave_0) entered disabled state
[  981.195589][T17731] device bridge_slave_0 entered promiscuous mode
[  981.221445][T17731] bridge0: port 2(bridge_slave_1) entered blocking state
[  981.228780][T17731] bridge0: port 2(bridge_slave_1) entered disabled state
[  981.237573][T17731] device bridge_slave_1 entered promiscuous mode
[  981.291527][T17731] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  981.301756][T17731] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  981.327715][T17732] bridge0: port 1(bridge_slave_0) entered blocking state
[  981.335405][T17732] bridge0: port 1(bridge_slave_0) entered disabled state
[  981.343396][T17732] device bridge_slave_0 entered promiscuous mode
[  981.351691][T17732] bridge0: port 2(bridge_slave_1) entered blocking state
[  981.358867][T17732] bridge0: port 2(bridge_slave_1) entered disabled state
[  981.367038][T17732] device bridge_slave_1 entered promiscuous mode
[  981.387048][T17733] bridge0: port 1(bridge_slave_0) entered blocking state
[  981.394130][T17733] bridge0: port 1(bridge_slave_0) entered disabled state
[  981.401823][T17733] device bridge_slave_0 entered promiscuous mode
[  981.428191][T17731] team0: Port device team_slave_0 added
[  981.441343][T17733] bridge0: port 2(bridge_slave_1) entered blocking state
[  981.449848][T17733] bridge0: port 2(bridge_slave_1) entered disabled state
[  981.459506][T17733] device bridge_slave_1 entered promiscuous mode
[  981.466997][T17730] bridge0: port 1(bridge_slave_0) entered blocking state
[  981.474063][T17730] bridge0: port 1(bridge_slave_0) entered disabled state
[  981.485337][T17730] device bridge_slave_0 entered promiscuous mode
[  981.493699][T17731] team0: Port device team_slave_1 added
[  981.516618][T17732] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  981.533827][T17730] bridge0: port 2(bridge_slave_1) entered blocking state
[  981.541649][T17730] bridge0: port 2(bridge_slave_1) entered disabled state
[  981.552716][T17730] device bridge_slave_1 entered promiscuous mode
[  981.636481][T17731] device hsr_slave_0 entered promiscuous mode
[  981.694703][T17731] device hsr_slave_1 entered promiscuous mode
[  981.779220][T17732] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  981.802076][T17733] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  981.828698][T17730] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  981.843686][T17730] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  981.855447][T17733] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  981.889318][T17732] team0: Port device team_slave_0 added
[  981.902898][T17732] team0: Port device team_slave_1 added
[  981.957480][T17733] team0: Port device team_slave_0 added
[  982.027914][T17732] device hsr_slave_0 entered promiscuous mode
[  982.094972][T17732] device hsr_slave_1 entered promiscuous mode
[  982.157435][T17730] team0: Port device team_slave_0 added
[  982.170708][T17724] 8021q: adding VLAN 0 to HW filter on device bond0
[  982.179994][T17733] team0: Port device team_slave_1 added
[  982.187682][T17730] team0: Port device team_slave_1 added
[  982.267200][T17730] device hsr_slave_0 entered promiscuous mode
[  982.344728][T17730] device hsr_slave_1 entered promiscuous mode
[  982.417136][T17724] 8021q: adding VLAN 0 to HW filter on device team0
[  982.468425][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  982.477133][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  982.536518][T17733] device hsr_slave_0 entered promiscuous mode
[  982.574913][T17733] device hsr_slave_1 entered promiscuous mode
[  982.641059][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  982.649854][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  982.658714][ T8825] bridge0: port 1(bridge_slave_0) entered blocking state
[  982.665848][ T8825] bridge0: port 1(bridge_slave_0) entered forwarding state
[  982.676545][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  982.716132][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  982.725689][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  982.733982][ T8918] bridge0: port 2(bridge_slave_1) entered blocking state
[  982.741102][ T8918] bridge0: port 2(bridge_slave_1) entered forwarding state
[  982.749253][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  982.790538][T17731] 8021q: adding VLAN 0 to HW filter on device bond0
[  982.803449][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  982.813288][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  982.822886][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  982.831837][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  982.840770][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  982.849654][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  982.876408][T17730] 8021q: adding VLAN 0 to HW filter on device bond0
[  982.887697][T17732] 8021q: adding VLAN 0 to HW filter on device bond0
[  982.959148][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  982.968891][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  982.977309][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  982.986343][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  982.995249][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  983.002966][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  983.013519][T17724] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  983.028859][T17731] 8021q: adding VLAN 0 to HW filter on device team0
[  983.106655][T17724] 8021q: adding VLAN 0 to HW filter on device batadv0
[  983.113880][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  983.129424][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  983.137630][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  983.147965][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  983.157265][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  983.164569][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  983.172281][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  983.180977][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  983.189469][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  983.196598][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  983.204852][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  983.213897][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  983.225259][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  983.233552][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  983.311494][T17730] 8021q: adding VLAN 0 to HW filter on device team0
[  983.322676][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  983.338258][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  983.347774][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  983.356804][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  983.375833][T17733] 8021q: adding VLAN 0 to HW filter on device bond0
[  983.386479][T17732] 8021q: adding VLAN 0 to HW filter on device team0
[  983.408981][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  983.433933][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  983.443690][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  983.455085][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  983.463320][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  983.472263][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  983.481110][T14425] bridge0: port 1(bridge_slave_0) entered blocking state
[  983.488228][T14425] bridge0: port 1(bridge_slave_0) entered forwarding state
[  983.501840][T17731] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  983.515384][T17731] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  983.563513][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  983.585218][T17743] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  983.598518][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  983.602712][T17743] CPU: 1 PID: 17743 Comm: syz-executor.3 Not tainted 5.2.0-rc2+ #14
[  983.607112][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  983.614319][T17743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  983.614327][T17743] Call Trace:
[  983.614355][T17743]  dump_stack+0x172/0x1f0
[  983.614378][T17743]  dump_header+0x10f/0xb6c
[  983.614398][T17743]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  983.614416][T17743]  ? ___ratelimit+0x60/0x595
[  983.614432][T17743]  ? do_raw_spin_unlock+0x57/0x270
[  983.614453][T17743]  oom_kill_process.cold+0x10/0x15
[  983.614473][T17743]  out_of_memory+0x79a/0x1280
[  983.614498][T17743]  ? oom_killer_disable+0x280/0x280
[  983.614528][T17743]  mem_cgroup_out_of_memory+0x1ca/0x230
[  983.614545][T17743]  ? memcg_event_wake+0x230/0x230
[  983.614569][T17743]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  983.614588][T17743]  ? cgroup_file_notify+0x140/0x1b0
[  983.614611][T17743]  memory_max_write+0x169/0x300
[  983.614635][T17743]  ? mem_cgroup_write+0x360/0x360
[  983.614651][T17743]  ? lock_acquire+0x16f/0x3f0
[  983.614667][T17743]  ? kernfs_fop_write+0x227/0x480
[  983.614689][T17743]  cgroup_file_write+0x241/0x790
[  983.614711][T17743]  ? mem_cgroup_write+0x360/0x360
[  983.623159][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  983.632498][T17743]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  983.632519][T17743]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  983.632537][T17743]  kernfs_fop_write+0x2b8/0x480
[  983.632560][T17743]  __vfs_write+0x8a/0x110
[  983.636535][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  983.640163][T17743]  ? kernfs_fop_open+0xd80/0xd80
[  983.645065][T14425] bridge0: port 2(bridge_slave_1) entered blocking state
[  983.650373][T17743]  vfs_write+0x20c/0x580
[  983.655007][T14425] bridge0: port 2(bridge_slave_1) entered forwarding state
[  983.660048][T17743]  ksys_write+0x14f/0x290
[  983.665700][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  983.669811][T17743]  ? __ia32_sys_read+0xb0/0xb0
[  983.675990][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  983.680534][T17743]  ? do_syscall_64+0x26/0x680
[  983.691439][T17733] 8021q: adding VLAN 0 to HW filter on device team0
[  983.696532][T17743]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  983.696550][T17743]  ? do_syscall_64+0x26/0x680
[  983.696573][T17743]  __x64_sys_write+0x73/0xb0
[  983.696594][T17743]  do_syscall_64+0xfd/0x680
[  983.727869][T17731] 8021q: adding VLAN 0 to HW filter on device batadv0
[  983.734191][T17743]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  983.745464][T17743] RIP: 0033:0x459279
[  983.745482][T17743] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  983.745490][T17743] RSP: 002b:00007f3cd8595c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  983.886426][T17743] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  983.886444][T17743] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  983.902385][T17743] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  983.902394][T17743] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3cd85966d4
[  983.902403][T17743] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  983.927022][T17743] memory: usage 6456kB, limit 0kB, failcnt 132579
[  983.939427][T17743] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  983.948106][T17743] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  983.956320][T17743] Memory cgroup stats for /syz3: cache:36KB rss:2140KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2140KB inactive_file:56KB active_file:0KB unevictable:0KB
[  983.978705][T17743] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17742,uid=0
[  983.995648][T17743] Memory cgroup out of memory: Killed process 17742 (syz-executor.3) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[  984.022868][ T1044] oom_reaper: reaped process 17742 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
[  984.036845][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  984.038205][T17750] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  984.051402][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  984.059277][T17750] CPU: 1 PID: 17750 Comm: syz-executor.4 Not tainted 5.2.0-rc2+ #14
[  984.068640][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  984.069633][T17750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  984.078707][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  984.087742][T17750] Call Trace:
[  984.087771][T17750]  dump_stack+0x172/0x1f0
[  984.087801][T17750]  dump_header+0x10f/0xb6c
[  984.087822][T17750]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  984.087845][T17750]  ? ___ratelimit+0x60/0x595
[  984.096746][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  984.099138][T17750]  ? do_raw_spin_unlock+0x57/0x270
[  984.099162][T17750]  oom_kill_process.cold+0x10/0x15
[  984.099183][T17750]  out_of_memory+0x79a/0x1280
[  984.103536][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  984.107921][T17750]  ? retint_kernel+0x2b/0x2b
[  984.107940][T17750]  ? oom_killer_disable+0x280/0x280
[  984.107968][T17750]  mem_cgroup_out_of_memory+0x1ca/0x230
[  984.107990][T17750]  ? memcg_event_wake+0x230/0x230
[  984.114688][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  984.118393][T17750]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  984.118414][T17750]  ? cgroup_file_notify+0x140/0x1b0
[  984.118438][T17750]  memory_max_write+0x169/0x300
[  984.127451][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  984.131590][T17750]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  984.131615][T17750]  ? mem_cgroup_write+0x360/0x360
[  984.131638][T17750]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  984.137667][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  984.141423][T17750]  cgroup_file_write+0x241/0x790
[  984.141445][T17750]  ? mem_cgroup_write+0x360/0x360
[  984.141466][T17750]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  984.148772][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  984.153270][T17750]  ? kernfs_ops+0x9f/0x120
[  984.159335][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  984.164165][T17750]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  984.164183][T17750]  kernfs_fop_write+0x2b8/0x480
[  984.164210][T17750]  __vfs_write+0x8a/0x110
[  984.170572][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  984.177289][T17750]  ? kernfs_fop_open+0xd80/0xd80
[  984.177311][T17750]  vfs_write+0x20c/0x580
[  984.177330][T17750]  ksys_write+0x14f/0x290
[  984.177346][T17750]  ? __ia32_sys_read+0xb0/0xb0
[  984.177366][T17750]  ? do_syscall_64+0x26/0x680
[  984.177391][T17750]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  984.184657][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  984.188445][T17750]  ? do_syscall_64+0x26/0x680
[  984.196080][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  984.201258][T17750]  __x64_sys_write+0x73/0xb0
[  984.201282][T17750]  do_syscall_64+0xfd/0x680
[  984.201315][T17750]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  984.207708][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  984.211781][T17750] RIP: 0033:0x459279
[  984.211806][T17750] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  984.211822][T17750] RSP: 002b:00007f35f8eadc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  984.218652][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  984.224276][T17750] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  984.224285][T17750] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008
[  984.224294][T17750] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
15:52:56 executing program 3:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  984.224303][T17750] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f35f8eae6d4
[  984.224312][T17750] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  984.383312][T17750] memory: usage 4316kB, limit 0kB, failcnt 83
[  984.393287][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  984.407157][T17750] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  984.425551][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  984.426282][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  984.426898][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  984.427514][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  984.428130][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  984.450704][T17732] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  984.507298][T17750] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  984.522663][T17732] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  984.536891][T17750] Memory cgroup stats for /syz4: cache:48KB rss:2144KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2144KB inactive_file:0KB active_file:0KB unevictable:0KB
[  984.561677][T17750] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17749,uid=0
[  984.566817][T17730] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  984.580180][T17750] Memory cgroup out of memory: Killed process 17749 (syz-executor.4) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[  984.602491][ T1044] oom_reaper: reaped process 17749 (syz-executor.4), now anon-rss:0kB, file-rss:34812kB, shmem-rss:0kB
[  984.607539][T17724] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  984.620023][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  984.623893][T17724] CPU: 1 PID: 17724 Comm: syz-executor.3 Not tainted 5.2.0-rc2+ #14
[  984.631705][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  984.638785][T17724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  984.638797][T17724] Call Trace:
[  984.638821][T17724]  dump_stack+0x172/0x1f0
[  984.638845][T17724]  dump_header+0x10f/0xb6c
[  984.638864][T17724]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  984.638885][T17724]  ? ___ratelimit+0x60/0x595
[  984.647052][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  984.656125][T17724]  ? do_raw_spin_unlock+0x57/0x270
[  984.656150][T17724]  oom_kill_process.cold+0x10/0x15
[  984.656169][T17724]  out_of_memory+0x79a/0x1280
[  984.656191][T17724]  ? oom_killer_disable+0x280/0x280
[  984.660315][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  984.663782][T17724]  ? find_held_lock+0x35/0x130
[  984.663826][T17724]  mem_cgroup_out_of_memory+0x1ca/0x230
[  984.668922][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  984.674025][T17724]  ? memcg_event_wake+0x230/0x230
[  984.674049][T17724]  ? do_raw_spin_unlock+0x57/0x270
[  984.674071][T17724]  ? _raw_spin_unlock+0x2d/0x50
[  984.679195][T14425] bridge0: port 1(bridge_slave_0) entered blocking state
[  984.685871][T17724]  try_charge+0x102c/0x15c0
[  984.685887][T17724]  ? find_held_lock+0x35/0x130
[  984.685911][T17724]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  984.685933][T17724]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  984.691057][T14425] bridge0: port 1(bridge_slave_0) entered forwarding state
[  984.696228][T17724]  ? kasan_check_read+0x11/0x20
[  984.696249][T17724]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  984.696272][T17724]  mem_cgroup_try_charge+0x24d/0x5e0
[  984.701592][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  984.706148][T17724]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  984.706168][T17724]  wp_page_copy+0x416/0x1770
[  984.706182][T17724]  ? do_wp_page+0x486/0x1500
[  984.706209][T17724]  ? pmd_pfn+0x1d0/0x1d0
[  984.715079][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  984.719030][T17724]  ? lock_downgrade+0x880/0x880
[  984.719054][T17724]  ? swp_swapcount+0x540/0x540
[  984.725120][T14425] bridge0: port 2(bridge_slave_1) entered blocking state
[  984.732549][T17724]  ? do_raw_spin_unlock+0x57/0x270
[  984.732568][T17724]  ? kasan_check_read+0x11/0x20
[  984.732584][T17724]  ? do_raw_spin_unlock+0x57/0x270
[  984.732605][T17724]  do_wp_page+0x48e/0x1500
[  984.737670][T14425] bridge0: port 2(bridge_slave_1) entered forwarding state
[  984.742730][T17724]  ? finish_mkwrite_fault+0x540/0x540
[  984.748179][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  984.754588][T17724]  __handle_mm_fault+0x22e3/0x3eb0
[  984.754611][T17724]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  984.754627][T17724]  ? find_held_lock+0x35/0x130
[  984.754648][T17724]  ? handle_mm_fault+0x292/0xa90
[  984.760195][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  984.763928][T17724]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  984.763948][T17724]  ? kasan_check_read+0x11/0x20
[  984.763969][T17724]  handle_mm_fault+0x3b7/0xa90
[  984.770368][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  984.775740][T17724]  __do_page_fault+0x5ef/0xda0
[  984.775764][T17724]  do_page_fault+0x71/0x57d
[  984.775781][T17724]  ? page_fault+0x8/0x30
[  984.775808][T17724]  page_fault+0x1e/0x30
[  984.783669][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  984.787822][T17724] RIP: 0033:0x430356
[  984.787839][T17724] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 46 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 4c 64 00 85 c0 0f 84
[  984.787847][T17724] RSP: 002b:00007ffd8b1aa700 EFLAGS: 00010206
[  984.787861][T17724] RAX: 0000000000019691 RBX: 0000000000714640 RCX: 0000000000008041
[  984.787870][T17724] RDX: 000055555666e930 RSI: 0000555556676970 RDI: 0000000000000003
[  984.787886][T17724] RBP: 0000000000008041 R08: 0000000000000001 R09: 000055555666d940
[  984.794245][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  984.798691][T17724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000714698
[  984.798700][T17724] R13: 0000000000714698 R14: 0000000000000000 R15: 0000000000002710
[  984.971178][T17724] memory: usage 4120kB, limit 0kB, failcnt 132588
[  984.976744][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  985.000435][T17724] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  985.022763][T17732] 8021q: adding VLAN 0 to HW filter on device batadv0
[  985.084450][T17724] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  985.091325][T17724] Memory cgroup stats for /syz3: cache:36KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:52KB inactive_file:56KB active_file:0KB unevictable:0KB
[  985.122273][T17724] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17724,uid=0
[  985.139144][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  985.147976][T17724] Memory cgroup out of memory: Killed process 17724 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34828kB, shmem-rss:0kB
[  985.148567][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  985.170522][T17731] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  985.170947][ T1044] oom_reaper: reaped process 17724 (syz-executor.3), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
[  985.182467][T17731] CPU: 1 PID: 17731 Comm: syz-executor.4 Not tainted 5.2.0-rc2+ #14
[  985.199980][T17731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  985.201272][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  985.210043][T17731] Call Trace:
[  985.210071][T17731]  dump_stack+0x172/0x1f0
[  985.210093][T17731]  dump_header+0x10f/0xb6c
[  985.210112][T17731]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  985.210128][T17731]  ? ___ratelimit+0x60/0x595
[  985.210152][T17731]  ? do_raw_spin_unlock+0x57/0x270
[  985.220008][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  985.221431][T17731]  oom_kill_process.cold+0x10/0x15
[  985.258604][T17731]  out_of_memory+0x79a/0x1280
[  985.263298][T17731]  ? oom_killer_disable+0x280/0x280
[  985.268517][T17731]  ? find_held_lock+0x35/0x130
[  985.273307][T17731]  mem_cgroup_out_of_memory+0x1ca/0x230
[  985.278870][T17731]  ? memcg_event_wake+0x230/0x230
[  985.283918][T17731]  ? do_raw_spin_unlock+0x57/0x270
[  985.289047][T17731]  ? _raw_spin_unlock+0x2d/0x50
[  985.293926][T17731]  try_charge+0x102c/0x15c0
[  985.298444][T17731]  ? find_held_lock+0x35/0x130
[  985.303238][T17731]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  985.308809][T17731]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  985.315163][T17731]  ? kasan_check_read+0x11/0x20
[  985.320046][T17731]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  985.325610][T17731]  mem_cgroup_try_charge+0x24d/0x5e0
[  985.330919][T17731]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  985.336572][T17731]  wp_page_copy+0x416/0x1770
[  985.341175][T17731]  ? do_wp_page+0x486/0x1500
[  985.345789][T17731]  ? pmd_pfn+0x1d0/0x1d0
[  985.350056][T17731]  ? lock_downgrade+0x880/0x880
[  985.354922][T17731]  ? swp_swapcount+0x540/0x540
[  985.359697][T17731]  ? do_raw_spin_unlock+0x57/0x270
[  985.364829][T17731]  ? kasan_check_read+0x11/0x20
[  985.369691][T17731]  ? do_raw_spin_unlock+0x57/0x270
[  985.374813][T17731]  do_wp_page+0x48e/0x1500
[  985.374835][T17731]  ? finish_mkwrite_fault+0x540/0x540
[  985.374860][T17731]  __handle_mm_fault+0x22e3/0x3eb0
[  985.374882][T17731]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  985.395296][T17731]  ? find_held_lock+0x35/0x130
[  985.400080][T17731]  ? handle_mm_fault+0x292/0xa90
[  985.405051][T17731]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  985.411310][T17731]  ? kasan_check_read+0x11/0x20
[  985.416191][T17731]  handle_mm_fault+0x3b7/0xa90
[  985.420949][T17731]  __do_page_fault+0x5ef/0xda0
[  985.425721][T17731]  do_page_fault+0x71/0x57d
[  985.430219][T17731]  ? page_fault+0x8/0x30
[  985.434454][T17731]  page_fault+0x1e/0x30
[  985.438593][T17731] RIP: 0033:0x430356
[  985.442490][T17731] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 46 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 4c 64 00 85 c0 0f 84
[  985.464352][T17731] RSP: 002b:00007fff5d48e690 EFLAGS: 00010206
[  985.470410][T17731] RAX: 0000000000019691 RBX: 0000000000714640 RCX: 0000000000008041
[  985.478369][T17731] RDX: 00005555568bc930 RSI: 00005555568c4970 RDI: 0000000000000003
[  985.486326][T17731] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555568bb940
[  985.494373][T17731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000714698
[  985.502335][T17731] R13: 0000000000714698 R14: 0000000000000000 R15: 0000000000002710
[  985.539546][T17730] 8021q: adding VLAN 0 to HW filter on device batadv0
[  985.549015][T17731] memory: usage 1828kB, limit 0kB, failcnt 92
[  985.556379][T17731] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  985.563864][T17731] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  985.571238][T17731] Memory cgroup stats for /syz4: cache:48KB rss:40KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:40KB inactive_file:0KB active_file:0KB unevictable:0KB
[  985.594985][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  985.603899][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  985.611975][T17731] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17731,uid=0
[  985.613673][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  985.634129][T17731] Memory cgroup out of memory: Killed process 17731 (syz-executor.4) total-vm:72444kB, anon-rss:68kB, file-rss:34828kB, shmem-rss:0kB
[  985.637457][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  985.650803][ T1044] oom_reaper: reaped process 17731 (syz-executor.4), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
[  985.658803][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  985.676699][T17757] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  985.679278][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  985.697114][T17757] CPU: 0 PID: 17757 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  985.697634][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  985.705147][T17757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  985.705156][T17757] Call Trace:
[  985.705186][T17757]  dump_stack+0x172/0x1f0
[  985.705213][T17757]  dump_header+0x10f/0xb6c
[  985.705236][T17757]  ? oom_kill_process+0x94/0x3f0
[  985.705260][T17757]  oom_kill_process.cold+0x10/0x15
[  985.705279][T17757]  out_of_memory+0x79a/0x1280
[  985.705316][T17757]  ? oom_killer_disable+0x280/0x280
[  985.714801][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  985.723194][T17757]  mem_cgroup_out_of_memory+0x1ca/0x230
[  985.727553][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  985.730787][T17757]  ? memcg_event_wake+0x230/0x230
[  985.730814][T17757]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  985.730838][T17757]  ? cgroup_file_notify+0x140/0x1b0
[  985.791614][T17757]  memory_max_write+0x169/0x300
[  985.796456][T17757]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  985.801943][T17757]  ? mem_cgroup_write+0x360/0x360
[  985.806959][T17757]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  985.812405][T17757]  cgroup_file_write+0x241/0x790
[  985.817337][T17757]  ? mem_cgroup_write+0x360/0x360
[  985.822354][T17757]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  985.827979][T17757]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  985.833599][T17757]  kernfs_fop_write+0x2b8/0x480
[  985.838437][T17757]  __vfs_write+0x8a/0x110
[  985.842750][T17757]  ? kernfs_fop_open+0xd80/0xd80
[  985.847671][T17757]  vfs_write+0x20c/0x580
[  985.851902][T17757]  ksys_write+0x14f/0x290
[  985.856217][T17757]  ? __ia32_sys_read+0xb0/0xb0
[  985.860970][T17757]  ? do_syscall_64+0x26/0x680
[  985.865635][T17757]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  985.871707][T17757]  ? do_syscall_64+0x26/0x680
[  985.876402][T17757]  __x64_sys_write+0x73/0xb0
[  985.880983][T17757]  do_syscall_64+0xfd/0x680
[  985.885475][T17757]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  985.891353][T17757] RIP: 0033:0x459279
[  985.895230][T17757] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  985.914818][T17757] RSP: 002b:00007ff062f53c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  985.923536][T17757] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  985.931500][T17757] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  985.939545][T17757] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  985.947503][T17757] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff062f546d4
[  985.955544][T17757] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  985.996031][T17757] memory: usage 3136kB, limit 0kB, failcnt 229674
[  986.002939][T17757] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  986.004887][T17733] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  986.011863][T17757] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  986.028865][T17757] Memory cgroup stats for /syz2: cache:0KB rss:2144KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2144KB inactive_file:0KB active_file:0KB unevictable:0KB
[  986.050626][T17757] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17756,uid=0
[  986.071462][T17757] Memory cgroup out of memory: Killed process 17756 (syz-executor.2) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[  986.091632][ T1044] oom_reaper: reaped process 17756 (syz-executor.2), now anon-rss:0kB, file-rss:34772kB, shmem-rss:0kB
[  986.120954][T17732] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  986.134951][T17732] CPU: 1 PID: 17732 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  986.142966][T17732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  986.153067][T17732] Call Trace:
[  986.156383][T17732]  dump_stack+0x172/0x1f0
[  986.160737][T17732]  dump_header+0x10f/0xb6c
[  986.165253][T17732]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  986.171072][T17732]  ? ___ratelimit+0x60/0x595
[  986.175675][T17732]  ? do_raw_spin_unlock+0x57/0x270
[  986.180803][T17732]  oom_kill_process.cold+0x10/0x15
[  986.185924][T17732]  out_of_memory+0x79a/0x1280
[  986.190605][T17732]  ? lock_downgrade+0x880/0x880
[  986.195460][T17732]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  986.201714][T17732]  ? oom_killer_disable+0x280/0x280
[  986.206914][T17732]  ? find_held_lock+0x35/0x130
[  986.211696][T17732]  mem_cgroup_out_of_memory+0x1ca/0x230
[  986.217246][T17732]  ? memcg_event_wake+0x230/0x230
[  986.222282][T17732]  ? do_raw_spin_unlock+0x57/0x270
[  986.227405][T17732]  ? _raw_spin_unlock+0x2d/0x50
[  986.232267][T17732]  try_charge+0x102c/0x15c0
[  986.236778][T17732]  ? find_held_lock+0x35/0x130
[  986.241565][T17732]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  986.247122][T17732]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  986.253368][T17732]  ? kasan_check_read+0x11/0x20
[  986.258227][T17732]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  986.263776][T17732]  mem_cgroup_try_charge+0x24d/0x5e0
[  986.269075][T17732]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  986.274716][T17732]  __handle_mm_fault+0x1e1a/0x3eb0
[  986.279840][T17732]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  986.285389][T17732]  ? find_held_lock+0x35/0x130
[  986.290160][T17732]  ? handle_mm_fault+0x292/0xa90
[  986.295118][T17732]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  986.301369][T17732]  ? kasan_check_read+0x11/0x20
[  986.306222][T17732]  handle_mm_fault+0x3b7/0xa90
[  986.310978][T17732]  __do_page_fault+0x5ef/0xda0
[  986.315734][T17732]  do_page_fault+0x71/0x57d
[  986.320220][T17732]  ? page_fault+0x8/0x30
[  986.324449][T17732]  page_fault+0x1e/0x30
[  986.328584][T17732] RIP: 0033:0x403672
[  986.332459][T17732] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 29 86 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 49 3b 05 00 48
[  986.352075][T17732] RSP: 002b:00007ffe3d4b8e30 EFLAGS: 00010246
[  986.358136][T17732] RAX: 0000000000000000 RBX: 00000000000f08dd RCX: 0000000000412e80
[  986.366090][T17732] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffe3d4b9f60
[  986.374042][T17732] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555557228940
[  986.381996][T17732] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe3d4b9f60
[  986.389971][T17732] R13: 00007ffe3d4b9f50 R14: 0000000000000000 R15: 00007ffe3d4b9f60
[  986.401420][T17732] memory: usage 816kB, limit 0kB, failcnt 229687
[  986.408086][T17732] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  986.417046][T17732] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  986.423944][T17732] Memory cgroup stats for /syz2: cache:0KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:48KB inactive_file:0KB active_file:0KB unevictable:0KB
[  986.444438][T17732] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17732,uid=0
[  986.444544][T17732] Memory cgroup out of memory: Killed process 17732 (syz-executor.2) total-vm:72444kB, anon-rss:68kB, file-rss:34828kB, shmem-rss:0kB
[  986.474560][ T1044] oom_reaper: reaped process 17732 (syz-executor.2), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
[  986.652913][T17733] 8021q: adding VLAN 0 to HW filter on device batadv0
[  986.813114][T17765] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  986.830617][T17765] CPU: 0 PID: 17765 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  986.838618][T17765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  986.848849][T17765] Call Trace:
[  986.852159][T17765]  dump_stack+0x172/0x1f0
[  986.856516][T17765]  dump_header+0x10f/0xb6c
[  986.860946][T17765]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  986.866762][T17765]  ? ___ratelimit+0x60/0x595
[  986.871380][T17765]  ? do_raw_spin_unlock+0x57/0x270
[  986.876507][T17765]  oom_kill_process.cold+0x10/0x15
[  986.881628][T17765]  out_of_memory+0x79a/0x1280
[  986.886321][T17765]  ? lock_downgrade+0x880/0x880
[  986.891176][T17765]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  986.897435][T17765]  ? oom_killer_disable+0x280/0x280
[  986.902640][T17765]  ? find_held_lock+0x35/0x130
[  986.907422][T17765]  mem_cgroup_out_of_memory+0x1ca/0x230
[  986.912988][T17765]  ? memcg_event_wake+0x230/0x230
[  986.918117][T17765]  ? do_raw_spin_unlock+0x57/0x270
[  986.923241][T17765]  ? _raw_spin_unlock+0x2d/0x50
[  986.928111][T17765]  try_charge+0x102c/0x15c0
[  986.932619][T17765]  ? find_held_lock+0x35/0x130
[  986.937402][T17765]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  986.943133][T17765]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  986.949385][T17765]  ? kasan_check_read+0x11/0x20
[  986.954251][T17765]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  986.959806][T17765]  mem_cgroup_try_charge+0x24d/0x5e0
[  986.965115][T17765]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  986.970768][T17765]  __handle_mm_fault+0x1e1a/0x3eb0
[  986.975901][T17765]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  986.981461][T17765]  ? find_held_lock+0x35/0x130
[  986.986233][T17765]  ? handle_mm_fault+0x292/0xa90
[  986.991194][T17765]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  986.997452][T17765]  ? kasan_check_read+0x11/0x20
[  987.002503][T17765]  handle_mm_fault+0x3b7/0xa90
[  987.007286][T17765]  __do_page_fault+0x5ef/0xda0
[  987.012074][T17765]  do_page_fault+0x71/0x57d
[  987.016584][T17765]  ? page_fault+0x8/0x30
[  987.020846][T17765]  page_fault+0x1e/0x30
[  987.025006][T17765] RIP: 0033:0x410bbf
[  987.028910][T17765] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[  987.048533][T17765] RSP: 002b:00007ffeb5ea0910 EFLAGS: 00010206
[  987.054623][T17765] RAX: 00007fb5b4a2c000 RBX: 0000000000020000 RCX: 00000000004592ca
[  987.062656][T17765] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[  987.070682][T17765] RBP: 00007ffeb5ea09f0 R08: ffffffffffffffff R09: 0000000000000000
[  987.078668][T17765] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffeb5ea0ae0
[  987.086679][T17765] R13: 00007fb5b4a4c700 R14: 0000000000000001 R15: 000000000075bfcc
[  987.098145][T17765] memory: usage 3040kB, limit 0kB, failcnt 524021
[  987.104747][T17765] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  987.112237][T17765] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  987.112253][T17765] Memory cgroup stats for /syz1: cache:4KB rss:2196KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2196KB inactive_file:0KB active_file:0KB unevictable:0KB
[  987.140806][T17765] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17765,uid=0
15:52:59 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:52:59 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac54000000030000000000000006000004000000"], &(0x7f0000000480)=""/222, 0x23, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:52:59 executing program 4:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:52:59 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  987.159217][T17765] Memory cgroup out of memory: Killed process 17765 (syz-executor.1) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[  987.178919][ T1044] oom_reaper: reaped process 17765 (syz-executor.1), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB
[  987.295179][T17730] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  987.308550][T17730] CPU: 1 PID: 17730 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  987.316590][T17730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  987.326681][T17730] Call Trace:
[  987.330136][T17730]  dump_stack+0x172/0x1f0
[  987.334491][T17730]  dump_header+0x10f/0xb6c
[  987.338928][T17730]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  987.344762][T17730]  ? ___ratelimit+0x60/0x595
[  987.349434][T17730]  ? do_raw_spin_unlock+0x57/0x270
[  987.354645][T17730]  oom_kill_process.cold+0x10/0x15
[  987.359789][T17730]  out_of_memory+0x79a/0x1280
[  987.364503][T17730]  ? lock_downgrade+0x880/0x880
[  987.369385][T17730]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  987.375677][T17730]  ? oom_killer_disable+0x280/0x280
[  987.380899][T17730]  ? find_held_lock+0x35/0x130
[  987.385689][T17730]  mem_cgroup_out_of_memory+0x1ca/0x230
[  987.391253][T17730]  ? memcg_event_wake+0x230/0x230
[  987.396303][T17730]  ? do_raw_spin_unlock+0x57/0x270
[  987.401432][T17730]  ? _raw_spin_unlock+0x2d/0x50
[  987.406336][T17730]  try_charge+0x102c/0x15c0
[  987.410867][T17730]  ? find_held_lock+0x35/0x130
[  987.415705][T17730]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  987.421285][T17730]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  987.427547][T17730]  ? kasan_check_read+0x11/0x20
[  987.432413][T17730]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  987.437965][T17730]  mem_cgroup_try_charge+0x24d/0x5e0
[  987.443261][T17730]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  987.448906][T17730]  wp_page_copy+0x416/0x1770
[  987.453619][T17730]  ? do_wp_page+0x486/0x1500
[  987.458225][T17730]  ? pmd_pfn+0x1d0/0x1d0
[  987.462531][T17730]  ? lock_downgrade+0x880/0x880
[  987.467432][T17730]  ? swp_swapcount+0x540/0x540
[  987.472206][T17730]  ? do_raw_spin_unlock+0x57/0x270
[  987.477327][T17730]  ? kasan_check_read+0x11/0x20
[  987.482182][T17730]  ? do_raw_spin_unlock+0x57/0x270
[  987.487297][T17730]  do_wp_page+0x48e/0x1500
[  987.491725][T17730]  ? finish_mkwrite_fault+0x540/0x540
[  987.497109][T17730]  __handle_mm_fault+0x22e3/0x3eb0
[  987.502414][T17730]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  987.507968][T17730]  ? find_held_lock+0x35/0x130
[  987.512734][T17730]  ? handle_mm_fault+0x292/0xa90
[  987.517687][T17730]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  987.523934][T17730]  ? kasan_check_read+0x11/0x20
[  987.528818][T17730]  handle_mm_fault+0x3b7/0xa90
[  987.533595][T17730]  __do_page_fault+0x5ef/0xda0
[  987.538392][T17730]  do_page_fault+0x71/0x57d
[  987.542911][T17730]  ? page_fault+0x8/0x30
[  987.547157][T17730]  page_fault+0x1e/0x30
[  987.551315][T17730] RIP: 0033:0x430356
[  987.555220][T17730] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 46 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 4c 64 00 85 c0 0f 84
[  987.574839][T17730] RSP: 002b:00007ffeb5e9f920 EFLAGS: 00010206
[  987.580910][T17730] RAX: 0000000000019691 RBX: 0000000000714640 RCX: 0000000000008041
[  987.588908][T17730] RDX: 00005555558bd930 RSI: 00005555558c5970 RDI: 0000000000000003
[  987.596880][T17730] RBP: 0000000000008041 R08: 0000000000000001 R09: 00005555558bc940
[  987.604858][T17730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000714698
[  987.612861][T17730] R13: 0000000000714698 R14: 0000000000000000 R15: 0000000000002710
[  987.636098][T17730] memory: usage 708kB, limit 0kB, failcnt 524030
[  987.642480][T17730] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  987.650977][T17730] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  987.658729][T17730] Memory cgroup stats for /syz1: cache:4KB rss:140KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:140KB inactive_file:0KB active_file:0KB unevictable:0KB
[  987.681855][T17730] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17730,uid=0
[  987.699333][T17730] Memory cgroup out of memory: Killed process 17730 (syz-executor.1) total-vm:72444kB, anon-rss:72kB, file-rss:34828kB, shmem-rss:0kB
[  987.714977][ T1044] oom_reaper: reaped process 17730 (syz-executor.1), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
[  987.875146][T17777] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  987.911858][T17777] CPU: 0 PID: 17777 Comm: syz-executor.5 Not tainted 5.2.0-rc2+ #14
[  987.919901][T17777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  987.929974][T17777] Call Trace:
[  987.933308][T17777]  dump_stack+0x172/0x1f0
[  987.937678][T17777]  dump_header+0x10f/0xb6c
[  987.942127][T17777]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  987.948042][T17777]  ? ___ratelimit+0x60/0x595
[  987.952649][T17777]  ? do_raw_spin_unlock+0x57/0x270
[  987.957785][T17777]  oom_kill_process.cold+0x10/0x15
[  987.962929][T17777]  out_of_memory+0x79a/0x1280
[  987.967630][T17777]  ? __sched_text_start+0x8/0x8
[  987.972506][T17777]  ? oom_killer_disable+0x280/0x280
[  987.977718][T17777]  ? cgroup_file_notify+0x140/0x1b0
[  987.982939][T17777]  mem_cgroup_out_of_memory+0x1ca/0x230
[  987.988496][T17777]  ? memcg_event_wake+0x230/0x230
[  987.993541][T17777]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  987.999363][T17777]  ? cgroup_file_notify+0x140/0x1b0
[  988.004583][T17777]  memory_max_write+0x169/0x300
[  988.009460][T17777]  ? mem_cgroup_write+0x360/0x360
[  988.014502][T17777]  ? lock_acquire+0x16f/0x3f0
[  988.020726][T17777]  ? kernfs_fop_write+0x227/0x480
[  988.025769][T17777]  cgroup_file_write+0x241/0x790
[  988.030718][T17777]  ? mem_cgroup_write+0x360/0x360
[  988.035750][T17777]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  988.041404][T17777]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  988.047047][T17777]  kernfs_fop_write+0x2b8/0x480
[  988.051911][T17777]  __vfs_write+0x8a/0x110
[  988.056250][T17777]  ? kernfs_fop_open+0xd80/0xd80
[  988.061194][T17777]  vfs_write+0x20c/0x580
[  988.065479][T17777]  ksys_write+0x14f/0x290
[  988.069823][T17777]  ? __ia32_sys_read+0xb0/0xb0
[  988.074599][T17777]  ? do_syscall_64+0x26/0x680
[  988.079286][T17777]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  988.085365][T17777]  ? do_syscall_64+0x26/0x680
[  988.090054][T17777]  __x64_sys_write+0x73/0xb0
[  988.094656][T17777]  do_syscall_64+0xfd/0x680
[  988.099178][T17777]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  988.105077][T17777] RIP: 0033:0x459279
[  988.108980][T17777] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  988.129509][T17777] RSP: 002b:00007fa4f3655c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  988.137939][T17777] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  988.145924][T17777] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  988.153907][T17777] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  988.161893][T17777] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa4f36566d4
[  988.169876][T17777] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  988.185509][T17777] memory: usage 3124kB, limit 0kB, failcnt 212032
[  988.192079][T17777] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  988.199787][T17777] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
15:53:00 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:53:00 executing program 3:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:53:00 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  988.206829][T17777] Memory cgroup stats for /syz5: cache:176KB rss:2224KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2224KB inactive_file:132KB active_file:0KB unevictable:0KB
[  988.228900][T17777] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17776,uid=0
[  988.244480][T17777] Memory cgroup out of memory: Killed process 17776 (syz-executor.5) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[  988.302636][T17733] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  988.342112][T17733] CPU: 1 PID: 17733 Comm: syz-executor.5 Not tainted 5.2.0-rc2+ #14
15:53:00 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:53:00 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac540000000300000000000000060000040000002010"], &(0x7f0000000480)=""/222, 0x25, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

[  988.350134][T17733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  988.360204][T17733] Call Trace:
[  988.363507][T17733]  dump_stack+0x172/0x1f0
[  988.367861][T17733]  dump_header+0x10f/0xb6c
[  988.372290][T17733]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  988.378104][T17733]  ? ___ratelimit+0x60/0x595
[  988.382702][T17733]  ? do_raw_spin_unlock+0x57/0x270
[  988.387829][T17733]  oom_kill_process.cold+0x10/0x15
[  988.392953][T17733]  out_of_memory+0x79a/0x1280
[  988.397733][T17733]  ? lock_downgrade+0x880/0x880
[  988.402677][T17733]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  988.408935][T17733]  ? oom_killer_disable+0x280/0x280
[  988.414136][T17733]  ? find_held_lock+0x35/0x130
[  988.418925][T17733]  mem_cgroup_out_of_memory+0x1ca/0x230
[  988.424569][T17733]  ? memcg_event_wake+0x230/0x230
[  988.429609][T17733]  ? do_raw_spin_unlock+0x57/0x270
[  988.434742][T17733]  ? _raw_spin_unlock+0x2d/0x50
[  988.439617][T17733]  try_charge+0x102c/0x15c0
[  988.444161][T17733]  ? find_held_lock+0x35/0x130
15:53:00 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  988.448947][T17733]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  988.454505][T17733]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  988.460756][T17733]  ? kasan_check_read+0x11/0x20
[  988.465633][T17733]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  988.471192][T17733]  mem_cgroup_try_charge+0x24d/0x5e0
[  988.476487][T17733]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  988.482133][T17733]  __handle_mm_fault+0x1e1a/0x3eb0
[  988.487269][T17733]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  988.492831][T17733]  ? find_held_lock+0x35/0x130
[  988.497621][T17733]  ? handle_mm_fault+0x292/0xa90
[  988.502580][T17733]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  988.508846][T17733]  ? kasan_check_read+0x11/0x20
[  988.513724][T17733]  handle_mm_fault+0x3b7/0xa90
[  988.518507][T17733]  __do_page_fault+0x5ef/0xda0
[  988.523296][T17733]  do_page_fault+0x71/0x57d
[  988.527848][T17733]  ? page_fault+0x8/0x30
[  988.532113][T17733]  page_fault+0x1e/0x30
[  988.536271][T17733] RIP: 0033:0x403672
[  988.540176][T17733] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 29 86 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 49 3b 05 00 48
[  988.559789][T17733] RSP: 002b:00007fff819b8e30 EFLAGS: 00010246
[  988.565874][T17733] RAX: 0000000000000000 RBX: 00000000000f12c9 RCX: 0000000000412e80
[  988.573855][T17733] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff819b9f60
[  988.581923][T17733] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556fa4940
[  988.589900][T17733] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff819b9f60
[  988.597878][T17733] R13: 00007fff819b9f50 R14: 0000000000000000 R15: 00007fff819b9f60
[  988.620888][T17733] memory: usage 796kB, limit 0kB, failcnt 212041
[  988.641747][T17733] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  988.672662][T17733] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  988.684480][T17733] Memory cgroup stats for /syz5: cache:176KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:52KB inactive_file:132KB active_file:0KB unevictable:0KB
[  988.717390][T17781] device nr0
 entered promiscuous mode
[  988.734540][T17733] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17733,uid=0
[  988.757720][T17733] Memory cgroup out of memory: Killed process 17733 (syz-executor.5) total-vm:72444kB, anon-rss:68kB, file-rss:34828kB, shmem-rss:0kB
[  988.787730][ T1044] oom_reaper: reaped process 17733 (syz-executor.5), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
15:53:00 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac5400000003000000000000000600000400000020"], &(0x7f0000000480)=""/222, 0x24, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

[  989.110832][T17786] device nr0
 entered promiscuous mode
15:53:01 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:53:01 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:53:01 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac5400000003000000000000000600000400000020"], &(0x7f0000000480)=""/222, 0x24, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

[  989.296360][T17791] IPVS: ftp: loaded support on port[0] = 21
[  989.472545][T17795] device nr0
 entered promiscuous mode
[  989.682283][T17791] chnl_net:caif_netlink_parms(): no params data found
[  989.770211][T17791] bridge0: port 1(bridge_slave_0) entered blocking state
[  989.778266][T17791] bridge0: port 1(bridge_slave_0) entered disabled state
[  989.789008][T17791] device bridge_slave_0 entered promiscuous mode
[  989.797762][T17791] bridge0: port 2(bridge_slave_1) entered blocking state
[  989.805014][T17791] bridge0: port 2(bridge_slave_1) entered disabled state
[  989.812776][T17791] device bridge_slave_1 entered promiscuous mode
[  989.832434][T17799] IPVS: ftp: loaded support on port[0] = 21
[  989.891611][T17791] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  989.902341][T17791] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  989.932676][T17791] team0: Port device team_slave_0 added
[  989.940375][T17791] team0: Port device team_slave_1 added
[  990.032553][T17791] device hsr_slave_0 entered promiscuous mode
[  990.095046][T17791] device hsr_slave_1 entered promiscuous mode
[  990.200977][T17802] IPVS: ftp: loaded support on port[0] = 21
[  990.200985][T17803] IPVS: ftp: loaded support on port[0] = 21
[  990.450724][T17799] chnl_net:caif_netlink_parms(): no params data found
[  990.706346][T17799] bridge0: port 1(bridge_slave_0) entered blocking state
[  990.713464][T17799] bridge0: port 1(bridge_slave_0) entered disabled state
[  990.723522][T17799] device bridge_slave_0 entered promiscuous mode
[  990.731846][T17799] bridge0: port 2(bridge_slave_1) entered blocking state
[  990.739860][T17799] bridge0: port 2(bridge_slave_1) entered disabled state
[  990.748281][T17799] device bridge_slave_1 entered promiscuous mode
[  990.812508][T17806] IPVS: ftp: loaded support on port[0] = 21
[  990.858191][T17802] chnl_net:caif_netlink_parms(): no params data found
[  990.880358][T17791] 8021q: adding VLAN 0 to HW filter on device bond0
[  990.900419][T17803] chnl_net:caif_netlink_parms(): no params data found
[  990.920020][T17799] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  990.984047][T17799] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  991.030871][T17802] bridge0: port 1(bridge_slave_0) entered blocking state
[  991.038196][T17802] bridge0: port 1(bridge_slave_0) entered disabled state
[  991.046589][T17802] device bridge_slave_0 entered promiscuous mode
[  991.056054][T17799] team0: Port device team_slave_0 added
[  991.065821][T17799] team0: Port device team_slave_1 added
[  991.074497][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  991.084774][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  991.092778][T17802] bridge0: port 2(bridge_slave_1) entered blocking state
[  991.100201][T17802] bridge0: port 2(bridge_slave_1) entered disabled state
[  991.108385][T17802] device bridge_slave_1 entered promiscuous mode
[  991.129806][T17791] 8021q: adding VLAN 0 to HW filter on device team0
[  991.238503][T17802] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  991.247442][T17803] bridge0: port 1(bridge_slave_0) entered blocking state
[  991.260200][T17803] bridge0: port 1(bridge_slave_0) entered disabled state
[  991.268276][T17803] device bridge_slave_0 entered promiscuous mode
[  991.331416][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  991.340649][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  991.349215][T14425] bridge0: port 1(bridge_slave_0) entered blocking state
[  991.356292][T14425] bridge0: port 1(bridge_slave_0) entered forwarding state
[  991.363844][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  991.373021][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  991.382187][T14425] bridge0: port 2(bridge_slave_1) entered blocking state
[  991.389319][T14425] bridge0: port 2(bridge_slave_1) entered forwarding state
[  991.397365][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  991.406443][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  991.421887][T17802] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  991.430863][T17803] bridge0: port 2(bridge_slave_1) entered blocking state
[  991.438448][T17803] bridge0: port 2(bridge_slave_1) entered disabled state
[  991.446944][T17803] device bridge_slave_1 entered promiscuous mode
[  991.487819][T17799] device hsr_slave_0 entered promiscuous mode
[  991.535985][T17799] device hsr_slave_1 entered promiscuous mode
[  991.583355][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  991.591271][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  991.600453][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  991.609056][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  991.619005][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  991.692608][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  991.705195][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  991.713519][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  991.747455][T17802] team0: Port device team_slave_0 added
[  991.802409][T17803] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  991.819860][T17802] team0: Port device team_slave_1 added
[  991.837521][T17803] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  991.864570][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  991.873053][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  991.883661][T17791] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  992.009020][T17803] team0: Port device team_slave_0 added
[  992.087945][T17802] device hsr_slave_0 entered promiscuous mode
[  992.124933][T17802] device hsr_slave_1 entered promiscuous mode
[  992.181232][T17806] chnl_net:caif_netlink_parms(): no params data found
[  992.192246][T17803] team0: Port device team_slave_1 added
[  992.282194][T17791] 8021q: adding VLAN 0 to HW filter on device batadv0
[  992.348141][T17803] device hsr_slave_0 entered promiscuous mode
[  992.435054][T17803] device hsr_slave_1 entered promiscuous mode
[  992.499910][T17799] 8021q: adding VLAN 0 to HW filter on device bond0
[  992.585741][T17806] bridge0: port 1(bridge_slave_0) entered blocking state
[  992.594151][T17806] bridge0: port 1(bridge_slave_0) entered disabled state
[  992.613349][T17806] device bridge_slave_0 entered promiscuous mode
[  992.630370][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  992.639192][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  992.653652][T17799] 8021q: adding VLAN 0 to HW filter on device team0
[  992.718441][T17806] bridge0: port 2(bridge_slave_1) entered blocking state
[  992.727561][T17806] bridge0: port 2(bridge_slave_1) entered disabled state
[  992.737174][T17806] device bridge_slave_1 entered promiscuous mode
[  992.763667][T17806] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  992.785771][T17806] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  992.792993][T17815] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  992.805093][T17815] CPU: 0 PID: 17815 Comm: syz-executor.4 Not tainted 5.2.0-rc2+ #14
[  992.813085][T17815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  992.823149][T17815] Call Trace:
[  992.826465][T17815]  dump_stack+0x172/0x1f0
[  992.830816][T17815]  dump_header+0x10f/0xb6c
[  992.835286][T17815]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  992.841123][T17815]  ? ___ratelimit+0x60/0x595
[  992.845729][T17815]  ? do_raw_spin_unlock+0x57/0x270
[  992.850857][T17815]  oom_kill_process.cold+0x10/0x15
[  992.855553][T17799] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  992.855987][T17815]  out_of_memory+0x79a/0x1280
[  992.866341][T17799] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  992.870990][T17815]  ? retint_kernel+0x2b/0x2b
[  992.885898][T17815]  ? oom_killer_disable+0x280/0x280
[  992.891120][T17815]  mem_cgroup_out_of_memory+0x1ca/0x230
[  992.896682][T17815]  ? memcg_event_wake+0x230/0x230
[  992.898803][T17799] 8021q: adding VLAN 0 to HW filter on device batadv0
[  992.901730][T17815]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  992.914292][T17815]  ? cgroup_file_notify+0x140/0x1b0
[  992.919515][T17815]  memory_max_write+0x169/0x300
[  992.924386][T17815]  ? mem_cgroup_write+0x360/0x360
[  992.929435][T17815]  ? cgroup_file_write+0x86/0x790
[  992.934485][T17815]  cgroup_file_write+0x241/0x790
[  992.939442][T17815]  ? mem_cgroup_write+0x360/0x360
[  992.944482][T17815]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  992.950139][T17815]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  992.955789][T17815]  kernfs_fop_write+0x2b8/0x480
[  992.960659][T17815]  __vfs_write+0x8a/0x110
[  992.965003][T17815]  ? kernfs_fop_open+0xd80/0xd80
[  992.969950][T17815]  vfs_write+0x20c/0x580
[  992.974197][T17815]  ksys_write+0x14f/0x290
[  992.978538][T17815]  ? __ia32_sys_read+0xb0/0xb0
[  992.991494][T17815]  __x64_sys_write+0x73/0xb0
[  992.996103][T17815]  ? do_syscall_64+0x5b/0x680
[  993.000794][T17815]  do_syscall_64+0xfd/0x680
[  993.005329][T17815]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  993.011254][T17815] RIP: 0033:0x459279
[  993.015168][T17815] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  993.034787][T17815] RSP: 002b:00007fa4f8787c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  993.043223][T17815] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  993.051215][T17815] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  993.059227][T17815] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  993.067400][T17815] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa4f87886d4
[  993.075395][T17815] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  993.107859][T17815] memory: usage 3848kB, limit 0kB, failcnt 101
[  993.114271][T17815] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  993.122432][T17815] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  993.132222][T17815] Memory cgroup stats for /syz4: cache:48KB rss:2100KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2100KB inactive_file:0KB active_file:0KB unevictable:0KB
[  993.159724][T17815] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17814,uid=0
[  993.178394][T17815] Memory cgroup out of memory: Killed process 17814 (syz-executor.4) total-vm:72708kB, anon-rss:2144kB, file-rss:34816kB, shmem-rss:0kB
[  993.194946][T17823] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  993.196978][ T1044] oom_reaper: reaped process 17814 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
[  993.207520][T17823] CPU: 0 PID: 17823 Comm: syz-executor.3 Not tainted 5.2.0-rc2+ #14
[  993.224234][T17823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  993.234301][T17823] Call Trace:
[  993.234329][T17823]  dump_stack+0x172/0x1f0
[  993.234352][T17823]  dump_header+0x10f/0xb6c
[  993.234371][T17823]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  993.234396][T17823]  ? ___ratelimit+0x60/0x595
[  993.242017][T17823]  ? do_raw_spin_unlock+0x57/0x270
[  993.252225][T17823]  oom_kill_process.cold+0x10/0x15
[  993.252247][T17823]  out_of_memory+0x79a/0x1280
[  993.267056][T17823]  ? oom_killer_disable+0x280/0x280
[  993.267086][T17823]  mem_cgroup_out_of_memory+0x1ca/0x230
[  993.267102][T17823]  ? memcg_event_wake+0x230/0x230
[  993.267127][T17823]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  993.277080][T17823]  ? cgroup_file_notify+0x140/0x1b0
[  993.287637][T17823]  memory_max_write+0x169/0x300
[  993.287662][T17823]  ? mem_cgroup_write+0x360/0x360
[  993.287686][T17823]  ? cgroup_file_write+0x86/0x790
[  993.298672][T17823]  cgroup_file_write+0x241/0x790
[  993.298693][T17823]  ? mem_cgroup_write+0x360/0x360
[  993.298709][T17823]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  993.298734][T17823]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  993.298758][T17823]  kernfs_fop_write+0x2b8/0x480
[  993.308620][T17823]  __vfs_write+0x8a/0x110
[  993.308637][T17823]  ? kernfs_fop_open+0xd80/0xd80
[  993.308658][T17823]  vfs_write+0x20c/0x580
[  993.318608][T17823]  ksys_write+0x14f/0x290
15:53:05 executing program 4:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:53:05 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac5400000003000000000000000600000400000020"], &(0x7f0000000480)=""/222, 0x24, 0xde, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

[  993.318626][T17823]  ? __ia32_sys_read+0xb0/0xb0
[  993.318647][T17823]  ? do_syscall_64+0x26/0x680
[  993.318665][T17823]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  993.318687][T17823]  ? do_syscall_64+0x26/0x680
[  993.329336][T17823]  __x64_sys_write+0x73/0xb0
[  993.329358][T17823]  do_syscall_64+0xfd/0x680
[  993.329383][T17823]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  993.339839][T17823] RIP: 0033:0x459279
[  993.339857][T17823] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  993.339866][T17823] RSP: 002b:00007f5a32ff7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  993.339887][T17823] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  993.349131][T17823] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  993.349140][T17823] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  993.349150][T17823] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5a32ff86d4
[  993.349160][T17823] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  993.359392][T17823] memory: usage 6052kB, limit 0kB, failcnt 132597
[  993.394540][T17823] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  993.438093][T17823] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  993.464208][T17823] Memory cgroup stats for /syz3: cache:36KB rss:2220KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2220KB inactive_file:56KB active_file:0KB unevictable:0KB
[  993.490557][T17823] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17822,uid=0
[  993.514782][T17823] Memory cgroup out of memory: Killed process 17822 (syz-executor.3) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[  993.547100][T17791] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  993.555744][ T1044] oom_reaper: reaped process 17822 (syz-executor.3), now anon-rss:0kB, file-rss:34808kB, shmem-rss:0kB
[  993.561858][T17791] CPU: 0 PID: 17791 Comm: syz-executor.4 Not tainted 5.2.0-rc2+ #14
[  993.575982][T17791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  993.575989][T17791] Call Trace:
[  993.576012][T17791]  dump_stack+0x172/0x1f0
[  993.576034][T17791]  dump_header+0x10f/0xb6c
[  993.576054][T17791]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  993.576074][T17791]  ? ___ratelimit+0x60/0x595
[  993.589417][T17791]  ? do_raw_spin_unlock+0x57/0x270
[  993.598133][T17791]  oom_kill_process.cold+0x10/0x15
[  993.598151][T17791]  out_of_memory+0x79a/0x1280
[  993.598173][T17791]  ? oom_killer_disable+0x280/0x280
[  993.598194][T17791]  ? find_held_lock+0x35/0x130
[  993.608581][T17791]  mem_cgroup_out_of_memory+0x1ca/0x230
[  993.623438][T17791]  ? memcg_event_wake+0x230/0x230
[  993.644017][T17791]  ? do_raw_spin_unlock+0x57/0x270
[  993.649141][T17791]  ? _raw_spin_unlock+0x2d/0x50
[  993.654007][T17791]  try_charge+0x102c/0x15c0
[  993.658516][T17791]  ? find_held_lock+0x35/0x130
[  993.663304][T17791]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  993.668951][T17791]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  993.675303][T17791]  ? kasan_check_read+0x11/0x20
[  993.680191][T17791]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  993.685753][T17791]  mem_cgroup_try_charge+0x24d/0x5e0
[  993.691058][T17791]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  993.696704][T17791]  wp_page_copy+0x416/0x1770
[  993.701313][T17791]  ? do_wp_page+0x486/0x1500
[  993.705917][T17791]  ? pmd_pfn+0x1d0/0x1d0
[  993.710179][T17791]  ? lock_downgrade+0x880/0x880
[  993.715156][T17791]  ? swp_swapcount+0x540/0x540
[  993.719927][T17791]  ? kasan_check_read+0x11/0x20
[  993.724790][T17791]  ? do_raw_spin_unlock+0x57/0x270
[  993.729917][T17791]  do_wp_page+0x48e/0x1500
[  993.734375][T17791]  ? finish_mkwrite_fault+0x540/0x540
[  993.739776][T17791]  __handle_mm_fault+0x22e3/0x3eb0
[  993.744906][T17791]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  993.750456][T17791]  ? find_held_lock+0x35/0x130
[  993.755211][T17791]  ? handle_mm_fault+0x292/0xa90
[  993.760154][T17791]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  993.766394][T17791]  ? kasan_check_read+0x11/0x20
[  993.771255][T17791]  handle_mm_fault+0x3b7/0xa90
[  993.776012][T17791]  __do_page_fault+0x5ef/0xda0
[  993.780764][T17791]  do_page_fault+0x71/0x57d
[  993.785254][T17791]  ? page_fault+0x8/0x30
[  993.789500][T17791]  page_fault+0x1e/0x30
[  993.793640][T17791] RIP: 0033:0x403672
[  993.797518][T17791] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 29 86 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 49 3b 05 00 48
[  993.817109][T17791] RSP: 002b:00007fff560dccb0 EFLAGS: 00010246
[  993.823168][T17791] RAX: 0000000000000000 RBX: 00000000000f25d1 RCX: 0000000000412e80
[  993.831142][T17791] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007fff560ddde0
[  993.839110][T17791] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555556b87940
[  993.847073][T17791] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff560ddde0
[  993.855035][T17791] R13: 00007fff560dddd0 R14: 0000000000000000 R15: 00007fff560ddde0
15:53:05 executing program 3:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

[  993.865373][T17791] memory: usage 1520kB, limit 0kB, failcnt 114
[  993.871707][T17791] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  993.876532][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  993.882224][T17791] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  993.894549][T17791] Memory cgroup stats for /syz4: cache:48KB rss:56KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:56KB inactive_file:0KB active_file:0KB unevictable:0KB
[  993.900357][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  993.915188][T17791] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17791,uid=0
[  993.935188][ T8828] bridge0: port 1(bridge_slave_0) entered blocking state
[  993.938898][T17791] Memory cgroup out of memory: Killed process 17791 (syz-executor.4) total-vm:72444kB, anon-rss:76kB, file-rss:34828kB, shmem-rss:0kB
[  993.945621][ T8828] bridge0: port 1(bridge_slave_0) entered forwarding state
[  993.959802][T17799] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  993.968284][ T1044] oom_reaper: reaped process 17791 (syz-executor.4), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
[  993.976942][T17799] CPU: 0 PID: 17799 Comm: syz-executor.3 Not tainted 5.2.0-rc2+ #14
[  993.995673][T17799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  994.000577][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  994.005766][T17799] Call Trace:
[  994.005795][T17799]  dump_stack+0x172/0x1f0
[  994.005818][T17799]  dump_header+0x10f/0xb6c
[  994.005837][T17799]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  994.005853][T17799]  ? ___ratelimit+0x60/0x595
[  994.005880][T17799]  ? do_raw_spin_unlock+0x57/0x270
[  994.016167][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  994.018761][T17799]  oom_kill_process.cold+0x10/0x15
[  994.023723][ T8828] bridge0: port 2(bridge_slave_1) entered blocking state
[  994.027505][T17799]  out_of_memory+0x79a/0x1280
[  994.027529][T17799]  ? oom_killer_disable+0x280/0x280
[  994.027542][T17799]  ? find_held_lock+0x35/0x130
[  994.027568][T17799]  mem_cgroup_out_of_memory+0x1ca/0x230
[  994.027582][T17799]  ? memcg_event_wake+0x230/0x230
[  994.027605][T17799]  ? do_raw_spin_unlock+0x57/0x270
[  994.034058][ T8828] bridge0: port 2(bridge_slave_1) entered forwarding state
[  994.038635][T17799]  ? _raw_spin_unlock+0x2d/0x50
[  994.038656][T17799]  try_charge+0x102c/0x15c0
[  994.038670][T17799]  ? find_held_lock+0x35/0x130
[  994.038692][T17799]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  994.038716][T17799]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  994.048171][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  994.051805][T17799]  ? kasan_check_read+0x11/0x20
[  994.051830][T17799]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  994.051850][T17799]  mem_cgroup_try_charge+0x24d/0x5e0
[  994.058344][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  994.064000][T17799]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  994.064023][T17799]  __handle_mm_fault+0x1e1a/0x3eb0
[  994.064046][T17799]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  994.070526][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  994.074003][T17799]  ? find_held_lock+0x35/0x130
[  994.074024][T17799]  ? handle_mm_fault+0x292/0xa90
[  994.074051][T17799]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  994.080510][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  994.084359][T17799]  ? kasan_check_read+0x11/0x20
[  994.084383][T17799]  handle_mm_fault+0x3b7/0xa90
[  994.084404][T17799]  __do_page_fault+0x5ef/0xda0
[  994.084426][T17799]  do_page_fault+0x71/0x57d
[  994.090885][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  994.094560][T17799]  ? page_fault+0x8/0x30
[  994.094578][T17799]  page_fault+0x1e/0x30
[  994.094590][T17799] RIP: 0033:0x42f79f
[  994.094607][T17799] Code: e8 2f 4e 00 ba 59 0a 00 00 be 08 21 4e 00 bf b0 28 4e 00 e8 e3 b8 ff ff 0f 1f 00 48 83 fe bf 0f 87 63 08 00 00 48 89 f0 41 57 <41> 56 48 83 c0 17 41 55 41 54 55 53 48 89 c5 48 83 e5 f0 48 89 fb
[  994.094623][T17799] RSP: 002b:00007ffd7bb4a000 EFLAGS: 00010217
[  994.106059][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  994.108058][T17799] RAX: 0000000000008030 RBX: 0000000000714640 RCX: 00000000004585e4
[  994.108068][T17799] RDX: 00007ffd7bb4a030 RSI: 0000000000008030 RDI: 0000000000714640
[  994.108077][T17799] RBP: 0000000000008030 R08: 0000000000000001 R09: 0000555556351940
[  994.108085][T17799] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd7bb4b210
[  994.108103][T17799] R13: 00007ffd7bb4b200 R14: 0000000000000000 R15: 00007ffd7bb4b210
[  994.113498][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  994.118569][T17799] memory: usage 3684kB, limit 0kB, failcnt 132606
[  994.158289][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  994.162836][T17799] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  994.182332][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  994.189034][T17799] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  994.205396][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  994.211915][T17799] Memory cgroup stats for /syz3: cache:36KB rss:112KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:112KB inactive_file:56KB active_file:0KB unevictable:0KB
[  994.236029][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  994.274454][T17799] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17799,uid=0
[  994.290093][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  994.304475][T17799] Memory cgroup out of memory: Killed process 17799 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34828kB, shmem-rss:0kB
[  994.322341][ T8828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  994.509882][T17827] device nr0
 entered promiscuous mode
[  994.522814][T17802] 8021q: adding VLAN 0 to HW filter on device bond0
[  994.549936][T17806] team0: Port device team_slave_0 added
15:53:06 executing program 4:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

[  994.972852][T17806] team0: Port device team_slave_1 added
[  995.012357][T17802] 8021q: adding VLAN 0 to HW filter on device team0
[  995.052947][T17803] 8021q: adding VLAN 0 to HW filter on device bond0
[  995.152275][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  995.161851][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  995.218249][T17806] device hsr_slave_0 entered promiscuous mode
[  995.275222][T17806] device hsr_slave_1 entered promiscuous mode
[  995.342831][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  995.351860][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  995.360918][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  995.368045][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  995.376280][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  995.385139][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  995.393495][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  995.400618][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  995.408374][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  995.476611][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  995.485937][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  995.502579][T17803] 8021q: adding VLAN 0 to HW filter on device team0
[  995.560093][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  995.569890][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  995.580524][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  995.589867][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  995.599466][T14418] bridge0: port 1(bridge_slave_0) entered blocking state
[  995.606595][T14418] bridge0: port 1(bridge_slave_0) entered forwarding state
[  995.614787][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  995.676945][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  995.686773][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  995.695469][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  995.703993][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  995.712508][ T8918] bridge0: port 2(bridge_slave_1) entered blocking state
[  995.719643][ T8918] bridge0: port 2(bridge_slave_1) entered forwarding state
[  995.727924][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  995.736952][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  995.745980][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  995.755697][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  995.764102][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  995.772608][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  995.782520][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  995.799322][T17802] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  995.816952][T17802] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  995.874831][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  995.883478][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  995.892167][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  995.901213][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  995.931531][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  995.940269][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  995.949493][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  995.958239][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  995.967118][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  996.029988][T17802] 8021q: adding VLAN 0 to HW filter on device batadv0
[  996.049654][T17803] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  996.077508][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  996.091147][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  996.272035][T17803] 8021q: adding VLAN 0 to HW filter on device batadv0
[  996.292921][T17806] 8021q: adding VLAN 0 to HW filter on device bond0
[  996.402983][T17806] 8021q: adding VLAN 0 to HW filter on device team0
[  996.445944][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  996.457310][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  996.472198][T17840] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  996.484891][T17840] CPU: 1 PID: 17840 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  996.492898][T17840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  996.502964][T17840] Call Trace:
[  996.506266][T17840]  dump_stack+0x172/0x1f0
[  996.506292][T17840]  dump_header+0x10f/0xb6c
[  996.506312][T17840]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  996.506329][T17840]  ? ___ratelimit+0x60/0x595
[  996.506347][T17840]  ? do_raw_spin_unlock+0x57/0x270
[  996.506368][T17840]  oom_kill_process.cold+0x10/0x15
[  996.506387][T17840]  out_of_memory+0x79a/0x1280
[  996.506406][T17840]  ? retint_kernel+0x2b/0x2b
[  996.506424][T17840]  ? oom_killer_disable+0x280/0x280
[  996.506452][T17840]  mem_cgroup_out_of_memory+0x1ca/0x230
[  996.515228][T17840]  ? memcg_event_wake+0x230/0x230
[  996.515252][T17840]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  996.515279][T17840]  ? cgroup_file_notify+0x140/0x1b0
[  996.525669][T17840]  memory_max_write+0x169/0x300
[  996.535870][T17840]  ? mem_cgroup_write+0x360/0x360
[  996.535893][T17840]  ? cgroup_file_write+0x86/0x790
[  996.535913][T17840]  cgroup_file_write+0x241/0x790
[  996.591834][T17840]  ? mem_cgroup_write+0x360/0x360
[  996.596870][T17840]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  996.602498][T17840]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  996.608116][T17840]  kernfs_fop_write+0x2b8/0x480
[  996.612990][T17840]  __vfs_write+0x8a/0x110
[  996.617336][T17840]  ? kernfs_fop_open+0xd80/0xd80
[  996.622299][T17840]  vfs_write+0x20c/0x580
[  996.626570][T17840]  ksys_write+0x14f/0x290
[  996.630920][T17840]  ? __ia32_sys_read+0xb0/0xb0
[  996.635722][T17840]  ? do_syscall_64+0x26/0x680
[  996.640420][T17840]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  996.646505][T17840]  ? do_syscall_64+0x26/0x680
[  996.651202][T17840]  __x64_sys_write+0x73/0xb0
[  996.655821][T17840]  do_syscall_64+0xfd/0x680
[  996.660345][T17840]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  996.666245][T17840] RIP: 0033:0x459279
[  996.670148][T17840] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  996.689768][T17840] RSP: 002b:00007f79c2680c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  996.698169][T17840] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  996.706126][T17840] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  996.714093][T17840] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  996.722055][T17840] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f79c26816d4
[  996.730014][T17840] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  996.755419][T17840] memory: usage 3136kB, limit 0kB, failcnt 524031
[  996.762058][T17840] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  996.772889][T17840] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  996.782559][T17840] Memory cgroup stats for /syz1: cache:4KB rss:2128KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2128KB inactive_file:0KB active_file:0KB unevictable:0KB
[  996.817440][T17840] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17839,uid=0
[  996.835189][T17840] Memory cgroup out of memory: Killed process 17839 (syz-executor.1) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
[  996.852523][ T3059] device bridge_slave_1 left promiscuous mode
[  996.865452][T17847] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  996.876022][ T1044] oom_reaper: reaped process 17839 (syz-executor.1), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB
[  996.876806][ T3059] bridge0: port 2(bridge_slave_1) entered disabled state
[  996.888158][T17847] CPU: 1 PID: 17847 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  996.902143][T17847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  996.912205][T17847] Call Trace:
[  996.915515][T17847]  dump_stack+0x172/0x1f0
[  996.919871][T17847]  dump_header+0x10f/0xb6c
[  996.924305][T17847]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  996.930121][T17847]  ? ___ratelimit+0x60/0x595
[  996.934722][T17847]  ? do_raw_spin_unlock+0x57/0x270
[  996.939851][T17847]  oom_kill_process.cold+0x10/0x15
[  996.944990][T17847]  out_of_memory+0x79a/0x1280
[  996.949690][T17847]  ? oom_killer_disable+0x280/0x280
[  996.954917][T17847]  mem_cgroup_out_of_memory+0x1ca/0x230
[  996.960507][T17847]  ? memcg_event_wake+0x230/0x230
[  996.965560][T17847]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  996.971514][T17847]  ? cgroup_file_notify+0x140/0x1b0
[  996.976737][T17847]  memory_max_write+0x169/0x300
[  996.981607][T17847]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  996.987090][T17847]  ? mem_cgroup_write+0x360/0x360
[  996.992139][T17847]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  996.997619][T17847]  cgroup_file_write+0x241/0x790
[  997.002578][T17847]  ? mem_cgroup_write+0x360/0x360
[  997.007653][T17847]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  997.013327][T17847]  ? kernfs_ops+0x9f/0x120
[  997.017768][T17847]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  997.023413][T17847]  kernfs_fop_write+0x2b8/0x480
[  997.028264][T17847]  __vfs_write+0x8a/0x110
[  997.032712][T17847]  ? kernfs_fop_open+0xd80/0xd80
[  997.037640][T17847]  vfs_write+0x20c/0x580
[  997.041871][T17847]  ksys_write+0x14f/0x290
[  997.046189][T17847]  ? __ia32_sys_read+0xb0/0xb0
[  997.050984][T17847]  ? do_syscall_64+0x26/0x680
[  997.055655][T17847]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  997.061709][T17847]  ? do_syscall_64+0x26/0x680
[  997.066402][T17847]  __x64_sys_write+0x73/0xb0
[  997.070984][T17847]  do_syscall_64+0xfd/0x680
[  997.075477][T17847]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  997.081355][T17847] RIP: 0033:0x459279
[  997.085258][T17847] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  997.104855][T17847] RSP: 002b:00007f38898a2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  997.113273][T17847] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  997.121261][T17847] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  997.129318][T17847] RBP: 000000000075bfc0 R08: 0000000000000000 R09: 0000000000000000
[  997.137310][T17847] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f38898a36d4
[  997.145280][T17847] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  997.191037][T17847] memory: usage 3160kB, limit 0kB, failcnt 229696
[  997.199203][T17847] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  997.209923][ T3059] device bridge_slave_0 left promiscuous mode
[  997.216870][T17847] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  997.217229][ T3059] bridge0: port 1(bridge_slave_0) entered disabled state
[  997.224185][T17847] Memory cgroup stats for /syz2: cache:0KB rss:2228KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2228KB inactive_file:0KB active_file:0KB unevictable:0KB
[  997.263696][T17847] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17844,uid=0
[  997.280820][T17847] Memory cgroup out of memory: Killed process 17844 (syz-executor.2) total-vm:72840kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[  997.298262][ T1044] oom_reaper: reaped process 17844 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB
[  997.307399][T17802] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  997.332781][T17802] CPU: 1 PID: 17802 Comm: syz-executor.1 Not tainted 5.2.0-rc2+ #14
[  997.340823][T17802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  997.350888][T17802] Call Trace:
[  997.354172][T17802]  dump_stack+0x172/0x1f0
[  997.358496][T17802]  dump_header+0x10f/0xb6c
[  997.362919][T17802]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  997.368711][T17802]  ? ___ratelimit+0x60/0x595
[  997.373290][T17802]  ? do_raw_spin_unlock+0x57/0x270
[  997.378477][T17802]  oom_kill_process.cold+0x10/0x15
[  997.383572][T17802]  out_of_memory+0x79a/0x1280
[  997.388245][T17802]  ? oom_killer_disable+0x280/0x280
[  997.393426][T17802]  ? find_held_lock+0x35/0x130
[  997.398182][T17802]  mem_cgroup_out_of_memory+0x1ca/0x230
[  997.403710][T17802]  ? memcg_event_wake+0x230/0x230
[  997.408739][T17802]  ? do_raw_spin_unlock+0x57/0x270
[  997.413842][T17802]  ? _raw_spin_unlock+0x2d/0x50
[  997.418684][T17802]  try_charge+0x102c/0x15c0
[  997.423172][T17802]  ? find_held_lock+0x35/0x130
[  997.427931][T17802]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  997.433470][T17802]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  997.439723][T17802]  ? kasan_check_read+0x11/0x20
[  997.444569][T17802]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  997.450101][T17802]  mem_cgroup_try_charge+0x24d/0x5e0
[  997.455389][T17802]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  997.461013][T17802]  __handle_mm_fault+0x1e1a/0x3eb0
[  997.466113][T17802]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  997.471649][T17802]  ? find_held_lock+0x35/0x130
[  997.476403][T17802]  ? handle_mm_fault+0x292/0xa90
[  997.481333][T17802]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  997.487561][T17802]  ? kasan_check_read+0x11/0x20
[  997.492403][T17802]  handle_mm_fault+0x3b7/0xa90
[  997.497161][T17802]  __do_page_fault+0x5ef/0xda0
[  997.501926][T17802]  do_page_fault+0x71/0x57d
[  997.506414][T17802]  ? page_fault+0x8/0x30
[  997.510638][T17802]  page_fault+0x1e/0x30
[  997.514776][T17802] RIP: 0033:0x431c61
[  997.518675][T17802] Code: 05 78 29 2e 00 c0 0a 43 00 c3 0f 1f 80 00 00 00 00 c7 05 f6 32 64 00 00 00 00 00 c3 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 55 <53> 48 83 ec 08 48 8b 05 5b 29 2e 00 48 85 c0 0f 85 42 01 00 00 48
[  997.538276][T17802] RSP: 002b:00007ffd175af000 EFLAGS: 00010287
[  997.544347][T17802] RAX: 0000000000001000 RBX: 0000000000000003 RCX: 00000000004585e4
[  997.552323][T17802] RDX: 00007ffd175af010 RSI: 00007ffd175af010 RDI: 0000000000008030
[  997.560295][T17802] RBP: 0000000000008000 R08: 0000000000000001 R09: 0000555555e4a940
[  997.568258][T17802] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd175b01f0
[  997.576213][T17802] R13: 00007ffd175b01e0 R14: 0000000000000000 R15: 00007ffd175b01f0
15:53:09 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:53:09 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac540000000300000000000000060000040000002010"], 0x0, 0x25, 0x0, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:53:09 executing program 3:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:53:09 executing program 4:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:53:09 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  997.586964][T17802] memory: usage 752kB, limit 0kB, failcnt 524039
[  997.593318][T17802] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  997.600911][T17802] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  997.609218][T17802] Memory cgroup stats for /syz1: cache:4KB rss:108KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB
[  997.636089][T17802] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=17802,uid=0
[  997.655687][T17802] Memory cgroup out of memory: Killed process 17802 (syz-executor.1) total-vm:72444kB, anon-rss:68kB, file-rss:34828kB, shmem-rss:0kB
[  997.670346][ T1044] oom_reaper: reaped process 17802 (syz-executor.1), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
[  997.681647][T17803] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[  997.707785][T17803] CPU: 1 PID: 17803 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[  997.715824][T17803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  997.725888][T17803] Call Trace:
[  997.729196][T17803]  dump_stack+0x172/0x1f0
[  997.733546][T17803]  dump_header+0x10f/0xb6c
[  997.737985][T17803]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  997.743805][T17803]  ? ___ratelimit+0x60/0x595
[  997.748404][T17803]  ? do_raw_spin_unlock+0x57/0x270
[  997.753532][T17803]  oom_kill_process.cold+0x10/0x15
[  997.758657][T17803]  out_of_memory+0x79a/0x1280
[  997.758682][T17803]  ? oom_killer_disable+0x280/0x280
[  997.758703][T17803]  ? find_held_lock+0x35/0x130
[  997.773347][T17803]  mem_cgroup_out_of_memory+0x1ca/0x230
[  997.778919][T17803]  ? memcg_event_wake+0x230/0x230
[  997.783959][T17803]  ? do_raw_spin_unlock+0x57/0x270
[  997.789112][T17803]  ? _raw_spin_unlock+0x2d/0x50
[  997.789134][T17803]  try_charge+0x102c/0x15c0
[  997.789149][T17803]  ? find_held_lock+0x35/0x130
[  997.789172][T17803]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[  997.789195][T17803]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  997.815076][T17803]  ? kasan_check_read+0x11/0x20
[  997.815106][T17803]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[  997.825503][T17803]  mem_cgroup_try_charge+0x24d/0x5e0
[  997.825526][T17803]  mem_cgroup_try_charge_delay+0x1f/0xa0
[  997.825546][T17803]  wp_page_copy+0x416/0x1770
[  997.825560][T17803]  ? do_wp_page+0x486/0x1500
[  997.825581][T17803]  ? pmd_pfn+0x1d0/0x1d0
[  997.849890][T17803]  ? lock_downgrade+0x880/0x880
[  997.854750][T17803]  ? swp_swapcount+0x540/0x540
[  997.854769][T17803]  ? do_raw_spin_unlock+0x57/0x270
[  997.854785][T17803]  ? kasan_check_read+0x11/0x20
[  997.854807][T17803]  ? do_raw_spin_unlock+0x57/0x270
[  997.854829][T17803]  do_wp_page+0x48e/0x1500
[  997.854850][T17803]  ? finish_mkwrite_fault+0x540/0x540
[  997.869561][T17803]  __handle_mm_fault+0x22e3/0x3eb0
[  997.869585][T17803]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  997.895092][T17803]  ? find_held_lock+0x35/0x130
[  997.895113][T17803]  ? handle_mm_fault+0x292/0xa90
[  997.895139][T17803]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  997.895162][T17803]  ? kasan_check_read+0x11/0x20
[  997.915972][T17803]  handle_mm_fault+0x3b7/0xa90
[  997.920764][T17803]  __do_page_fault+0x5ef/0xda0
[  997.920795][T17803]  do_page_fault+0x71/0x57d
[  997.930068][T17803]  ? page_fault+0x8/0x30
[  997.934326][T17803]  page_fault+0x1e/0x30
[  997.938486][T17803] RIP: 0033:0x430356
[  997.942381][T17803] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 46 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 4c 64 00 85 c0 0f 84
[  997.962002][T17803] RSP: 002b:00007ffff0f36670 EFLAGS: 00010206
[  997.968170][T17803] RAX: 0000000000019691 RBX: 0000000000714640 RCX: 0000000000008041
[  997.976158][T17803] RDX: 0000555555cf4930 RSI: 0000555555cfc970 RDI: 0000000000000003
[  997.984150][T17803] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555cf3940
[  997.992142][T17803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000714698
[  998.000132][T17803] R13: 0000000000714698 R14: 0000000000000000 R15: 0000000000002710
[  998.012780][T17803] memory: usage 780kB, limit 0kB, failcnt 229705
[  998.020164][T17803] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  998.027812][T17803] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[  998.044014][T17803] Memory cgroup stats for /syz2: cache:0KB rss:60KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:60KB inactive_file:0KB active_file:0KB unevictable:0KB
[  998.066121][T17803] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17803,uid=0
[  998.107782][ T3059] device hsr_slave_1 left promiscuous mode
[  998.109754][T17803] Memory cgroup out of memory: Killed process 17803 (syz-executor.2) total-vm:72444kB, anon-rss:72kB, file-rss:34828kB, shmem-rss:0kB
[  998.144888][ T1044] oom_reaper: reaped process 17803 (syz-executor.2), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB
[  998.193954][ T3059] device hsr_slave_0 left promiscuous mode
[  998.240872][ T3059] team0 (unregistering): Port device team_slave_1 removed
[  998.279325][ T3059] team0 (unregistering): Port device team_slave_0 removed
[  998.302908][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_1
[  998.345573][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_0
[  998.451867][ T3059] bond0 (unregistering): Released all slaves
[  998.549940][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  998.558733][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  998.567283][T14425] bridge0: port 1(bridge_slave_0) entered blocking state
[  998.574400][T14425] bridge0: port 1(bridge_slave_0) entered forwarding state
[  998.582206][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  998.591478][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  998.599990][T14425] bridge0: port 2(bridge_slave_1) entered blocking state
[  998.607098][T14425] bridge0: port 2(bridge_slave_1) entered forwarding state
[  998.615613][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  998.624279][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  998.633161][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  998.641663][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  998.650249][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  998.659069][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  998.847498][T17851] device nr0
 entered promiscuous mode
[  999.049812][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  999.058190][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  999.066482][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  999.075506][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  999.083813][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  999.093356][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
15:53:11 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[  999.155477][T17806] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  999.273521][T17806] 8021q: adding VLAN 0 to HW filter on device batadv0
[  999.309129][T17856] IPVS: ftp: loaded support on port[0] = 21
[  999.519179][T17866] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[  999.544994][T17866] CPU: 0 PID: 17866 Comm: syz-executor.5 Not tainted 5.2.0-rc2+ #14
[  999.553005][T17866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  999.553013][T17866] Call Trace:
[  999.553040][T17866]  dump_stack+0x172/0x1f0
[  999.553068][T17866]  dump_header+0x10f/0xb6c
[  999.570782][T17866]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  999.570805][T17866]  ? ___ratelimit+0x60/0x595
[  999.581010][T17866]  ? do_raw_spin_unlock+0x57/0x270
[  999.581036][T17866]  oom_kill_process.cold+0x10/0x15
[  999.581057][T17866]  out_of_memory+0x79a/0x1280
[  999.590736][T17866]  ? __sched_text_start+0x8/0x8
[  999.590758][T17866]  ? oom_killer_disable+0x280/0x280
[  999.590782][T17866]  ? cgroup_file_notify+0x140/0x1b0
[  999.600566][T17866]  mem_cgroup_out_of_memory+0x1ca/0x230
[  999.600588][T17866]  ? memcg_event_wake+0x230/0x230
[  999.610625][T17866]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[  999.610652][T17866]  ? cgroup_file_notify+0x140/0x1b0
[  999.621399][T17866]  memory_max_write+0x169/0x300
[  999.621427][T17866]  ? mem_cgroup_write+0x360/0x360
[  999.632268][T17866]  ? lock_acquire+0x16f/0x3f0
[  999.632287][T17866]  ? kernfs_fop_write+0x227/0x480
[  999.632319][T17866]  cgroup_file_write+0x241/0x790
[  999.642345][T17866]  ? mem_cgroup_write+0x360/0x360
[  999.642363][T17866]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  999.642386][T17866]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[  999.652077][T17866]  kernfs_fop_write+0x2b8/0x480
[  999.652099][T17866]  __vfs_write+0x8a/0x110
[  999.652119][T17866]  ? kernfs_fop_open+0xd80/0xd80
[  999.662147][T17866]  vfs_write+0x20c/0x580
[  999.662177][T17866]  ksys_write+0x14f/0x290
[  999.672819][T17866]  ? __ia32_sys_read+0xb0/0xb0
[  999.672841][T17866]  ? do_syscall_64+0x26/0x680
[  999.672866][T17866]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  999.683329][T17866]  ? do_syscall_64+0x26/0x680
[  999.683352][T17866]  __x64_sys_write+0x73/0xb0
[  999.683373][T17866]  do_syscall_64+0xfd/0x680
[  999.692629][T17866]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  999.692643][T17866] RIP: 0033:0x459279
[  999.692665][T17866] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  999.701208][T17866] RSP: 002b:00007fdcb413cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  999.701225][T17866] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[  999.701233][T17866] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  999.701250][T17866] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[  999.710673][T17866] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdcb413d6d4
[  999.710684][T17866] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[  999.866859][T17856] chnl_net:caif_netlink_parms(): no params data found
[  999.950542][T17866] memory: usage 3108kB, limit 0kB, failcnt 212050
[  999.956280][T17867] IPVS: ftp: loaded support on port[0] = 21
[  999.973751][T17866] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[  999.981812][T17866] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1000.001592][T17866] Memory cgroup stats for /syz5: cache:176KB rss:2176KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2176KB inactive_file:132KB active_file:0KB unevictable:0KB
[ 1000.035708][T17866] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17864,uid=0
[ 1000.056672][T17856] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1000.063818][T17856] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1000.083052][T17856] device bridge_slave_0 entered promiscuous mode
[ 1000.090936][T17866] Memory cgroup out of memory: Killed process 17864 (syz-executor.5) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[ 1000.121146][ T1044] oom_reaper: reaped process 17864 (syz-executor.5), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB
[ 1000.157015][T17856] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1000.164105][T17856] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1000.172530][T17856] device bridge_slave_1 entered promiscuous mode
[ 1000.208417][T17856] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 1000.227966][T17856] bond0: Enslaving bond_slave_1 as an active interface with an up link
15:53:12 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:53:12 executing program 2:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:53:12 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac540000000300000000000000060000040000002010"], 0x0, 0x25, 0x0, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:53:12 executing program 1:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[ 1000.274865][T17856] team0: Port device team_slave_0 added
[ 1000.287595][T17806] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1000.355257][T17806] CPU: 0 PID: 17806 Comm: syz-executor.5 Not tainted 5.2.0-rc2+ #14
[ 1000.363295][T17806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1000.373362][T17806] Call Trace:
[ 1000.376666][T17806]  dump_stack+0x172/0x1f0
[ 1000.381005][T17806]  dump_header+0x10f/0xb6c
[ 1000.385431][T17806]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 1000.391241][T17806]  ? ___ratelimit+0x60/0x595
[ 1000.395839][T17806]  ? do_raw_spin_unlock+0x57/0x270
[ 1000.400958][T17806]  oom_kill_process.cold+0x10/0x15
[ 1000.406079][T17806]  out_of_memory+0x79a/0x1280
[ 1000.410764][T17806]  ? lock_downgrade+0x880/0x880
[ 1000.415631][T17806]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1000.421886][T17806]  ? oom_killer_disable+0x280/0x280
[ 1000.427089][T17806]  ? find_held_lock+0x35/0x130
[ 1000.431865][T17806]  mem_cgroup_out_of_memory+0x1ca/0x230
[ 1000.437418][T17806]  ? memcg_event_wake+0x230/0x230
[ 1000.442456][T17806]  ? do_raw_spin_unlock+0x57/0x270
[ 1000.447573][T17806]  ? _raw_spin_unlock+0x2d/0x50
[ 1000.452432][T17806]  try_charge+0x102c/0x15c0
[ 1000.456939][T17806]  ? find_held_lock+0x35/0x130
[ 1000.461714][T17806]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 1000.467273][T17806]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1000.473528][T17806]  ? kasan_check_read+0x11/0x20
[ 1000.478394][T17806]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[ 1000.483945][T17806]  mem_cgroup_try_charge+0x24d/0x5e0
[ 1000.489240][T17806]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 1000.494883][T17806]  __handle_mm_fault+0x1e1a/0x3eb0
[ 1000.500008][T17806]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1000.505559][T17806]  ? find_held_lock+0x35/0x130
[ 1000.510338][T17806]  ? handle_mm_fault+0x292/0xa90
[ 1000.515290][T17806]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1000.521544][T17806]  ? kasan_check_read+0x11/0x20
[ 1000.526421][T17806]  handle_mm_fault+0x3b7/0xa90
[ 1000.531194][T17806]  __do_page_fault+0x5ef/0xda0
[ 1000.535971][T17806]  do_page_fault+0x71/0x57d
[ 1000.540482][T17806]  ? page_fault+0x8/0x30
[ 1000.544730][T17806]  page_fault+0x1e/0x30
[ 1000.548887][T17806] RIP: 0033:0x403672
[ 1000.552787][T17806] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 29 86 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 49 3b 05 00 48
[ 1000.572400][T17806] RSP: 002b:00007ffd44738e30 EFLAGS: 00010246
[ 1000.578465][T17806] RAX: 0000000000000000 RBX: 00000000000f403d RCX: 0000000000412e80
[ 1000.586441][T17806] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd44739f60
[ 1000.594413][T17806] RBP: 0000000000000002 R08: 0000000000000001 R09: 00005555568ea940
[ 1000.602385][T17806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd44739f60
[ 1000.610357][T17806] R13: 00007ffd44739f50 R14: 0000000000000000 R15: 00007ffd44739f60
[ 1000.630413][T17856] team0: Port device team_slave_1 added
[ 1000.635824][T17806] memory: usage 780kB, limit 0kB, failcnt 212063
[ 1000.642324][T17806] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1000.642334][T17806] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1000.642342][T17806] Memory cgroup stats for /syz5: cache:176KB rss:68KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:68KB inactive_file:132KB active_file:0KB unevictable:0KB
[ 1000.788454][T17872] device nr0
 entered promiscuous mode
[ 1000.824442][T17806] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17806,uid=0
[ 1000.857432][T17856] device hsr_slave_0 entered promiscuous mode
[ 1000.864395][T17806] Memory cgroup out of memory: Killed process 17806 (syz-executor.5) total-vm:72444kB, anon-rss:72kB, file-rss:34828kB, shmem-rss:0kB
[ 1000.904854][T17856] device hsr_slave_1 entered promiscuous mode
[ 1000.910408][ T1044] oom_reaper: reaped process 17806 (syz-executor.5), now anon-rss:0kB, file-rss:33932kB, shmem-rss:0kB
[ 1000.953033][T17867] chnl_net:caif_netlink_parms(): no params data found
15:53:12 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac540000000300000000000000060000040000002010"], 0x0, 0x25, 0x0, 0x1}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:53:13 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

[ 1001.494624][T17867] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1001.501724][T17867] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1001.509778][T17867] device bridge_slave_0 entered promiscuous mode
[ 1001.521093][T17880] device nr0
 entered promiscuous mode
[ 1001.569195][T17867] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1001.584458][T17867] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1001.593094][T17867] device bridge_slave_1 entered promiscuous mode
15:53:13 executing program 5:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)
openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0)

15:53:13 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac540000000300000000000000060000040000002010"], 0x0, 0x25}, 0x20)
write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

[ 1001.679024][T17867] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 1001.710182][T17867] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 1001.753052][T17856] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1001.836419][T17887] device nr0
 entered promiscuous mode
[ 1001.869588][T17856] 8021q: adding VLAN 0 to HW filter on device team0
[ 1001.886646][T17867] team0: Port device team_slave_0 added
[ 1001.896635][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1001.914959][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1001.937036][T17867] team0: Port device team_slave_1 added
[ 1001.940185][T17888] IPVS: ftp: loaded support on port[0] = 21
[ 1001.950762][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1001.966634][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1002.022411][T14418] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1002.029569][T14418] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1002.092061][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1002.121437][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1002.145659][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1002.154141][ T8848] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1002.161261][ T8848] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1002.201708][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1002.210737][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1002.278018][T17867] device hsr_slave_0 entered promiscuous mode
[ 1002.334937][T17867] device hsr_slave_1 entered promiscuous mode
[ 1002.378514][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1002.381897][T17891] IPVS: ftp: loaded support on port[0] = 21
[ 1002.387895][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1002.401999][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1002.411193][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1002.420459][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1002.428889][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1002.455843][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1002.463787][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1002.472953][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1002.488406][T17856] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1002.574145][T17856] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1002.690134][T17891] chnl_net:caif_netlink_parms(): no params data found
[ 1002.853982][T17867] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1002.891688][T17898] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1002.902483][T17898] CPU: 0 PID: 17898 Comm: syz-executor.4 Not tainted 5.2.0-rc2+ #14
[ 1002.910465][T17898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1002.920544][T17898] Call Trace:
[ 1002.923855][T17898]  dump_stack+0x172/0x1f0
[ 1002.928201][T17898]  dump_header+0x10f/0xb6c
[ 1002.932633][T17898]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 1002.938459][T17898]  ? ___ratelimit+0x60/0x595
[ 1002.943059][T17898]  ? do_raw_spin_unlock+0x57/0x270
[ 1002.948194][T17898]  oom_kill_process.cold+0x10/0x15
[ 1002.953335][T17898]  out_of_memory+0x79a/0x1280
[ 1002.958025][T17898]  ? lock_downgrade+0x880/0x880
[ 1002.962885][T17898]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1002.969133][T17898]  ? oom_killer_disable+0x280/0x280
[ 1002.974336][T17898]  ? find_held_lock+0x35/0x130
[ 1002.979124][T17898]  mem_cgroup_out_of_memory+0x1ca/0x230
[ 1002.984675][T17898]  ? memcg_event_wake+0x230/0x230
[ 1002.989712][T17898]  ? do_raw_spin_unlock+0x57/0x270
[ 1002.994827][T17898]  ? _raw_spin_unlock+0x2d/0x50
[ 1002.999689][T17898]  try_charge+0x102c/0x15c0
[ 1003.004194][T17898]  ? find_held_lock+0x35/0x130
[ 1003.008975][T17898]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 1003.014530][T17898]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1003.020776][T17898]  ? kasan_check_read+0x11/0x20
[ 1003.025781][T17898]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[ 1003.031342][T17898]  mem_cgroup_try_charge+0x24d/0x5e0
[ 1003.036640][T17898]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 1003.042282][T17898]  __handle_mm_fault+0x1e1a/0x3eb0
[ 1003.047409][T17898]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1003.052957][T17898]  ? find_held_lock+0x35/0x130
[ 1003.057732][T17898]  ? handle_mm_fault+0x292/0xa90
[ 1003.062692][T17898]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1003.068945][T17898]  ? kasan_check_read+0x11/0x20
[ 1003.073813][T17898]  handle_mm_fault+0x3b7/0xa90
[ 1003.078589][T17898]  __do_page_fault+0x5ef/0xda0
[ 1003.083367][T17898]  do_page_fault+0x71/0x57d
[ 1003.087874][T17898]  ? page_fault+0x8/0x30
[ 1003.092125][T17898]  page_fault+0x1e/0x30
[ 1003.096284][T17898] RIP: 0033:0x410bbf
[ 1003.100185][T17898] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[ 1003.119811][T17898] RSP: 002b:00007ffe13971420 EFLAGS: 00010206
[ 1003.125889][T17898] RAX: 00007feac1e13000 RBX: 0000000000020000 RCX: 00000000004592ca
[ 1003.133866][T17898] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[ 1003.141845][T17898] RBP: 00007ffe13971500 R08: ffffffffffffffff R09: 0000000000000000
[ 1003.149823][T17898] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe139715f0
[ 1003.157803][T17898] R13: 00007feac1e33700 R14: 0000000000000001 R15: 000000000075bfcc
[ 1003.184822][T17898] memory: usage 3612kB, limit 0kB, failcnt 123
[ 1003.191123][T17898] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1003.212670][T17898] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1003.224520][T17898] Memory cgroup stats for /syz4: cache:48KB rss:2136KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2136KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 1003.258760][T17898] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17898,uid=0
[ 1003.288993][T17898] Memory cgroup out of memory: Killed process 17898 (syz-executor.4) total-vm:72708kB, anon-rss:2140kB, file-rss:34816kB, shmem-rss:0kB
[ 1003.320350][ T1044] oom_reaper: reaped process 17898 (syz-executor.4), now anon-rss:0kB, file-rss:34884kB, shmem-rss:0kB
[ 1003.378919][T17856] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
[ 1003.394481][T17856] CPU: 1 PID: 17856 Comm: syz-executor.4 Not tainted 5.2.0-rc2+ #14
[ 1003.402469][T17856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1003.412522][T17856] Call Trace:
[ 1003.415829][T17856]  dump_stack+0x172/0x1f0
[ 1003.420171][T17856]  dump_header+0x10f/0xb6c
[ 1003.424597][T17856]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 1003.430407][T17856]  ? ___ratelimit+0x60/0x595
[ 1003.435005][T17856]  ? do_raw_spin_unlock+0x57/0x270
[ 1003.440125][T17856]  oom_kill_process.cold+0x10/0x15
[ 1003.445254][T17856]  out_of_memory+0x79a/0x1280
[ 1003.449937][T17856]  ? lock_downgrade+0x880/0x880
[ 1003.454788][T17856]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1003.461039][T17856]  ? oom_killer_disable+0x280/0x280
[ 1003.466239][T17856]  ? find_held_lock+0x35/0x130
[ 1003.471026][T17856]  mem_cgroup_out_of_memory+0x1ca/0x230
[ 1003.476574][T17856]  ? memcg_event_wake+0x230/0x230
[ 1003.481612][T17856]  ? do_raw_spin_unlock+0x57/0x270
[ 1003.486747][T17856]  ? _raw_spin_unlock+0x2d/0x50
[ 1003.491609][T17856]  try_charge+0x102c/0x15c0
[ 1003.496114][T17856]  ? find_held_lock+0x35/0x130
[ 1003.500889][T17856]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 1003.506440][T17856]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1003.512688][T17856]  ? kasan_check_read+0x11/0x20
[ 1003.517547][T17856]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[ 1003.523099][T17856]  mem_cgroup_try_charge+0x24d/0x5e0
[ 1003.528394][T17856]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 1003.534129][T17856]  wp_page_copy+0x416/0x1770
[ 1003.538725][T17856]  ? do_wp_page+0x486/0x1500
[ 1003.543350][T17856]  ? pmd_pfn+0x1d0/0x1d0
[ 1003.547606][T17856]  ? lock_downgrade+0x880/0x880
[ 1003.552467][T17856]  ? swp_swapcount+0x540/0x540
[ 1003.557232][T17856]  ? do_raw_spin_unlock+0x57/0x270
[ 1003.562350][T17856]  ? kasan_check_read+0x11/0x20
[ 1003.567205][T17856]  ? do_raw_spin_unlock+0x57/0x270
[ 1003.572320][T17856]  do_wp_page+0x48e/0x1500
[ 1003.576749][T17856]  ? finish_mkwrite_fault+0x540/0x540
[ 1003.582135][T17856]  __handle_mm_fault+0x22e3/0x3eb0
[ 1003.587255][T17856]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1003.592813][T17856]  ? find_held_lock+0x35/0x130
[ 1003.597580][T17856]  ? handle_mm_fault+0x292/0xa90
[ 1003.602529][T17856]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1003.608772][T17856]  ? kasan_check_read+0x11/0x20
[ 1003.613636][T17856]  handle_mm_fault+0x3b7/0xa90
[ 1003.618413][T17856]  __do_page_fault+0x5ef/0xda0
[ 1003.623197][T17856]  do_page_fault+0x71/0x57d
[ 1003.627707][T17856]  ? page_fault+0x8/0x30
[ 1003.631962][T17856]  page_fault+0x1e/0x30
[ 1003.636125][T17856] RIP: 0033:0x430356
[ 1003.640023][T17856] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 46 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 0c 4c 64 00 85 c0 0f 84
[ 1003.659644][T17856] RSP: 002b:00007ffe13970430 EFLAGS: 00010206
[ 1003.665712][T17856] RAX: 0000000000019691 RBX: 0000000000714640 RCX: 0000000000008041
[ 1003.673683][T17856] RDX: 0000555556d48930 RSI: 0000555556d50970 RDI: 0000000000000003
[ 1003.681655][T17856] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555556d47940
[ 1003.689621][T17856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000714698
[ 1003.697595][T17856] R13: 0000000000714698 R14: 0000000000000000 R15: 0000000000002710
[ 1003.717548][T17856] memory: usage 1260kB, limit 0kB, failcnt 132
[ 1003.723726][T17856] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1003.732477][T17856] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1003.739696][T17856] Memory cgroup stats for /syz4: cache:48KB rss:76KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:76KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 1003.761655][T17856] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17856,uid=0
[ 1003.777557][T17856] Memory cgroup out of memory: Killed process 17856 (syz-executor.4) total-vm:72444kB, anon-rss:72kB, file-rss:34828kB, shmem-rss:0kB
[ 1003.808414][ T1044] oom_reaper: reaped process 17856 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB
[ 1004.790386][T17888] chnl_net:caif_netlink_parms(): no params data found
[ 1004.801577][T17891] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1004.808794][T17891] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1004.818127][T17891] device bridge_slave_0 entered promiscuous mode
[ 1004.841331][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1004.849217][T14418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1004.864007][T17902] IPVS: ftp: loaded support on port[0] = 21
[ 1005.091414][T17891] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1005.099280][T17891] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1005.109527][T17891] device bridge_slave_1 entered promiscuous mode
[ 1005.149567][T17867] 8021q: adding VLAN 0 to HW filter on device team0
[ 1005.176250][T17891] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 1005.197505][T17888] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1005.214936][T17888] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1005.223074][T17888] device bridge_slave_0 entered promiscuous mode
[ 1006.029517][T17891] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 1006.046487][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1006.057567][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1006.066461][ T8825] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1006.073507][ T8825] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1006.081448][T17888] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1006.088763][T17888] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1006.098890][T17888] device bridge_slave_1 entered promiscuous mode
[ 1006.132665][T17891] team0: Port device team_slave_0 added
[ 1006.146297][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1006.156378][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1006.166356][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1006.175712][ T8918] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1006.182777][ T8918] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1006.190533][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1006.221939][T17888] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 1007.027260][T17891] team0: Port device team_slave_1 added
[ 1007.047607][T17888] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 1007.082144][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1007.098679][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1007.108832][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1007.920968][T17888] team0: Port device team_slave_0 added
[ 1007.933814][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1007.944847][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1007.953587][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1007.967359][T17888] team0: Port device team_slave_1 added
[ 1007.996265][T17891] device hsr_slave_0 entered promiscuous mode
[ 1008.054788][T17891] device hsr_slave_1 entered promiscuous mode
[ 1008.131821][T17867] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1008.142297][T17867] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1008.174023][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1008.183789][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1008.192984][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1008.202038][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1009.019092][T17888] device hsr_slave_0 entered promiscuous mode
[ 1009.064892][T17888] device hsr_slave_1 entered promiscuous mode
[ 1009.106981][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1009.977463][T17902] chnl_net:caif_netlink_parms(): no params data found
[ 1009.989506][T17867] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1011.042801][T17910] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1011.075030][T17910] CPU: 1 PID: 17910 Comm: syz-executor.3 Not tainted 5.2.0-rc2+ #14
[ 1011.083045][T17910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1011.093435][T17910] Call Trace:
[ 1011.096739][T17910]  dump_stack+0x172/0x1f0
[ 1011.101087][T17910]  dump_header+0x10f/0xb6c
[ 1011.105619][T17910]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 1011.111443][T17910]  ? ___ratelimit+0x60/0x595
[ 1011.116051][T17910]  ? do_raw_spin_unlock+0x57/0x270
[ 1011.121187][T17910]  oom_kill_process.cold+0x10/0x15
[ 1011.126317][T17910]  out_of_memory+0x79a/0x1280
[ 1011.131013][T17910]  ? __sched_text_start+0x8/0x8
[ 1011.135890][T17910]  ? oom_killer_disable+0x280/0x280
[ 1011.141123][T17910]  mem_cgroup_out_of_memory+0x1ca/0x230
[ 1011.146769][T17910]  ? memcg_event_wake+0x230/0x230
[ 1011.151828][T17910]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[ 1011.157644][T17910]  ? cgroup_file_notify+0x140/0x1b0
[ 1011.162856][T17910]  memory_max_write+0x169/0x300
[ 1011.167724][T17910]  ? mem_cgroup_write+0x360/0x360
[ 1011.172760][T17910]  ? mem_cgroup_write+0x360/0x360
[ 1011.177800][T17910]  cgroup_file_write+0x241/0x790
[ 1011.182753][T17910]  ? mem_cgroup_write+0x360/0x360
[ 1011.187790][T17910]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[ 1011.193443][T17910]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[ 1011.199082][T17910]  kernfs_fop_write+0x2b8/0x480
[ 1011.203948][T17910]  __vfs_write+0x8a/0x110
[ 1011.208283][T17910]  ? kernfs_fop_open+0xd80/0xd80
[ 1011.213233][T17910]  vfs_write+0x20c/0x580
[ 1011.217490][T17910]  ksys_write+0x14f/0x290
[ 1011.221837][T17910]  ? __ia32_sys_read+0xb0/0xb0
[ 1011.226612][T17910]  ? do_syscall_64+0x26/0x680
[ 1011.231642][T17910]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1011.237719][T17910]  ? do_syscall_64+0x26/0x680
[ 1011.242437][T17910]  __x64_sys_write+0x73/0xb0
[ 1011.247039][T17910]  do_syscall_64+0xfd/0x680
[ 1011.251560][T17910]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1011.257454][T17910] RIP: 0033:0x459279
[ 1011.261356][T17910] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1011.280976][T17910] RSP: 002b:00007fe9867e3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1011.289408][T17910] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[ 1011.297418][T17910] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008
[ 1011.305398][T17910] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1011.313379][T17910] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe9867e46d4
[ 1011.321358][T17910] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[ 1011.346395][T17910] memory: usage 5636kB, limit 0kB, failcnt 132607
[ 1011.353173][T17910] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1011.361499][T17910] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1011.369370][T17910] Memory cgroup stats for /syz3: cache:36KB rss:2220KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2220KB inactive_file:56KB active_file:0KB unevictable:0KB
[ 1011.392650][T17910] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17909,uid=0
[ 1011.409524][T17910] Memory cgroup out of memory: Killed process 17909 (syz-executor.3) total-vm:72708kB, anon-rss:2136kB, file-rss:34816kB, shmem-rss:0kB
15:53:23 executing program 3:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

15:53:23 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
[ 1011.444221][ T1044] oom_reaper: reaped process 17909 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB
[ 1011.486264][T17867] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac540000000300000000000000060000040000002010"], 0x0, 0x25}, 0x20)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

15:53:23 executing program 4:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r4 = openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_int(r4, 0x0, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[ 1011.514529][T17867] CPU: 0 PID: 17867 Comm: syz-executor.3 Not tainted 5.2.0-rc2+ #14
[ 1011.522552][T17867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1011.532619][T17867] Call Trace:
[ 1011.535924][T17867]  dump_stack+0x172/0x1f0
[ 1011.540269][T17867]  dump_header+0x10f/0xb6c
[ 1011.544709][T17867]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 1011.550528][T17867]  ? ___ratelimit+0x60/0x595
[ 1011.555130][T17867]  ? do_raw_spin_unlock+0x57/0x270
[ 1011.560256][T17867]  oom_kill_process.cold+0x10/0x15
[ 1011.565385][T17867]  out_of_memory+0x79a/0x1280
[ 1011.570078][T17867]  ? lock_downgrade+0x880/0x880
[ 1011.574935][T17867]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1011.581187][T17867]  ? oom_killer_disable+0x280/0x280
[ 1011.586388][T17867]  ? find_held_lock+0x35/0x130
[ 1011.591168][T17867]  mem_cgroup_out_of_memory+0x1ca/0x230
[ 1011.596719][T17867]  ? memcg_event_wake+0x230/0x230
[ 1011.601757][T17867]  ? do_raw_spin_unlock+0x57/0x270
[ 1011.606878][T17867]  ? _raw_spin_unlock+0x2d/0x50
[ 1011.611740][T17867]  try_charge+0x102c/0x15c0
[ 1011.616252][T17867]  ? find_held_lock+0x35/0x130
[ 1011.621044][T17867]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 1011.626606][T17867]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1011.632870][T17867]  ? kasan_check_read+0x11/0x20
[ 1011.637741][T17867]  ? get_mem_cgroup_from_mm+0x128/0x2b0
[ 1011.643297][T17867]  mem_cgroup_try_charge+0x24d/0x5e0
[ 1011.648601][T17867]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 1011.654246][T17867]  __handle_mm_fault+0x1e1a/0x3eb0
[ 1011.659375][T17867]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1011.664930][T17867]  ? find_held_lock+0x35/0x130
[ 1011.669698][T17867]  ? handle_mm_fault+0x292/0xa90
[ 1011.674662][T17867]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1011.680914][T17867]  ? kasan_check_read+0x11/0x20
[ 1011.685780][T17867]  handle_mm_fault+0x3b7/0xa90
[ 1011.690555][T17867]  __do_page_fault+0x5ef/0xda0
[ 1011.695339][T17867]  do_page_fault+0x71/0x57d
[ 1011.699855][T17867]  ? page_fault+0x8/0x30
[ 1011.704107][T17867]  page_fault+0x1e/0x30
[ 1011.708264][T17867] RIP: 0033:0x403672
[ 1011.712166][T17867] Code: 55 41 54 49 89 fc 55 53 48 81 ec b8 10 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 10 00 00 31 c0 be 02 00 00 00 4c 89 e7 <e8> 29 86 05 00 85 c0 0f 84 00 03 00 00 4c 89 e7 e8 49 3b 05 00 48
[ 1011.731867][T17867] RSP: 002b:00007ffc73e85f50 EFLAGS: 00010246
[ 1011.737940][T17867] RAX: 0000000000000000 RBX: 00000000000f6d6d RCX: 0000000000412e80
[ 1011.745913][T17867] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffc73e87080
[ 1011.753889][T17867] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000555557360940
[ 1011.761865][T17867] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc73e87080
[ 1011.769838][T17867] R13: 00007ffc73e87070 R14: 0000000000000000 R15: 00007ffc73e87080
[ 1011.797079][T17867] memory: usage 3260kB, limit 0kB, failcnt 132615
[ 1011.805952][T17867] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1011.830833][T17867] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1011.853880][T17867] Memory cgroup stats for /syz3: cache:36KB rss:120KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:120KB inactive_file:56KB active_file:0KB unevictable:0KB
[ 1011.996058][T17867] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=17867,uid=0
[ 1012.011730][T17867] Memory cgroup out of memory: Killed process 17867 (syz-executor.3) total-vm:72444kB, anon-rss:68kB, file-rss:34828kB, shmem-rss:0kB
[ 1012.028124][ T1044] oom_reaper: reaped process 17867 (syz-executor.3), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB
[ 1012.198993][T17891] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1012.436887][T17888] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1012.452161][T17891] 8021q: adding VLAN 0 to HW filter on device team0
[ 1012.464527][T17902] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1012.471623][T17902] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1012.480216][T17902] device bridge_slave_0 entered promiscuous mode
[ 1012.488801][T17902] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1012.497496][T17902] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1012.505800][T17902] device bridge_slave_1 entered promiscuous mode
[ 1012.513192][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1012.521551][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
15:53:24 executing program 3:
socket$kcm(0xa, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_config_ext, 0x1024}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r0, 0xffffffffffffff7b, 0x0}, 0xada40fcc)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xfffffffffffffe17)
gettid()
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000100)="9e4301000080000000021fe4ac14140ceb", 0x11}], 0x1}, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x7)
mkdirat$cgroup(r3, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
openat$cgroup_int(r1, &(0x7f0000000040)='memory.max\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, 0x0}, 0x20)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, 0xffffffffffffffff)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_type(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000120081f87059ae08060c04000a006b10400103fe0500018701546fabca1b4e7d06a6bd7c493872f750375ed08a562ad6e74703c48f93b82a02000000461eb886a5e54e8ff5314461", 0x4c}], 0x1}, 0x0)
write$cgroup_pid(r0, 0x0, 0x0)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000240)=r0)

[ 1012.547195][T17888] 8021q: adding VLAN 0 to HW filter on device team0
[ 1012.557736][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1012.565724][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
15:53:24 executing program 0:
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000140)="40c74adc7724e27d876f441d952bf111375896d876c4ed0f2e703cd5f8b64ff3cd946b507daea1c09fc1fe6c"}, 0x20)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x2, 0x0)
socketpair(0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'nr0\x01\x00', 0x4009})
r1 = socket$kcm(0x29, 0x2, 0x0)
ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000440)=0xa7)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A')
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000005400c2ac540000000300000000000000060000040000002010"], 0x0, 0x25}, 0x20)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd', 0x7}]}, 0x90ad)

[ 1012.606472][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1012.625231][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1012.665068][T14425] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1012.672171][T14425] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1012.698060][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1012.708168][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1012.716883][T14425] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1012.723998][T14425] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1012.732093][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1012.741037][T14425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1013.675030][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1013.684157][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1013.696397][ T8825] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1013.703470][ T8825] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1013.711362][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1013.720022][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1013.728540][ T8825] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1013.735651][ T8825] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1013.743234][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1013.752224][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1013.761102][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1013.769948][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1013.780086][ T8825] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1013.790537][T17902] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 1013.804156][T17919] device nr0
 entered promiscuous mode
[ 1013.830160][ T3059] device bridge_slave_1 left promiscuous mode
[ 1013.836635][ T3059] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1013.877108][ T3059] device bridge_slave_0 left promiscuous mode
[ 1013.883345][ T3059] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1013.935914][ T3059] device bridge_slave_1 left promiscuous mode
[ 1013.942081][ T3059] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1013.995937][ T3059] device bridge_slave_0 left promiscuous mode
[ 1014.002130][ T3059] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1014.046719][ T3059] device bridge_slave_1 left promiscuous mode
[ 1014.052971][ T3059] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1014.095856][ T3059] device bridge_slave_0 left promiscuous mode
[ 1014.102112][ T3059] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1014.156632][ T3059] device bridge_slave_1 left promiscuous mode
[ 1014.162822][ T3059] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1014.205742][ T3059] device bridge_slave_0 left promiscuous mode
[ 1014.211923][ T3059] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1014.257123][ T3059] device bridge_slave_1 left promiscuous mode
[ 1014.263366][ T3059] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1014.305929][ T3059] device bridge_slave_0 left promiscuous mode
[ 1014.312138][ T3059] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1014.366840][ T3059] device bridge_slave_1 left promiscuous mode
[ 1014.373086][ T3059] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1014.425642][ T3059] device bridge_slave_0 left promiscuous mode
[ 1014.431877][ T3059] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1014.488536][ T3059] device bridge_slave_1 left promiscuous mode
[ 1014.496557][ T3059] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1014.545681][ T3059] device bridge_slave_0 left promiscuous mode
[ 1014.552004][ T3059] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1014.616714][ T3059] device bridge_slave_1 left promiscuous mode
[ 1014.622989][ T3059] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1014.685528][ T3059] device bridge_slave_0 left promiscuous mode
[ 1014.691892][ T3059] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1014.728734][ T3059] device bridge_slave_1 left promiscuous mode
[ 1014.735699][ T3059] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1014.785250][ T3059] device bridge_slave_0 left promiscuous mode
[ 1014.791436][ T3059] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1014.855890][ T3059] device bridge_slave_1 left promiscuous mode
[ 1014.862063][ T3059] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1014.905776][ T3059] device bridge_slave_0 left promiscuous mode
[ 1014.912104][ T3059] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1036.888037][ T3059] device hsr_slave_1 left promiscuous mode
[ 1036.930737][ T3059] device hsr_slave_0 left promiscuous mode
[ 1036.995856][ T3059] team0 (unregistering): Port device team_slave_1 removed
[ 1037.008648][ T3059] team0 (unregistering): Port device team_slave_0 removed
[ 1037.021841][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 1037.083560][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 1037.183860][ T3059] bond0 (unregistering): Released all slaves
[ 1037.338067][ T3059] device hsr_slave_1 left promiscuous mode
[ 1037.390559][ T3059] device hsr_slave_0 left promiscuous mode
[ 1037.440979][ T3059] team0 (unregistering): Port device team_slave_1 removed
[ 1037.453368][ T3059] team0 (unregistering): Port device team_slave_0 removed
[ 1037.467605][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 1037.501059][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 1037.593296][ T3059] bond0 (unregistering): Released all slaves
[ 1037.738357][ T3059] device hsr_slave_1 left promiscuous mode
[ 1037.780816][ T3059] device hsr_slave_0 left promiscuous mode
[ 1037.840174][ T3059] team0 (unregistering): Port device team_slave_1 removed
[ 1037.853388][ T3059] team0 (unregistering): Port device team_slave_0 removed
[ 1037.869698][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 1037.922058][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 1038.044926][ T3059] bond0 (unregistering): Released all slaves
[ 1038.188326][ T3059] device hsr_slave_1 left promiscuous mode
[ 1038.230707][ T3059] device hsr_slave_0 left promiscuous mode
[ 1038.290130][ T3059] team0 (unregistering): Port device team_slave_1 removed
[ 1038.302898][ T3059] team0 (unregistering): Port device team_slave_0 removed
[ 1038.316793][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 1038.351874][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 1038.425234][ T3059] bond0 (unregistering): Released all slaves
[ 1038.618361][ T3059] device hsr_slave_1 left promiscuous mode
[ 1038.658945][ T3059] device hsr_slave_0 left promiscuous mode
[ 1038.720136][ T3059] team0 (unregistering): Port device team_slave_1 removed
[ 1038.733233][ T3059] team0 (unregistering): Port device team_slave_0 removed
[ 1038.746904][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 1038.779327][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 1038.877695][ T3059] bond0 (unregistering): Released all slaves
[ 1039.018434][ T3059] device hsr_slave_1 left promiscuous mode
[ 1039.080412][ T3059] device hsr_slave_0 left promiscuous mode
[ 1039.140365][ T3059] team0 (unregistering): Port device team_slave_1 removed
[ 1039.153849][ T3059] team0 (unregistering): Port device team_slave_0 removed
[ 1039.168053][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 1039.231860][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 1039.333363][ T3059] bond0 (unregistering): Released all slaves
[ 1039.478219][ T3059] device hsr_slave_1 left promiscuous mode
[ 1039.526026][ T3059] device hsr_slave_0 left promiscuous mode
[ 1039.581998][ T3059] team0 (unregistering): Port device team_slave_1 removed
[ 1039.593890][ T3059] team0 (unregistering): Port device team_slave_0 removed
[ 1039.606174][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 1039.651648][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 1039.761624][ T3059] bond0 (unregistering): Released all slaves
[ 1039.908309][ T3059] device hsr_slave_1 left promiscuous mode
[ 1039.968065][ T3059] device hsr_slave_0 left promiscuous mode
[ 1040.019163][ T3059] team0 (unregistering): Port device team_slave_1 removed
[ 1040.033048][ T3059] team0 (unregistering): Port device team_slave_0 removed
[ 1040.046664][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 1040.091363][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 1040.203342][ T3059] bond0 (unregistering): Released all slaves
[ 1040.348308][ T3059] device hsr_slave_1 left promiscuous mode
[ 1040.390643][ T3059] device hsr_slave_0 left promiscuous mode
[ 1040.450973][ T3059] team0 (unregistering): Port device team_slave_1 removed
[ 1040.464881][ T3059] team0 (unregistering): Port device team_slave_0 removed
[ 1040.476526][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 1040.541325][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 1040.644056][ T3059] bond0 (unregistering): Released all slaves
[ 1040.828301][ T3059] device hsr_slave_1 left promiscuous mode
[ 1040.870716][ T3059] device hsr_slave_0 left promiscuous mode
[ 1040.927869][ T3059] team0 (unregistering): Port device team_slave_1 removed
[ 1040.939684][ T3059] team0 (unregistering): Port device team_slave_0 removed
[ 1040.952915][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_1
[ 1040.992490][ T3059] bond0 (unregistering): Releasing backup interface bond_slave_0
[ 1041.093073][ T3059] bond0 (unregistering): Released all slaves
[ 1041.196537][T17902] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 1041.212827][T17922] IPVS: ftp: loaded support on port[0] = 21
[ 1041.213630][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1041.235508][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1041.244154][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1041.254116][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1041.264260][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1041.273423][ T8848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1041.306302][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1041.320021][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1041.328768][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1041.337958][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1041.346611][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1041.355516][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1041.364828][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1041.382656][T17888] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1041.393460][T17888] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1041.415949][T17902] team0: Port device team_slave_0 added
[ 1041.422417][T17891] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1041.431529][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1041.441091][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1041.449784][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1041.460094][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1041.471647][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1041.481565][T17902] team0: Port device team_slave_1 added
[ 1041.551636][T17891] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1041.628508][T17902] device hsr_slave_0 entered promiscuous mode
[ 1041.674922][T17902] device hsr_slave_1 entered promiscuous mode
[ 1041.721330][T17888] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1041.927519][T17933] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 1041.929847][T17922] chnl_net:caif_netlink_parms(): no params data found
[ 1041.944961][T17933] CPU: 1 PID: 17933 Comm: syz-executor.2 Not tainted 5.2.0-rc2+ #14
[ 1041.952958][T17933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1041.963015][T17933] Call Trace:
[ 1041.963041][T17933]  dump_stack+0x172/0x1f0
[ 1041.963067][T17933]  dump_header+0x10f/0xb6c
[ 1041.970776][T17933]  ? ___ratelimit+0x5b/0x595
[ 1041.970794][T17933]  ? ___ratelimit+0x60/0x595
[ 1041.970825][T17933]  ? do_raw_spin_unlock+0x57/0x270
[ 1041.979826][T17933]  oom_kill_process.cold+0x10/0x15
[ 1041.979848][T17933]  out_of_memory+0x79a/0x1280
[ 1041.989546][T17933]  ? __sched_text_start+0x8/0x8
[ 1041.989568][T17933]  ? oom_killer_disable+0x280/0x280
[ 1041.989596][T17933]  mem_cgroup_out_of_memory+0x1ca/0x230
[ 1041.999394][T17933]  ? memcg_event_wake+0x230/0x230
[ 1041.999427][T17933]  ? _raw_spin_unlock_irqrestore+0xbd/0xe0
[ 1042.009478][T17933]  ? cgroup_file_notify+0x140/0x1b0
[ 1042.021426][T17933]  memory_max_write+0x169/0x300
[ 1042.021447][T17933]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1042.021468][T17933]  ? mem_cgroup_write+0x360/0x360
[ 1042.032479][T17933]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1042.032510][T17933]  cgroup_file_write+0x241/0x790
[ 1042.042845][T17933]  ? mem_cgroup_write+0x360/0x360
[ 1042.042865][T17933]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[ 1042.042888][T17933]  ? cgroup_migrate_add_task+0x8a0/0x8a0
[ 1042.053377][T17933]  kernfs_fop_write+0x2b8/0x480
[ 1042.053399][T17933]  __vfs_write+0x8a/0x110
[ 1042.053420][T17933]  ? kernfs_fop_open+0xd80/0xd80
[ 1042.063368][T17933]  vfs_write+0x20c/0x580
[ 1042.063390][T17933]  ksys_write+0x14f/0x290
[ 1042.063410][T17933]  ? __ia32_sys_read+0xb0/0xb0
[ 1042.074666][T17933]  ? do_syscall_64+0x26/0x680
[ 1042.074686][T17933]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1042.074700][T17933]  ? do_syscall_64+0x26/0x680
[ 1042.074721][T17933]  __x64_sys_write+0x73/0xb0
[ 1042.074742][T17933]  do_syscall_64+0xfd/0x680
[ 1042.127422][T17933]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1042.133303][T17933] RIP: 0033:0x459279
[ 1042.137186][T17933] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1042.156782][T17933] RSP: 002b:00007fe65f2e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1042.165218][T17933] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
[ 1042.173172][T17933] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[ 1042.181127][T17933] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1042.189078][T17933] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe65f2e56d4
[ 1042.197046][T17933] R13: 00000000004c8eb1 R14: 00000000004dfb68 R15: 00000000ffffffff
[ 1042.219978][T17933] memory: usage 2976kB, limit 0kB, failcnt 229714
[ 1042.226884][T17933] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1042.227157][ T3059] ------------[ cut here ]------------
[ 1042.235887][T17933] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1042.239860][ T3059] ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90
[ 1042.240197][ T3059] WARNING: CPU: 0 PID: 3059 at lib/debugobjects.c:325 debug_print_object+0x168/0x250
[ 1042.247001][T17933] Memory cgroup stats for /syz2: cache:0KB rss:2084KB rss_huge:2048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:2084KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 1042.257550][ T3059] Kernel panic - not syncing: panic_on_warn set ...
[ 1042.257568][ T3059] CPU: 0 PID: 3059 Comm: kworker/u4:4 Not tainted 5.2.0-rc2+ #14
[ 1042.257575][ T3059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1042.257595][ T3059] Workqueue: netns cleanup_net
[ 1042.257603][ T3059] Call Trace:
[ 1042.257626][ T3059]  dump_stack+0x172/0x1f0
[ 1042.257643][ T3059]  ? debug_print_object+0xa0/0x250
[ 1042.257658][ T3059]  panic+0x2cb/0x744
[ 1042.257674][ T3059]  ? __warn_printk+0xf3/0xf3
[ 1042.257694][ T3059]  ? debug_print_object+0x168/0x250
[ 1042.257711][ T3059]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1042.257726][ T3059]  ? __warn.cold+0x5/0x4d
[ 1042.257740][ T3059]  ? __warn+0xe8/0x1d0
[ 1042.257755][ T3059]  ? debug_print_object+0x168/0x250
[ 1042.257769][ T3059]  __warn.cold+0x20/0x4d
[ 1042.257784][ T3059]  ? debug_print_object+0x168/0x250
[ 1042.257797][ T3059]  report_bug+0x263/0x2b0
[ 1042.257814][ T3059]  do_error_trap+0x11b/0x200
[ 1042.257831][ T3059]  do_invalid_op+0x37/0x50
[ 1042.257844][ T3059]  ? debug_print_object+0x168/0x250
[ 1042.257860][ T3059]  invalid_op+0x14/0x20
[ 1042.257876][ T3059] RIP: 0010:debug_print_object+0x168/0x250
[ 1042.257890][ T3059] Code: dd 00 c9 a4 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 b5 00 00 00 48 8b 14 dd 00 c9 a4 87 48 c7 c7 a0 be a4 87 e8 26 74 0d fe <0f> 0b 83 05 3b 63 4b 06 01 48 83 c4 20 5b 41 5c 41 5d 41 5e 5d c3
[ 1042.257898][ T3059] RSP: 0000:ffff88809e4a7838 EFLAGS: 00010086
[ 1042.257909][ T3059] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
[ 1042.257917][ T3059] RDX: 0000000000000000 RSI: ffffffff815ac7e6 RDI: ffffed1013c94ef9
[ 1042.257926][ T3059] RBP: ffff88809e4a7878 R08: ffff88809e4c83c0 R09: fffffbfff117311d
[ 1042.257935][ T3059] R10: fffffbfff117311c R11: ffffffff88b988e3 R12: 0000000000000001
[ 1042.257944][ T3059] R13: ffffffff88bad160 R14: ffffffff81603830 R15: ffff888097ac27e0
[ 1042.257961][ T3059]  ? calc_wheel_index+0x220/0x220
[ 1042.257982][ T3059]  ? vprintk_func+0x86/0x189
[ 1042.257999][ T3059]  ? debug_print_object+0x168/0x250
[ 1042.258013][ T3059]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 1042.258032][ T3059]  debug_check_no_obj_freed+0x29f/0x464
[ 1042.258052][ T3059]  kfree+0xbd/0x220
[ 1042.258071][ T3059]  kvfree+0x61/0x70
[ 1042.258085][ T3059]  netdev_freemem+0x4c/0x60
[ 1042.258101][ T3059]  netdev_release+0x86/0xb0
[ 1042.258114][ T3059]  ? xps_cpus_store+0x2b0/0x2b0
[ 1042.258130][ T3059]  device_release+0x7a/0x210
[ 1042.258145][ T3059]  kobject_put.cold+0x289/0x2e6
[ 1042.258160][ T3059]  netdev_run_todo+0x53b/0x7c0
[ 1042.258175][ T3059]  ? register_netdev+0x50/0x50
[ 1042.258189][ T3059]  ? unregister_netdevice_queue+0x1d2/0x2c0
[ 1042.258204][ T3059]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1042.258216][ T3059]  ? net_set_todo+0xbf/0x150
[ 1042.258231][ T3059]  rtnl_unlock+0xe/0x10
[ 1042.258245][ T3059]  default_device_exit_batch+0x358/0x410
[ 1042.258260][ T3059]  ? unregister_netdevice_many+0x50/0x50
[ 1042.258277][ T3059]  ? default_device_exit+0x203/0x290
[ 1042.258292][ T3059]  ? do_wait_intr_irq+0x2b0/0x2b0
[ 1042.258306][ T3059]  ? rtnl_unlock+0xe/0x10
[ 1042.258327][ T3059]  ? unregister_netdevice_many+0x50/0x50
[ 1042.258342][ T3059]  ? dev_change_net_namespace+0xc70/0xc70
[ 1042.258360][ T3059]  ops_exit_list.isra.0+0xfc/0x150
[ 1042.258377][ T3059]  cleanup_net+0x3fb/0x960
[ 1042.258395][ T3059]  ? netns_install+0x1d0/0x1d0
[ 1042.258419][ T3059]  process_one_work+0x989/0x1790
[ 1042.258439][ T3059]  ? pwq_dec_nr_in_flight+0x320/0x320
[ 1042.258452][ T3059]  ? lock_acquire+0x16f/0x3f0
[ 1042.258472][ T3059]  worker_thread+0x98/0xe40
[ 1042.258494][ T3059]  kthread+0x354/0x420
[ 1042.258508][ T3059]  ? process_one_work+0x1790/0x1790
[ 1042.258521][ T3059]  ? kthread_cancel_delayed_work_sync+0x20/0x20
[ 1042.258535][ T3059]  ret_from_fork+0x24/0x30
[ 1042.258553][ T3059] 
[ 1042.258560][ T3059] ======================================================
[ 1042.258566][ T3059] WARNING: possible circular locking dependency detected
[ 1042.258570][ T3059] 5.2.0-rc2+ #14 Not tainted
[ 1042.258576][ T3059] ------------------------------------------------------
[ 1042.258581][ T3059] kworker/u4:4/3059 is trying to acquire lock:
[ 1042.258585][ T3059] 00000000168e2dd7 ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70
[ 1042.258600][ T3059] 
[ 1042.258604][ T3059] but task is already holding lock:
[ 1042.258608][ T3059] 00000000aac9c8f2 (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0xbe/0x464
[ 1042.258623][ T3059] 
[ 1042.258629][ T3059] which lock already depends on the new lock.
[ 1042.258631][ T3059] 
[ 1042.258634][ T3059] 
[ 1042.258640][ T3059] the existing dependency chain (in reverse order) is:
[ 1042.258642][ T3059] 
[ 1042.258645][ T3059] -> #3 (&obj_hash[i].lock){-.-.}:
[ 1042.258660][ T3059]        _raw_spin_lock_irqsave+0x95/0xcd
[ 1042.258665][ T3059]        __debug_object_init+0xc6/0xc30
[ 1042.258670][ T3059]        debug_object_init+0x16/0x20
[ 1042.258674][ T3059]        hrtimer_init+0x2a/0x300
[ 1042.258679][ T3059]        init_dl_task_timer+0x1b/0x50
[ 1042.258683][ T3059]        __sched_fork+0x22a/0x4f0
[ 1042.258687][ T3059]        init_idle+0x75/0x670
[ 1042.258692][ T3059]        sched_init+0x952/0x9f5
[ 1042.258696][ T3059]        start_kernel+0x393/0x893
[ 1042.258701][ T3059]        x86_64_start_reservations+0x29/0x2b
[ 1042.258706][ T3059]        x86_64_start_kernel+0x77/0x7b
[ 1042.258711][ T3059]        secondary_startup_64+0xa4/0xb0
[ 1042.258713][ T3059] 
[ 1042.258715][ T3059] -> #2 (&rq->lock){-.-.}:
[ 1042.258730][ T3059]        _raw_spin_lock+0x2f/0x40
[ 1042.258734][ T3059]        task_fork_fair+0x6a/0x520
[ 1042.258739][ T3059]        sched_fork+0x3af/0x900
[ 1042.258743][ T3059]        copy_process.part.0+0x1a25/0x6790
[ 1042.258748][ T3059]        _do_fork+0x25d/0xfe0
[ 1042.258752][ T3059]        kernel_thread+0x34/0x40
[ 1042.258756][ T3059]        rest_init+0x28/0x37b
[ 1042.258760][ T3059]        arch_call_rest_init+0xe/0x1b
[ 1042.258765][ T3059]        start_kernel+0x854/0x893
[ 1042.258770][ T3059]        x86_64_start_reservations+0x29/0x2b
[ 1042.258775][ T3059]        x86_64_start_kernel+0x77/0x7b
[ 1042.258779][ T3059]        secondary_startup_64+0xa4/0xb0
[ 1042.258782][ T3059] 
[ 1042.258785][ T3059] -> #1 (&p->pi_lock){-.-.}:
[ 1042.258800][ T3059]        _raw_spin_lock_irqsave+0x95/0xcd
[ 1042.258804][ T3059]        try_to_wake_up+0x90/0x13f0
[ 1042.258809][ T3059]        wake_up_process+0x10/0x20
[ 1042.258813][ T3059]        __up.isra.0+0x136/0x1a0
[ 1042.258817][ T3059]        up+0x9c/0xe0
[ 1042.258821][ T3059]        __up_console_sem+0xb7/0x1c0
[ 1042.258826][ T3059]        console_unlock+0x663/0xec0
[ 1042.258830][ T3059]        vprintk_emit+0x2a0/0x700
[ 1042.258834][ T3059]        vprintk_default+0x28/0x30
[ 1042.258838][ T3059]        vprintk_func+0x7e/0x189
[ 1042.258842][ T3059]        printk+0xba/0xed
[ 1042.258847][ T3059]        do_exit.cold+0x5d/0x254
[ 1042.258851][ T3059]        do_group_exit+0x135/0x370
[ 1042.258856][ T3059]        __x64_sys_exit_group+0x44/0x50
[ 1042.258860][ T3059]        do_syscall_64+0xfd/0x680
[ 1042.258865][ T3059]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1042.258868][ T3059] 
[ 1042.258871][ T3059] -> #0 ((console_sem).lock){-.-.}:
[ 1042.258886][ T3059]        lock_acquire+0x16f/0x3f0
[ 1042.258891][ T3059]        _raw_spin_lock_irqsave+0x95/0xcd
[ 1042.258895][ T3059]        down_trylock+0x13/0x70
[ 1042.258900][ T3059]        __down_trylock_console_sem+0xa8/0x210
[ 1042.258904][ T3059]        console_trylock+0x15/0xa0
[ 1042.258908][ T3059]        vprintk_emit+0x283/0x700
[ 1042.258913][ T3059]        vprintk_default+0x28/0x30
[ 1042.258917][ T3059]        vprintk_func+0x7e/0x189
[ 1042.258921][ T3059]        printk+0xba/0xed
[ 1042.258925][ T3059]        __warn_printk+0x9b/0xf3
[ 1042.258929][ T3059]        debug_print_object+0x168/0x250
[ 1042.258935][ T3059]        debug_check_no_obj_freed+0x29f/0x464
[ 1042.258939][ T3059]        kfree+0xbd/0x220
[ 1042.258943][ T3059]        kvfree+0x61/0x70
[ 1042.258947][ T3059]        netdev_freemem+0x4c/0x60
[ 1042.258952][ T3059]        netdev_release+0x86/0xb0
[ 1042.258956][ T3059]        device_release+0x7a/0x210
[ 1042.258961][ T3059]        kobject_put.cold+0x289/0x2e6
[ 1042.258966][ T3059]        netdev_run_todo+0x53b/0x7c0
[ 1042.258970][ T3059]        rtnl_unlock+0xe/0x10
[ 1042.258975][ T3059]        default_device_exit_batch+0x358/0x410
[ 1042.258980][ T3059]        ops_exit_list.isra.0+0xfc/0x150
[ 1042.258985][ T3059]        cleanup_net+0x3fb/0x960
[ 1042.258989][ T3059]        process_one_work+0x989/0x1790
[ 1042.258994][ T3059]        worker_thread+0x98/0xe40
[ 1042.258998][ T3059]        kthread+0x354/0x420
[ 1042.259002][ T3059]        ret_from_fork+0x24/0x30
[ 1042.259005][ T3059] 
[ 1042.259010][ T3059] other info that might help us debug this:
[ 1042.259012][ T3059] 
[ 1042.259016][ T3059] Chain exists of:
[ 1042.259019][ T3059]   (console_sem).lock --> &rq->lock --> &obj_hash[i].lock
[ 1042.259039][ T3059] 
[ 1042.259043][ T3059]  Possible unsafe locking scenario:
[ 1042.259046][ T3059] 
[ 1042.259051][ T3059]        CPU0                    CPU1
[ 1042.259055][ T3059]        ----                    ----
[ 1042.259058][ T3059]   lock(&obj_hash[i].lock);
[ 1042.259069][ T3059]                                lock(&rq->lock);
[ 1042.259079][ T3059]                                lock(&obj_hash[i].lock);
[ 1042.259088][ T3059]   lock((console_sem).lock);
[ 1042.259097][ T3059] 
[ 1042.259101][ T3059]  *** DEADLOCK ***
[ 1042.259103][ T3059] 
[ 1042.259108][ T3059] 4 locks held by kworker/u4:4/3059:
[ 1042.259110][ T3059]  #0: 00000000f1dab3b9 ((wq_completion)netns){+.+.}, at: process_one_work+0x87e/0x1790
[ 1042.259129][ T3059]  #1: 000000007e5c89f4 (net_cleanup_work){+.+.}, at: process_one_work+0x8b4/0x1790
[ 1042.259148][ T3059]  #2: 000000006d3af353 (pernet_ops_rwsem){++++}, at: cleanup_net+0xae/0x960
[ 1042.259168][ T3059]  #3: 00000000aac9c8f2 (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0xbe/0x464
[ 1042.259186][ T3059] 
[ 1042.259190][ T3059] stack backtrace:
[ 1042.259196][ T3059] CPU: 0 PID: 3059 Comm: kworker/u4:4 Not tainted 5.2.0-rc2+ #14
[ 1042.259204][ T3059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1042.259208][ T3059] Workqueue: netns cleanup_net
[ 1042.259214][ T3059] Call Trace:
[ 1042.259218][ T3059]  dump_stack+0x172/0x1f0
[ 1042.259224][ T3059]  print_circular_bug.cold+0x1cc/0x28f
[ 1042.259228][ T3059]  __lock_acquire+0x3755/0x5490
[ 1042.259233][ T3059]  ? mark_held_locks+0xf0/0xf0
[ 1042.259237][ T3059]  ? enable_ptr_key_workfn+0x30/0x30
[ 1042.259242][ T3059]  ? kvm_clock_read+0x18/0x30
[ 1042.259246][ T3059]  ? kvm_sched_clock_read+0x9/0x20
[ 1042.259250][ T3059]  lock_acquire+0x16f/0x3f0
[ 1042.259254][ T3059]  ? down_trylock+0x13/0x70
[ 1042.259259][ T3059]  _raw_spin_lock_irqsave+0x95/0xcd
[ 1042.259263][ T3059]  ? down_trylock+0x13/0x70
[ 1042.259267][ T3059]  ? vprintk_emit+0x283/0x700
[ 1042.259271][ T3059]  down_trylock+0x13/0x70
[ 1042.259275][ T3059]  ? vprintk_emit+0x283/0x700
[ 1042.259280][ T3059]  __down_trylock_console_sem+0xa8/0x210
[ 1042.259285][ T3059]  console_trylock+0x15/0xa0
[ 1042.259289][ T3059]  vprintk_emit+0x283/0x700
[ 1042.259293][ T3059]  ? calc_wheel_index+0x220/0x220
[ 1042.259297][ T3059]  vprintk_default+0x28/0x30
[ 1042.259302][ T3059]  vprintk_func+0x7e/0x189
[ 1042.259305][ T3059]  printk+0xba/0xed
[ 1042.259310][ T3059]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 1042.259314][ T3059]  ? mark_held_locks+0xf0/0xf0
[ 1042.259326][ T3059]  ? mark_held_locks+0xf0/0xf0
[ 1042.259330][ T3059]  ? __warn_printk+0x8f/0xf3
[ 1042.259334][ T3059]  ? queue_work_node+0x360/0x360
[ 1042.259338][ T3059]  __warn_printk+0x9b/0xf3
[ 1042.259342][ T3059]  ? add_taint.cold+0x16/0x16
[ 1042.259348][ T3059]  ? kasan_check_write+0x14/0x20
[ 1042.259352][ T3059]  ? lock_downgrade+0x880/0x880
[ 1042.259357][ T3059]  ? queue_work_node+0x360/0x360
[ 1042.259362][ T3059]  debug_print_object+0x168/0x250
[ 1042.259367][ T3059]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 1042.259372][ T3059]  debug_check_no_obj_freed+0x29f/0x464
[ 1042.259376][ T3059]  kfree+0xbd/0x220
[ 1042.259379][ T3059]  kvfree+0x61/0x70
[ 1042.259384][ T3059]  netdev_freemem+0x4c/0x60
[ 1042.259388][ T3059]  netdev_release+0x86/0xb0
[ 1042.259392][ T3059]  ? xps_cpus_store+0x2b0/0x2b0
[ 1042.259397][ T3059]  device_release+0x7a/0x210
[ 1042.259401][ T3059]  kobject_put.cold+0x289/0x2e6
[ 1042.259405][ T3059]  netdev_run_todo+0x53b/0x7c0
[ 1042.259410][ T3059]  ? register_netdev+0x50/0x50
[ 1042.259415][ T3059]  ? unregister_netdevice_queue+0x1d2/0x2c0
[ 1042.259420][ T3059]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1042.259424][ T3059]  ? net_set_todo+0xbf/0x150
[ 1042.259428][ T3059]  rtnl_unlock+0xe/0x10
[ 1042.259433][ T3059]  default_device_exit_batch+0x358/0x410
[ 1042.259438][ T3059]  ? unregister_netdevice_many+0x50/0x50
[ 1042.259443][ T3059]  ? default_device_exit+0x203/0x290
[ 1042.259447][ T3059]  ? do_wait_intr_irq+0x2b0/0x2b0
[ 1042.259450][ T3059]  ? rtnl_unlock+0xe/0x10
[ 1042.259455][ T3059]  ? unregister_netdevice_many+0x50/0x50
[ 1042.259460][ T3059]  ? dev_change_net_namespace+0xc70/0xc70
[ 1042.259464][ T3059]  ops_exit_list.isra.0+0xfc/0x150
[ 1042.259468][ T3059]  cleanup_net+0x3fb/0x960
[ 1042.259473][ T3059]  ? netns_install+0x1d0/0x1d0
[ 1042.259477][ T3059]  process_one_work+0x989/0x1790
[ 1042.259482][ T3059]  ? pwq_dec_nr_in_flight+0x320/0x320
[ 1042.259485][ T3059]  ? lock_acquire+0x16f/0x3f0
[ 1042.259490][ T3059]  worker_thread+0x98/0xe40
[ 1042.259493][ T3059]  kthread+0x354/0x420
[ 1042.259498][ T3059]  ? process_one_work+0x1790/0x1790
[ 1042.259503][ T3059]  ? kthread_cancel_delayed_work_sync+0x20/0x20
[ 1042.259507][ T3059]  ret_from_fork+0x24/0x30
[ 1042.260604][ T3059] Kernel Offset: disabled
[ 1043.575853][ T3059] Rebooting in 86400 seconds..